ABSTRACT
The application of convolutional neural networks (CNNs) to break cryptographic systems through hardware side-channels facilitated rapid and adaptable attacks on cryptographic systems like smart cards and Trusted Platform Modules (TPMs). However, current approaches rely on manually designed CNN architectures by domain experts, which are time-consuming and impractical for attacking new systems.
To overcome this, recent research has delved into the use of neural architecture search (NAS) to discover appropriate CNN architectures automatically. This approach aims to alleviate the burden on human experts and facilitate more efficient exploration of new attack targets. However, these works only optimize the architecture using the secret key information from the attack dataset and explore limited search strategies with one-dimensional CNNs. In this work, we propose a fully black-box NAS approach that solely utilizes the profiling dataset for optimization. Through an extensive experimental parameter study, we investigate which choices for NAS, such as using 1-D or 2-D CNNs and various search strategies, produce the best results on 10 state-of-the-art datasets for identity leakage model.
Our results demonstrate that applying the Random search strategy on 1-D inputs achieves a high success rate, enabling retrieval of the correct secret key using a single attack trace on two datasets. This combination matches the attack efficiency of fixed CNN architectures and outperforms them in 4 out of 10 datasets. Our experiments also emphasize the importance of repeated attack evaluations for ML-based solutions to avoid biased performance estimates.
- Rabin Y. Acharya, Fatemeh Ganji, and Domenic Forte. 2022. Information Theory-based Evolution of Neural Networks for Side-channel Analysis. IACR TCHES 2023, 1 (Nov. 2022), 401–437. https://doi.org/10.46586/tches.v2023.i1.401-437 https://tches.iacr.org/index.php/TCHES/article/view/9957.Google ScholarCross Ref
- Ryad Benadjila, Emmanuel Prouff, Rémi Strullu, Eleonora Cagli, and Cécile Dumas. 2020. Deep learning for side-channel analysis and introduction to ASCAD database. Journal of Cryptographic Engineering 10, 2 (June 2020), 163–188. https://doi.org/10.1007/s13389-019-00220-8Google ScholarCross Ref
- Eleonora Cagli, Cécile Dumas, and Emmanuel Prouff. 2017. Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures - Profiling Attacks Without Pre-processing. In CHES 2017(LNCS, Vol. 10529), Wieland Fischer and Naofumi Homma (Eds.). Springer, Heidelberg, 45–68. https://doi.org/10.1007/978-3-319-66787-4_3Google ScholarCross Ref
- Suresh Chari, Josyula R. Rao, and Pankaj Rohatgi. 2003. Template Attacks. In CHES 2002(LNCS, Vol. 2523), Burton S. Kaliski Jr., Çetin Kaya Koç, and Christof Paar (Eds.). Springer, Heidelberg, 13–28. https://doi.org/10.1007/3-540-36400-5_3Google ScholarCross Ref
- G. Cybenko. 1989. Approximation by superpositions of a sigmoidal function. Mathematics of Control, Signals, and Systems 2, 4 (01 12 1989), 303–314. https://doi.org/10.1007/BF02551274Google ScholarCross Ref
- Thomas Elsken, Jan Hendrik Metzen, and Frank Hutter. 2019. Neural Architecture Search: A Survey. Journal of Machine Learning Research 20 (2019), 55:1–55:21. http://jmlr.org/papers/v20/18-598.htmlGoogle Scholar
- Matthias Feurer, Jost Springenberg, and Frank Hutter. 2015. Initializing Bayesian Hyperparameter Optimization via Meta-Learning. Proceedings of the AAAI Conference on Artificial Intelligence 29, 1. https://doi.org/10.1609/aaai.v29i1.9354 https://ojs.aaai.org/index.php/AAAI/article/view/9354.Google ScholarCross Ref
