SlideShare uma empresa Scribd logo

Lowering the bar: deep learning for side-channel analysis

Riscure
Riscure

Deep learning can help automate the signal analysis process in power side channel analysis. We show how typical signal processing problems such as noise reduction and re-alignment are automatically solved by the deep learning network. We show we can break a lightly protected AES, an AES implementation with masking countermeasures and a protected ECC implementation. These experiments indicate that where previously side channel analysis had a large dependency on the skills of the human, first steps are being developed that bring down the attacker skill required for such attacks using Deep Learning automation.

Tecnologia
1 de 45
Baixar para ler offline
1 Lowering the Bar: Deep Learning for Side Channel Analysis Guilherme Perin, Baris Ege, Jasper van Woudenberg @jzvw Blackhat, August 9, 2018
2 Before BLACKHAT 2018 Leakage modeling Signal processing
3 After BLACKHAT 2018
4 Power / EM side channel analysis BLACKHAT 2018
5BLACKHAT 2018
6 Power analysis BLACKHAT 2018 Some crypto algorithm
7 Example (huge) leakage BLACKHAT 2018 Data leakage Noise
8 Signal processing (demo) Raw trace Processed trace BLACKHAT 2018
9 Misalignment (demo) BLACKHAT 2018
10 AES-128 first round attack 𝑖0 𝑖4 𝑖8 𝑖12 𝑖1 𝑖5 𝑖9 𝑖13 𝑖2 𝑖6 𝑖10 𝑖14 𝑖3 𝑖7 𝑖11 𝑖15 𝑘0 𝑘4 𝑘8 𝑘12 𝑘1 𝑘5 𝑘9 𝑘13 𝑘2 𝑘6 𝑘10 𝑘14 𝑘3 𝑘7 𝑘11 𝑘15 𝑥0 𝑥4 𝑥8 𝑥12 𝑥1 𝑥5 𝑥9 𝑥13 𝑥2 𝑥6 𝑥10 𝑥14 𝑥3 𝑥7 𝑥11 𝑥15 𝑠0 𝑠4 𝑠8 𝑠12 𝑠1 𝑠5 𝑠9 𝑠13 𝑠2 𝑠6 𝑠10 𝑠14 𝑠3 𝑠7 𝑠11 𝑠15 S-BOX Key Addition Unknown Known Leakage model, Power prediction
11 Points of interest selection BLACKHAT 2018 Data leakage Noise Correlation, T-test, Difference of Means Samples showing statistical dependency between intermediate (key-related) data and power consumption.
12 Concept of Template Analysis BLACKHAT 2018 Open Sample Ciphertext Keys Templates Leakage ModelMeasure Closed Sample Fixed Key Analysis InputMeasure Input Learn (Profiling) Phase Attack (Exploitation) Phase
13 Key recovery BLACKHAT 2018 Number of traces KeyByteRank AES key bytes 0-15
14 The actual process Setup Processing Acquisition Analysis BLACKHAT 2018
15 Deep learning background BLACKHAT 2018
16 Deep Learning BLACKHAT 2018 dog dog dog cat cat cat Data with labels
17 Deep Learning BLACKHAT 2018 machine Cat (%) Dog (%) Error function BACK-PROPAGATION ALGORITHM Train a machine to classify these data Data with labels
18 Deep Learning BLACKHAT 2018 Test the machine on new data Train a machine to classify these data Data with labels Cat (%) Dog (%) Trained machine
19 Deep Learning BLACKHAT 2018 Is classification accuracy good enough? No Yes We are done! Change parameters Test the machine on new data Train a machine to classify these data Data with labels Trained machine Cat Machine = Deep Neural Network
20 Input Layer (the size is equivalent to the number of samples) Dense Layers (classifiers) Output Layer (the size is equivalent to the number of classes) Conv. Layers (feature extractor + encoding) The convolutional layers are able to detect the features independently of their positions Convolutional Neural Networks (CNNs)
21 Creating training/test/validation data sets BLACKHAT 2018 samples HW = 5 samples HW = 7 samples HW = 3 samples HW = 4 … features label … Leakage model
22 Classification BLACKHAT 2018 HW = 4 HW = 5 HW = 6 HW = 7 Key enumeration using output probabilities (Bayes)0.65 0.15 0.05 0.08 0.01 0.02 0.01 0.02 0.02 Softmax (σ 𝑝𝑖 = 1) Trained Model Trace (samples)
23 Deep learning on side channels in practice BLACKHAT 2018
24 Step 1: Define initial hyper-parameters (demo) BLACKHAT 2018 HW = 0 HW = 1
25 Step 2: Make sure it’s capable of learning BLACKHAT 2018 • Increase the number of training traces and observe the training and validation accuracy • Overfitting too fast? • Training accuracy: 100% | Validation accuracy: low • Neural network is too big for the number of traces and samples
26 Step 3: Make it generalize Make sure the training accuracy/recall is increasing 0.111 Validation recall stays above the minimum threshold value = model is generalizing 0.111 = 1/9 (9 is the number of classes – HW of a byte) NN is learning from its training set BLACKHAT 2018
27 Step 3: Make it generalize Regularization techniques:  L1, L2 (penalty applied to the weights)  Dropout  Data Augmentation (+traces)  Early Stopping BLACKHAT 2018 𝑥2 𝑥1 𝑥2 𝑥1 𝑥2 𝑥1 Linear Separation Good Regularization Overfitting Low Training Accuracy Low Validation Accuracy Good Training Accuracy Good Validation Accuracy High Training Accuracy Low Validation Accuracy
