Defensive ML: Defending Architectural Side-channels with Adversarial Obfuscation

Hyoungwook Nam,Raghavendra Pradyumna Pothukuchi,Bo Li,Nam Sung Kim,Josep Torrellas
2023-10-14
Abstract:Side-channel attacks that use machine learning (ML) for signal analysis have become prominent threats to computer security, as ML models easily find patterns in signals. To address this problem, this paper explores using Adversarial Machine Learning (AML) methods as a defense at the computer architecture layer to obfuscate side channels. We call this approach Defensive ML, and the generator to obfuscate signals, defender. Defensive ML is a workflow to design, implement, train, and deploy defenders for different environments. First, we design a defender architecture given the physical characteristics and hardware constraints of the side-channel. Next, we use our DefenderGAN structure to train the defender. Finally, we apply defensive ML to thwart two side-channel attacks: one based on memory contention and the other on application power. The former uses a hardware defender with ns-level response time that attains a high level of security with half the performance impact of a traditional scheme; the latter uses a software defender with ms-level response time that provides better security than a traditional scheme with only 70% of its power overhead.
Cryptography and Security,Hardware Architecture,Machine Learning
What problem does this paper attempt to address?
### Problems the Paper Attempts to Solve The paper aims to address the issue of side-channel attacks in computer security through signal analysis using Machine Learning (ML). Specifically, the paper proposes a method to defend against side-channel attacks at the computer architecture level using Adversarial Machine Learning (AML). This defense method is referred to as "Defensive ML," and its core idea is to confuse side-channel signals by generating adversarial noise. #### Main Objectives 1. **Define the Side-Channel Confusion Problem**: Treat side-channel confusion as an optimization problem and propose the use of an ML generator to mitigate architectural side channels. 2. **Design, Train, Evaluate, and Deploy Defenders**: Propose a workflow to design, train, evaluate, and deploy defenders against architectural side channels. 3. **Apply Defensive ML**: Apply Defensive ML to two different types of side-channel attacks, one based on memory contention and the other based on application power consumption, and demonstrate its effectiveness. #### Specific Implementation 1. **Design Defender Networks**: Design defender networks based on the physical characteristics of side channels and hardware constraints. 2. **Train Defenders Using DefenderGAN**: Use the DefenderGAN structure to adversarially train defenders to resist various types of classifiers. 3. **Evaluate the Transferability of Defenders**: Evaluate the transferability of defenders to various classifiers by testing their performance in different environments. 4. **Deploy Defenders**: Compress defenders as needed and deploy them in hardware or software environments. Through these methods, the paper demonstrates how to effectively defend against two significant side-channel attacks: memory contention side channels and application power consumption side channels. Experimental results show that Defensive ML exhibits excellent security and performance in both types of attacks.