nach oben

Cryptography and Communications

Erschienen in:

29.04.2021

How to fool a black box machine learning based side-channel security evaluation

verfasst von: Charles-Henry Bertrand Van Ouytsel, Olivier Bronchain, Gaëtan Cassiers, François-Xavier Standaert

Erschienen in: Cryptography and Communications | Ausgabe 4/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Machine learning and deep learning algorithms are increasingly considered as potential candidates to perform black box side-channel security evaluations. Inspired by the literature on machine learning security, we put forward that it is easy to conceive implementations for which such black box security evaluations will incorrectly conclude that recovering the key is difficult, while an informed evaluator / adversary will reach the opposite conclusion (i.e., that the device is insecure given the amount of measurements available).

Vorheriger Artikel Monomial evaluation of polynomial functions protected by threshold implementations—with an illustration on AES—

Nächster Artikel A stealthy Hardware Trojan based on a Statistical Fault Attack

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Less relevant examples for the following discussion include model stealing [20] and membership inference attacks [21]

Which applies to non-profiled machine learning based evaluations as well [26].

Other intermediate computations could be targeted (e.g., the output of AddRoundKey). Yet, the output of the Sbox offers a sweat spot for side-channel attacks due to its non-linearity.

http://satoh.cs.uec.ac.jp/SAKURA/hardware/SAKURA-X.html

https://github.com/hgrosz/aes-dom

This approach can directly be applied to bitslice masked ciphers [38]. Indeed, the protected implementation can be placed on the lower bits and the cheating labels on the upper bits with disabled randomness. This will make the upper bits leaking at first order exactly as in the hardware case.

Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P., et al.: A testing methodology for side-channel resistance validation. In: NIST non-invasive attack testing workshop, vol. 7, pp. 115–136 (2011)

Cooper, J., Mulder, E.D., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test vector leakage assessment (tvla) methodology in practice. In: International cryptographic module conference (ICMC 2013), vol. 20, p. 13 (2013)

Mather, L., Oswald, E., Bandenburg, J., Wójcik, M: Does my device leak information? an a priori statistical power analysis of leakage detection tests. In: ASIACRYPT (1), LNCS, vol. 8269, pp. 486–505. Springer (2013)

Schneider, T., Moradi, A.: Leakage assessment methodology - extended version. J. Cryptographic Engineering 6(2), 85–99 (2016)CrossRef

Durvaux, F., Standaert, F-X: From improved leakage detection to the detection of points of interests in leakage traces. In: EUROCRYPT (1), LNCS, vol. 9665, pp. 240–262. Springer (2016)

Hospodar, G., Gierlichs, B., Mulder, E.D., Verbauwhede, I., Vandewalle, J.: Machine learning in side-channel analysis: a first study. J. Cryptographic Engineering 1(4), 293–302 (2011)CrossRef

Heuser, A., Zohner, M.: Intelligent machine homicide - breaking cryptographic devices using support vector machines. In: COSADE, LNCS, vol. 7275, pp. 249–264. Springer (2012)

Lerman, L., Medeiros, S.F., Bontempi, G., Markowitch, O.: A machine learning approach against a masked AES. In: CARDIS, LNCS, vol. 8419, pp. 61–75. Springer (2013)

Lerman, L., Poussier, R., Bontempi, G., Markowitch, O., Standaert, F-X: Template attacks vs. machine learning revisited (and the curse of dimensionality in side-channel analysis). In: COSADE, LNCS, vol. 9064, pp. 20–33. Springer (2015)

10.

Maghrebi, H., Portigliatti, T., Prouff, E.: Breaking cryptographic implementations using deep learning techniques. In: SPACE, LNCS, vol. 10076, pp. 3–26. Springer (2016)

11.

Cagli, E., Dumas, C., Prouff, E.: Convolutional neural networks with data augmentation against jitter-based countermeasures - profiling attacks without pre-processing. In: CHES, LNCS, vol. 10529, pp. 45–68. Springer (2017)

12.

Picek, S., Samiotis, I.P., Kim, J., Heuser, A., Bhasin, S., Legay, A.: On the performance of convolutional neural networks for side-channel analysis. In: SPACE, LNCS, vol. 11348, pp. 157–176. Springer (2018)

13.

Wegener, F., Moos, T., Moradi, A.: DL-LA: deep learning leakage assessment: A modern roadmap for SCA evaluations. IACR Cryptology ePrint Archive 2019, 505 (2019)

14.

Standaert, F-X: How (not) to use welch’s t-test in side-channel security evaluations. In: CARDIS, LNCS, vol. 11389, pp. 65–79. Springer (2018)

15.