28 Step 4: Key Recovery In this analysis, we only need slightly-above coin flip accuracy! BLACKHAT 2018 Number of traces KeyByteRank
29 Getting keys from the thingz! BLACKHAT 2018
30 Piñata AES-128 with misalignment (demo) BLACKHAT 2018
31 Bypassing Misalignment with CNNs Neural Network: Input Layer > ConvLayer > 36 > 36 > 36 > Output Layer Training/validation/test sets: 90000/5000/5000 traces of 500 samples Leakage Model: HW of S-Box Out (Round 1) → 9 classes Results for key byte 0: Use Data Augmentation as regularization technique to improve generalization BLACKHAT 2018 Number of traces KeyByteRank
32 Breaking protected ECC on Piñata Supervised deep learning attack: - Curve25519, Montgomery ladder, scalar blinding - Messy signal - Brute-force methods for ECC are needed if test accuracy < 100% - Need to get (almost) all bits from one trace! BLACKHAT 2018
33 Breaking protected ECC Unsupervised/Supervised Horizontal Attack: 60% success rate Deep learning: 90% success rate Deep learning( + data augmentation): 99.4% success rate Data augmentation: 25k → 200k traces. Misaligned traces BLACKHAT 2018 4 Dense Layers (100 Neurons) 3 Conv Layers (10 filters) Input (4000) Output (2 Classes) RELU TANH SOFTMAX
34 Breaking AES with First-Order Masking (demo)  Target published in 2013 (http://www.dpacontest.org/v4/)  40k traces available  AES-256 (Atmel ATMega-163 smart card)  Countermeasure: Rotating S-box Masking (RSM) BLACKHAT 2018
35 Breaking AES with First-Order Masking 𝑥 ⊕ 𝑚 𝑦 ⊕ 𝑚 Combine data: (𝑥 ⊕ 𝑚) ⊕ (𝑦 ⊕ 𝑚) = 𝑥 ⊕ 𝑦 Combine samples: 𝑡 𝑖 × 𝑡 𝑗 Brute-force 𝑖, 𝑗 → Quadratic complexity Remove the relationship between power consumption (EM) and predictable data BLACKHAT 2018 𝑥 ⊕ 𝑚 𝑦 ⊕ 𝑚 𝑖 𝑗
36 Breaking AES with First-Order Masking BLACKHAT 2018 Challenge: Training key == validation key Correct key byte candidate (good generalization) Wrong key byte candidate (poor generalization) 1/9
37 Breaking AES with First-Order Masking BLACKHAT 2018 Overfitting can be verified by checking where the NN is learning Correct key byte candidate (CNN learns from specific and leaky samples) Wrong key byte candidate (CNN overfits because it can’t distinguish leaky samples from noise)
38 Breaking AES with First-Order Masking Neural Network: Input Layer > ConvLayer > 50 > 50 > 50 > Output Layer Training/validation/test sets: 36000/2000/2000 traces Leakage Model: HW of S-Box Out (Round 1) → 9 classes 1/9 BLACKHAT 2018 Results for key byte 0: The processing of 8 traces is sufficient to recover the key
39 1st cool thing BLACKHAT 2018 This shouldn’t work
40 2nd cool thing BLACKHAT 2018 DL is up there with dozens of SCA research teams
41 Wrapping up BLACKHAT 2018
42 I want to learn more! BLACKHAT 2018 Deeplearningbook.org introtodeeplearning.com bookstores nostarch ? By Colin & Jasper
43 Key takeaways BLACKHAT 2018 • DL does SCA art + science and scales • DL requires network fiddling, the bar is low, not yet at 0 • Automation needed to put a dent in embedded insecurity
44 References BLACKHAT 2018 • http://www.deeplearningbook.org/ • S. Haykin, “Neural Networks and Learning Machines”. • E. Cagli et al, “Breaking Cryptographic Implementations Using Deep Learning” https://eprint.iacr.org/2016/921.pdf • Benadjila et al, “Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ADCAD Database” https://eprint.iacr.org/2018/053.pdf • H. Maghrebi et al, “Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures” https://eprint.iacr.org/2017/740 • Zhang et al, “Understanding deep learning requires re-thinking generalization” https://arxiv.org/abs/1611.03530 • Keskar et al, “On Large-Batch Training for Deep Learning: Generalization Gap and SharpMinima”, https://arxiv.org/pdf/1609.04836.pdf • Shwartz and Tishby, “Opening the black-box of Deep Learning via Information”, https://arxiv.org/abs/1703.00810
45 Challenge your security Riscure B.V. Frontier Building, Delftechpark 49 2628 XJ Delft The Netherlands Phone: +31 15 251 40 90 www.riscure.com Riscure North America 550 Kearny St., Suite 330 San Francisco, CA 94108 USA Phone: +1 650 646 99 79 inforequest@riscure.com Riscure China Room 2030-31, No. 989, Changle Road, Shanghai 200031 China Phone: +86 21 5117 5435 inforcn@riscure.com jasper@riscure.com @jzvw

