RevEAL: Single-Trace Side-Channel Leakage of the SEAL Homomorphic Encryption Library

Aydin, Furkan; Karabulut, Emre; Potluri, Seetal; Alkım, Erdem; Aysu, Aydın

doi:10.23919/date54114.2022.9774724

Cited by 7 publications

(3 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This overhead adds latency that makes it impractical for IoBT settings. 23 Further if CKKS, 24 the prevailing Homomorphic Encryption library for ML tasks, were used, it is not clear if the outstanding vulnerabilities 25,26 would justify the effort.…”

Section: Data At Rest On Afsmentioning

confidence: 99%

End-to-end trustworthy ML for multidomain operations

Karim

Rawat

2023

Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications V

View full text Add to dashboard Cite

In this article, we present SFMLOps, a Security Framework for Machine Learning Operations (MLOps), a comprehensive and novel approach to securing MLOps pipelines in multi-domain operations. SFMLOps can be used to benchmark security in mobile cyber-physical systems like quadruped reconnaissance robots, unmanned autonomous vehicles, and wearable brain-computer interfaces. Our framework examines and categorizes potential attack surfaces and threats within MLOps, offering countermeasures and their effectiveness for various aspects such as data storage, communication channels, model training, and model predictions. We provide security engineers practical guidance on developing secure MLOps pipelines. We introduced a secure pipeline design, MLPipeSec, based on a publisher-subscriber model and implemented on the JointForceNet+ Blockchain to ensure end-to-end trustworthiness across the MLOps pipeline. To evaluate the impact of security parameters on a multi-domain computer vision task, we compared several frameworks for their security and performance using the CIFAR-10 dataset. We also investigated Gossip Learning as a federated learning framework in conjunction with Google Cloud Platform and introduced a new federated learning model, VizFedML. Our experimental results demonstrate the efficacy of the SFMLOps framework and the MLPipeSec design in mitigating a range of vulnerabilities and weaknesses associated with MLOps, contributing to the development of more secure and robust machine learning systems.

show abstract

Section: Data At Rest On Afsmentioning

confidence: 99%

End-to-end trustworthy ML for multidomain operations

Karim

Rawat

2023

Artificial Intelligence and Machine Learning for Multi-Domain Operations Applications V

View full text Add to dashboard Cite

show abstract

“…Although FHE is an evolving approach with mathematically provable security guarantees, their physical implementations can have vulnerabilities. For example, the first successful physical side-channel attack on FHE [3] has recently been demonstrated, revealing the encrypted message by exploiting the side-channel leakage of Gaussian sampling operations.…”

Section: Introductionmentioning

confidence: 99%

“…The proposed attacks in this work are also different from the earlier single-trace analysis of FHE [3] because the earlier attack focuses on Gaussian sampling operations that are replaced in SEAL v3. 6.…”

Section: Introductionmentioning

confidence: 99%

Leaking secrets in homomorphic encryption with side-channel attacks

Aydin,

Aysu

2024

J Cryptogr Eng

Self Cite

View full text Add to dashboard Cite

Homomorphic encryption (HE) allows computing encrypted data in the ciphertext domain without knowing the encryption key. It is possible, however, to break fully homomorphic encryption (FHE) algorithms by using side channels. This article demonstrates side-channel leakages of the Microsoft SEAL HE library. The proposed attack can steal encryption keys during the key generation phase by abusing the leakage of ternary value assignments that occurs during the number theoretic transform (NTT) algorithm. We propose two attacks, one for -O0 flag non-optimized code implementation which targets addition and subtraction operations, and one for -O3 flag compiler optimization which targets guard and mul root operations. In particular, the attacks can steal the secret key coefficients from a single power/electromagnetic measurement trace of SEAL's NTT implementation. To achieve high accuracy with a single-trace, we develop novel machine-learning side-channel profilers. On an ARM Cortex-M4F processor, our attacks are able to extract secret key coefficients with an accuracy of 98.3% when compiler optimization is disabled, and 98.6% when compiler optimization is enabled. We finally demonstrate that our attack can evade an application of the random delay insertion defense.

show abstract