Machine Learning for Side-channel Analysis · 2019-01-10 · Machine Learning for Side-channel Analysis The Promises of Deep Learning Universal Approximation Theorem A feed-forward

Machine Learning for Side-channel Analysis


Stjepan Picek; TU Delft, The Netherlands

Cryptacus, Rennes, September 20, 2018

1 / 44


Outline

1 Introduction

2 Side-channel Analysis and Machine Learning

3 The Promises of Deep Learning

4 Common Problems

5 Conclusions

2 / 44


Introduction

Outline

1 Introduction



4 Common Problems

5 Conclusions

3 / 44


Introduction

Intro to Implementation Attacks and SCA

Implementation attacks

Implementation attacks do not aim at the weaknesses of thealgorithm, but on its implementation.

Side-channel attacks (SCAs) are passive, non-invasiveattacks.

SCAs represent one of the most powerful category of attackson crypto devices.

Something that enables you to know something aboutsomething without directly observing that something.

4 / 44


Introduction

5 / 44


Introduction

Profiled Attacks

Profiled attacks have a prominent place as the most powerfulamong side channel attacks.

Within profiling phase the adversary estimates leakage modelsfor targeted intermediate computations, which are thenexploited to extract secret information in the actual attackphase.

Template Attack (TA) is the most powerful attack from theinformation theoretic point of view.

6 / 44


Introduction

Template Attack

Using the copy of device, record a large number ofmeasurements using different plaintexts and keys. We requireinformation about every possible subkey value.

Create a template of device’s operation. A template is a set ofprobability distributions that describe what the power traceslook like for many different keys.

On device that is to be attacked, record a (small) number ofmeasurements (called attack traces) using different plaintexts.

Apply the template to the attack traces. For each subkey,record what value is the most likely to be the correct subkey.

7 / 44


Introduction

Profiled Attacks

8 / 44


Introduction

Machine Learning as a Side-channel attack

We can observe how profiled scenario in SCA has clearconnections with supervised machine learning.

Consequently, some machine learning (ML) techniques alsobelong to the profiled attacks.

9 / 44


Introduction

Machine Learning

Machine Learning

Machine Learning (ML) is a subfield of computer science thatevolved from the study of pattern recognition and computationallearning theory in artificial intelligence.

Machine Learning

Field of study that gives computers the ability to learn withoutbeing explicitly programmed

Machine Learning

A computer program is said to learn from experience E withrespect to some task T and some performance measure P, if itsperformance on T, as measured with P, improves with experienceE.

10 / 44


Introduction

Machine Learning

Algorithms extract information from data.

They also learn a model to discover something about the datain the future.

11 / 44


Introduction

Dangers of Extrapolating

12 / 44


Introduction

Machine Learning Types

Supervised learning – available data also include informationhow to correctly classify at least a part of data.

Unsupervised learning – input data does not tell the algorithmwhat the clusters should be.

Semi-supervised learning – information on how to correctlyclassify a small part of data.

Reinforcement learning – take actions based on currentknowledge of the environment and receive feedback in theform of rewards.

13 / 44


Introduction

Machine Learning Setting

14 / 44


Side-channel Analysis and Machine Learning

Outline

1 Introduction



4 Common Problems

5 Conclusions

15 / 44




Machine learning techniques also represent an extremelypowerful paradigm in side-channel analysis.

We can use machine learning in SCA for classification,clustering, feature engineering, preprocessing.

16 / 44



Supervised Learning

Supervised learning - available data include information howto correctly classify at least a part of data.

Common tasks are classification and regression.

17 / 44



SCA with ML in a Usual Way

As as example, we consider AES software implementation.

The most leaking operation is the processing of the S-boxoperation.

Hamming weight model - 9 classes or S-box output - 256classes.

First step is to select machine learning algorithms to use,preferably algorithms belonging to different machine learningfamilies.

Conduct a proper algorithm tuning phase.

Divide the data into training and testing data.

Conduct (or not) tuning phase.

After the tuning phase is done, test/verify the algorithm.

18 / 44


The Promises of Deep Learning

Outline

1 Introduction



4 Common Problems

5 Conclusions

19 / 44



Deep Learning

Stacked neural networks, i.e., networks consisting of multiplelayers.

