Abstract
The ASCAD databases marked the starting point for a large amount of research regarding deep learning-based (SCA). While most work focuses on the analysis of different architectures, little attention has been paid to the datasets used for training and evaluation. In this paper, we provide a detailed analysis of the ASCAD datasets that examines all 16 bytes of the targeted AES implementation and reveals leakage from intermediate values of interest for attribution of Machine Learning (ML)-based SCA. We show that some bytes exhibit first-order or univariate second-order leakage that is unexpected for a protected implementation. Subsequently, we investigate how training on the fixed key we provide a detailed analysis of the ASCAD database is an easier task for (CNNs) based on two different hyperparameter architectures. Our findings suggest that results based on the we provide a detailed analysis of the ASCAD fix dataset should be revisited and that the more recent ASCAD variable dataset with variable key training should be used in future work. Finally, we investigate the attack success for all bytes. Performance differences with the same network architecture for different bytes highlight that even traces of identical operations on the same dataset pose challenges to CNNs. This highlights the possibility to use different bytes of the ASCAD dataset in order to evaluate the robustness of ML approaches in future work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
https://github.com/ANSSI-FR/ASCAD, accessed 29.04.2021.
- 2.
Recently, in May 2021, a database with traces from a 32-bit STM32F303 microcontroller was released as ASCADv2 database. As most related work is based on the ATMega databases, the in-depth analysis of the new database is left as future work.
- 3.
- 4.
Note that we use byte indices according to the AES standard in contrast to the indexing introduced with the ASCAD databases [17] starting with index 1.
- 5.
https://github.com/ANSSI-FR/secAES-ATmega8515, accessed 29.04.2021.
- 6.
- 7.
The sampling frequency is not \(f_s ={2}\,\mathrm {GS/s}\) as provided by [2] and generally adopted by related work. In this case the whole trace segment would only show 1.4 clock cycles, which is not consistent with the CPOI results.
- 8.
https://github.com/ANSSI-FR/ASCAD/issues/2, accessed 29.04.2021.
- 9.
https://github.com/ANSSI-FR/ASCAD, accessed 29.04.2021.
- 10.
The authors revised their claim that both datasets consist of EM measurements to them actually being power measurements in https://github.com/ANSSI-FR/ASCAD/issues/13, accessed 15.02.2022.
- 11.
Note that for key byte \(k_{15} \) of the ASCAD variable dataset there is one additional peak compared to the other bytes. We manually corrected the range such that the same operations/code lines are contained.
- 12.
We map the beginning of a correlation peak to the rising edge of a clock cycle, as the highest current change is reflected by a high leakage. We build our mapping on load and store operations that normally exhibit higher leakage for microcontrollers as the data transfer over the bus consumes more power than normal ALU operations. The first operation, namely the load of \(r_{i}\) in line 407, is mapped to the corresponding first correlation peak. The second operation is the store of the final S-Box result \(\mathrm {S}(k_{i} \oplus ptxt_{i})\oplus r_{i} \) in line 428.
- 13.
Namely r3, r24, r26 and r27, for details please refer to the assembly implementation.
- 14.
Note that the possibility of a first-order leak has already been discussed in https://github.com/ANSSI-FR/ASCAD/issues/15, where a normalization step allows for a sort of second-order univariate attack if observing a certain sample (sample 188) independently. Nevertheless, this does not have an influence in practice, as in a masked setting an attacker can not perform leakage evaluation to identify this sample directly, but rather has to use the maximum correlation among all samples.
- 15.
Interestingly, one main difference compared to the architecture for ASCAD fix [18, Table 10] is the kernel size of the convolutional layer, which is considerably smaller – a further indication that the information is concentrated on fewer samples.
References
Balasch, J., Gierlichs, B., Grosso, V., Reparaz, O., Standaert, F.-X.: On the cost of lazy engineering for masked software implementations. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 64–81. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16763-3_5
Benadjila, R., Prouff, E., Strullu, R., Cagli, E., Dumas, C.: Deep learning for side-channel analysis and introduction to ASCAD database. J. Cryptogr. Eng. 10, 163–188 (2019)
Bhasin, S., Chattopadhyay, A., Heuser, A., Jap, D., Picek, S., Shrivastwa, R.R.: Mind the portability: a warriors guide through realistic profiled side-channel analysis. Cryptology ePrint Archive, Report 2019/661, https://eprint.iacr.org/2019/661
Bronchain, O., Cassiers, G., Standaert, F.X.: Give me 5 minutes: attacking ASCAD with a single side-channel trace. Cryptology ePrint Archive, Report 2021/817 (2021). https://ia.cr/2021/817
Bronchain, O., Durvaux, F., Masure, L., Standaert, F.X.: Efficient profiled side-channel analysis of masked implementations, extended. IEEE Trans. Inf. Foren. Secur. 17, 1–1 (2022)
Cao, P., Zhang, C., Lu, X., Gu, D.: Cross-device profiled side-channel attack with unsupervised domain adaptation. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(4), 27–56 (2021). https://doi.org/10.46586/tches.v2021.i4.27-56, https://tches.iacr.org/index.php/TCHES/article/view/9059
Le Corre, Yann, Großschädl, Johann, Dinu, Daniel: Micro-architectural power simulator for leakage assessment of cryptographic software on ARM Cortex-M3 processors. In: Fan, Junfeng, Gierlichs, Benedikt (eds.) COSADE 2018. LNCS, vol. 10815, pp. 82–98. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89641-0_5