Bronchain, O., Schneider, T., Standaert, F.-X.: Multi-tuple leakage detection and the dependent signal issue. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 318–345 (2019)CrossRef

16.

Whitnall, C., Oswald, E.: A critical analysis of ISO 17825 (’testing methods for the mitigation of non-invasive attack classes against cryptographic modules’). In: ASIACRYPT (3), LNCS, vol. 11923, pp. 256–284. Springer (2019)

17.

McDaniel, P.D., Papernot, N., Celik, Z.B.: Machine learning in adversarial settings. IEEE Security & Privacy 14(3), 68–72 (2016)CrossRef

18.

Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure?. In: AsiaCCS, pp. 16–25. ACM (2006)

19.

Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. In: ICML. icml.cc / Omnipress (2012)

20.

Tramèr, F, Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction apis. In: USENIX security symposium, pp. 601–618. USENIX Association (2016)

21.

Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: IEEE symposium on security and privacy, pp. 3–18. IEEE Computer Society (2017)

22.

Moradi, A., Standaert, F-X: Moments-correlating DPA. In: TIS@CCS, pp. 5–15. ACM (2016)

23.

Frénay, B, Verleysen, M.: Classification in the presence of label noise: A survey. IEEE Trans. Neural Netw. Learning Syst. 25(5), 845–869 (2014)CrossRef

24.

Renauld, M., Standaert, F-X, Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: EUROCRYPT, LNCS, vol. 6632, pp. 109–128. Springer (2011)

25.

Whitnall, C., Oswald, E., Standaert, F-X: The myth of generic dpa...and the magic of learning. In: CT-RSA, LNCS, vol. 8366, pp. 183–205. Springer (2014)

26.

Timon, B.: Non-profiled deep learning-based side-channel attacks with sensitivity analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 107–131 (2019)CrossRef

27.

Picek, S., Jap, D., Bhasin, S.: Poster: When adversary becomes the guardian - towards side-channel security with adversarial attacks. In: CCS, pp. 2673–2675. ACM (2019)

28.

Bronchain, O., Standaert, F-X: Side-channel countermeasures’ dissection and the limits of closed source security evaluations. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(2), 1–25 (2020)

29.

Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete - or how to evaluate the security of any leaking device. In: EUROCRYPT (1), LNCS, vol. 9056, pp. 401–429. Springer (2015)

30.

Bishop, C.M.: Pattern recognition and machine learning, 5th edition. Information science and statistics. Springer, Berlin (2007). http://www.worldcat.org/oclc/71008143

31.

Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: CRYPTO, LNCS, vol. 1666, pp. 398–412. Springer (1999)

32.

Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: CRYPTO, Lecture Notes in Computer Science, vol. 9215, pp. 764–783. Springer (2015)

33.

Cassiers, G., Grégoire, B, Levi, I., Standaert, F-X: Hardware private circuits: From trivial composition to full verification. IACR Cryptol. ePrint Arch. 2020, 185 (2020)

34.

Groß, H, Mangard, S., Korak, T.: Domain-oriented masking: Compact masked hardware implementations with arbitrary protection order. In: TIS@CCS, p. 3. ACM (2016)

35.

Standaert, F-X, Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: EUROCRYPT, LNCS, vol. 5479, pp. 443–461. Springer (2009)

36.

Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: Machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)MathSciNetMATH

37.

Mangard, S.: Hardware countermeasures against DPA ? A statistical analysis of their effectiveness. In: CT-RSA, LNCS, vol. 2964, pp. 222–235. Springer (2004)

38.

Goudarzi, D., Rivain, M.: How fast can higher-order masking be in software?. In: EUROCRYPT (1), Lecture notes in computer science, vol. 10210, pp. 567–597 (2017)

Titel: How to fool a black box machine learning based side-channel security evaluation
verfasst von: Charles-Henry Bertrand Van Ouytsel
Olivier Bronchain
Gaëtan Cassiers
François-Xavier Standaert
Publikationsdatum: 29.04.2021
Verlag: Springer US
Erschienen in: Cryptography and Communications / Ausgabe 4/2021
Print ISSN: 1936-2447
Elektronische ISSN: 1936-2455
DOI: https://doi.org/10.1007/s12095-021-00479-x

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2021

Special issue from mathematics to embedded devices

On the privacy of a code-based single-server computational PIR scheme

Monomial evaluation of polynomial functions protected by threshold implementations—with an illustration on AES—

Hashing to elliptic curves of j-invariant 1728

A stealthy Hardware Trojan based on a Statistical Fault Attack

Categorizing all linear codes of IPM over

Premium Partner