To ensure that no information unintentionally leaks through side channels during the execution of cryptographic operations, the physical security of a device must be evaluated. Nowadays, a security analysis must show security not only against traditional Side-Channel Analysis (SCA) attacks (e.g., Differential Power Analysis (DPA)) involving classical statistical analysis but also against machine learning and deep learning attacks. If not protected against these attacks, symmetric and public-key cryptographic implementations can be at risk.

While traditional SCA attacks rely on a cryptanalyst’s expertise to extract features from the leakages of one or multiple traces and analyze their observations through statistical methods to recover the secret key. Deep Learning-based Side- Channel Analysis (DLSCA) attacks bring a new perspective to the field. DLSCA attacks rely on automating feature extraction using a task-specific algorithm. For most DLSCA attacks, an expert is still needed, but the expert’s work is shifted to training this algorithm. Among the different deep learning architectures, the most used in DLSCA are the Multilayer Perceptron (MLP) and the Convolutional Neural Networks (CNN). Those methods are Neural Networks (NN) trained to find patterns in a collected dataset of side-channel traces to recover the secret key given a proper tuning of their hyperparameters and a successful training process.

This thesis investigates the use of deep learning in side-channel analysis of symmetric and public-key cryptography and other applications of side-channel analysis. We go through the application of DLSCA for implementations of AES and ASCON in symmetric cryptography and EdDSA in public-key cryptography. We also explore the use of deep learning to enhance TEMPEST-like side-channel analysis and the use of side-channel analysis to reverse engineer neural networks.

The main contributions of this thesis are as follows. First, we show the performances that can reach a MLP on a dataset of an AES implementation protected with a masking countermeasure. We demonstrate that MLP can defeat the masking countermeasure and recover the secret key with a high success rate for many configurations of hyperparameters and power intermediate models and even with very few parameters.

Second, we present an application of CNN in the side-channel analysis of the lightweight authenticated encryption algorithm ASCON on a 32-bit microcontroller. We demonstrate that the reference implementation is vulnerable to DLSCA attacks and that the same attack can be applied to a masked implementation but cannot completely recover the secret key.

Third, we propose a single-trace attack on the ephemeral key of EdDSA on the elliptic curve 25519. We show that the attack can recover the secret key from a single execution of an implementation on a 32-bit microcontroller. This attack is based on a CNN, and we demonstrate that, of the other profiling methods explored, the CNN is the most efficient for this attack. Furthermore, we systematize this attack and show that it can be applied to a different target and implement countermeasures against side-channel analysis.

Finally, we demonstrate the use of side-channel analysis and deep learning in different applications than cryptographic implementations. We present a methodology to evaluate TEMPEST attacks using deep learning. We focus the analysis of the electromagnetic emanations of mobile devices without visual line of sight, to build a testbed with a standard setup that can be used to test different attacker models. A second application is the use of side-channel analysis to reverse engineer neural networks on GPU. We show that side-channel analysis of the electromagnetic emanations of a GPU can be used to recover several hyperparameters of a neural network during the inference phase.

Our main research goal is to apply deep learning to side-channel analysis to develop new attacks for existing implementations and countermeasures, and we believe that this thesis is a step in that direction regarding the aforementioned contributions. We also believe that the reading of this thesis will shine the light on the potential of deep learning in side-channel analysis and inspire future research in this field to help to secure the electronics of tomorrow.

The efficiency of the profiling side-channel analysis can be significantly improved with machine learning techniques. Although powerful, a fundamental machine learning limitation of being data-hungry received little attention in the side-channel community. In practice, the maximum number of leakage traces that evaluators/attackers can obtain is constrained by the scheme requirements or the limited accessibility of the target. Even worse, various countermeasures in modern devices increase the conditions on the profiling size to break the target. This work demonstrates a practical approach to dealing with the lack of profiling traces. Instead of learning from a one-hot encoded label, transferring the labels to their distribution can significantly speed up the convergence of guessing entropy. By studying the relationship between all possible key candidates, we propose a new metric, denoted Label Correlation (LC), to evaluate the generalization ability of the profiling model. We validate LC with two common use cases: early stopping and network architecture search, and the results indicate its superior performance.

