In 2019, Ledger Donjon (Ledger's product security team) released lascar as a SCA tool. Since then, Deep Learning based SCAs (DL-SCAs) research have seen significant progress by several interesting publications. During our research activities, we developed a new tool implementing the most recent DL-SCAs methods to help us during side-channel evaluations.
We are pleased to release scadl which is a new in-house tool for performing SCAs using DL. Following our goal to open source our work, we hope this project will help students, security researchers, and security experts in evaluation labs.
DL-SCAs entered the field in recent years with the promise of more competitive performance compared to other techniques. A lot of research papers proved the ability of such techniques to break protected cryptographic implementations with common side-channel countermeasures such as masking, jitter, and random delays insertion. In order to keep up with this research trend, we integrated the following techniques into scadl:
-
Normal profiling: A straightforward profiling technique as the attacker will use a known-key dataset to train a DL model. Then, this model is used to attack an unknown-key data set. This technique was presented by the following work: 1 and 2. The authors showed also the strength of such technique against protected designs with jitter and masking.
-
Non-profiling: In order to take the advantage of DL attacks against protected designs, this technique is similar to differential power analysis (DPA) but it has several advantages over DPA to attack protected designs (masking and desynchronization) because of using the accuracy of the DL model instead of any statistical-based method such as DPA that requires traces processing.
-
Multi-label: A technique to attack multiple keys using only one DL model.
-
Multi-tasking: Another technique for attacking multiple keys using a single model.
-
Data augmentation: A technique to increase the dataset to boost the DL efficiency. Scadl includes mixup and random-crop.
-
Attribution methods: This technique is used to reverse the DL model to understand how the model behaves during the prediction phase. It helps in improving the performance of the DL model. Moreover, it can be used as a leakage detection technique.
The repository provides several tutorials as examples to use for each technique.
Scadl uses two different datasets in its tutorial. The first dataset is collected by running a non-protected AES on ChipWhisperer-Lite. The second dataset is ASCAD, which is widely used in the side-channel attacks (SCAs) domain.
 |
|---|
| Power consumption traces acquired from a ChipWhisperer |
As we mentioned before, scadl implements different types of DL-based attacks and here is an example of how to use scadl for non-profiling DL in case of ASCAD dataset. The following example shows how non-profiling DL-SCAs can be performed using scadl in case of using ASCAD dataset.
- First, we construct a DL model based on MLP as an example. This model contains two dense layers in addition to the last layer.
def mlp_ascad(len_samples: int) -> keras.Model:
"""It returns an mlp model"""
model = Sequential()
model.add(Input(shape=(len_samples,)))
model.add(Dense(20, activation="relu"))
model.add(Dense(10, activation="relu"))
model.add(Dense(2, activation="softmax"))
model.compile(loss="mean_squared_error", optimizer="adam", metrics=["accuracy"])
return model- Then, we construct a leakage model. It's a masked design and we deliver the time samples of manipulating the mask with the sbox output. Therefore, we use the following leakage model, which is based on the least significant bit.
def leakage_model(data: np.ndarray, guess: int) -> int:
"""It calculates lsb"""
return 1 & ((sbox[data["plaintext"][TARGET_BYTE] ^ guess]))- After that, we perform pre-processing on the leakage traces by normalization and subtracting the average to reduce the complexity of the DL model.
x_train = normalization(remove_avg(leakages), feature_range=(-1, 1))- The final step includes brute-forcing the unknown key and calculating the model accuracy/loss for each guessed key. The correct key should give the highest accuracy (or the lowest loss). This process is performed under a certain number of epochs which can be tuned depending on the efficiency of the used DL model.
EPOCHS = 10
guess_range = range(0, 256)
acc = np.zeros((len(guess_range), EPOCHS))
profile_engine = NonProfile(leakage_model=leakage_model)
for index, guess in enumerate(tqdm(guess_range)):
acc[index] = profile_engine.train(
model=mlp_ascad(x_train.shape[1]),
x_train=x_train,
metadata=metadata,
hist_acc="accuracy",
guess=guess,
num_classes=2,
epochs=EPOCHS,
batch_size=1000,
verbose=0
)
guessed_key = np.argmax(np.max(acc, axis=1))
print(f"guessed key = {guessed_key}")- The following figure shows the accuracy of all the brute-forced keys. The black curve indicates the accuracy of the correct guessed key.
We present an in-house open-source tool for performing SCAs using DL, in order to help security professionals to understand and perform the most recent techniques.
- B. Timon, Non-Profiled Deep Learning-based Side-Channel attacks with Sensitivity Analysis , CHES, 2019.
- H. Maghrebi, Deep Learning based Side-Channel Attack: a New Profiling Methodology based on Multi-Label Classification , Cryptology ePrint Archive, 2020.
- B. Hettwer et al., Deep Neural Network Attribution Methods for Leakage Analysis and Symmetric Key Recovery, Cryptology ePrint Archive, 2019.
- T. Marquet et al., Exploring Multi-Task Learning in the Context of Masked AES Implementations, COSADE, 2024.
- K. Abdellatif, Mixup Data Augmentation for Deep Learning Side-Channel Attacks, Cryptology ePrint Archive, 2021.
Done by Karim M. Abdellatif and Leo Benito