research-article

Far Field EM Side-Channel Attack on AES Using Deep Learning

Authors:

Elena DubrovaAuthors Info & Claims

ASHES'20: Proceedings of the 4th ACM Workshop on Attacks and Solutions in Hardware Security

Pages 35 - 44

https://doi.org/10.1145/3411504.3421214

Published: 09 November 2020 Publication History

Abstract

We present the first deep learning-based side-channel attack on AES-128 using far field electromagnetic emissions as a side channel. Our neural networks are trained on traces captured from five different Bluetooth devices at five different distances to target and tested on four other Bluetooth devices. We can recover the key from less than 10K traces captured in an office environment at 15 m distance to target even if the measurement for each encryption is taken only once. Previous template attacks required multiple repetitions of the same encryption. For the case of 1K repetitions, we need less than 400 traces on average at 15 m distance to target. This improves the template attack presented at CHES'2020 which requires 5K traces and key enumeration up to 223.

References

[1]

2013. Small portable AES128/192/256 in C. Github. https://github.com/kokke/tiny-AES-c/.

[2]

Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi. 2003. The EM Side-Channel(s). In Crypt. Hardware and Embedded Systems. 29--45.

[3]

Ryad Benadjila, Emmanuel Prouff, Rémi Strullu, Eleonora Cagli, and Cécile Dumas. 2018. Study of deep learning techniques for side-channel analysis and introduction to ASCAD database. ANSSI 22 (2018), 2018.

[4]

Shivam Bhasin, Anupam Chattopadhyay, Annelie Heuser, Dirmanto Jap, Stjepan Picek, and Ritu Ranjan Shrivastwa. 2020. Mind the Portability: A Warriors Guide through Realistic Profiled Side-channel Analysis. In Network and Distributed System Security Symposium. https://doi.org/10.14722/ndss.2020.24390

[5]

Eric Brier, Christophe Clavier, and Francis Olivier. 2004. Correlation Power Analysis with a Leakage Model. In Cryptographic Hardware and Embedded Systems, Marc Joye and Jean-Jacques Quisquater (Eds.). Springer, 16--29.

[6]

Martin Brisfors and Sebastian Forsmark. 2019. Deep-Learning Side-Channel Attacks on AES. Master's thesis. KTH, School of EECS.

[7]

Martin Brisfors and Sebastian Forsmark. 2019. DLSCA: a Tool for Deep Learning Side Channel Analysis. IACR Cryptology ePrint Archive, Report 2019/1071. https://eprint.iacr.org/2019/1071.

[8]

Stephane Bronckers, Geert Van der Plas, and Yves Rolain. 2010. Substrate noise coupling in analog/RF circuits. Artech House.

[9]

Eleonora Cagli, Cécile Dumas, and Emmanuel Prouff. 2017. Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures. In Cryptographic Hardware and Embedded Systems -- CHES 2017. 45--68.

[10]

Giovanni Camurati, Aurélien Francillon, and François-Xavier Standaert. 2020. Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks. IACR Trans. on CHES 2020, 3 (2020), 358--401.

[11]

Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, and Aurélien Francillon. 2018. Screaming channels: When electromagnetic side channels meet radio transceivers. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 163--177.

Digital Library

[12]

Joan Daemen and Vincent Rijmen. 2002. The Design of Rijndael: AES - The Advanced Encryption Standard. Springer.

[13]

Debayan Das, Anupam Golder, Josef Danial, Santosh Ghosh, Arijit Raychowdhury, and Shreyas Sen. 2019. X-DeepSCA: Cross-device deep learning side channel attack. In Proceedings of the 56th Annual Design Automation Conference 2019. 1--6.

Digital Library

[14]

Karine Gandolfi, Christophe Mourtel, and Francis Olivier. 2001. Electromagnetic analysis: Concrete results. In International workshop on cryptographic hardware and embedded systems. Springer, 251--261.

Digital Library

[15]

R. Gilmore, N. Hanley, and M. O'Neill. 2015. Neural network based attack on a masked implementation of AES. In 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 106--111.

[16]

Ian Goodfellow, Yoshua Bengio, and Aaron Courville. 2016. Deep Learning. MIT Press. http://www.deeplearningbook.org.

Digital Library

[17]

Saulius Japertas. 2011. The research of IEEE 802.11 signal LOS propagation features for complex geometry indoors. (2011).

[18]

P. Juszczak, D. M. J. Tax, and R. P. W. Duin. 2002. Feature scaling in support vector data description. In Proc. Ann. Conf. Adv. School Comput. Imaging. 25--30.

[19]

Jaehun Kim, Stjepan Picek, Annelie Heuser, Shivam Bhasin, and Alan Hanjalic. 2019. Make Some Noise. Unleashing the Power of Convolutional Neural Networks for Profiled Side-channel Analysis. IACR Transactions on Cryptographic Hardware and Embedded Systems 2019, 3 (May 2019), 148--179.