Layers are made of nodes.

20 / 44



Multilayer Perceptron

One input layer, one output layer, at least one hidden layer.

21 / 44



Universal Approximation Theorem

A feed-forward network with a single hidden layer containing afinite number of neurons can approximate continuousfunctions on compact subsets of Rn.

Given enough hidden units and enough data, multilayerperceptrons can approximate virtually any function to anydesired accuracy.

Valid results if and only if there is a sufficiently large numberof training data in the series.

22 / 44



No Free Lunch Theorem

It proves that there exists no single model that works best forevery problem.

To find the best model for a certain problem, numerousalgorithms and parameter combinations should be tested.

Not even then we can be sure that we found the best model,but at least we should be able to estimate the possibletrade-offs between the speed, accuracy, and complexity of theobtained models.

23 / 44



Machine Learning Taxonomy

Figure: Taken from trymachinelearning.com

24 / 44



Deep Learning

By adding more hidden layers in multilayer perceptron, wearrive to deep learning.

Some definitions say everything more than one hidden layer isdeep learning.

A field existing for a number of years but one that gained alot of attention in the last decade.

Sets of algorithms that attempt to model high-levelabstractions in data by using model architectures withmultiple processing layers, composed of a sequence of scalarproducts and non-linear transformations.

In many tasks, deep learning is actually not necessary sincemachine learning performs well.

25 / 44



Deep Learning

In some tasks deep learning outperforms machine learning aswell as human experts.

Deep learning algorithms scale with data while shallowlearning converges.

Shallow learning refers to machine learning methods thatplateau at a certain level of performance when you add moreexamples and training data to the network.

Often, machine learning works from engineered features whiledeep learning works from raw features.

26 / 44



Deep Learning and Side-channel Analysis

Can deep learning solve all problems in SCA?

Convolutional Neural Networks are the best (for now).

Deep learning in SCA is not really deep (but getting deeper).

When to use deep learning and when other machine learningtechniques?

Even when deep learning works better than other machinelearning techniques, we do not really know why.

27 / 44




Can deep learning solve all problems in SCA?

Convolutional Neural Networks are the best (for now).

Deep learning in SCA is not really deep (but getting deeper).

When to use deep learning and when other machine learningtechniques?

Even when deep learning works better than other machinelearning techniques, we do not really know why.

27 / 44




conv1

pool1conv2

pool2 conv3pool3

conv4out

flatten

16

32

64128

9

input

(4)

(4)(4)

pool4

(4)

28 / 44



More Complex Architectures

29 / 44



More Complex Architectures

30 / 44


Common Problems

Outline

1 Introduction



4 Common Problems

5 Conclusions

31 / 44


Common Problems

Common Problems

Everything is empirical. So, what does knowledge about onescenario tell us about other scenarios?

Datasets. Only a few publicly available, not mostrepresentative examples. Issues with data selection.

Only a few machine learning techniques are really tested.

Most of papers concentrates on classification part but neglectsother parts of the process.

Results that are published are not reproducible.

Not clear connection between machine learning andside-channel analysis metrics.

32 / 44


Common Problems

Common Problems







32 / 44


Common Problems

Common Problems







32 / 44


Common Problems

Common Problems







32 / 44


Common Problems

Common Problems







32 / 44


Common Problems

Common Problems







32 / 44


Common Problems

Imbalanced Data

Occurring with the widely used Hamming weight andHamming distance models.

If the dataset is difficult to classify, ML techniques will havetroubles classifying data into anything other than mostrepresented class.

Accuracy as a metric can indicate good performance, but SCAmetrics will show (really) bad results.

Table: Class taxonomy

HW value 0 1 2 3 4 5 6 7 8

Occurrences 1 8 28 56 70 56 28 8 1

33 / 44


Common Problems

Imbalanced Data

Predicted Actual

0 1 2 3 4 5 6 7 8

0 0 0 0 99 0 0 0 0 00 0 0 0 727 0 0 0 0 10 0 0 0 2 767 0 0 0 0 20 0 0 0 5 481 0 0 0 0 30 0 0 0 6 815 0 0 0 0 40 0 0 0 5 422 0 0 0 0 50 0 0 0 2 777 0 0 0 0 60 0 0 0 809 0 0 0 0 70 0 0 0 103 0 0 0 0 8

34 / 44


Common Problems

What is There from Theory

When using machine learning, we conduct experimental work.

