International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures

Authors:
Anh-Tuan Hoang , Centre for Secure Information Technologies (CSIT), ECIT, Queen’s University Belfast, United Kingdom
Neil Hanley , Centre for Secure Information Technologies (CSIT), ECIT, Queen’s University Belfast, United Kingdom
Maire O’Neill , Centre for Secure Information Technologies (CSIT), ECIT, Queen’s University Belfast, United Kingdom
Download:
DOI: 10.13154/tches.v2020.i4.49-85
URL: https://tches.iacr.org/index.php/TCHES/article/view/8677
Search ePrint
Search Google
Presentation: Slides
Abstract: Deep learning (DL) has proven to be very effective for image recognition tasks, with a large body of research on various model architectures for object classification. Straight-forward application of DL to side-channel analysis (SCA) has already shown promising success, with experimentation on open-source variable key datasets showing that secret keys can be revealed with 100s traces even in the presence of countermeasures. This paper aims to further improve the application of DL for SCA, by enhancing the power of DL when targeting the secret key of cryptographic algorithms when protected with SCA countermeasures. We propose a new model, CNN-based model with Plaintext feature extension (CNNP) together with multiple convolutional filter kernel sizes and structures with deeper and narrower neural networks, which has empirically proven its effectiveness by outperforming reference profiling attack methods such as template attacks (TAs), convolutional neural networks (CNNs) and multilayer perceptron (MLP) models. Our model generates state-of-the art results when attacking the ASCAD variable-key database, which has a restricted number of training traces per key, recovering the key within 40 attack traces in comparison with order of 100s traces required by straightforward machine learning (ML) application. During the profiling stage an attacker needs no additional knowledge on the implementation, such as the masking scheme or random mask values, only the ability to record the power consumption or electromagnetic field traces, plaintext/ciphertext and the key. Additionally, no heuristic pre-processing is required in order to break the high-order masking countermeasures of the target implementation.
Video from TCHES 2020
BibTeX
@article{tches-2020-30548,
  title={Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2020, Issue 4},
  pages={49-85},
  url={https://tches.iacr.org/index.php/TCHES/article/view/8677},
  doi={10.13154/tches.v2020.i4.49-85},
  author={Anh-Tuan Hoang and Neil Hanley and Maire O’Neill},
  year=2020
}