[20]

Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Advances in Cryptology ? CRYPTO? 99. Springer, 388--397.

[21]

Paul Kocher, Ruby Lee, Gary McGraw, and Anand Raghunathan. 2004. Security As a New Dimension in Embedded System Design. In Proc. of Design Automation Conference (DAC '04). 753--760.

[22]

Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Proc. of the 16th Annual Int. Cryptology Conf. on Advances in Cryptology. 104--113.

Digital Library

[23]

T. Kubota, K. Yoshida, M. Shiozaki, and T. Fujino. 2019. Deep Learning SideChannel Attack Against Hardware Implementations of AES. In 2019 22nd Euromicro Conference on Digital System Design (DSD). 261--268.

[24]

Houssem Maghrebi. 2019. Deep learning based side channel attacks in practice. IACR Cryptology ePrint Archive, Report 2019/578.

[25]

Houssem Maghrebi, Thibault Portigliatti, and Emmanuel Prouff. 2016. Breaking Cryptographic Implementations Using Deep Learning Techniques. In Security, Privacy, and Applied Cryptography Engineering, Claude Carlet, M. Anwar Hasan, and Vishal Saraswat (Eds.). Springer International Publishing, Cham, 3--26.

[26]

Stefan Mangard, Elisabeth Oswald, and Thomas Popp. 2007. Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer-Verlag New York, Inc., Secaucus, NJ, USA.

Digital Library

[27]

Zdenek Martinasek, Petr Dzurenda, and Lukas Malina. 2016. Profiling power analysis attack based on MLP in DPA contest V4. 2. In 2016 39th International Conference on Telecommunications and Signal Processing (TSP). IEEE, 223--226.

[28]

Zdenek Martinasek, Lukas Malina, and Krisztina Trasy. 2015. Profiling power analysis attack based on multi-layer perceptron network. In Computational Problems in Science and Engineering. Springer, 317--339.

[29]

Loïc Masure, Cécile Dumas, and Emmanuel Prouff. 2020. A comprehensive study of deep learning for side-channel analysis. IACR Transactions on Cryptographic Hardware and Embedded Systems (2020), 348--375.

[30]

H. Pahlevanzadeh, J. Dofe, and Q. Yu. 2016. Assessing CPA resistance of AES with different fault tolerance mechanisms. In 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC). 661--666.

[31]

Guilherme Perin, Baris Ege, and Jasper van Woudenberg. 2018. Lowering the Bar: Deep Learning for Side-Channel Analysis (White Paper). BlackHat?2018.

[32]

Christophe Pfeifer and Patrick Haddad. 2018. Spread: a new layer for profiled deep-learning side-channel attacks. IACR Cryptology ePrint Archive, Report 2018/880.

[33]

Stjepan Picek, Ioannis Petros Samiotis, Jaehun Kim, Annelie Heuser, Shivam Bhasin, and Axel Legay. 2018. On the performance of convolutional neural networks for side-channel analysis. In International Conference on Security, Privacy, and Applied Cryptography Engineering. Springer, 157--176.

[34]

Emmanuel Prouff, Remi Strullu, Ryad Benadjila, Eleonora Cagli, and Cécile Canovas. 2018. Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ASCAD Database. IACR Cryptology ePrint Archive, 2018/053.

[35]

Jean-Jacques Quisquater and David Samyde. 2001. Electromagnetic analysis (ema): Measures and counter-measures for smart cards. In International Conference on Research in Smart Cards. Springer, 200--210.

[36]

Herbert Robbins and Sutton Monro. 1951. A Stochastic Approximation Method. Ann. Math. Statist. 22 (1951), 400--407.

[37]

Benjamin Timon. 2018. Non-Profiled Deep Learning-Based Side-Channel Attacks. IACR Cryptology ePrint Archive, Report 2018/196.

[38]

Huanyu Wang, Martin Brisfors, Sebastian Forsmark, and Elena Dubrova. 2019. How diversity affects deep-learning side-channel attacks. In 2019 IEEE Nordic Circuits and Systems Conference (NORCAS): NORCHIP and International Symposium of System-on-Chip (SoC). IEEE, 1--7.

[39]

Huanyu Wang and Elena Dubrova. 2020. Tandem Deep Learning Side-Channel Attack Against FPGA Implementation of AES. IACR Cryptology ePrint Archive, Report 2020/373. https://eprint.iacr.org/2020/373.

[40]

Huanyu Wang, Sebastian Forsmark, Martin Brisfors, and Elena Dubrova. 2020. Multi-source training deep learning side-channel attacks. IEEE 50th International Symposium on Multiple-Valued Logic (2020).