Recomendados

Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities Joel Aleburu
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Side Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of TheorySide Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of TheoryPositive Hack Days
 
02 Computer Evolution And Performance
02 Computer Evolution And Performance02 Computer Evolution And Performance
02 Computer Evolution And PerformanceJeanie Delos Arcos
 
Chapter1 2
Chapter1 2Chapter1 2
Chapter1 2Honeyennyl
 
Motorola microprocessor
Motorola microprocessorMotorola microprocessor
Motorola microprocessorIffat Anjum
 
Vtu network security(10 ec832) unit 3 notes.
Vtu network security(10 ec832) unit 3 notes.Vtu network security(10 ec832) unit 3 notes.
Vtu network security(10 ec832) unit 3 notes.Jayanth Dwijesh H P
 
07 Input Output
07 Input Output07 Input Output
07 Input OutputJeanie Delos Arcos
 

Recomendados

Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities Covert channels: A Window of Data Exfiltration Opportunities
Covert channels: A Window of Data Exfiltration Opportunities Joel Aleburu
 
Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Triple Data Encryption Standard (t-DES)
Triple Data Encryption Standard (t-DES) Hardik Manocha
 
Side Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of TheorySide Channel Analysis: Practice and a Bit of Theory
Side Channel Analysis: Practice and a Bit of TheoryPositive Hack Days
 
02 Computer Evolution And Performance
02 Computer Evolution And Performance02 Computer Evolution And Performance
02 Computer Evolution And PerformanceJeanie Delos Arcos
 
Chapter1 2
Chapter1 2Chapter1 2
Chapter1 2Honeyennyl
 
Motorola microprocessor
Motorola microprocessorMotorola microprocessor
Motorola microprocessorIffat Anjum
 
Vtu network security(10 ec832) unit 3 notes.
Vtu network security(10 ec832) unit 3 notes.Vtu network security(10 ec832) unit 3 notes.
Vtu network security(10 ec832) unit 3 notes.Jayanth Dwijesh H P
 
07 Input Output
07 Input Output07 Input Output
07 Input OutputJeanie Delos Arcos
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachNSConclave
 
What is a Neural Network | Edureka
What is a Neural Network | EdurekaWhat is a Neural Network | Edureka
What is a Neural Network | EdurekaEdureka!
 
Trusted systems1
Trusted systems1Trusted systems1
Trusted systems1Sumita Das
 
Vtu network security(10 ec832) unit 2 notes..
Vtu network security(10 ec832) unit 2 notes..Vtu network security(10 ec832) unit 2 notes..
Vtu network security(10 ec832) unit 2 notes..Jayanth Dwijesh H P
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1osama elfar
 
Computer architecture control unit
Computer architecture control unitComputer architecture control unit
Computer architecture control unitMazin Alwaaly
 
DES
DESDES
DESNaga Srimanyu Timmaraju
 
Microprocessor and Microcontroller Anna University Answer Key April / May - 2015
Microprocessor and Microcontroller Anna University Answer Key April / May - 2015Microprocessor and Microcontroller Anna University Answer Key April / May - 2015
Microprocessor and Microcontroller Anna University Answer Key April / May - 2015JCT COLLEGE OF ENGINEERING AND TECHNOLOGY
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptographyPrabhat Goel
 
Introduction to microprocessor
Introduction to microprocessorIntroduction to microprocessor
Introduction to microprocessorRamaPrabha24
 
Unit 2
Unit 2Unit 2
Unit 2KRAMANJANEYULU1
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYJyothishmathi Institute of Technology and Science Karimnagar
 
Classical Encryption Techniques.pdf
Classical Encryption Techniques.pdfClassical Encryption Techniques.pdf
Classical Encryption Techniques.pdfDevangShukla10
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Diffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeGürkan YILDIRIM
 
Stream Ciphers
Stream CiphersStream Ciphers
Stream CiphersSHUBHA CHATURVEDI
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architectureuniversity of education,Lahore
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
SHA-3
SHA-3SHA-3
SHA-3rokham khawaja
 
Troubleshooting Deep Neural Networks - Full Stack Deep Learning
Troubleshooting Deep Neural Networks - Full Stack Deep LearningTroubleshooting Deep Neural Networks - Full Stack Deep Learning
Troubleshooting Deep Neural Networks - Full Stack Deep LearningSergey Karayev
 
OSMC 2009 | Anomalieerkennung und Trendvorhersagen an Hand von Daten aus Nagi...
OSMC 2009 | Anomalieerkennung und Trendvorhersagen an Hand von Daten aus Nagi...OSMC 2009 | Anomalieerkennung und Trendvorhersagen an Hand von Daten aus Nagi...
OSMC 2009 | Anomalieerkennung und Trendvorhersagen an Hand von Daten aus Nagi...NETWAYS
 

Mais conteúdo relacionado

Mais procurados

block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachNSConclave
 
What is a Neural Network | Edureka
What is a Neural Network | EdurekaWhat is a Neural Network | Edureka
What is a Neural Network | EdurekaEdureka!
 
