P1_22: Towards Robust Cross-Device Side-Channel Attacks
Topic Areas: Side-Channel Attacks, Machine Learning
Principal investigator: Dr. Boyang Wang, University of Cincinnati
Co-Principal investigator: Dr. J. M. Emmert, University of Cincinnati
PI Email
Abstract:
Built upon the findings of this project in Year 1, this research in Year 2 proposes two new methods to improve the robustness of deep-learning side-channel attacks in the cross-device setting. In the cross-device setting, training power traces are from one device while test power traces are from a different device. It is a more realistic attack setting than the single-device setting primarily investigated in existing studies. Discrepancies between training traces and test traces can be introduced by hardware imperfections, software inconsistency, and/or collection inconsistency between two devices. In Year 1, we have developed two methods based on transfer learning, including triplet
networks and adversarial domain adaptation, to successfully improve the accuracy of deep-learning side-channel attacks in the cross-device scenario. In other words, we answered the question “Q0: how to transfer?” in Year 1.
In this proposed research of Year 2, we will investigate two more critical research questions: (1) “Q1: when do we need to transfer? and (2) “Q2: what do we do if transfer learning fails?” in the cross-device setting. Specifically, we propose a new method to measure discrepancies between training and test data to automatically decide whether our methods developed in Year 1 should be applied to recover secret keys. We also propose a new method, which is essentially a two-step classification, to automatically recover secret keys in the cross-device scenario when the discrepancies are significant i.e., directly applying transfer learning developed in Year 1 fail to recover keys).
We will implement the proposed methods and conduct comprehensive evaluations by examining both power and EM (electromagnetic) traces on multiple targets, including microcontrollers (8-bit AVR XMEGA and 32 bit ARM STM32F3) and FPGAs (Xilinx Artix-7), running AES-128 encryption using Chipwhisperer platform. EM traces and FPGAs were not investigated in Year 1 and are new in Year 2. Large-scale datasets, source code, and publications will be shared with CHEST’s industry partners.