Adversarial Examples as a defense against Side-Channel Attacks

A novel approach for countermeasure design

More Info
expand_more

Abstract

Over the last decades, side-channel attacks (SCAs) have been proven as a substantial weakness of cryptographic devices, while the recent growth of deep learning (DL) dramatically improved the performance of SCA. More and more researches present ways to build lightweight deep neural network (DNN) models that can retrieve the secret encryption key by analyzing a few power traces of the captured devices. In the meantime, traditional countermeasures are rendered more or less ineffective against these sophisticated SCA.

This research aims to present a novel approach in building SCA countermeasures using adversarial examples, cleverly crafted inputs that trick DNN models and force them to misclassify. As modern SCAs rely on DNN models, an adversarial-based countermeasure could alter the side-channel leakage so that the attacking model cannot identify the correct key. To investigate this approach, we add artificial adversarial noise on an unprotected dataset using evolutionary computation techniques and see how SCAs are affected. We present different methods on how this noise can be designed and how the different parameters of each method affect its performance. Our results indicate that an adversarial-based countermeasure can decrease sufficiently the performance of the attack.

Furthermore, we compare our adversarial-based countermeasures with traditional countermeasures. We show that our proposal can provide equivalent or better protection in some cases, while it presents worse performance than others. Through our systematic research, we identify the reasons behind this weakness and find solutions for future work.

Additionally, we investigate how such a countermeasure can perform against non-profiled SCAs. We show that our adversarial-based countermeasure is effective against this specific family of SCAs, even though it is designed against DNN-based attacks. Comparing this performance to traditional SCA countermeasures, we see that our proposal can be an alternative to noise-based countermeasures, while it fails to provide better security compared to time-based countermeasures.