OBJECTIVE
Side-channel attacks (SCAs) are powerful attacks based on the information obtained from the implementation of cryptographic devices. Profiling side-channel attacks have received a lot of attention in the last years because this type of attack defines worst-case security assumptions. The SCA community realized that the same profiling approach is used in other domains in the form of supervised machine learning. Consequently, some researchers started experimenting with different machine-learning techniques and evaluating their effectiveness in the SCA context. More recently, we are witnessing the uprise of deep learning techniques in the SCA community with strong results in side-channel analyses, even in the presence of countermeasures.
In this training, we will start by introducing the basic concepts of side-channel attacks. Then, we will cover common examples of direct side-channel attacks like simple power analysis and differential power analysis. Afterward, we concentrate on profiled attacks where we start with a template attack. Finally, we dive into advanced topics in profiling SCAs where the emphasis will be on machine learning and deep learning techniques. During the training, the students will have the opportunity to learn a theoretical background on several attacks but also have to implement and use them.
In this tutorial, we will cover not only the attack phase but also pre-processing and feature engineering phases. Besides more "traditional" machine learning techniques, we will cover various deep learning techniques and investigate how to use them in practical SCAs. While the emphasis of the training is on side-channel analysis, we will also discuss fault injection attacks and how artificial intelligence techniques can be used there. During the training, the students will have the opportunity to develop several side-channel tools in Python and perform attacks to obtain the secret key.
Course Sections:
Introduction to side-channel analysis
- Basic concepts for SCA
- Simple power analysis
- Differential power analysis
- Assignment 1: Implement correlation power analysis.
- Countermeasures
- Metrics to evaluate performance of attacks
Profiled sid-channel analysis
- Template attack
- Assignment 2: Implement template attack
Introduction to machine learning in SCA context
- Basic concepts for machine learning
- Template attack in the context of machine learning
- Advanced concepts for machine learning
- Differences between SCA and machine learning metrics
Preparing the attack
- Pre-processing
- Feature engineering
- Assignment 3: From raw measurements obtain the most relevant features through feature selection and dimensionality reduction
Machine learning-based attacks
- Theory for several machine learning techniques: Naive Bayes, Random Forest, Support Vector Machines, etc.
- How to implement such techniques in Python
- Assignment 4: Implement aforesaid techniques and attack the available datasets
Deep learning-based attacks
- Theory for deep learning techniques: multilayer perceptron, convolutional neural networks, autoencoders
- How to implement such techniques in Keras
- Assignment 4: Implement aforesaid techniques and attack the available datasets
- Other deep learning techniques
Beyond side-channel analysis
- Fault injection analysis and artificial intelligence
- How transferable is this knowledge to other security domains
Who should attend the course:
- Researchers and students who want to learn side-channel analysis (with emphasis on machine learning-based techniques)
- Penetration testers, auditors, and evaluators of secure embedded devices
- Developers of secure IoT products
- Any embedded security enthusiast or machine learning enthusiast
What should attendees bring:
- Laptop with Windows or Linux
- Python installed
- Keras installed
What will be provided:
- Lecture slides and assignments
- Python code and examples
- Side-channel datasets
ABOUT TRAINER
Stjepan Picek is an assistant professor in the Cybersecurity group at TU Delft, The Netherlands. His research interests are security/cryptography, machine learning, and evolutionary computation. Before the assistant professor position, Stjepan was a postdoctoral researcher at MIT, USA and KU Leuven, Belgium. Stjepan finished his Ph.D. in 2015 with a topic on cryptology and evolutionary computation techniques. Stjepan also has several years of experience working in industry and government. Up to now, Stjepan gave more than 15 invited talks at conferences and summer schools and published more than 90 refereed papers in both evolutionary computation and cryptography journals and conferences. Stjepan is a member of the organization committee for International Summer School in Cryptography and president of the Croatian IEEE CIS Chapter. He is a general co-chair for Eurocrypt 2020, a program committee member and reviewer for several conferences and journals, and a member of several professional societies.
