Overview

Side-channel attacks (SCAs) are powerful attacks based on the information obtained from the implementation of cryptographic devices. Profiling side-channel attacks have received a lot of attention in the last years because this type of attacks defines worst-case security assumptions. The SCA community realized that the same profiling approach is used in other domains in the form of supervised machine learning.

Consequently, some researchers started experimenting with different machine learning techniques and evaluating their effectiveness in the SCA context. More recently, we are witnessing the uprise of deep learning techniques in the SCA community with strong results in side-channel analyses, even in the presence of countermeasures.

In this training, we will concentrate on advanced topics in profiling SCAs where the emphasis will be on machine learning and deep learning techniques. During the training, the students will have the opportunity to learn theoretical background on several machine learning techniques but also have to implement them and use in SCAs. There, we will cover not only the attack phase but also pre- processing and feature engineering phases. Besides more "traditional" machine learning techniques, we will cover various deep learning techniques and investigate how to use them in practical SCAs. While the emphasis of the training is on side-channel analysis, we will also discuss fault injection attacks and how artificial intelligence techniques can be used there. During the training, the students will have the opportunity to develop several side-channel tools in Python and perform attacks to obtain the secret key.

Course objectives

• Introduction to machine learning and side-channel analysis
  • Basic concepts for SCA
  • Basic concepts for machine learning
  • Template attack in the context of machine learning
  • Advanced concepts for machine learning
• Preparing the attack
  • Pre-processing
  • Feature engineering
  • Assignment 1: From raw measurements obtain the most relevant features through feature selection and dimensionality reduction
• Machine learning-based attacks
  • Theory for several machine learning techniques: Naive Bayes, Random Forest, Support Vector Machines
  • How to implement such techniques in Python
  • Assignment 2: Implement aforesaid techniques and attack the available datasets
• Deep learning-based attacks
  • Theory for deep learning techniques: multilayer perceptron, convolutional neural networks
  • How to implement such techniques in Keras
  • Assignment 3: Implement aforesaid techniques and attack the available datasets
  • Other deep learning techniques
• Beyond side-channel analysis
  • Fault injection analysis and artificial intelligence
  • How transferable is this knowledge to other security domains

Who should attend the course

• Researchers and students who want to learn the advanced techniques of side-channel analysis
• Penetration testers, auditors and evaluators of secure embedded devices
• Developers of secure IoT products
• Any embedded security enthusiast or machine learning enthusiast

What should attendees bring

• Laptop with Windows or Linux
• Python installed
• Keras installed

What will be provided

• Lecture slides and assignments
• Python code and examples
• Side-channel datasets

ABOUT THE TRAINERS

Stjepan Picek is an assistant professor in the Cybersecurity group at TU Delft, The Netherlands. His research interests are security/cryptography, machine learning, and evolutionary computation. Before the assistant professor position, Stjepan was a postdoctoral researcher at ALFA group, MIT, USA. Before that, he was a postdoctoral researcher at KU Leuven, Belgium as a part of the Computer Security and Industrial Cryptography (COSIC) group. Stjepan finished his Ph.D. in 2015 with a topic on cryptology and evolutionary computation techniques. Stjepan also has several years of experience working in industry and government. Up to now, Stjepan gave more than 10 invited talks at conferences and summer schools and published more than 70 refereed papers in both evolutionary computation and cryptography journals and conferences. Stjepan is a member of the organization committee for International Summer School in Cryptography and president of the Croatian IEEE CIS Chapter. He is a general co-chair for Eurocrypt 2020, program committee member and reviewer for several conferences and journals, and a member of several professional societies.