Research

Deep Learning based Side Channel Analysis for the Security Evaluation of Cryptographic Implementations

One intriguing property of CMOS devices is that the power consumed by such a device depends on the data it manipulates. Thus, the device's internal data can be partially inferred by observing the power consumed by the device. Side Channel Analysis (SCA) recovers the secret of a cryptographic device by observing the device's power consumption data. Historically, various statistical techniques like Pearson's correlation, mutual information, principal component analysis and probabilistic generative model have been used in SCA. However, those classical approaches are limited in several aspects. First, the classical methods require explicitly selecting the informative features from the power consumption data or power traces using a separate pre-processing step. Moreover, such pre-processing step sometimes uses the information of certain internal states of the device, which may not be available all the time. Secondly, higher-order SCAs require the selection of proper higher-order statistics to be successful. Not only that, such pre-selected statistics may not be an optimum choice when the power consumption behaviour of the device differs from the well-known idealistic models. Thirdly, classical SCAs do not perform well against implementations protected by jitter-based countermeasures. Consequently, separate pre-processing steps are required to nullify the effect of the jitter-based countermeasures before performing the attack. However, such pre-processing steps rely on the heuristic properties of power traces and are, thus, not useful in all scenarios.

Deep learning based SCAs overcome the above limitations of classical SCAs. DL-based SCAs do not require any prior selection of informative features as DL models can easily be trained to put higher weightage on the informative features of the input while lower weightage on the uninformative ones. Moreover, since the DL models can learn to represent arbitrary input-output mappings, they have been very successful for higher-order SCA. Finally, since some DL models are shift-invariant, they have been found to be very effective against jitter-based countermeasures as well. Though DL-based SCAs have already shown promises to overcome the shortcomings of the classical SCA, they still lag in several attack scenarios:

• The ability to learn the dependency among features that are long distance apart is a key requirement of a DL model to successfully attack many implementations protected by masking countermeasures. Similarly, shift invariance is desirable for a DL model to perform well against implementations protected by jitter-based countermeasures. Thus, one key challenge in DL-based SCA literature is to build DL models that are good at learning long distance dependency while being shift-invariant.

• The length of power traces can be up to one million. Thus, building DL models which can be efficiently trained for such long inputs while maintaining the other desirable properties like shift-invariance is a challenge.

• As the power traces get longer, the informative features of the traces get sparser. Consequently, building and training shift-invariant DL models to perform optimally on such data gets challenging.

I am working on the above challenges of DL-based SCA.