Non-Profiled Deep Learning-Based Side-Channel Analysis With Only One Network Training

We propose efficient protocols for non-profiled deep learning-based side-channel analysis (DL-SCA). While the existing protocol, proposed by Timon in 2019, requires computational resources for training as many neural networks as the number of key candidates, our protocol requires training only one network, which can be transformed into a network associated with each key candidate. For instance, in the case of analysis for the AES, the network training complexity is 1/256 of that for the existing protocol. In this study, we describe our idea and formulate it as two protocols depending on the metrics used. We numerically examine them by implementing each protocol with two network architectures, multilayer perceptron and convolutional neural network. Using publicly available open data (ASCAD), we show that both protocols efficiently work as expected. We also clarify that our trained network, as in Timon’s original case, can be recycled for an attack against the same device with different key materials. Non-profiled DL-SCAs are superior to profiled ones in that they require no reference device for profiling before analyzing the target device. This property holds for our proposal as well

Fundamental Study on Non-invasive Frequency Injection Attack against RO-based TRNG

© 2018 IEEE. In this study, we investigate the security threat of non-invasively degrading the randomness of true random number generators (TRNGs) by injecting disturbance waves and estimating the internal state of ring oscillators (ROs) using side-channel information from outside the device. In addition, we discuss countermeasures against this type of threat.status: publishe

EM Information Security Threats Against RO-Based TRNGs: The Frequency Injection Attack Based on IEMI and EM Information Leakage

IEEE True random number generators (TRNGs) based on ring oscillators (ROs) are employed in many devices because they can be constructed with a simple circuit structure. Many systems are affected if an RO-based TRNG is attacked, and its security is degraded. Conventional attacks against RO-based TRNGs reduce randomness using direct physical access to the target device and/or modification/invasion of the device or the equipment on which it is implemented. However, depending on the physical location of the device and its tamper resistance measures, directly accessing the device or operating/modifying the implementation may not be easy. This study introduces a noninvasive attack against RO-based TRNGs. In this attack, we intentionally induce sinusoidal electromagnetic waves in a TRNG and estimate the change in its randomness under this interference by observing the signal leaked from the TRNG from a distance. We also consider countermeasures against noninvasive attacks on TRNGs.status: publishe