Behnam Zahednejad,Lijun Lyu

DOI: https://doi.org/10.1002/int.22895

IF: 8.993

2022-05-11

International Journal of Intelligent Systems

Abstract:At CRYPTO 2019, A. Gohr made a breakthrough in combining classical cryptanalysis and deep learning and applied his method to round reduced SPECK successfully. However, his suggested neural‐based distinguisher scheme is only limited to differential cryptanalysis. In this paper, we have the following contributions: 1. We combine integral cryptanalysis and deep learning to propose our neural‐based integral distinguisher scheme for the first time. To illustrate the effectiveness of our distinguisher scheme, we apply it to block ciphers of different structures, such as substitution‐permutation structure ciphers (PRESENT and RECTANGLE), Feistel structure cipher (LBLOCK), and add‐rotate‐XOR cipher (SPECK) and compare the results with the state‐of‐the‐art classical integral distinguishing method, namely, the bit‐based division property. To our great surprise, our neural network‐based integral distinguisher can extend the number of distinguished rounds for all block ciphers by two additional rounds (except RECTANGLE, where it is improved by one round) under the same data complexity. 2. As an additional advantage of our scheme, we demonstrate that our Neural Distinguisher (ND) is not only helpful for block cipher designers but also can assist attackers to mount key recovery attacks. To this end, we show how to exploit our ND to mount a key recovery attack and apply it to SPECK32/64. Out of the 1000 trials of key recovery attacks with different keys in 45% of cases, the first suggested subkey is exactly the real subkey of the last round of the cipher. For the remaining 55%, the second or third suggested subkey is exactly the real subkey of the last round of the cipher. 3. To have a piece of concrete evidence for the advantage of our scheme over classical integral methods, we design an experiment known as the same‐difference experiment. In this experiment, we show that our ND can learn some features beyond the capabilities of classical integral methods. We then propose a set of features that can justify the gap between classical integral methods and our neural‐based integral distinguisher and verify them by further experiments.

computer science, artificial intelligence

Ongee Jeong,Ezat Ahmadzadeh,Inkyu Moon

DOI: https://doi.org/10.3390/math12131936

IF: 2.4

2024-06-22

Mathematics

Abstract:In this paper, we perform neural cryptanalysis on five block ciphers: Data Encryption Standard (DES), Simplified DES (SDES), Advanced Encryption Standard (AES), Simplified AES (SAES), and SPECK. The block ciphers are investigated on three different deep learning-based attacks, Encryption Emulation (EE), Plaintext Recovery (PR), Key Recovery (KR), and Ciphertext Classification (CC) attacks. The attacks attempt to break the block ciphers in various cases, such as different types of plaintexts (i.e., block-sized bit arrays and texts), different numbers of round functions and quantity of training data, different text encryption methods (i.e., Word-based Text Encryption (WTE) and Sentence-based Text Encryption (STE)), and different deep learning model architectures. As a result, the block ciphers can be vulnerable to EE and PR attacks using a large amount of training data, and STE can improve the strength of the block ciphers, unlike WTE, which shows almost the same classification accuracy as the plaintexts, especially in a CC attack. Moreover, especially in the KR attack, the Recurrent Neural Network (RNN)-based deep learning model shows higher average Bit Accuracy Probability than the fully connected-based deep learning model. Furthermore, the RNN-based deep learning model is more suitable than the transformer-based deep learning model in the CC attack. Besides, when the keys are the same as the plaintexts, the KR attack can perfectly break the block ciphers, even if the plaintexts are randomly generated. Additionally, we identify that DES and SPECK32/64 applying two round functions are more vulnerable than those applying the single round function by performing the KR attack with randomly generated keys and randomly generated single plaintext.

mathematics

Ren, Jiongjiong

DOI: https://doi.org/10.1631/fitee.2300848

IF: 2.526

2024-11-06

Frontiers of Information Technology & Electronic Engineering

Abstract:At the Annual International Cryptology Conference in 2019, Gohr introduced a deep learning based cryptanalysis technique applicable to the reduced-round lightweight block ciphers with a short block of SPECK32/64. One significant challenge left unstudied by Gohr's work is the implementation of key recovery attacks on large-state block ciphers based on deep learning. The purpose of this paper is to present an improved deep learning based framework for recovering keys for large-state block ciphers. First, we propose a key bit sensitivity test (KBST) based on deep learning to divide the key space objectively. Second, we propose a new method for constructing neural distinguisher combinations to improve a deep learning based key recovery framework for large-state block ciphers and demonstrate its rationality and effectiveness from the perspective of cryptanalysis. Under the improved key recovery framework, we train an efficient neural distinguisher combination for each large-state member of SIMON and SPECK and finally carry out a practical key recovery attack on the large-state members of SIMON and SPECK. Furthermore, we propose that the 13-round SIMON64 attack is the most effective approach for practical key recovery to date. Noteworthly, this is the first attempt to propose deep learning based practical key recovery attacks on 18-round SIMON128, 19-round SIMON128, 14-round SIMON96, and 14-round SIMON64. Additionally, we enhance the outcomes of the practical key recovery attack on SPECK large-state members, which amplifies the success rate of the key recovery attack in comparison to existing results.