Trusted systems1
Trusted systems1Trusted systems1
Trusted systems1Sumita Das
 
Vtu network security(10 ec832) unit 2 notes..
Vtu network security(10 ec832) unit 2 notes..Vtu network security(10 ec832) unit 2 notes..
Vtu network security(10 ec832) unit 2 notes..Jayanth Dwijesh H P
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1osama elfar
 
Computer architecture control unit
Computer architecture control unitComputer architecture control unit
Computer architecture control unitMazin Alwaaly
 
Microprocessor and Microcontroller Anna University Answer Key April / May - 2015
Microprocessor and Microcontroller Anna University Answer Key April / May - 2015Microprocessor and Microcontroller Anna University Answer Key April / May - 2015
Microprocessor and Microcontroller Anna University Answer Key April / May - 2015JCT COLLEGE OF ENGINEERING AND TECHNOLOGY
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptographyPrabhat Goel
 
Introduction to microprocessor
Introduction to microprocessorIntroduction to microprocessor
Introduction to microprocessorRamaPrabha24
 
Classical Encryption Techniques.pdf
Classical Encryption Techniques.pdfClassical Encryption Techniques.pdf
Classical Encryption Techniques.pdfDevangShukla10
 
Diffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeGürkan YILDIRIM
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 

Mais procurados (20)

block ciphers
block ciphersblock ciphers
block ciphers
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's Approach
 
What is a Neural Network | Edureka
What is a Neural Network | EdurekaWhat is a Neural Network | Edureka
What is a Neural Network | Edureka
 
Trusted systems1
Trusted systems1Trusted systems1
Trusted systems1
 
Vtu network security(10 ec832) unit 2 notes..
Vtu network security(10 ec832) unit 2 notes..Vtu network security(10 ec832) unit 2 notes..
Vtu network security(10 ec832) unit 2 notes..
 
Network security chapter 1
Network security chapter 1Network security chapter 1
Network security chapter 1
 
Computer architecture control unit
Computer architecture control unitComputer architecture control unit
Computer architecture control unit
 
DES
DESDES
DES
 
Microprocessor and Microcontroller Anna University Answer Key April / May - 2015
Microprocessor and Microcontroller Anna University Answer Key April / May - 2015Microprocessor and Microcontroller Anna University Answer Key April / May - 2015
Microprocessor and Microcontroller Anna University Answer Key April / May - 2015
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptography
 
Introduction to microprocessor
Introduction to microprocessorIntroduction to microprocessor
Introduction to microprocessor
 
Unit 2
Unit 2Unit 2
Unit 2
 
CRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITYCRYPTOGRAPHY & NETWORK SECURITY
CRYPTOGRAPHY & NETWORK SECURITY
 
Classical Encryption Techniques.pdf
Classical Encryption Techniques.pdfClassical Encryption Techniques.pdf
Classical Encryption Techniques.pdf
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Diffie-Hellman Key Exchange
Diffie-Hellman Key ExchangeDiffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
 
Stream Ciphers
Stream CiphersStream Ciphers
Stream Ciphers
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
 
SHA-3
SHA-3SHA-3
SHA-3
 

Semelhante a Lowering the bar: deep learning for side-channel analysis

Troubleshooting Deep Neural Networks - Full Stack Deep Learning
Troubleshooting Deep Neural Networks - Full Stack Deep LearningTroubleshooting Deep Neural Networks - Full Stack Deep Learning
Troubleshooting Deep Neural Networks - Full Stack Deep LearningSergey Karayev
 
OSMC 2009 | Anomalieerkennung und Trendvorhersagen an Hand von Daten aus Nagi...
OSMC 2009 | Anomalieerkennung und Trendvorhersagen an Hand von Daten aus Nagi...OSMC 2009 | Anomalieerkennung und Trendvorhersagen an Hand von Daten aus Nagi...
OSMC 2009 | Anomalieerkennung und Trendvorhersagen an Hand von Daten aus Nagi...NETWAYS
 
AILABS Lecture Series - Is AI The New Electricity. Topic - Deep Learning - Ev...
AILABS Lecture Series - Is AI The New Electricity. Topic - Deep Learning - Ev...AILABS Lecture Series - Is AI The New Electricity. Topic - Deep Learning - Ev...
AILABS Lecture Series - Is AI The New Electricity. Topic - Deep Learning - Ev...AILABS Academy
 
深度學習在AOI的應用
深度學習在AOI的應用深度學習在AOI的應用
深度學習在AOI的應用CHENHuiMei
 
Using Bayesian Optimization to Tune Machine Learning Models
Using Bayesian Optimization to Tune Machine Learning ModelsUsing Bayesian Optimization to Tune Machine Learning Models
Using Bayesian Optimization to Tune Machine Learning ModelsScott Clark
 
Using Bayesian Optimization to Tune Machine Learning Models
Using Bayesian Optimization to Tune Machine Learning ModelsUsing Bayesian Optimization to Tune Machine Learning Models
Using Bayesian Optimization to Tune Machine Learning ModelsSigOpt
 
Learn to Build an App to Find Similar Images using Deep Learning- Piotr Teterwak
Learn to Build an App to Find Similar Images using Deep Learning- Piotr TeterwakLearn to Build an App to Find Similar Images using Deep Learning- Piotr Teterwak
Learn to Build an App to Find Similar Images using Deep Learning- Piotr TeterwakPyData
 
Deep Learning Made Easy with Deep Features
Deep Learning Made Easy with Deep FeaturesDeep Learning Made Easy with Deep Features
Deep Learning Made Easy with Deep FeaturesTuri, Inc.
 
