Deep Learning techniques for profiled Side-Channel Analysis - Attacks and Countermeasures
Reference persons PAOLO ERNESTO PRINETTO
External reference persons Samuele Yves CERINI (CINI Cybersecurity National Laboratory)
Matteo FORNERO (CINI Cybersecurity National Laboratory)
Nicol๒ MAUNERO (CINI Cybersecurity National Laboratory)
Gianluca ROASCIO (CINI Cybersecurity National Laboratory)
Research Groups GR-21 - TESTGROUP - TESTGROUP
Thesis type MASTER THESIS
Description Side-Channel Attacks like Power analysis, pioneered in the late '90s, have undergone continuous improvements in both terms of attack capabilities and countermeasures. All these years of evolution outlined two main sub-classes of attacks: profiled and non-profiled attacks.
The former, in which we find DPA and CPA (Differential and Correlation Power Analysis, respectively), rely on purely statistical computations to correlate the leakage emitted by a device to the secret key internally handled by it. This class of attacks can break cryptographic implementations even if the attacker does not have a prior knowledge on the leakage profile/signature that characterizes the device under attack.
On the other hand, as the name suggests, profiled attacks can succeed only if the attacker obtained some prior knowledge on the leakage profile from a different (but still similar) device as the one under attack. If such condition is met, profiled attacks can achieve even better results than non-profiled ones, assuming the same conditions.
Profiled attacks achieve their goals by splitting the attack in two phases: a learning phase and an attack one. In the learning one, the attacker trains a machine learning supervised model, teaching it to recognize and classify leakage traces, collected from the secondary device. In the second phase, the attack itself, leakage traces are collected from the real device under attack and fed to the model, whose purpose now is to infer and finally retrieve the value of the key that produced them.
Starting from 2016, more or less, research on profiled attacks undergone the influence of deep learning techniques, such as:
Multi-layer perceptrons (MLPs);
Convolutional Neural Networks (CNNs): able to inherently circumvent countermeasures like masking and trace desynchronization;
AutoEncoders (AEs): to de-noise and improve the leakage traces collected;
Generative Adversarial Networks (GANs): for data augmentation, i.e. to generate artificial leakage traces starting from (and in addition to) the ones collected from a real device;
For further introductions, please refer to the following videos:
[Side-Channel Attacks at the age of Deep Learning](https://www.youtube.com/watch?v=03zYjMkvk7o)
[Deep Learning for Side Channel Analysis](https://www.youtube.com/watch?v=-74lKfLx8Ko)
The thesis, given the vastness of the topic and depending on the preferences, time dedicated and learning path of the candidate(s), can spread over a huge set of possible paths.
Candidate(s) may focus on an overall evaluation of the above Deep Learning techniques, highlighting their strengths and weaknesses, building PoCs (Proof of Concepts) demonstrating their properties;
Candidate(s) may focus on researching new ML/DL techniques, trying to adapt them from the ML world to the SCA one, leveraging them to fulfill attackers or defenders point of views;
Exploring attacks and countermeasures, developing HW Capture-the-Flag competitions (Jeopardy and/or Atk/Def) for the PAIDEUSIS platform;
Other proposal(s) the candidates may want to explore.
Required skills - Basics of Programming (Python, C)
Notes The thesis activities will be carried out in collaboration with:
- CINI Cybersecurity National Laboratory
For additional information:
- Nicol๒ MAUNERO email@example.com
- Gianluca ROASCIO firstname.lastname@example.org
Deadline 31/12/2022 PROPONI LA TUA CANDIDATURA