NASCTY: Neuroevolution to Attack Side-channel Leakages Yielding Convolutional Neural Networks

Side-channel analysis (SCA) can obtain information related to the secret key by exploiting leakages produced by the device. Researchers recently found that neural networks (NNs) can execute a powerful profiling SCA, even on targets protected with countermeasures. This paper explores the effectiveness of Neuroevolution to Attack Side-channel Traces Yielding Convolutional Neural Networks (NASCTY-CNNs), a novel genetic algorithm approach that applies genetic operators on architectures' hyperparameters to produce CNNs for side-channel analysis automatically. The results indicate that we can achieve performance close to state-of-the-art approaches on desynchronized leakages with mask protection, demonstrating that similar neuroevolution methods provide a solid venue for further research. Finally, the commonalities among the constructed NNs provide information on how NASCTY builds effective architectures and deals with the applied countermeasures.Comment: 19 pages, 6 figures, 4 table

Hiding in Plain Sight: Non-profiling Deep Learning-based Side-channel Analysis with Plaintext/Ciphertext

Deep learning-based profiling side-channel analysis is widely adopted in academia and industry thanks to the ability to reveal secrets protected with countermeasures. To leverage its capability, the adversary needs to have access to a clone of an attack device to obtain the profiling measurements. Moreover, the adversary needs to know secret information to label these measurements. Non-profiling attacks avoid those constraints by not relying on secret information to label data but rather by trying all key guesses and taking the most successful one. Deep learning approaches also form the basis of several non-profiling attacks. Unfortunately, such approaches suffer from high computational complexity and low generality when applied in practice. This paper proposes a novel non-profiling deep learning-based side-channel analysis technique. Our approach relies on the fact that there is (commonly) a bijective relationship between known information, such as plaintext and ciphertext, and secret information. We use this fact to label the leakage measurement with the known information and then mount attacks. Our results show that we reach at least $3\times$ better attack performance with negligible computational effort than existing non-profiling methods. Moreover, our non-profiling approach rivals the performance of state-of-the-art deep learning-based profiling attacks

Not so Difficult in the End: Breaking the ASCADv2 Dataset

The ASCADv2 dataset ranks among the most secure publicly available datasets today. Two layers of countermeasures protect it: affine masking and shuffling, and the current attack approaches rely on strong assumptions. Specifically, besides having access to the source code, an adversary also requires prior knowledge of random shares. This paper forgoes reliance on such knowledge and proposes two attack approaches based on the vulnerabilities of the affine mask implementation. As a result, the first attack can retrieve all secret keys\u27 reliance in less than a minute. Although the second attack is not entirely successful in recovering all keys, we believe more traces would help make such an attack fully functional

Gambling for Success: The Lottery Ticket Hypothesis in Deep Learning-based SCA

Deep learning-based side-channel analysis (SCA) represents a strong approach for profiling attacks. Still, this does not mean it is trivial to find neural networks that perform well for any setting. Based on the developed neural network architectures, we can distinguish between small neural networks that are easier to tune and less prone to overfitting but could have insufficient capacity to model the data. On the other hand, large neural networks have sufficient capacity but can overfit and are more difficult to tune. This brings an interesting trade-off between simplicity and performance. This work proposes to use a pruning strategy and recently proposed Lottery Ticket Hypothesis (LTH) as an efficient method to tune deep neural networks for profiling SCA. Pruning provides a regularization effect on deep neural networks and reduces the overfitting posed by overparameterized models. We demonstrate that we can find pruned neural networks that perform on the level of larger networks, where we manage to reduce the number of weights by more than 90% on average. This way, pruning and LTH approaches become alternatives to costly and difficult hyperparameter tuning in profiling SCA. Our analysis is conducted over different masked AES datasets and for different neural network topologies. Our results indicate that pruning, and more specifically LTH, can result in competitive deep learning models

Are smart cities green? The role of environmental and digital policies for Eco-innovation in China

In this paper, we employ negative binomial and quasi-natural experimental methods (i.e., Difference-in-Differences and Propensity Score Matching), whereby we examine the joint impact of environmental and digital policies (for designing smart cities) upon the generation of eco-innovations in China. Using longitudinal data for the period 2006–2018, we examine the changes in green patents granted: (i) due to the implementation of various levels of stringency of environmental policies across all cities; and (ii) after the introduction of smart city policies in 2012 in China. The prior literature stresses the importance of environmental policies, yet less attention has been paid to digital policies required to drive eco-innovation and their spatial dimension in the context of a developing economy. Our results show that, when digital policies (artificial intelligence and internet of things) are implemented in cities that have adopted strict environmental policies, the production of green patents increases. We contribute to debates in the literature of policy mix for sustainability transitions in the context of a developing economy by illustrating the importance of both types of policy for eco-innovation, as they correct two market failures and, more importantly, address the systemic coordination problems that occur during the production of green patents

Exploring Feature Selection Scenarios for Deep Learning-based Side-channel Analysis

One of the main promoted advantages of deep learning in profiling sidechannel analysis is the possibility of skipping the feature engineering process. Despite that, most recent publications consider feature selection as the attacked interval from the side-channel measurements is pre-selected. This is similar to the worst-case security assumptions in security evaluations when the random secret shares (e.g., mask shares) are known during the profiling phase: an evaluator can identify points of interest locations and efficiently trim the trace interval. To broadly understand how feature selection impacts the performance of deep learning-based profiling attacks, this paper investigates three different feature selection scenarios that could be realistically used in practical security evaluations. The scenarios range from the minimum possible number of features (worst-case security assumptions) to the whole available traces. Our results emphasize that deep neural networks as profiling models show successful key recovery independently of explored feature selection scenarios against first-order masked software implementations of AES-128. First, we show that feature selection with the worst-case security assumptions results in optimal profiling models that are highly dependent on the number of features and signal-to-noise ratio levels. Second, we demonstrate that attacking raw side-channel measurements with small deep neural networks also provides optimal models, that shortens the gap between worst-case security evaluations and online (realistic) profiling attacks. In all explored feature selection scenarios, the hyperparameter search always indicates a successful model with up to eight hidden layers for MLPs and CNNs, suggesting that complex models are not required for the considered datasets. Our results demonstrate the key recovery with less than ten attack traces for all datasets for at least one of the feature selection scenarios. Additionally, in several cases, we can recover the target key with a single attack trace

