Power side-channel analysis (SCA) has been of immense interest to most embedded designers to evaluate the physical security of the system. This work presents profiling-based cross-device power SCA attacks using deep learning techniques on 8-bit AVR microcontroller devices running AES-128. Firstly, we show the practical issues that arise in these profiling-based cross-device attacks due to significant device-to-device variations. Secondly, we show that utilizing Principal Component Analysis (PCA) based pre-processing and multi-device training, a Multi-Layer Perceptron (MLP) based 256-class classifier can achieve an average accuracy of 99.43% in recovering the first key byte from all the 30 devices in our data set, even in the presence of significant inter-device variations. Results show that the designed MLP with PCA-based pre-processing outperforms a Convolutional Neural Network (CNN) with 4-device training by ∼ 20% in terms of the average test accuracy of cross-device attack for the aligned traces captured using the ChipWhisperer hardware. Finally, to extend the practicality of these cross-device attacks, another preprocessing step, namely, Dynamic Time Warping (DTW) has been utilized to remove any misalignment among the traces, before performing PCA. DTW along with PCA followed by the 256-class MLP classifier provides ≥10.97% higher accuracy than the CNN based approach for cross-device attack even in the presence of up to 50 time-sample misalignments between the traces.
Electromagnetic (EM) side-channel analysis (SCA) is a prominent tool to break mathematically-secure cryptographic engines, especially on resource-constrained devices. Presently, to perform EM SCA on an embedded device, the entire chip is manually scanned and the MTD (Minimum Traces to Disclosure) analysis is performed at each point on the chip to reveal the secret key of the encryption algorithm. However, an automated end-to-end framework for EM leakage localization, trace acquisition, and the attack has been missing. This work proposes SCNIFFER: a low-cost, automated EM Side-Channel leakage SNIFFing platform to perform efficient end-to-end Side-Channel attacks. Using a leakage measure such as Test Vector Leakage Assessment (TVLA), or the signal to noise ratio (SNR), we propose a greedy gradient-search heuristic that converges to one of the points of highest EM leakage on the chip (dimension: N × N) within O(N) iterations, and then perform Correlational EM Analysis (CEMA) at that point. This reduces the CEMA attack time by ∼ N times compared to an exhaustive MTD analysis, and by > 20× compared to choosing an attack location at random. We demonstrate SCNIFFER using a low-cost custombuilt 3-D scanner with an H-field probe (< $500) compared to > $50, 000 commercial EM scanners, and a variety of microcontrollers as the devices under attack. The SCNIFFER framework is evaluated for several cryptographic algorithms (AES-128, DES, RSA) running on both an 8-bit Atmega microcontroller and a 32-bit ARM microcontroller to find a point of high leakage and then perform a CEMA at that point.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.