engineering, electrical & electronic,computer science, information systems, software engineering

Byoungjin Seok

DOI: https://doi.org/10.3390/electronics13204053

IF: 2.9

2024-10-16

Electronics

Abstract:Recently, differential-neural cryptanalysis, which integrates deep learning with differential cryptanalysis, has emerged as a powerful and practical cryptanalysis method. It has been particularly applied to lightweight block ciphers, which are characterized by simple structures and operations, and relatively small block and key sizes. In resource-constrained environments, such as Internet of Things (IoT), it is essential to verify the resistance of existing lightweight block ciphers against differential-neural cryptanalysis to ensure security. In differential-neural cryptanalysis, a deep learning model, known as a neural distinguisher, is trained to differentiate a target cipher from others, facilitating key recovery through statistical analysis. For successful differential-neural cryptanalysis, it is crucial to develop a highly accurate neural distinguisher and to optimize the key recovery attack algorithm. In this paper, we introduce a novel neural distinguisher and key recovery attack against the 15-round reduced HIGHT cipher. Our proposed neural distinguisher is capable of distinguishing HIGHT ciphertext by analyzing only a portion of the ciphertext, which we refer to as a truncated neural distinguisher. Notably, our experiments demonstrate that the truncated neural distinguisher achieves performance comparable to existing distinguishers trained on entire ciphertext blocks, while enabling a more efficient key recovery attack through a divide-and-conquer strategy. Furthermore, we observe a significant improvement in key recovery efficiency compared to traditional cryptanalysis methods.

engineering, electrical & electronic,computer science, information systems,physics, applied

Rabin Yu Acharya,Fatemeh Ganji,Domenic Forte

DOI: https://doi.org/10.48550/arXiv.2105.00117

2022-10-15

Abstract:Profiled side-channel analysis (SCA) leverages leakage from cryptographic implementations to extract the secret key. When combined with advanced methods in neural networks (NNs), profiled SCA can successfully attack even those crypto-cores assumed to be protected against SCA. Despite the rise in the number of studies devoted to NN-based SCA, a range of questions has remained unanswered, namely: how to choose an NN with an adequate configuration, how to tune the NN's hyperparameters, when to stop the training, etc. Our proposed approach, ``InfoNEAT,'' tackles these issues in a natural way. InfoNEAT relies on the concept of neural structure search, enhanced by information-theoretic metrics to guide the evolution, halt it with novel stopping criteria, and improve time-complexity and memory footprint. The performance of InfoNEAT is evaluated by applying it to publicly available datasets composed of real side-channel measurements. In addition to the considerable advantages regarding the automated configuration of NNs, InfoNEAT demonstrates significant improvements over other approaches for effective key recovery in terms of the number of epochs (e.g.,x6 faster) and the number of attack traces compared to both MLPs and CNNs (e.g., up to 1000s fewer traces to break a device) as well as a reduction in the number of trainable parameters compared to MLPs (e.g., by the factor of up to 32). Furthermore, through experiments, it is demonstrated that InfoNEAT's models are robust against noise and desynchronization in traces.

Cryptography and Security

L. N. Shacham,E. Klein,R. Mislovaty,I. Kanter,W. Kinzel

DOI: https://doi.org/10.1103/PhysRevE.69.066137

2003-12-02

Abstract:A new and successful attack strategy in neural cryptography is presented. The neural cryptosystem, based on synchronization of neural networks by mutual learning, has been recently shown to be secure under different attack strategies. The advanced attacker presented here, named the ``Majority-Flipping Attacker'', is the first whose success does not decay with the parameters of the model. This new attacker's outstanding success is due to its using a group of attackers which cooperate throughout the synchronization process, unlike any other attack strategy known. An analytical description of this attack is also presented, and fits the results of simulations.