In recent years machine learning has become increasingly mainstream across industries. Additionally, Graphical Processing Unit (GPU) accelerators are widely deployed in various neural network (NN) applications, including image recognition for autonomous vehicles and natural language processing, among others. Since training a powerful network requires expensive data collection and computing power, its design and parameters are often considered a secret intellectual property of their manufacturers. However, hardware accelerators can leak crucial information about the secret neural network designs through side-channels, like Electro-Magnetic (EM) emanations, power consumption, or timing. We propose and evaluate non-invasive and passive reverse engineering methods to recover NN designs deployed on GPUs through EM side-channel analysis. We employ a well-known technique of simple EM analysis and timing analysis of NN layers execution. We consider commonly used NN architectures, namely Multilayer Perceptron and Convolutional Neural Networks. We show how to recover the number of layers and neurons as well as the types of activation functions. Our experimental results are obtained on a setup that is as close as possible to a real-world device in order to properly assess the applicability and extendability of our methods. We analyze the NN execution of a PyTorch python framework implementation running on Nvidia Jetson Nano, a module computer embedding a Tegra X1 SoC that combines an ARM Cortex-A57 CPU and a 128-core GPU within a Maxwell architecture. Our results show the importance of side-channel protections for NN accelerators in real-world applications.

In profiling side-channel analysis, machine learning-based analysis nowadays offers the most powerful performance. This holds especially for techniques stemming from the neural network family: multilayer perceptron and convolutional neural networks. Convolutional neural networks are often favored as results suggest better performance, especially in scenarios where targets are protected with countermeasures. Multilayer perceptron receives significantly less attention, and researchers seem less interested in this method, narrowing the results in the literature to comparisons with convolutional neural networks. On the other hand, a multilayer perceptron has a much simpler structure, enabling easier hyperparameter tuning and, hopefully, contributing to the explainability of this neural network inner working. We investigate the behavior of a multilayer perceptron in the context of the side-channel analysis of AES. By exploring the sensitivity of multilayer perceptron hyperparameters over the attack’s performance, we aim to provide a better understanding of successful hyperparameters tuning and, ultimately, this algorithm’s performance. Our results show that MLP (with a proper hyperparameter tuning) can easily break implementations with a random delay or masking countermeasures. This work aims to reiterate the power of simpler neural network techniques in the profiled SCA.

Profiling attacks, especially those based on machine learning, proved to be very successful techniques in recent years when considering the side-channel analysis of symmetric-key crypto implementations. At the same time, the results for implementations of asymmetric-key cryptosystems are very sparse. This paper considers several machine learning techniques to mount side-channel attacks on two implementations of scalar multiplication on the elliptic curve Curve25519. The first implementation follows the baseline implementation with complete formulae as used for EdDSA in WolfSSl, where we exploit power consumption as a side-channel. The second implementation features several countermeasures, and in this case, we analyze electromagnetic emanations to find side-channel leakage. Most techniques considered in this work result in potent attacks, and especially the method of choice appears to be convolutional neural networks (CNNs), which can break the first implementation with only a single measurement in the attack phase. The same convolutional neural network demonstrated excellent performance for attacking AES cipher implementations. Our results show that some common grounds can be established when using deep learning for profiling attacks on very different cryptographic algorithms and their corresponding implementations.

Among the increasing evolution of IoT devices, practical applications need reliable secure protocols to communicate with each other. A major issue for modern cryptosystems is an implementation of secure and trustworthy mechanisms to rely on. A side-channel attack against these cryptosystems may overturn the guarantee of security against conventional cyber-attacks. Elliptic curve cryptography is public-key cryptography based on elliptic curves, and one of the well-known curves is Curve25519 which is used for TLS protocols as a recommended curve. This curve is mainly implemented on limited resource devices such as microcontrollers. However, this curve poses a weakness for low-order points during a Diffie-Hellman key exchange is employed. This research demonstrates possible exploitation of a threat of order 8 rational points of Curve25519 and shows results of the side-channel attacks using order 8 rational points on an embedded system. The results indicate the order 8 rational points might be applied to key extraction as attacker sides.

Profiling attacks, especially those based on machine learning proved as very successful techniques in recent years when considering side-channel analysis of block ciphers implementations. At the same time, the results for implementations of public-key cryptosystems are very sparse. In this paper, we consider several machine learning techniques in order to mount a power analysis attack on EdDSA using the curve Curve25519 as implemented in WolfSSL. The results show all considered techniques to be viable and powerful options. Especially convolutional neural networks (CNNs) are effective as we can break the implementation with only a single measurement in the attack phase while requiring less than 500 measurements in the training phase. Interestingly, that same convolutional neural network was recently shown to perform extremely well for attacking the implementation of the AES cipher. Our results show that some common grounds can be established when using deep learning for profiling attacks on distinct cryptographic algorithms and their corresponding implementations.