14 research outputs found
No-Skim: Towards Efficiency Robustness Evaluation on Skimming-based Language Models
To reduce the computation cost and the energy consumption in large language
models (LLM), skimming-based acceleration dynamically drops unimportant tokens
of the input sequence progressively along layers of the LLM while preserving
the tokens of semantic importance. However, our work for the first time reveals
the acceleration may be vulnerable to Denial-of-Service (DoS) attacks. In this
paper, we propose No-Skim, a general framework to help the owners of
skimming-based LLM to understand and measure the robustness of their
acceleration scheme. Specifically, our framework searches minimal and
unnoticeable perturbations at character-level and token-level to generate
adversarial inputs that sufficiently increase the remaining token ratio, thus
increasing the computation cost and energy consumption. We systematically
evaluate the vulnerability of the skimming acceleration in various LLM
architectures including BERT and RoBERTa on the GLUE benchmark. In the worst
case, the perturbation found by No-Skim substantially increases the running
cost of LLM by over 145% on average. Moreover, No-Skim extends the evaluation
framework to various scenarios, making the evaluation conductible with
different level of knowledge
Towards Strengthening Deep Learning-based Side Channel Attacks with Mixup
In recent years, various deep learning techniques have been exploited in side
channel attacks, with the anticipation of obtaining more appreciable attack
results. Most of them concentrate on improving network architectures or putting
forward novel algorithms, assuming that there are adequate profiling traces
available to train an appropriate neural network. However, in practical
scenarios, profiling traces are probably insufficient, which makes the network
learn deficiently and compromises attack performance.
In this paper, we investigate a kind of data augmentation technique, called
mixup, and first propose to exploit it in deep-learning based side channel
attacks, for the purpose of expanding the profiling set and facilitating the
chances of mounting a successful attack. We perform Correlation Power Analysis
for generated traces and original traces, and discover that there exists
consistency between them regarding leakage information. Our experiments show
that mixup is truly capable of enhancing attack performance especially for
insufficient profiling traces. Specifically, when the size of the training set
is decreased to 30% of the original set, mixup can significantly reduce
acquired attacking traces. We test three mixup parameter values and conclude
that generally all of them can bring about improvements. Besides, we compare
three leakage models and unexpectedly find that least significant bit model,
which is less frequently used in previous works, actually surpasses prevalent
identity model and hamming weight model in terms of attack results
A Survey on Acoustic Side Channel Attacks on Keyboards
Most electronic devices utilize mechanical keyboards to receive inputs,
including sensitive information such as authentication credentials, personal
and private data, emails, plans, etc. However, these systems are susceptible to
acoustic side-channel attacks. Researchers have successfully developed methods
that can extract typed keystrokes from ambient noise. As the prevalence of
keyboard-based input systems continues to expand across various computing
platforms, and with the improvement of microphone technology, the potential
vulnerability to acoustic side-channel attacks also increases. This survey
paper thoroughly reviews existing research, explaining why such attacks are
feasible, the applicable threat models, and the methodologies employed to
launch and enhance these attacks.Comment: 22 pages, conferenc
A Review and Comparison of AI Enhanced Side Channel Analysis
Side Channel Analysis (SCA) presents a clear threat to privacy and security
in modern computing systems. The vast majority of communications are secured
through cryptographic algorithms. These algorithms are often provably-secure
from a cryptographical perspective, but their implementation on real hardware
introduces vulnerabilities. Adversaries can exploit these vulnerabilities to
conduct SCA and recover confidential information, such as secret keys or
internal states. The threat of SCA has greatly increased as machine learning,
and in particular deep learning, enhanced attacks become more common. In this
work, we will examine the latest state-of-the-art deep learning techniques for
side channel analysis, the theory behind them, and how they are conducted. Our
focus will be on profiling attacks using deep learning techniques, but we will
also examine some new and emerging methodologies enhanced by deep learning
techniques, such as non-profiled attacks, artificial trace generation, and
others. Finally, different deep learning enhanced SCA schemes attempted against
the ANSSI SCA Database (ASCAD) and their relative performance will be evaluated
and compared. This will lead to new research directions to secure cryptographic
implementations against the latest SCA attacks.Comment: This paper has been accepted by ACM Journal on Emerging Technologies
in Computing Systems (JETC
Enhancing the Performance of Practical Profiling Side-Channel Attacks Using Conditional Generative Adversarial Networks
Recently, many profiling side-channel attacks based on Machine Learning and
Deep Learning have been proposed. Most of them focus on reducing the number of
traces required for successful attacks by optimizing the modeling algorithms.
