In this talk we give an overview of the AI methods and techniques used in the field of hardware security and side-channel analysis in particular. We survey several examples of AI assisting with leakage evaluation and discuss the impact of it. Finally, we also consider the way side-channel analysis threatens AI implementations e.g. commonly used neural nets architectures.
Lejla Batina is a professor in embedded systems security at the Radboud University in Nijmegen, the Netherlands. Her research group consists of 12 researchers and 9 Ph.D. students have graduated under her supervision. She received her Ph.D. from KU Leuven, Belgium (2005) and she has also studied at the Eindhoven University of Technology, (Professional Doctorate in Engineering in 2001) and worked as a cryptographer for SafeNet B.V. (2001–2003). She is a senior member of IEEE and an Editorial board member of top journals in security, IEEE Transactions on Information Forensics and Security and ACM Transactions on Embedded Computing Systems.
Machine learning has become a useful tool to address some questions in block cipher cryptanalysis, mainly by allowing the automatic development of all-in-one differential distinguishers against parts of block ciphers. In this talk, we will review some recent developments in the field and discuss work in progress centered around two questions, namely the prospects of developing all-in-one known plaintext distinguishers and exploiting features based on more than two ciphertext blocks. We show that significant progress on both problems over naive approaches can be obtained by curricular learning in a slightly counterintuitive setting where machine learning strives to produce wrong answers to trivial problems.
After graduating from University of Luxembourg with a PhD in pure mathematics, Aron Gohr became a cryptographic consultant for the Federal Office for Information Security (BSI) in 2010, specializing in symmetric cryptography and side-channel analysis. In 2021 he left BSI to join ZOZO New Zealand, where he works on computer vision. The focus of his cryptographic research interests is on the use of AI and AI-inspired techniques to study cryptanalytic and side channel attacks on block ciphers. He is in particular interested in memory- und computation-efficient all-in-one distinguishing attacks against block ciphers, the automatic design of efficient key search policies based on a given distinguisher, and the development of neural network topologies and feature engineering techniques optimized for side-channel analysis and cryptanalysis.
Machine learning has been considered as a sister field of cryptography, where a good cryptographic design can provide an example of functions that are hard to learn. To demonstrate that a function exhibits this feature, a preliminary step is to obtain an approximate representation of the function. This task can be accomplished by employing property testing. Specifically, this technique can be applied in order to select, very efficiently, what hypothesis class (i.e., representation of the unknown function) to use for learning. In this regard, this talk focuses on results for testing properties of cryptographic primitives from the learning-theory perspective.
Fatemeh Ganji is an assistant professor at the ECE and Cybersecurity departments of Worcester Polytechnic Institute (WPI). Before joining WPI, Fatemeh was a Post Doctoral Associate at the University of Florida (from 2018-2020) and at the Telecom Innovation Laboratories/Technical University of Berlin (from 2017-2018). For her dissertation with the title “On the Learnability of Physically Unclonable Functions,” she was awarded the BIMoS Ph.D. Award 2018 and nominated by the Technical University of Berlin for ACM Dissertation Award. Fatemeh’s research focuses on interdisciplinary approaches covering two main angles of hardware security, namely machine learning and cryptography.
Artificial Intelligence (AI) provides an interesting set of techniques to support the design of cryptographic primitives, especially in the symmetric setting. Indeed, several steps in the design of symmetric ciphers can be formulated as optimization problems, that can be solved in turn through nature-inspired optimization methods such as evolutionary algorithms. Further, certain low-level components in symmetric ciphers can also be implemented by computational models traditionally studied in the area of AI and natural computing, such as cellular automata. In this talk, we give an overview of such AI methods proposed in the literature to construct cryptographic primitives, focusing on the use cases of pseudorandom generators, Boolean functions and S-boxes. We conclude by discussing a few interesting directions of research on the design of cryptographic primitives where AI methods could be applied in the future.
Luca Mariot is currently a postdoc researcher in the Cyber Security Research Group at TU Delft, the Netherlands. His main research interest lie at the intersection of cryptography and artificial intelligence, specifically focusing on computational models such as cellular automata and bio-inspired optimization techniques such as evolutionary algorithms to design symmetric cryptographic primitives. Previously, Luca was a postdoc at the University of Milano-Bicocca, Italy. He received his PhD in Computer Science under a double degree agreement, from the University of Milano-Bicocca and the Université Côte d'Azur, France.
