Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100195, China
School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
School of Cyber Security, Nanjing University of Science and Technology, Nanjing 210094, China
掩蔽方案被认为是保护物联网设备免受侧信道攻击的有效对策。基于深度学习的侧信道攻击 (DL-SCA) 已被证明是非常有效的针对掩蔽实现的目标。在本文中,我们研究了一种流行的基于计算的掩码方案对 DL-SCA 的抵抗力,即基于加法链的掩码方案。我们发现加法链引入了中间单项式的计算
输出尺寸更小,从而降低了其对 DL-SCA 的抵抗力。具体来说,我们首先从信息论的角度使用互信息度量来评估不同单项式的侧信道阻力。接下来,我们进一步提出 Kullback-Leibler 散度比作为评估指标来分析单项式输出大小对 DL-SCA 的影响。测量值表明,具有较小输出大小的单项式对 DL-SCA 的抵抗力较差。然后我们分别进行模拟和实际实验来验证它。在模拟实验中,我们对具有不同噪声水平和训练跟踪数的一阶掩码实现执行 DL-SCA。结果表明,具有较小输出大小的单项式更容易受到攻击。此外,随着噪音水平(分别降低)的增加(分别降低)。训练轨迹数),这些单项式的阻力差异变得更加显着。此外,我们通过二阶蒙面场景的模拟实验获得了类似的结果。在基于 ARM Cortex-M4 架构的实际实验中,考虑到低噪声和高噪声水平,我们收集了电源和电磁迹线。结果表明,针对 S-Box 输出所需的迹线数量至少是针对最弱单项式的三倍。
Masking schemes are considered to be effective countermeasures to protect Internet-of-Things devices from side-channel attacks. Deep-learning-based side-channel attacks (DL-SCAs) have been demonstrated to be very effective targeting on masked implementations. In this paper, we investigate the resistance of a popular computation-based masking scheme against DL-SCAs, that is, the addition-chain-based one. We find that addition chain introduces computations of intermediate monomials over
with smaller output sizes, which decreases its resistance against DL-SCAs. Specifically, we first use mutual information metric to evaluate the side-channel resistance of different monomials from an information theory point of view. Next, we further propose the Kullback–Leibler divergence ratio as an evaluation metric to analyze the impact of monomial output size on DL-SCAs. The measurement values show that the monomial with smaller output size is less-resistant against DL-SCAs. Then we conduct simulated and practical experiments respectively to verify it. In simulated experiments, we perform DL-SCAs on first-order masked implementations with different noise levels and training trace numbers. The results demonstrate that monomials with smaller output size are more vulnerable. Moreover, with the increase (resp. decrease) in noise level (resp. training trace number), the resistance difference of these monomials becomes more significant. In addition, we obtain similar results through simulated experiments on second-order masked scenario. In practical experiments based on an ARM Cortex-M4 architecture, we collect power and electromagnetic traces in consideration of low and high noise levels. The results show that the number of required traces for targeting the S-Box output is at least three times as much that for targeting the weakest monomial.
