Trace Augmentation: What Can Be Done Even Before Preprocessing in a Profiled SCA?

Transcription

1 Trace Augmentation: What Can Be Done Even Before Preprocessing in a Profiled SCA? Sihang Pu 1 Yu Yu 1 Weijia Wang 1 Zheng Guo 1 Junrong Liu 1 Dawu Gu 1 Lingyun Wang 2 Jie Gan 3 Shanghai Jiao Tong University, Shanghai, China {push.beni, yyuu, aawwjaa, guozheng, liujr, dwgu}@sjtu.edu.cn Shanghai Viewsource Information Science and Technology Company, China lingyun.wang@viewsources.com Beijing Smart-Chip Microelectronics Technology Co., Ltd. Beijing, China ganjie@sgitg.sgcc.com.cn CARDIS, 17

2 Outline 1 Introduction 2 Trace augmentation Trace augmentation Lazy-Validation 3 Simulating Experiments Software-based Experiments FPGA-based Experiments

3 Introduction Profiled SCA Profiling phase Exploitation phase Profiling device Target device Known key profiling traces exploitation traces profiling Power model exploitation result

4 Introduction Profiled SCA Profiled side-channel attack: Adds a profiling phase to the original SCA Can be considered as the powerful class of power analysis But: It presumes high similarity between profiling device and target device Otherwise, result in less desirable performance All existing solutions [1, 2] mainly focus on the dedicated designing of profiling method [1] C. Whitnall, E. Oswald and etl. Robust Profiled DPA, CHES 15. [2] W. Wang, Y. Yu, F.-X. Standaert and etl. Ridge-Based Profiled Differential Power Analysis, CT-RSA 17.

5 Introduction Preprocessing techniques Preprocessing Traces with noise Traces with less noise Good examples: Lowpass Principal component analysis (PCA) Linear discriminant analysis (LDA) Singular spectrum analysis (SSA) These techniques mainly focus on ameliorating the SNR. But: They may not work well with deviated target devices;

6 Introduction Motivation What can be done during (or even before) the preprocessing stage to make the subsequent attacks more robust? Raw data? Preprocessing Profiling Robust model

7 Trace Augmentation: What Can Be Done Even Before Preprocessing in a Profiled SCA? Introduction Data augmentation It is popular in the deep learning community It is used to mitigate overfitting and build a more robust model

8 Trace augmentation Trace augmentation Trace augmentation through random shift 1 Shift each trace horizontally at random. 2 Repeat step 1 several times to yield many perturbed traces. 3 Append these new perturbed traces to original set.

9 Trace augmentation Trace augmentation A visual illustration of trace augmentation Before augmentation Augmentation yields more traces Shift randomly then combine

10 Trace augmentation Trace augmentation Parameters Shift ratio, γ: quantifies the extent of random shift: perturb each trace with a horizontal random shift drawn uniformly from [ γ d, γ d], where d denotes the number of leakage points Augmentation ratio, C: quantifies The number of expanded traces, N new = γc N original

11 Trace augmentation Lazy-Validation Trace augmentation through random shift It is tricky to define a general rule to select the two undetermined parameters (i.e., γ and C). But we noted that: 1 The augmentation ratio, C, does not depend much on the attack scenario, thus we simply choose C = 1; 2 The shift ratio, γ, affect the improvement of trace augmentation significantly, thus we design the lazy-validation.

12 Trace augmentation Lazy-Validation Lazy-Validation Raw profiling traces split profiling traces exploitation traces Candidate γ Trace augmentation explotation profiling Power model Guessing entropy Choose the largest γwith the same Guessing entropy

13 Trace augmentation Lazy-Validation Lazy-Validation γ larger γ 1 (Almost) Same Guessing entropy Significant larger Guessing entropy γ k larger γ k+1 Intuition: it is safe to perturb traces to some certain extent as long as it does not affect the performance in the ideal setting

14 Experiments Simulation-based experiment Practical experiments: Software-based experiments FPGA-based experiments

15 Simulating Experiments Simulating Settings Leakage is subject to the multi-variant Gaussian distribution Choosing means of the distribution by picking random real numbers Generating of covariance matrix: rely on a refined method named vine Parameter β: control the correlations between leakage points; Smaller β value corresponds to the more dependencies among points of each trace Perfect case: the (simulated) traces of profiling and exploitation are subject to the similar distribution (same values of mean and parameter β). Imperfect case: perturb the (standardized) leakage function of the exploitation trace by imposing a noise of uniform distribution U( 5, 5)