- Richard Gilmore, Neil Hanley, and Maire O’Neill. 2015. Neural network-based attack on a masked implementation of AES. In 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 106–111. https://doi.org/10.1109/HST.2015.7140247Google ScholarCross Ref
- Margherita Grandini, Enrico Bagli, and Giorgio Visani. 2020. Metrics for Multi-Class Classification: an Overview. https://doi.org/10.48550/ARXIV.2008.05756 arxiv:2008.05756 [stat.ML]Google ScholarCross Ref
- Pritha Gupta, Jan Peter Drees, and Eyke Hüllermeier. 2023. Automated Side-Channel Attacks using Black-Box Neural Architecture Search. Cryptology ePrint Archive, Report 2023/093. https://eprint.iacr.org/2023/093.Google Scholar
- Mahdi Hashemi and Hassan A. Karimi. 2018. Weighted Machine Learning. Statistics, Optimization & Information Computing 6, 4 (02 11 2018), 497–525. https://doi.org/10.19139/soic.v6i4.479 http://www.iapress.org/index.php/soic/article/view/20181202.Google ScholarCross Ref
- Benjamin Hettwer, Tobias Horn, Stefan Gehrer, and Tim Güneysu. 2020. Encoding Power Traces as Images for Efficient Side-Channel Analysis. In 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)(2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)). 46–56. https://doi.org/10.1109/HOST45689.2020.9300289 https://doi.org/10.1109/HOST45689.2020.9300289.Google ScholarCross Ref
- Annelie Heuser, Stjepan Picek, Sylvain Guilley, and Nele Mentens. 2020. Lightweight Ciphers and Their Side-Channel Resilience. IEEE Trans. Comput. 69, 10 (2020), 1434–1448. https://doi.org/10.1109/TC.2017.2757921Google ScholarCross Ref
- Gabriel Hospodar, Benedikt Gierlichs, Elke De Mulder, Ingrid Verbauwhede, and Joos Vandewalle. 2011. Machine learning in side-channel analysis: a first study. Journal of Cryptographic Engineering 1, 4 (Dec. 2011), 293–302. https://doi.org/10.1007/s13389-011-0023-xGoogle ScholarCross Ref
- David Jensen. 2000. Data Snooping, Dredging and Fishing: The Dark Side of Data Mining a SIGKDD99 Panel Report. SIGKDD Explorations Newsletter 1, 2 (1 2000), 52–54. https://doi.org/10.1145/846183.846195 https://dl.acm.org/doi/10.1145/846183.846195.Google ScholarDigital Library
- Haifeng Jin. 2021. Efficient neural architecture search for automated deep learning. Ph. D. Dissertation. Texas A&M University. https://oaktrust.library.tamu.edu/bitstream/handle/1969.1/193093/JIN-DISSERTATION-2021.pdfGoogle Scholar
- Haifeng Jin, Qingquan Song, and Xia Hu. 2019. Auto-Keras: An Efficient Neural Architecture Search System. In Proceedings of the 25th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, Ankur Teredesai, Vipin Kumar, Ying Li, Rómer Rosales, Evimaria Terzi, and George Karypis (Eds.). Association for Computing Machinery, 1946–1956. https://doi.org/10.1145/3292500.3330648Google ScholarDigital Library
- Priyank Kashyap, Furkan Aydin, Seetal Potluri, Paul D. Franzon, and Aydin Aysu. 2021. 2Deep: Enhancing Side-Channel Attacks on Lattice-Based Key-Exchange via 2-D Deep Learning. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 40, 6 (2021), 1217–1229. https://doi.org/10.1109/TCAD.2020.3038701 https://doi.org/10.1109/TCAD.2020.3038701.Google ScholarCross Ref
- Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In CRYPTO’99(LNCS, Vol. 1666), Michael J. Wiener (Ed.). Springer, Heidelberg, 388–397. https://doi.org/10.1007/3-540-48405-1_25Google ScholarCross Ref