In previous work, relatively sufficient traces need to be used for training a
model. However, in the practical profiling phase, it is difficult or impossible
to collect sufficient traces due to the constraint of various resources. In
this case, the performance of profiling attacks is inefficient even if proper
modeling algorithms are used. In this paper, the main problem we consider is
how to conduct more efficient profiling attacks when sufficient profiling
traces cannot be obtained. To deal with this problem, we first introduce the
Conditional Generative Adversarial Network (CGAN) in the context of
side-channel attacks. We show that CGAN can generate new traces to enlarge the
size of the profiling set, which improves the performance of profiling attacks.
For both unprotected and protected cryptographic algorithms, we find that CGAN
can effectively learn the leakage of traces collected in their implementations.
We also apply it to different modeling algorithms. In our experiments, the
model constructed with the augmented profiling set can reduce the required
attack traces by more than half, which means the generated traces can provide
useful information as the real traces
Analysis of Countermeasures Against Remote and Local Power Side Channel Attacks using Correlation Power Analysis
Countermeasures and deterrents to power side-channel attacks targeting the alteration or scrambling of the power delivery network have been shown to be effective against local attacks where the malicious agent has physical access to the target system. However, remote attacks that capture the leaked information from within the IC power grid are shown herein to be nonetheless effective at uncovering the secret key in the presence of these countermeasures/deterrents. Theoretical studies and experimental analysis are carried out to define and quantify the impact of integrated voltage regulators, voltage noise injection, and integration of on-package decoupling capacitors for both remote and local attacks. An outcome yielded by the studies is that the use of an integrated voltage regulator as a countermeasure is effective for a local attack. However, remote attacks are still effective and hence break the integrated voltage regulator countermeasure. From the experimental analysis, it is observed that within the range of designs\u27 practical values, the adoption of on-package decoupling capacitors provides only a 1.3x increase in the minimum number of traces required to discover the secret key. However, the injection of noise in the IC power delivery network yields a 37x increase in the minimum number of traces to discover. Thus, increasing the number of on-package decoupling capacitors or the impedance between locally measured power and the IC power grid should not be relied on as countermeasures to power side-channel attacks, for remote attack schemes. Noise injection should be considered as it is more effective at scrambling the leaked signal to eliminate sensitive identifying information
SCA-CGAN:A New Side-Channel Attack Method for Imbalanced Small Samples
In recent years, many deep learning and machine learning based side channel analysis (SCA) techniques have been proposed, most of which are based on the optimization of existing network models to improve the performance of SCA. However, in practice, the attacker often captures unbalanced and small samples of data due to various environmental factors that limit and interfere with the successful implementation of SCA. To address this problem, in this paper, we firstly introduced the Conditional Generation Adversarial Network (CGAN). We proposed a new model SCA-CGAN that combines SCA and CGAN. We used it to generate a specified number and class of simulated energy traces to expand and augment the original energy traces. Finally, we used the augmented data to implement SCA and achieved a good result. Through experiments on the unprotected ChipWhisperer (CW) data and the ASCAD jittered dataset, the results shown that the SCA using the augmented data is the most efficient, and the correct key is successfully recovered on both datasets. For the CW dataset, the model accuracy is improved by 20.75% and the traces number required to recover the correct key is reduced by about 79.5%. For the ASCAD jittered dataset, when the jitter is 0 and 50, the traces number required to recover the correct key is reduced by about 76.8% and 75.7% respectively