Deep learning with TensorFlow
Deep learning with TensorFlowDeep learning with TensorFlow
Deep learning with TensorFlowBarbara Fusinska
 
Chap 8. Optimization for training deep models
Chap 8. Optimization for training deep modelsChap 8. Optimization for training deep models
Chap 8. Optimization for training deep modelsYoung-Geun Choi
 
Introduction to Apache Hivemall v0.5.0
Introduction to Apache Hivemall v0.5.0Introduction to Apache Hivemall v0.5.0
Introduction to Apache Hivemall v0.5.0Makoto Yui
 
Graph Gurus Episode 19: Deep Learning Implemented by GSQL on a Native Paralle...
Graph Gurus Episode 19: Deep Learning Implemented by GSQL on a Native Paralle...Graph Gurus Episode 19: Deep Learning Implemented by GSQL on a Native Paralle...
Graph Gurus Episode 19: Deep Learning Implemented by GSQL on a Native Paralle...TigerGraph
 
Deep Turnover Forecast - meetup Lille
Deep Turnover Forecast - meetup LilleDeep Turnover Forecast - meetup Lille
Deep Turnover Forecast - meetup LilleCarta Alfonso
 
B4UConference_machine learning_deeplearning
B4UConference_machine learning_deeplearningB4UConference_machine learning_deeplearning
B4UConference_machine learning_deeplearningHoa Le
 
Machine Learning, Deep Learning and Data Analysis Introduction
Machine Learning, Deep Learning and Data Analysis IntroductionMachine Learning, Deep Learning and Data Analysis Introduction
Machine Learning, Deep Learning and Data Analysis IntroductionTe-Yen Liu
 
Using Deep Learning to do Real-Time Scoring in Practical Applications
Using Deep Learning to do Real-Time Scoring in Practical ApplicationsUsing Deep Learning to do Real-Time Scoring in Practical Applications
Using Deep Learning to do Real-Time Scoring in Practical ApplicationsGreg Makowski
 
Fast Fingerprint Classification with Deep Neural Networks
Fast Fingerprint Classification with Deep Neural NetworksFast Fingerprint Classification with Deep Neural Networks
Fast Fingerprint Classification with Deep Neural NetworksDaniel Michelsanti
 

Semelhante a Lowering the bar: deep learning for side-channel analysis (20)

Troubleshooting Deep Neural Networks - Full Stack Deep Learning
Troubleshooting Deep Neural Networks - Full Stack Deep LearningTroubleshooting Deep Neural Networks - Full Stack Deep Learning
Troubleshooting Deep Neural Networks - Full Stack Deep Learning
 
OSMC 2009 | Anomalieerkennung und Trendvorhersagen an Hand von Daten aus Nagi...
OSMC 2009 | Anomalieerkennung und Trendvorhersagen an Hand von Daten aus Nagi...OSMC 2009 | Anomalieerkennung und Trendvorhersagen an Hand von Daten aus Nagi...
OSMC 2009 | Anomalieerkennung und Trendvorhersagen an Hand von Daten aus Nagi...
 
AILABS Lecture Series - Is AI The New Electricity. Topic - Deep Learning - Ev...
AILABS Lecture Series - Is AI The New Electricity. Topic - Deep Learning - Ev...AILABS Lecture Series - Is AI The New Electricity. Topic - Deep Learning - Ev...
AILABS Lecture Series - Is AI The New Electricity. Topic - Deep Learning - Ev...
 
深度學習在AOI的應用
深度學習在AOI的應用深度學習在AOI的應用
深度學習在AOI的應用
 
Using Bayesian Optimization to Tune Machine Learning Models
Using Bayesian Optimization to Tune Machine Learning ModelsUsing Bayesian Optimization to Tune Machine Learning Models
Using Bayesian Optimization to Tune Machine Learning Models
 
Using Bayesian Optimization to Tune Machine Learning Models
Using Bayesian Optimization to Tune Machine Learning ModelsUsing Bayesian Optimization to Tune Machine Learning Models
Using Bayesian Optimization to Tune Machine Learning Models
 
Learn to Build an App to Find Similar Images using Deep Learning- Piotr Teterwak
Learn to Build an App to Find Similar Images using Deep Learning- Piotr TeterwakLearn to Build an App to Find Similar Images using Deep Learning- Piotr Teterwak
Learn to Build an App to Find Similar Images using Deep Learning- Piotr Teterwak
 