Can we show any theoretical result?

That is hard but (hopefully) possible.

Yet, there is nothing done.

PAC learning.

Bias–variance decomposition.

Vapnik–Chervonenkis theory.

Coresets.

35 / 44


Common Problems

What is There from Theory

When using machine learning, we conduct experimental work.

Can we show any theoretical result?

That is hard but (hopefully) possible.

Yet, there is nothing done.

PAC learning.

Bias–variance decomposition.

Vapnik–Chervonenkis theory.

Coresets.

35 / 44


Common Problems

Accuracy as a Measure of Performance

We discuss about accuracy as metric but many models do notuse it in their loss functions since it is not easy to optimize.

The main learning problem can be defined as below:

minθ

∑i

L(yi , f (Xi ; θ)), (1)

where L indicates the objective function we minimize,yi ∈ {c0, c1, · · · , cC} is the ith ground truth label drawn fromthe dataset. Xi ∈ Rd is tth trace corresponding to yi where dis the length of the trace, f is any learnable model that isparameterized with θ.

36 / 44


Common Problems

Accuracy as a Measure of Performance

If the empirical error function is not differentiable, it is noteasy to apply it with a deep neural network since the BackPropagation algorithm requires a differentiable system.

We use Categorical Cross Entropy for the multi-classclassification problem as an approximation of the accuracyfunction.

How do we connect such machine learning metrics with SCAmetrics like success rate and guessing entropy?

37 / 44


Common Problems

Curse of Dimensionality

Describes the effects of exponential increase in volumeassociated with the increase in the dimensions.

As the dimensionality of the problem increases, the classifier’sperformance increases until the optimal feature subset isreached.

Further increasing the dimensionality without increasing thenumber of training samples results in a decrease in theclassifier performance.

38 / 44


Common Problems

Hyper-parameter Tuning

Once the machine learning algorithm is selected and data isprepared, we need to tune the algorithm.

Almost every machine learning algorithm has some parametersto tune.

Results will (significantly) differ on the basis of tuning phase.

The more parameters, the bigger search space size.

For simpler algorithms (i.e., less parameters), grid search ispossible.

More complicated techniques involve Bayesian optimization orevolutionary algorithms, to name a few.

39 / 44


Common Problems

Underfitting and Overfitting

Overfitting – if a model is too complex for the problem, thenit can learn the detail and noise in the training data so itnegatively impacts the performance of the model on new data→ a model that models the training data too good.

Underfitting – if a model is too simple for the problem, then itcannot generalize to new data.

Simple model → high bias.

Complex model → high variance.

40 / 44


Common Problems

Bias and Variance

Figure: Bias and variance (http://scott.fortmann-roe.com/docs/BiasVariance.html)

41 / 44


Conclusions

Outline

1 Introduction



4 Common Problems

5 Conclusions

42 / 44


Conclusions

Conclusions

SCA is very active research domain.

Large part of the community is actually interested in profilingattacks and machine learning.

What is interesting and what is realistic is not the same.

We are able to do bits and pieces here and there....but we arestill missing the most important answers (and questions).

We can use a lot of knowledge from other domains, but weneed to recognize what and where.

43 / 44


Conclusions

Conclusions

SCA is very active research domain.

Large part of the community is actually interested in profilingattacks and machine learning.

What is interesting and what is realistic is not the same.

We are able to do bits and pieces here and there....but we arestill missing the most important answers (and questions).

We can use a lot of knowledge from other domains, but weneed to recognize what and where.

43 / 44


Conclusions

Questions?

Thanks for your attention! Q?

44 / 44

Documents

Machine Learning for Side-channel Analysis · 2019-01-10 · Machine Learning for Side-channel Analysis The Promises of Deep Learning Universal Approximation Theorem A feed-forward