- Liran Lerman, Gianluca Bontempi, and Olivier Markowitch. 2015. A machine learning approach against a masked AES - Reaching the limit of side-channel attacks with a learning model. Journal of Cryptographic Engineering 5, 2 (June 2015), 123–139. https://doi.org/10.1007/s13389-014-0089-3Google ScholarCross Ref
- Liran Lerman, Romain Poussier, Gianluca Bontempi, Olivier Markowitch, and François-Xavier Standaert. 2015. Template Attacks vs. Machine Learning Revisited (and the Curse of Dimensionality in Side-Channel Analysis). In COSADE 2015(LNCS, Vol. 9064), Stefan Mangard and Axel Y. Poschmann: (Eds.). Springer, Heidelberg, 20–33. https://doi.org/10.1007/978-3-319-21476-4_2Google ScholarDigital Library
- Lisha Li, Kevin Jamieson, Giulia DeSalvo, Afshin Rostamizadeh, and Ameet Talwalkar. 2017. Hyperband: A Novel Bandit-Based Approach to Hyperparameter Optimization. Journal of Machine Learning Research 18, 1 (January 2017), 6765–6816. https://dl.acm.org/doi/abs/10.5555/3122009.3242042.Google Scholar
- Liam Li and Ameet Talwalkar. 2020. Random Search and Reproducibility for Neural Architecture Search. In Proceedings of The 35th Uncertainty in Artificial Intelligence Conference(Proceedings of Machine Learning Research, Vol. 115), Ryan P. Adams and Vibhav Gogate (Eds.). PMLR, 367–377. https://proceedings.mlr.press/v115/li20c.htmlhttp://proceedings.mlr.press/v115/li20c/li20c.pdf.Google Scholar
- Victor Lomné, Emmanuel Prouff, Matthieu Rivain, Thomas Roche, and Adrian Thillard. 2014. How to Estimate the Success Rate of Higher-Order Side-Channel Attacks. In CHES 2014(LNCS, Vol. 8731), Lejla Batina and Matthew Robshaw (Eds.). Springer, Heidelberg, 35–54. https://doi.org/10.1007/978-3-662-44709-3_3Google ScholarDigital Library
- J.L. Massey. 1994. Guessing and entropy. In Proceedings of 1994 IEEE International Symposium on Information Theory(Proceedings of 1994 IEEE International Symposium on Information Theory). 204. https://doi.org/10.1109/ISIT.1994.394764 https://doi.org/10.1109/ISIT.1994.394764.Google ScholarCross Ref
- Guilherme Perin, Łukasz Chmielewski, and Stjepan Picek. 2020. Strength in Numbers: Improving Generalization with Ensembles in Machine Learning-based Profiled SCA. IACR TCHES 2020, 4 (2020), 337–364. https://doi.org/10.13154/tches.v2020.i4.337-364 https://tches.iacr.org/index.php/TCHES/article/view/8686.Google ScholarCross Ref
- Stjepan Picek, Annelie Heuser, and Sylvain Guilley. 2017. Template attack versus Bayes classifier. Journal of Cryptographic Engineering 7, 4 (Nov. 2017), 343–351. https://doi.org/10.1007/s13389-017-0172-7Google ScholarCross Ref
- Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni. 2018. The Curse of Class Imbalance in Side-channel Evaluation. IACR TCHES 2019, 1 (2018), 209–237. https://doi.org/10.13154/tches.v2019.i1.209-237 https://tches.iacr.org/index.php/TCHES/article/view/7339.Google ScholarCross Ref
- Stjepan Picek, Annelie Heuser, Alan Jovic, Simone A. Ludwig, Sylvain Guilley, Domagoj Jakobovic, and Nele Mentens. 2017. Side-channel analysis and machine learning: A practical perspective. In 2017 International Joint Conference on Neural Networks (IJCNN)(2017 International Joint Conference on Neural Networks (IJCNN)). 4095–4102. https://doi.org/10.1109/IJCNN.2017.7966373 https://doi.org/10.1109/IJCNN.2017.7966373.Google ScholarCross Ref
- Stjepan Picek, Guilherme Perin, Luca Mariot, Lichao Wu, and Lejla Batina. 2023. SoK: Deep Learning-Based Physical Side-Channel Analysis. Comput. Surveys 55, 11, Article 227 (feb 2023). https://doi.org/10.1145/3569577 https://doi.org/10.1145/3569577.Google ScholarDigital Library