Disordered Systems and Neural Networks,Statistical Mechanics

JiaShuo Liu,JiongJiong Ren,ShaoZhen Chen

DOI: https://doi.org/10.1186/s42400-023-00176-7

2023-11-07

Abstract:In CRYPTO 2019, Gohr opens up a new direction for cryptanalysis. He successfully applied deep learning to differential cryptanalysis against the NSA block cipher SPECK32/64, achieving higher accuracy than traditional differential distinguishers. Until now, one of the mainstream research directions is increasing the training sample size and utilizing different neural networks to improve the accuracy of neural distinguishers. This conversion mindset may lead to a huge number of parameters, heavy computing load, and a large number of memory in the distinguishers training process. However, in the practical application of cryptanalysis, the applicability of the attacks method in a resource-constrained environment is very important. Therefore, we focus on the cost optimization and aim to reduce network parameters for differential neural cryptanalysis.In this paper, we propose two cost-optimized neural distinguisher improvement methods from the aspect of data format and network structure, respectively. Firstly, we obtain a partial output difference neural distinguisher using only 4-bits training data format which is constructed with a new advantage bits search algorithm based on two key improvement conditions. In addition, we perform an interpretability analysis of the new neural distinguishers whose results are mainly reflected in the relationship between the neural distinguishers, truncated differential, and advantage bits. Secondly, we replace the traditional convolution with the depthwise separable convolution to reduce the training cost without affecting the accuracy as much as possible. Overall, the number of training parameters can be reduced by less than 50% by using our new network structure for training neural distinguishers. Finally, we apply the network structure to the partial output difference neural distinguishers. The combinatorial approach have led to a further reduction in the number of parameters (approximately 30% of Gohr's distinguishers for SPECK).

Yi Chen,Hongbo Yu

2021-01-01

Abstract:Machine learning aided cryptanalysis is an interesting but challenging research topic. At CRYPTO’19, Gohr proposed a Neural Distinguisher (ND) based on a plaintext difference. The ND takes a ciphertext pair as input and outputs its class (a real or random ciphertext pair). At EUROCRYPTO’20, Benamira et al proposed a deeper analysis of how two specific NDs against Speck32/64 work. However, there are still three research gaps that researchers are eager to fill in. (1) what features related to a ciphertext pair are learned by the ND? (2) how to explain various phenomena related to NDs? (3) what else can machine learning do in conventional cryptanalysis? In this paper, we filled in the three research gaps: (1) we first propose the Extended Differential-Linear Connectivity Table (EDLCT) which is a generic tool describing a cipher. Features corresponding to the EDLCT are designed to describe a ciphertext pair. Based on these features, various machine learning-based distinguishers including the ND are built. To explore various NDs from the EDLCT view, we propose a Feature Set Sensitivity Test (FSST) to identify which features may have a significant influence on NDs. Features identified by FSST share the same characteristic related to the cipher’s round function. Surrogate models of NDs are also built based on identified features. Experiments on Speck32/64 and DES confirm that features corresponding to the EDLCT are learned by NDs. (2) We explain phenomena related to NDs via EDLCT. (3) We show how to use machine learning to search differential-linear propagations ∆ → λ with a high correlation, which is a tough task in the differential-linear attack. Applications in Chaskey and DES demonstrate the advantages of machine learning. Furthermore, we provide some optional inputs to improve NDs.

Yi Chen,Yantian Shen,Hongbo Yu,Sitong Yuan

DOI: https://doi.org/10.1093/comjnl/bxac019

2022-03-11

The Computer Journal

Abstract:Abstract Neural-aided cryptanalysis is a challenging topic, in which the neural distinguisher ($\mathcal{ND}$) is a core module. In this paper, we propose a new $\mathcal{ND}$ considering multiple ciphertext pairs simultaneously. Besides, multiple ciphertext pairs are constructed from different keys. The motivation is that the distinguishing accuracy can be improved by exploiting features derived from multiple ciphertext pairs. To verify this motivation, we have applied this new $\mathcal{ND}$ to five different ciphers. Experiments show that taking multiple ciphertext pairs as input indeed brings accuracy improvement. Then, we prove that our new $\mathcal{ND}$ applies to two different neural-aided key recovery attacks. Moreover, the accuracy improvement is helpful for reducing the data complexity of the neural-aided statistic attack. The code is available at https://github.com/AI-Lab-Y/ND_mc.

Xiangyu Qi,Tinghao Xie,Ruizhe Pan,Jifeng Zhu,Yong Yang,Kai Bu

DOI: https://doi.org/10.1109/cvpr52688.2022.01299

2022-01-01

Abstract:One major goal of the AI security community is to securely and reliably produce and deploy deep learning models for real-world applications. To this end, data poisoning based backdoor attacks on deep neural networks (DNNs) in the production stage (or training stage) and corresponding defenses are extensively explored in recent years. Ironically, backdoor attacks in the deployment stage, which can often happen in unprofessional users’ devices and are thus arguably far more threatening in real-world scenarios, draw much less attention of the community. We attribute this imbalance of vigilance to the weak practicality of existing deployment-stage backdoor attack algorithms and the insufficiency of real-world attack demonstrations. To fill the blank, in this work, we study the realistic threat of deployment-stage backdoor attacks on DNNs. We base our study on a commonly used deployment-stage attack paradigm — adversarial weight attack, where adversaries selectively modify model weights to embed backdoor into deployed DNNs. To approach realistic practicality, we propose the first gray-box and physically realizable weights attack algorithm for backdoor injection, namely subnet replacement attack (SRA), which only requires architecture information of the victim model and can support physical triggers in the real world. Extensive experimental simulations and system-level real-world attack demonstrations are conducted. Our results not only suggest the effectiveness and practicality of the proposed attack algorithm, but also reveal the practical risk of a novel type of computer virus that may widely spread and stealthily inject backdoor into DNN models in user devices. By our study, we call for more attention to the vulnerability of DNNs in the deployment stage.