Deep learning approaches have become popular for Side-Channel Analysis (SCA) in the recent years. Especially Convolutional Neural Networks (CNN) due to their natural ability to overcome jitter-based as well as masking countermeasures. Most of the recent works have been focusing on optimising the performance on given dataset and bypass the need for trace pre-processing. However, trace pre-processing is a long studied topic in SCA and several proven techniques exist in literature and commercial tools. There is no straightforward manner to integrate those techniques into deep learning based SCA. In this talk, we discuss a generic framework which allows seamless integration of multiple, user defined pre-processing techniques into the neural network architecture. The framework is based on Multi-scale Convolutional Neural Networks (MCNN) that were originally proposed for time series analysis. MCNN are composed of multiple branches that can apply independent transformation to input data in each branch to extract the relevant features and allowing a better generalization of the model. In terms of SCA, these transformations can be used for integration of pre-processing techniques, such as phase-only correlation, principal component analysis, alignment methods, etc. We present successful results on a generic network which generalizes to different publicly available datasets.
Shivam Bhasin is a Senior Research Scientist and Programme Manager (Cryptographic Engineering) at Centre for Hardware Assurance, Temasek Laboratories, Nanyang Technological University Singapore. He received his PhD from Telecom Paristech, France in 2011, Master's from Mines Saint-Etienne, France in 2008. Before NTU, Shivam held position of Research Engineer in Institut Mines-Telecom, France. He was also a visiting researcher at UCL, Belgium (2011) and Kobe University (2013). His research interests include embedded security, trusted computing and secure designs. He has co-authored several publications at recognized journals and conferences. Some of his research now also forms a part of ISO/IEC 17825 standard.
Neural networks have been shown to be vulnerable to fault injection attacks. These attacks change the physical behaviour of the device during the computation, resulting in a change of value that is currently being computed. They can be realized by various techniques, ranging from clock/voltage glitching to application of lasers to rowhammer. Previous works have mostly explored fault attacks for output misclassification, thus affecting the reliability of neural networks. In this presentation, we discuss the possibility to reverse engineer neural networks with fault attacks. We develop the first exact extraction method on deep-layer feature extractor networks that provably allows the recovery of proprietary model parameters. Our experiments with the Keras library show that the precision error for the parameter recovery for the tested networks is less than $10^{-13}$ with the usage of 64-bit floats, which improves the current state-of-the-art by 6 orders of magnitude.
Xiaolu Hou is currently an Assistant Professor at the Faculty of Informatics and Information Technologies, Slovak University of Technology. She received her Ph.D. degree in mathematics from Nanyang Technological University, Singapore, in 2017. Her research focus is on fault injection and side-channel attacks. She also has research experience in the security of neural networks, location privacy, multiparty computation, and differential privacy. With a wide range of research interests, she has published her work at top venues within various fields, ranging from mathematics to computer security.
Deep learning represents a powerful method for profiling side-channel analysis (SCA). The main goal is to efficiently train a deep neural network (or model) on a set of profiling side-channel traces where the key and input data are known. Next, the generalization ability of the trained model is verified against a separate set of side-channel traces where the key is unknown (test or attack traces). However, defining a neural network configuration and training settings is not an easy task. This process involves the tuning of multiple hyperparameters and the proper interpretation of SCA and deep learning metrics. This tutorial provides a detailed process of how to efficiently implement and train deep neural networks for profiling side-channel analysis. For that, we will make use of the compact AISY Framework (https://aisylab.github.io/AISY_docs/) which contains several deep learning features, including hyperparameters search, visualization, and regularization techniques. Using the AISY framework, we demonstrate efficient ways of combining multiple deep learning features into profiling side-channel analysis. The participants will be able to understand what are the main configurations that impact most the generalization ability of deep neural networks in SCA. During the tutorial, the participants will be able to reproduce the experiments.
Guilherme Perin is a postdoctoral researcher at the Delft University of Technology. His research interests include hardware security, side-channel analysis, cryptography, optimization algorithms, and machine learning. He graduated in Electrical Engineering (2008) and has a Master in Informatics (2011) from the Federal University of Santa Maria. In 2014, he received his Ph.D. in Microelectronics and Automated Systems at the University of Montpellier. He has industry experience as a Senior Security Analyst at RIscure BV.