- Pengzhen Ren, Yun Xiao, Xiaojun Chang, Po-yao Huang, Zhihui Li, Xiaojiang Chen, and Xin Wang. 2021. A Comprehensive Survey of Neural Architecture Search: Challenges and Solutions. Comput. Surveys 54, 4, Article 76 (5 2021), 34 pages. https://doi.org/10.1145/3447582Google ScholarDigital Library
- Jorai Rijsdijk, Lichao Wu, Guilherme Perin, and Stjepan Picek. 2021. Reinforcement Learning for Hyperparameter Tuning in Deep Learning-based Side-channel Analysis. IACR TCHES 2021, 3 (2021), 677–707. https://doi.org/10.46586/tches.v2021.i3.677-707 https://tches.iacr.org/index.php/TCHES/article/view/8989.Google ScholarCross Ref
- Mehwish Shaikh, Qasim Ali Arain, and Salahuddin Saddar. 2021. Paradigm Shift of Machine Learning to Deep Learning in Side Channel Attacks - A Survey. In 2021 6th International Multi-Topic ICT Conference (IMTIC)(2021 6th International Multi-Topic ICT Conference (IMTIC)). 1–6. https://doi.org/10.1109/IMTIC53841.2021.9719689 https://doi.org/10.1109/IMTIC53841.2021.9719689.Google ScholarCross Ref
- Karen Simonyan and Andrew Zisserman. 2015. Very Deep Convolutional Networks for Large-Scale Image Recognition. In 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7-9, 2015, Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.). https://doi.org/10.48550/arXiv.1409.1556 http://arxiv.org/abs/1409.1556.Google ScholarCross Ref
- Adrian Thillard, Emmanuel Prouff, and Thomas Roche. 2013. Success through Confidence: Evaluating the Effectiveness of a Side-Channel Attack. In CHES 2013(LNCS, Vol. 8086), Guido Bertoni and Jean-Sébastien Coron (Eds.). Springer, Heidelberg, 21–36. https://doi.org/10.1007/978-3-642-40349-1_2Google ScholarDigital Library
- Lennert Wouters, Victor Arribas, Benedikt Gierlichs, and Bart Preneel. 2020. Revisiting a Methodology for Efficient CNN Architectures in Profiling Attacks. IACR TCHES 2020, 3 (2020), 147–168. https://doi.org/10.13154/tches.v2020.i3.147-168 https://tches.iacr.org/index.php/TCHES/article/view/8586.Google ScholarCross Ref
- Lichao Wu, Guilherme Perin, and Stjepan Picek. 2020. I Choose You: Automated Hyperparameter Tuning for Deep Learning-based Side-channel Analysis. Cryptology ePrint Archive, Report 2020/1293. https://eprint.iacr.org/2020/1293.Google Scholar
- Gabriel Zaid, Lilian Bossuet, Amaury Habrard, and Alexandre Venelli. 2019. Methodology for Efficient CNN Architectures in Profiling Attacks. IACR TCHES 2020, 1 (2019), 1–36. https://doi.org/10.13154/tches.v2020.i1.1-36 https://tches.iacr.org/index.php/TCHES/article/view/8391.Google ScholarCross Ref
Index Terms
- Automated Side-Channel Attacks using Black-Box Neural Architecture Search
Recommendations
One-Sided Countermeasures for Side-Channel Attacks Can Backfire
WiSec '18: Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile NetworksSide-channel attacks are currently one of the most powerful attacks against implementations of cryptographic algorithms. They exploit the correlation between the physical measurements (power consumption, electromagnetic emissions, timing) taken at ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
When Side-Channel Attacks Break the Black-Box Property of Embedded Artificial Intelligence
AISec '23: Proceedings of the 16th ACM Workshop on Artificial Intelligence and SecurityArtificial intelligence, and specifically deep neural networks (DNNs), has rapidly emerged in the past decade as the standard for several tasks from specific advertising to object detection. The performance offered has led DNN algorithms to become a part ...
Comments