Deep Learning Made Easy with Deep Features
Deep Learning Made Easy with Deep FeaturesDeep Learning Made Easy with Deep Features
Deep Learning Made Easy with Deep Features
 
Eye deep
Eye deepEye deep
Eye deep
 
Deep learning with TensorFlow
Deep learning with TensorFlowDeep learning with TensorFlow
Deep learning with TensorFlow
 
Chap 8. Optimization for training deep models
Chap 8. Optimization for training deep modelsChap 8. Optimization for training deep models
Chap 8. Optimization for training deep models
 
Introduction to Apache Hivemall v0.5.0
Introduction to Apache Hivemall v0.5.0Introduction to Apache Hivemall v0.5.0
Introduction to Apache Hivemall v0.5.0
 
Graph Gurus Episode 19: Deep Learning Implemented by GSQL on a Native Paralle...
Graph Gurus Episode 19: Deep Learning Implemented by GSQL on a Native Paralle...Graph Gurus Episode 19: Deep Learning Implemented by GSQL on a Native Paralle...
Graph Gurus Episode 19: Deep Learning Implemented by GSQL on a Native Paralle...
 
Deep Turnover Forecast - meetup Lille
Deep Turnover Forecast - meetup LilleDeep Turnover Forecast - meetup Lille
Deep Turnover Forecast - meetup Lille
 
B4UConference_machine learning_deeplearning
B4UConference_machine learning_deeplearningB4UConference_machine learning_deeplearning
B4UConference_machine learning_deeplearning
 
Machine Learning, Deep Learning and Data Analysis Introduction
Machine Learning, Deep Learning and Data Analysis IntroductionMachine Learning, Deep Learning and Data Analysis Introduction
Machine Learning, Deep Learning and Data Analysis Introduction
 
Using Deep Learning to do Real-Time Scoring in Practical Applications
Using Deep Learning to do Real-Time Scoring in Practical ApplicationsUsing Deep Learning to do Real-Time Scoring in Practical Applications
Using Deep Learning to do Real-Time Scoring in Practical Applications
 
Fast Fingerprint Classification with Deep Neural Networks
Fast Fingerprint Classification with Deep Neural NetworksFast Fingerprint Classification with Deep Neural Networks
Fast Fingerprint Classification with Deep Neural Networks
 
AI and Deep Learning
AI and Deep Learning AI and Deep Learning
AI and Deep Learning
 
Deeplearning in finance
Deeplearning in financeDeeplearning in finance
Deeplearning in finance
 

Mais de Riscure

Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesSecure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesRiscure
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyRiscure
 
Riscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure
 
Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware WalletsRiscure
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareRiscure
 
Fault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsFault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsRiscure
 
CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60Riscure
 
Riscure Introduction
Riscure IntroductionRiscure Introduction
Riscure IntroductionRiscure
 
Bypassing Secure Boot using Fault Injection
Bypassing Secure Boot using Fault InjectionBypassing Secure Boot using Fault Injection
Bypassing Secure Boot using Fault InjectionRiscure
 
Practical Differential Fault Attack on AES
Practical Differential Fault Attack on AESPractical Differential Fault Attack on AES
Practical Differential Fault Attack on AESRiscure
 
Java Card Security
Java Card SecurityJava Card Security
Java Card SecurityRiscure
 
How to secure electronic passports
How to secure electronic passportsHow to secure electronic passports
How to secure electronic passportsRiscure
 
How multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cardsHow multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cardsRiscure
 
Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Riscure
 
How to secure HCE
How to secure HCEHow to secure HCE
How to secure HCERiscure
 
Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Riscure
 
Controlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionControlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionRiscure
 
Defeating RSA Multiply-Always and Message Blinding Countermeasures
Defeating RSA Multiply-Always and Message Blinding CountermeasuresDefeating RSA Multiply-Always and Message Blinding Countermeasures
Defeating RSA Multiply-Always and Message Blinding CountermeasuresRiscure
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Riscure
 

Mais de Riscure (19)

Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesSecure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot Securely
 
Riscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glance
 
Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware Wallets
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive Firmware
 
Fault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsFault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis Protocols
 
CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60
 
Riscure Introduction
Riscure IntroductionRiscure Introduction
Riscure Introduction
 
Bypassing Secure Boot using Fault Injection
Bypassing Secure Boot using Fault InjectionBypassing Secure Boot using Fault Injection
Bypassing Secure Boot using Fault Injection
 
Practical Differential Fault Attack on AES
Practical Differential Fault Attack on AESPractical Differential Fault Attack on AES
Practical Differential Fault Attack on AES
 
Java Card Security
Java Card SecurityJava Card Security
Java Card Security
 
How to secure electronic passports
How to secure electronic passportsHow to secure electronic passports
How to secure electronic passports
 
How multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cardsHow multi-fault injection breaks the security of smart cards
How multi-fault injection breaks the security of smart cards
 
Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Why is it so hard to make secure chips?
Why is it so hard to make secure chips?
 
How to secure HCE
How to secure HCEHow to secure HCE
How to secure HCE
 
Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?
 
Controlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionControlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault Injection
 
Defeating RSA Multiply-Always and Message Blinding Countermeasures
Defeating RSA Multiply-Always and Message Blinding CountermeasuresDefeating RSA Multiply-Always and Message Blinding Countermeasures
Defeating RSA Multiply-Always and Message Blinding Countermeasures
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
 

Último

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Último (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Lowering the bar: deep learning for side-channel analysis

  • 1. 1 Lowering the Bar: Deep Learning for Side Channel Analysis Guilherme Perin, Baris Ege, Jasper van Woudenberg @jzvw Blackhat, August 9, 2018
  • 4. 4 Power / EM side channel analysis BLACKHAT 2018
  • 7. 7 Example (huge) leakage BLACKHAT 2018 Data leakage Noise
  • 8. 8 Signal processing (demo) Raw trace Processed trace BLACKHAT 2018
  • 10. 10 AES-128 first round attack 𝑖0 𝑖4 𝑖8 𝑖12 𝑖1 𝑖5 𝑖9 𝑖13 𝑖2 𝑖6 𝑖10 𝑖14 𝑖3 𝑖7 𝑖11 𝑖15 𝑘0 𝑘4 𝑘8 𝑘12 𝑘1 𝑘5 𝑘9 𝑘13 𝑘2 𝑘6 𝑘10 𝑘14 𝑘3 𝑘7 𝑘11 𝑘15 𝑥0 𝑥4 𝑥8 𝑥12 𝑥1 𝑥5 𝑥9 𝑥13 𝑥2 𝑥6 𝑥10 𝑥14 𝑥3 𝑥7 𝑥11 𝑥15 𝑠0 𝑠4 𝑠8 𝑠12 𝑠1 𝑠5 𝑠9 𝑠13 𝑠2 𝑠6 𝑠10 𝑠14 𝑠3 𝑠7 𝑠11 𝑠15 S-BOX Key Addition Unknown Known Leakage model, Power prediction
  • 11. 11 Points of interest selection BLACKHAT 2018 Data leakage Noise Correlation, T-test, Difference of Means Samples showing statistical dependency between intermediate (key-related) data and power consumption.
  • 12. 12 Concept of Template Analysis BLACKHAT 2018 Open Sample Ciphertext Keys Templates Leakage ModelMeasure Closed Sample Fixed Key Analysis InputMeasure Input Learn (Profiling) Phase Attack (Exploitation) Phase
  • 13. 13 Key recovery BLACKHAT 2018 Number of traces KeyByteRank AES key bytes 0-15
  • 17. 17 Deep Learning BLACKHAT 2018 machine Cat (%) Dog (%) Error function BACK-PROPAGATION ALGORITHM Train a machine to classify these data Data with labels
  • 18. 18 Deep Learning BLACKHAT 2018 Test the machine on new data Train a machine to classify these data Data with labels Cat (%) Dog (%) Trained machine
  • 19. 19 Deep Learning BLACKHAT 2018 Is classification accuracy good enough? No Yes We are done! Change parameters Test the machine on new data Train a machine to classify these data Data with labels Trained machine Cat Machine = Deep Neural Network
  • 20. 20 Input Layer (the size is equivalent to the number of samples) Dense Layers (classifiers) Output Layer (the size is equivalent to the number of classes) Conv. Layers (feature extractor + encoding) The convolutional layers are able to detect the features independently of their positions Convolutional Neural Networks (CNNs)
  • 21. 21 Creating training/test/validation data sets BLACKHAT 2018 samples HW = 5 samples HW = 7 samples HW = 3 samples HW = 4 … features label … Leakage model
  • 22. 22 Classification BLACKHAT 2018 HW = 4 HW = 5 HW = 6 HW = 7 Key enumeration using output probabilities (Bayes)0.65 0.15 0.05 0.08 0.01 0.02 0.01 0.02 0.02 Softmax (σ 𝑝𝑖 = 1) Trained Model Trace (samples)
  • 23. 23 Deep learning on side channels in practice BLACKHAT 2018
  • 24. 24 Step 1: Define initial hyper-parameters (demo) BLACKHAT 2018 HW = 0 HW = 1
  • 25. 25 Step 2: Make sure it’s capable of learning BLACKHAT 2018 • Increase the number of training traces and observe the training and validation accuracy • Overfitting too fast? • Training accuracy: 100% | Validation accuracy: low • Neural network is too big for the number of traces and samples
  • 26. 26 Step 3: Make it generalize Make sure the training accuracy/recall is increasing 0.111 Validation recall stays above the minimum threshold value = model is generalizing 0.111 = 1/9 (9 is the number of classes – HW of a byte) NN is learning from its training set BLACKHAT 2018
  • 27. 27 Step 3: Make it generalize Regularization techniques:  L1, L2 (penalty applied to the weights)  Dropout  Data Augmentation (+traces)  Early Stopping BLACKHAT 2018 𝑥2 𝑥1 𝑥2 𝑥1 𝑥2 𝑥1 Linear Separation Good Regularization Overfitting Low Training Accuracy Low Validation Accuracy Good Training Accuracy Good Validation Accuracy High Training Accuracy Low Validation Accuracy