Cited By

He DWang HDeng TLiu JWang J(2025)Improving IIoT security: Unveiling threats through advanced side-channel analysisComputers & Security10.1016/j.cose.2024.104135148(104135)Online publication date: Jan-2025
https://doi.org/10.1016/j.cose.2024.104135
Camurati GFrancillon A(2025)Screaming ChannelsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1686(2174-2176)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1686
Fattah A(2024)Design of Deep Learning Technique Based Side Channel Attack Analysis for System on ChipsINTERNATIONAL JOURNAL OF PROFESSIONAL STUDIES10.37648/ijps.v17i01.00617:1(63-73)Online publication date: 2024
https://doi.org/10.37648/ijps.v17i01.006
Show More Cited By

Index Terms

Far Field EM Side-Channel Attack on AES Using Deep Learning
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

Advanced Far Field EM Side-Channel Attack on AES
CPSS '21: Proceedings of the 7th ACM on Cyber-Physical System Security Workshop

Several attacks on AES using far field electromagnetic (EM) emission as a side channel have been recently presented. Unlike power analysis or near filed EM analysis, far field EM attacks do not require a close physical proximity to the device under ...
Combined fault and side-channel attack on protected implementations of AES
CARDIS'11: Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications

The contribution of this paper is twofold: (1) a novel fault injection attack against AES, based on a new fault model, is proposed. Compared to state-of-the-art attacks, this fault model advantage is to relax constraints on the fault location, and then ...
Reinforcement Learning-Based Design of Side-Channel Countermeasures
Security, Privacy, and Applied Cryptography Engineering
Abstract
Deep learning-based side-channel attacks are capable of breaking targets protected with countermeasures. The constant progress in the last few years makes the attacks more powerful, requiring fewer traces to break a target. Unfortunately, to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASHES'20: Proceedings of the 4th ACM Workshop on Attacks and Solutions in Hardware Security

November 2020

145 pages

ISBN:9781450380904

DOI:10.1145/3411504

General Chairs:
Chip Hong Chang
NTU Singapore
,
Ulrich Rührmair
UC Berkeley, USA
,
Program Chairs:
Stefan Katzenbeisser
University of Passau
,
Patrick Schaumont
Worcester Polytechnic Institute

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Vetenskapsrådet

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 13, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 6 of 20 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

39
Total Citations
View Citations
680
Total Downloads

Downloads (Last 12 months)136
Downloads (Last 6 weeks)8

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

He DWang HDeng TLiu JWang J(2025)Improving IIoT security: Unveiling threats through advanced side-channel analysisComputers & Security10.1016/j.cose.2024.104135148(104135)Online publication date: Jan-2025
https://doi.org/10.1016/j.cose.2024.104135
Camurati GFrancillon A(2025)Screaming ChannelsEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1686(2174-2176)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1686
Fattah A(2024)Design of Deep Learning Technique Based Side Channel Attack Analysis for System on ChipsINTERNATIONAL JOURNAL OF PROFESSIONAL STUDIES10.37648/ijps.v17i01.00617:1(63-73)Online publication date: 2024
https://doi.org/10.37648/ijps.v17i01.006
Zunaidi MSayakkara AScanlon M(2024)Revealing IoT Cryptographic Settings through Electromagnetic Side-Channel AnalysisElectronics10.3390/electronics1308157913:8(1579)Online publication date: 20-Apr-2024
https://doi.org/10.3390/electronics13081579
Hameed FRamesh SAlkhzaimi H(2024)Improved Hybrid Bagging Resampling Framework for Deep Learning-Based Side-Channel AnalysisComputers10.3390/computers1308021013:8(210)Online publication date: 20-Aug-2024
https://doi.org/10.3390/computers13080210
Li YYan ZJin WNing ZLiu DQin ZLiu YZhu HLi MLuo BLiao XXu JKirda ELie D(2024)GPSBuster: Busting out Hidden GPS Trackers via MSoC Electromagnetic RadiationsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690362(3302-3316)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690362
Iyer VRezac J(2024)Using EM Side-Channels Near a Bluetooth Server Implementation to Monitor Bit-Level Leakages in BLE Communication ChannelsProceedings of the Great Lakes Symposium on VLSI 202410.1145/3649476.3658742(459-464)Online publication date: 12-Jun-2024
https://dl.acm.org/doi/10.1145/3649476.3658742
Danieli EGoldzweig MAvital MLevi I(2024)Revealing the Secrets of Radio Embedded Systems: Extraction of Raw Information via RFIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.334513119(2066-2081)Online publication date: 2024
https://doi.org/10.1109/TIFS.2023.3345131
Ibrahim YKermanshahi SKasmarik KHu J(2024)A Taxonomy-Based Survey of EM-SCA and Implications for Multi-Robot SystemsIEEE Open Journal of the Computer Society10.1109/OJCS.2024.34618085(511-529)Online publication date: 2024
https://doi.org/10.1109/OJCS.2024.3461808
Rizqulloh MHaritman EPramudita RPawinanto RSaritka NRamelan A(2024)An SAD architecture Verilog based for pattern matching2024 10th International Conference on Wireless and Telematics (ICWT)10.1109/ICWT62080.2024.10674666(1-4)Online publication date: 4-Jul-2024
https://doi.org/10.1109/ICWT62080.2024.10674666
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten