Skip to main content
SpringerLink
Log in

How to fool a black box machine learning based side-channel security evaluation

  • Published:
Cryptography and Communications Aims and scope Submit manuscript

Abstract

Machine learning and deep learning algorithms are increasingly considered as potential candidates to perform black box side-channel security evaluations. Inspired by the literature on machine learning security, we put forward that it is easy to conceive implementations for which such black box security evaluations will incorrectly conclude that recovering the key is difficult, while an informed evaluator / adversary will reach the opposite conclusion (i.e., that the device is insecure given the amount of measurements available).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. Less relevant examples for the following discussion include model stealing [20] and membership inference attacks [21]

  2. Which applies to non-profiled machine learning based evaluations as well [26].

  3. Other intermediate computations could be targeted (e.g., the output of AddRoundKey). Yet, the output of the Sbox offers a sweat spot for side-channel attacks due to its non-linearity.

  4. http://satoh.cs.uec.ac.jp/SAKURA/hardware/SAKURA-X.html

  5. https://github.com/hgrosz/aes-dom

  6. This approach can directly be applied to bitslice masked ciphers [38]. Indeed, the protected implementation can be placed on the lower bits and the cheating labels on the upper bits with disabled randomness. This will make the upper bits leaking at first order exactly as in the hardware case.

References

  1. Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P., et al.: A testing methodology for side-channel resistance validation. In: NIST non-invasive attack testing workshop, vol. 7, pp. 115–136 (2011)

  2. Cooper, J., Mulder, E.D., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P.: Test vector leakage assessment (tvla) methodology in practice. In: International cryptographic module conference (ICMC 2013), vol. 20, p. 13 (2013)

  3. Mather, L., Oswald, E., Bandenburg, J., Wójcik, M: Does my device leak information? an a priori statistical power analysis of leakage detection tests. In: ASIACRYPT (1), LNCS, vol. 8269, pp. 486–505. Springer (2013)

  4. Schneider, T., Moradi, A.: Leakage assessment methodology - extended version. J. Cryptographic Engineering 6(2), 85–99 (2016)

    Article  Google Scholar 

  5. Durvaux, F., Standaert, F-X: From improved leakage detection to the detection of points of interests in leakage traces. In: EUROCRYPT (1), LNCS, vol. 9665, pp. 240–262. Springer (2016)

  6. Hospodar, G., Gierlichs, B., Mulder, E.D., Verbauwhede, I., Vandewalle, J.: Machine learning in side-channel analysis: a first study. J. Cryptographic Engineering 1(4), 293–302 (2011)

    Article  Google Scholar 

  7. Heuser, A., Zohner, M.: Intelligent machine homicide - breaking cryptographic devices using support vector machines. In: COSADE, LNCS, vol. 7275, pp. 249–264. Springer (2012)

  8. Lerman, L., Medeiros, S.F., Bontempi, G., Markowitch, O.: A machine learning approach against a masked AES. In: CARDIS, LNCS, vol. 8419, pp. 61–75. Springer (2013)

  9. Lerman, L., Poussier, R., Bontempi, G., Markowitch, O., Standaert, F-X: Template attacks vs. machine learning revisited (and the curse of dimensionality in side-channel analysis). In: COSADE, LNCS, vol. 9064, pp. 20–33. Springer (2015)

  10. Maghrebi, H., Portigliatti, T., Prouff, E.: Breaking cryptographic implementations using deep learning techniques. In: SPACE, LNCS, vol. 10076, pp. 3–26. Springer (2016)

  11. Cagli, E., Dumas, C., Prouff, E.: Convolutional neural networks with data augmentation against jitter-based countermeasures - profiling attacks without pre-processing. In: CHES, LNCS, vol. 10529, pp. 45–68. Springer (2017)

  12. Picek, S., Samiotis, I.P., Kim, J., Heuser, A., Bhasin, S., Legay, A.: On the performance of convolutional neural networks for side-channel analysis. In: SPACE, LNCS, vol. 11348, pp. 157–176. Springer (2018)

  13. Wegener, F., Moos, T., Moradi, A.: DL-LA: deep learning leakage assessment: A modern roadmap for SCA evaluations. IACR Cryptology ePrint Archive 2019, 505 (2019)

    Google Scholar 

  14. Standaert, F-X: How (not) to use welch’s t-test in side-channel security evaluations. In: CARDIS, LNCS, vol. 11389, pp. 65–79. Springer (2018)

  15. Bronchain, O., Schneider, T., Standaert, F.-X.: Multi-tuple leakage detection and the dependent signal issue. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 318–345 (2019)

    Article  Google Scholar 

  16. Whitnall, C., Oswald, E.: A critical analysis of ISO 17825 (’testing methods for the mitigation of non-invasive attack classes against cryptographic modules’). In: ASIACRYPT (3), LNCS, vol. 11923, pp. 256–284. Springer (2019)

  17. McDaniel, P.D., Papernot, N., Celik, Z.B.: Machine learning in adversarial settings. IEEE Security & Privacy 14(3), 68–72 (2016)

    Article  Google Scholar 

  18. Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure?. In: AsiaCCS, pp. 16–25. ACM (2006)

  19. Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. In: ICML. icml.cc / Omnipress (2012)

  20. Tramèr, F, Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction apis. In: USENIX security symposium, pp. 601–618. USENIX Association (2016)

  21. Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: IEEE symposium on security and privacy, pp. 3–18. IEEE Computer Society (2017)

  22. Moradi, A., Standaert, F-X: Moments-correlating DPA. In: TIS@CCS, pp. 5–15. ACM (2016)

  23. Frénay, B, Verleysen, M.: Classification in the presence of label noise: A survey. IEEE Trans. Neural Netw. Learning Syst. 25(5), 845–869 (2014)

    Article  Google Scholar 

  24. Renauld, M., Standaert, F-X, Veyrat-Charvillon, N., Kamel, D., Flandre, D.: A formal study of power variability issues and side-channel attacks for nanoscale devices. In: EUROCRYPT, LNCS, vol. 6632, pp. 109–128. Springer (2011)

  25. Whitnall, C., Oswald, E., Standaert, F-X: The myth of generic dpa...and the magic of learning. In: CT-RSA, LNCS, vol. 8366, pp. 183–205. Springer (2014)

  26. Timon, B.: Non-profiled deep learning-based side-channel attacks with sensitivity analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 107–131 (2019)

    Article  Google Scholar 

  27. Picek, S., Jap, D., Bhasin, S.: Poster: When adversary becomes the guardian - towards side-channel security with adversarial attacks. In: CCS, pp. 2673–2675. ACM (2019)

  28. Bronchain, O., Standaert, F-X: Side-channel countermeasures’ dissection and the limits of closed source security evaluations. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(2), 1–25 (2020)

    Google Scholar 

  29. Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete - or how to evaluate the security of any leaking device. In: EUROCRYPT (1), LNCS, vol. 9056, pp. 401–429. Springer (2015)

  30. Bishop, C.M.: Pattern recognition and machine learning, 5th edition. Information science and statistics. Springer, Berlin (2007). http://www.worldcat.org/oclc/71008143

    Google Scholar 

  31. Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: CRYPTO, LNCS, vol. 1666, pp. 398–412. Springer (1999)

  32. Reparaz, O., Bilgin, B., Nikova, S., Gierlichs, B., Verbauwhede, I.: Consolidating masking schemes. In: CRYPTO, Lecture Notes in Computer Science, vol. 9215, pp. 764–783. Springer (2015)

  33. Cassiers, G., Grégoire, B, Levi, I., Standaert, F-X: Hardware private circuits: From trivial composition to full verification. IACR Cryptol. ePrint Arch. 2020, 185 (2020)

    Google Scholar 

  34. Groß, H, Mangard, S., Korak, T.: Domain-oriented masking: Compact masked hardware implementations with arbitrary protection order. In: TIS@CCS, p. 3. ACM (2016)

  35. Standaert, F-X, Malkin, T., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: EUROCRYPT, LNCS, vol. 5479, pp. 443–461. Springer (2009)

  36. Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: Machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  37. Mangard, S.: Hardware countermeasures against DPA ? A statistical analysis of their effectiveness. In: CT-RSA, LNCS, vol. 2964, pp. 222–235. Springer (2004)

  38. Goudarzi, D., Rivain, M.: How fast can higher-order masking be in software?. In: EUROCRYPT (1), Lecture notes in computer science, vol. 10210, pp. 567–597 (2017)

Download references

Acknowledgements

Charles-Henry Bertrand Van Ouytsel, Gaëtan Cassiers and François-Xavier Standaert are respectively FRIA grantee, Research Fellow and Senior Associate Researcher of the Belgian Fund for Scientific Research (FNRS-F.R.S.). This work has been funded in part by the ERC project 724725.

Author information

Authors and Affiliations

  1. ICTEAM Institute, UCLouvain, Louvain-la-Neuve, Belgium

    Charles-Henry Bertrand Van Ouytsel, Olivier Bronchain, Gaëtan Cassiers & François-Xavier Standaert

Authors
  1. Charles-Henry Bertrand Van Ouytsel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Olivier Bronchain
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gaëtan Cassiers
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. François-Xavier Standaert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Olivier Bronchain.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bertrand Van Ouytsel, CH., Bronchain, O., Cassiers, G. et al. How to fool a black box machine learning based side-channel security evaluation. Cryptogr. Commun. 13, 573–585 (2021). https://doi.org/10.1007/s12095-021-00479-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12095-021-00479-x

Keywords

Mathematics Subject Classification (2010)

Search

Navigation