  • 28. 28 Step 4: Key Recovery In this analysis, we only need slightly-above coin flip accuracy! BLACKHAT 2018 Number of traces KeyByteRank
  • 29. 29 Getting keys from the thingz! BLACKHAT 2018
  • 30. 30 Piñata AES-128 with misalignment (demo) BLACKHAT 2018
  • 31. 31 Bypassing Misalignment with CNNs Neural Network: Input Layer > ConvLayer > 36 > 36 > 36 > Output Layer Training/validation/test sets: 90000/5000/5000 traces of 500 samples Leakage Model: HW of S-Box Out (Round 1) → 9 classes Results for key byte 0: Use Data Augmentation as regularization technique to improve generalization BLACKHAT 2018 Number of traces KeyByteRank
  • 32. 32 Breaking protected ECC on Piñata Supervised deep learning attack: - Curve25519, Montgomery ladder, scalar blinding - Messy signal - Brute-force methods for ECC are needed if test accuracy < 100% - Need to get (almost) all bits from one trace! BLACKHAT 2018
  • 33. 33 Breaking protected ECC Unsupervised/Supervised Horizontal Attack: 60% success rate Deep learning: 90% success rate Deep learning( + data augmentation): 99.4% success rate Data augmentation: 25k → 200k traces. Misaligned traces BLACKHAT 2018 4 Dense Layers (100 Neurons) 3 Conv Layers (10 filters) Input (4000) Output (2 Classes) RELU TANH SOFTMAX
  • 34. 34 Breaking AES with First-Order Masking (demo)  Target published in 2013 (http://www.dpacontest.org/v4/)  40k traces available  AES-256 (Atmel ATMega-163 smart card)  Countermeasure: Rotating S-box Masking (RSM) BLACKHAT 2018
  • 35. 35 Breaking AES with First-Order Masking 𝑥 ⊕ 𝑚 𝑦 ⊕ 𝑚 Combine data: (𝑥 ⊕ 𝑚) ⊕ (𝑦 ⊕ 𝑚) = 𝑥 ⊕ 𝑦 Combine samples: 𝑡 𝑖 × 𝑡 𝑗 Brute-force 𝑖, 𝑗 → Quadratic complexity Remove the relationship between power consumption (EM) and predictable data BLACKHAT 2018 𝑥 ⊕ 𝑚 𝑦 ⊕ 𝑚 𝑖 𝑗
  • 36. 36 Breaking AES with First-Order Masking BLACKHAT 2018 Challenge: Training key == validation key Correct key byte candidate (good generalization) Wrong key byte candidate (poor generalization) 1/9
  • 37. 37 Breaking AES with First-Order Masking BLACKHAT 2018 Overfitting can be verified by checking where the NN is learning Correct key byte candidate (CNN learns from specific and leaky samples) Wrong key byte candidate (CNN overfits because it can’t distinguish leaky samples from noise)
  • 38. 38 Breaking AES with First-Order Masking Neural Network: Input Layer > ConvLayer > 50 > 50 > 50 > Output Layer Training/validation/test sets: 36000/2000/2000 traces Leakage Model: HW of S-Box Out (Round 1) → 9 classes 1/9 BLACKHAT 2018 Results for key byte 0: The processing of 8 traces is sufficient to recover the key
  • 39. 39 1st cool thing BLACKHAT 2018 This shouldn’t work
  • 40. 40 2nd cool thing BLACKHAT 2018 DL is up there with dozens of SCA research teams
  • 42. 42 I want to learn more! BLACKHAT 2018 Deeplearningbook.org introtodeeplearning.com bookstores nostarch ? By Colin & Jasper
  • 43. 43 Key takeaways BLACKHAT 2018 • DL does SCA art + science and scales • DL requires network fiddling, the bar is low, not yet at 0 • Automation needed to put a dent in embedded insecurity
  • 44. 44 References BLACKHAT 2018 • http://www.deeplearningbook.org/ • S. Haykin, “Neural Networks and Learning Machines”. • E. Cagli et al, “Breaking Cryptographic Implementations Using Deep Learning” https://eprint.iacr.org/2016/921.pdf • Benadjila et al, “Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ADCAD Database” https://eprint.iacr.org/2018/053.pdf • H. Maghrebi et al, “Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures” https://eprint.iacr.org/2017/740 • Zhang et al, “Understanding deep learning requires re-thinking generalization” https://arxiv.org/abs/1611.03530 • Keskar et al, “On Large-Batch Training for Deep Learning: Generalization Gap and SharpMinima”, https://arxiv.org/pdf/1609.04836.pdf • Shwartz and Tishby, “Opening the black-box of Deep Learning via Information”, https://arxiv.org/abs/1703.00810
  • 45. 45 Challenge your security Riscure B.V. Frontier Building, Delftechpark 49 2628 XJ Delft The Netherlands Phone: +31 15 251 40 90 www.riscure.com Riscure North America 550 Kearny St., Suite 330 San Francisco, CA 94108 USA Phone: +1 650 646 99 79 inforequest@riscure.com Riscure China Room 2030-31, No. 989, Changle Road, Shanghai 200031 China Phone: +86 21 5117 5435 inforcn@riscure.com jasper@riscure.com @jzvw