The Need for Speed: A Fast Guessing Entropy Calculation for Deep Learning-based SCA

The adoption of deep neural networks for profiling side-channel attacks (SCA) opened new perspectives for leakage detection. Recent publications showed that cryptographic implementations featuring different countermeasures could be broken without feature selection or trace preprocessing. This success comes with a high price: extensive hyperparameter search to find optimal deep learning models. As deep learning models usually suffer from overfitting due to their high fitting capacity, it is crucial to avoid over-training regimes, which require a correct number of epochs. For that, \textit{early stopping} is employed as an efficient regularization method that requires a consistent validation metric. Although guessing entropy is a highly informative metric for profiling SCA, it is time-consuming, especially if computed for all epochs during training and the number of validation traces is significantly large. This paper shows that guessing entropy can be efficiently computed during training by reducing the number of validation traces without affecting the efficiency of early stopping decisions. Our solution significantly speeds up the process, impacting hyperparameter search and overall profiling attack performances. Our fast guessing entropy calculation is up to 16$\times$ faster, resulting in more hyperparameter tuning experiments and allowing security evaluators to find more efficient deep learning model

I Know What Your Layers Did: Layer-wise Explainability of Deep Learning Side-channel Analysis

Masked cryptographic implementations can be vulnerable to higher-order attacks. For instance, deep neural networks have proven effective for second-order profiling side-channel attacks even in a black-box setting (no prior knowledge of masks and implementation details). While such attacks have been successful, no explanations were provided for understanding why a variety of deep neural networks can (or cannot) learn high-order leakages and what the limitations are. In other words, we lack the explainability on neural network layers combining (or not) unknown and random secret shares, which is a necessary step to defeat, e.g., Boolean masking countermeasures. In this paper, we use information-theoretic metrics to explain the internal activities of deep neural network layers. We propose a novel methodology for the explainability of deep learning-based profiling side-channel analysis (denoted ExDL-SCA) to understand the processing of secret masks. Inspired by the Information Bottleneck theory, our explainability methodology uses perceived information to explain and detect the different phenomena that occur in deep neural networks, such as fitting, compression, and generalization. We provide experimental results on masked AES datasets showing where, what, and why deep neural networks learn relevant features from input trace sets while compressing irrelevant ones, including noise. This paper opens new perspectives for understanding the role of different neural network layers in profiling side-channel attacks

Focus is Key to Success: A Focal Loss Function for Deep Learning-based Side-channel Analysis

The deep learning-based side-channel analysis represents one of the most powerful side-channel attack approaches. Thanks to its capability in dealing with raw features and countermeasures, it becomes the de facto standard evaluation method for the evaluation labs/certification schemes. To reach this performance level, recent works significantly improved the deep learning-based attacks from various perspectives, like hyperparameter tuning, design guidelines, or custom neural network architecture elements. Still, limited attention has been given to the core of the learning process - the loss function. This paper analyzes the limitations of the existing loss functions and then proposes a novel side-channel analysis-optimized loss function: Focal Loss Ratio (FLR), to cope with the identified drawbacks observed in other loss functions. To validate our design, we 1) conduct a thorough experimental study considering various scenarios (datasets, leakage models, neural network architectures) and 2) compare with other loss functions commonly used in the deep learning-based side-channel analysis (both ``traditional\u27\u27 one and those designed for side-channel analysis). Our results show that FLR loss outperforms other loss functions in various conditions while not having computation overheads compared to common loss functions like categorical cross-entropy

Detecting GPC3-Expressing Hepatocellular Carcinoma with L5 Peptide-Guided Pretargeting Approach: An In Vitro MRI Experiment

Background and Aim: Glypican-3 (GPC3) is a novel molecular target for hepatocellular carcinoma (HCC). This study investigated the potential of an L5 peptide-guided pretargeting approach to identify GPC3-expressing HCC cells using ultra-small super-paramagnetic iron oxide (USPIO) as the MRI probe.Methods: Immunofluorescence with carboxyfluorescein (FAM)-labeled L5 peptide was performed in HepG2 and HL-7702 cells. Polyethylene glycol-modified ultrasmall superparamagnetic iron oxide (PEG-USPIO) and its conjugates with streptavidin (SA-PEG-USPIO) were synthesized, and hydrodynamic diameters, zeta potential, T2 relaxivity, and cytotoxicity were measured. MR T2-weighted imaging of HepG2 was performed to observe signal changes in the pretargeting group, which was first incubated with biotinylated L5 peptide and then with SA-PEG-USPIO. Prussian blue staining of cells was used to assess iron deposition.Results: Immunofluorescence assays showed high specificity of L5 peptide for GPC3. SA-PEG-USPIO nanoparticles had ≈36 nm hydrodynamic diameter, low toxicity, negative charge and high T2 relaxivity. MR imaging revealed that a significant negative enhancement was only observed in HepG2 cells from the pretargeting group, which also showed significant iron deposition with Prussian blue staining.Conclusion: MR imaging with USPIO as the probe has potential to identify GPC3-expressing HCC through L5 peptide-guided pretargeting approach