16 Simulating Experiments Attack Settings 1 Trace augmentation (optional) 2 LDA to 1 point 3 Template building: Gaussian template building K-means

17 Simulating Experiments Simulating Experimental Results Gaussian template building: , =.1, = 1., = 1. = %, =.1 = %, = 1. = %, = , =.1, = 1., = 1. = %, =.1 = %, = 1. = %, = # of traget traces # of traget traces (a) perfect case (without discrepancy) (b) introducing noise as discrepancy

18 Simulating Experiments Simulating Experimental Results K-means: 35 3 = 1% = % = 3% , =.1, = 1., = 1. = %, =.1 = %, = 1. = %, = # of traget traces (c) perfect case (without discrepancy) # of traget traces (d) introducing noise as discrepancy

19 Software-based Experiments Target Settings Atmel ATMega-163 Consist of 54 leakage points. Perfect case: the points of profiling and exploitation come from the same positions. Imperfect case: adding misalignment between profiling and target traces

20 Software-based Experiments Attack Settings 1 Trace augmentation (optional) 2 PCA to 1 point 3 Gaussian template building

21 Software-based Experiments Software-based Experimental Results 35 3 = 1% = % = 3% = 35% LazyValidation: 15% 3 25 = 1% = % = 3% = 35% LazyValidation: 15% # of target traces # of target traces (e) no misalignment (f) misalignment = 5%

22 Software-based Experiments Software-based Experimental Results 6 5 = 1% = % = 3% = 35% LazyValidation: 15% = 1% = % = 3% = 35% LazyValidation: 15% # of target traces (g) misalignment = 1% # of target traces (h) misalignment = 15%

23 Software-based Experiments Software-based Experimental Results = 1% = % = 3% = 35% LazyValidation: 15% = 1% = % = 3% = 35% LazyValidation: 15% # of target traces (i) misalignment = % # of target traces (j) misalignment = 25%

24 FPGA-based Experiments Target Settings SAKURA-X board leakage points Perfect case: the points of profiling and exploitation come from the same positions. Imperfect case: adding misalignment between profiling and target traces

25 FPGA-based Experiments Attack Settings 1 Trace augmentation (optional) 2 PCA to 1 point 3 Linear-regression based profiling, ridge-based profiling

26 FPGA-based Experiments FPGA-based Experimental Results Linear-regression based profiling: 6 5 = 5% = 15% = % LazyValidation: 1% = 5% = 15% = % LazyValidation: 1% # of target traces (k) no misalignment # of target traces (l) misalignment = 5%

27 FPGA-based Experiments FPGA-based Experimental Results Linear-regression based profiling: 1 1 = 5% = 15% = % LazyValidation: 1% 1 = 5% = 15% = % LazyValidation: 1% # of target traces # of target traces (m) misalignment = 1% (n) misalignment = 15%

28 FPGA-based Experiments FPGA-based Experimental Results Linear-regression based profiling: 1 1 = 5% = 15% = % LazyValidation: 1% 14 1 = 5% = 15% = % LazyValidation: 1% # of target traces (o) misalignment = % # of target traces (p) misalignment = 25%

29 FPGA-based Experiments FPGA-based Experimental Results Ridge-based profiling: 7 = 5% 7 = 5% 6 LazyValidation: 1% = 15% 6 LazyValidation: 1% = 15% # of target traces (q) no misalignment # of target traces (r) misalignment = 5%

30 FPGA-based Experiments FPGA-based Experimental Results Ridge-based profiling: 6 = 5% LazyValidation: 1% = 15% 8 = 5% LazyValidation: 1% = 15% # of target traces # of target traces (s) misalignment = 1% (t) misalignment = 15%

31 Summary&Future Summary Trace augmentation based preprocessing can effectively improve the performance of profiled SCA, in both of the scenarios where: Profiling device behaves close to the target device Profiling device deviates significantly from the target device Lazy-validation to obtain conservative but appropriate parameters Simulation-based and practical experiments Confirm the effectiveness of our approach The improvement depends on the correlation among points of each trace.

32 Summary&Future Future works Explore other possible ways to augment the trace. Why? How much improvement? When?

33 Summary&Future Questions? Thanks for your consideration! Questions?