Durvaux, F., Standaert, F.-X.: From improved leakage detection to the detection of points of interests in leakage traces. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 240–262. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_10
Hettwer, B., Gehrer, S., Güneysu, T.: Deep neural network attribution methods for leakage analysis and symmetric key recovery. In: Paterson, K.G., Stebila, D. (eds.) SAC 2019. LNCS, vol. 11959, pp. 645–666. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-38471-5_26
Hoang, A.T., Hanley, N., O’Neill, M.: Plaintext: a missing feature for enhancing the power of deep learning in side-channel analysis? Breaking multiple layers of side-channel countermeasures. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(4), 49–85 (2020)
Lu, X., Zhang, C., Cao, P., Gu, D., Lu, H.: Pay attention to raw traces: a deep learning architecture for end-to-end profiling attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(3), 235–274 (2021). https://doi.org/10.46586/tches.v2021.i3.235-274, https://tches.iacr.org/index.php/TCHES/article/view/8974
Mangard, Stefan, Oswald, Elisabeth, Popp, Thomas: Power Analysis Attacks. Springer, Boston, MA (2007). https://doi.org/10.1007/978-0-387-38162-6
Masure, L., Dumas, C., Prouff, E.: Gradient visualization for general characterization in profiling attacks. In: Polian, I., Stöttinger, M. (eds.) Constructive Side-Channel Analysis and Secure Design, pp. 145–167. Springer International Publishing, Cham (2019)
Moradi, A., Mischke, O.: On the simplicity of converting leakages from multivariate to univariate. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 1–20. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40349-1_1
Perin, G., Chmielewski, L., Picek, S.: Strength in numbers: improving generalization with ensembles in machine learning-based profiled side-channel analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(4), 337–364 (2020). https://doi.org/10.13154/tches.v2020.i4.337-364, https://tches.iacr.org/index.php/TCHES/article/view/8686
Prouff, E., Rivain, M., Bevan, R.: Statistical analysis of second order differential power analysis. IEEE Trans. Comput. 58(6), 799–811 (2009)
Prouff, E., Strullu, R., Benadjila, R., Cagli, E., Dumas, C.: Study of deep learning techniques for side-channel analysis and introduction to ASCAD database. Cryptology ePrint Archive, Report 2018/053 (2018). https://eprint.iacr.org/2018/053
Rijsdijk, J., Wu, L., Perin, G., Picek, S.: Reinforcement learning for hyperparameter tuning in deep learning-based side-channel analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(3), 677–707 (2021). https://doi.org/10.46586/tches.v2021.i3.677-707, https://tches.iacr.org/index.php/TCHES/article/view/8989
Seuschek, H., Rass, S.: Side-channel leakage models for RISC instruction set architectures from empirical data. Microprocess. Microsyst. 47, 74–81 (2016)
Timon, B.: Non-profiled deep learning-based side-channel attacks with sensitivity analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 107–131 (2019)
Wu, L., Picek, S.: Remove some noise: on pre-processing of side-channel measurements with autoencoders. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(4), 389–415 (2020)
Yu, H., Shan, H., Panoff, M., Jin, Y.: Cross-device profiled side-channel attacks using meta-transfer learning. In: 2021 58th ACM/IEEE Design Automation Conference (DAC). IEEE, December 2021. https://doi.org/10.1109/dac18074.2021.9586100
Zhou, Y., Standaert, F.-X.: Deep learning mitigates but does not annihilate the need of aligned traces and a generalized ResNet model for side-channel attacks. J. Cryptogr. Eng. 10(1), 85–95 (2019). https://doi.org/10.1007/s13389-019-00209-3
Acknowledgment
This work was supported by the German Federal Ministry of Education and Research in the project SIKRIN-KRYPTOV through grant number 16KIS1070. We also gratefully acknowledge the support of NVIDIA Corporation with the donation of the Titan V GPU used for this research. We would like to thank all reviewers for their valuable feedback during the review process.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
1.1 A.1 Sample Ranges for Different Bytes
See Table 4.
1.2 A.2 Multivariate Second-Order Attack - Sample Combinations
The resulting correlation results for all sample combinations are shown in Fig. 8. Note that for visualization, we used a convolution filter as due to the low amount of combination points they were barely visible. Furthermore, correlations of less than \(4/\sqrt{10000}\) are depicted in white [12]. We limit our evaluation to key bytes with different leakage characteristics as shown in Fig. 3. For all these key bytes it can be concluded that samples corresponding to \(r_{out}\) (around 70) and \(r_{i}\) (200) can be combined with their corresponding masked S-Box value (1000 and 1100). For \(k_{15}\) the additional leakage of \(\mathrm {S}(k_{15} \oplus ptxt_{15}) \oplus r_{out} \) allows for an additional combination with samples around index 200. Further, key bytes that are vulnerable against first-order CPA (\(k_{4}\), \(k_{5}\)) show possible additional combinations.
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Egger, M., Schamberger, T., Tebelmann, L., Lippert, F., Sigl, G. (2022). A Second Look at the ASCAD Databases. In: Balasch, J., O’Flynn, C. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2022. Lecture Notes in Computer Science, vol 13211. Springer, Cham. https://doi.org/10.1007/978-3-030-99766-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-99766-3_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-99765-6
Online ISBN: 978-3-030-99766-3
eBook Packages: Computer ScienceComputer Science (R0)