Paper 2019/664

How Diversity Affects Deep-Learning Side-Channel Attacks

Huanyu Wang, Martin Brisfors, Sebastian Forsmark, and Elena Dubrova

Abstract

Deep learning side-channel attacks are an emerging threat to the security of implementations of cryptographic algorithms. The attacker first trains a model on a large set of side-channel traces captured from a chip with a known key. The trained model is then used to recover the unknown key from a few traces captured from a victim chip. The first successful attacks have been demonstrated recently. However, they typically train and test on power traces captured from the same device. In this paper, we show that it is important to train and test on traces captured from different boards and using diverse implementations of the cryptographic algorithm under attack. Otherwise, it is easy to overestimate the classification accuracy. For example, if we train and test an MLP model on power traces captured from the same board, we can recover all key byte values with 96% accuracy from a single trace. However, the single-trace attack accuracy drops to 2.45% if we test on traces captured from a board different from the one we used for training, even if both boards carry identical chips.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Side-channel attackpower analysisdeep learningMLPCNNAES
Contact author(s)
dubrova @ kth se
History
2019-06-05: received
Short URL
https://ia.cr/2019/664
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/664,
      author = {Huanyu Wang and Martin Brisfors and Sebastian Forsmark and Elena Dubrova},
      title = {How Diversity Affects Deep-Learning Side-Channel Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2019/664},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/664}},
      url = {https://eprint.iacr.org/2019/664}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.