Ya Xiao,Qingying Hao,Danfeng,Yao

DOI: https://doi.org/10.48550/arXiv.1911.04020

2019-11-11

Cryptography and Security

Abstract:Many real-world cyber-physical systems (CPS) use proprietary cipher algorithms. In this work, we describe an easy-to-use black-box security evaluation approach to measure the strength of proprietary ciphers without having to know the algorithms. We quantify the strength of a cipher by measuring how difficult it is for a neural network to mimic the cipher algorithm. We define new metrics (e.g., cipher match rate, training data complexity and training time complexity) that are computed from neural networks to quantitatively represent the cipher strength. This measurement approach allows us to directly compare the security of ciphers. Our experimental demonstration utilizes fully connected neural networks with multiple parallel binary classifiers at the output layer. The results show that when compared with round-reduced DES, the security strength of Hitag2 (a popular stream cipher used in the keyless entry of modern cars) is weaker than 3-round DES.

Jun Xia,Zhihao Yue,Yingbo Zhou,Zhiwei Ling,Xian Wei,Mingsong Chen

2023-10-19

Abstract:Due to the popularity of Artificial Intelligence (AI) technology, numerous backdoor attacks are designed by adversaries to mislead deep neural network predictions by manipulating training samples and training processes. Although backdoor attacks are effective in various real scenarios, they still suffer from the problems of both low fidelity of poisoned samples and non-negligible transfer in latent space, which make them easily detectable by existing backdoor detection algorithms. To overcome the weakness, this paper proposes a novel frequency-based backdoor attack method named WaveAttack, which obtains image high-frequency features through Discrete Wavelet Transform (DWT) to generate backdoor triggers. Furthermore, we introduce an asymmetric frequency obfuscation method, which can add an adaptive residual in the training and inference stage to improve the impact of triggers and further enhance the effectiveness of WaveAttack. Comprehensive experimental results show that WaveAttack not only achieves higher stealthiness and effectiveness, but also outperforms state-of-the-art (SOTA) backdoor attack methods in the fidelity of images by up to 28.27\% improvement in PSNR, 1.61\% improvement in SSIM, and 70.59\% reduction in IS.

Computer Vision and Pattern Recognition,Artificial Intelligence

Gorka Abad,Oguzhan Ersoy,Stjepan Picek,Aitor Urbieta

DOI: https://doi.org/10.14722/ndss.2024.24334

2024-02-05

Abstract:Deep neural networks (DNNs) have demonstrated remarkable performance across various tasks, including image and speech recognition. However, maximizing the effectiveness of DNNs requires meticulous optimization of numerous hyperparameters and network parameters through training. Moreover, high-performance DNNs entail many parameters, which consume significant energy during training. In order to overcome these challenges, researchers have turned to spiking neural networks (SNNs), which offer enhanced energy efficiency and biologically plausible data processing capabilities, rendering them highly suitable for sensory data tasks, particularly in neuromorphic data. Despite their advantages, SNNs, like DNNs, are susceptible to various threats, including adversarial examples and backdoor attacks. Yet, the field of SNNs still needs to be explored in terms of understanding and countering these attacks. This paper delves into backdoor attacks in SNNs using neuromorphic datasets and diverse triggers. Specifically, we explore backdoor triggers within neuromorphic data that can manipulate their position and color, providing a broader scope of possibilities than conventional triggers in domains like images. We present various attack strategies, achieving an attack success rate of up to 100% while maintaining a negligible impact on clean accuracy. Furthermore, we assess these attacks' stealthiness, revealing that our most potent attacks possess significant stealth capabilities. Lastly, we adapt several state-of-the-art defenses from the image domain, evaluating their efficacy on neuromorphic data and uncovering instances where they fall short, leading to compromised performance.

Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning

Anubhab Baksi,Jakub Breier,Yi Chen,Xiaoyang Dong

DOI: https://doi.org/10.23919/date51398.2021.9474092

2022-01-01

Abstract:At CRYPTO 2019, Gohr first introduces the deep learning based cryptanalysis on round-reduced SPECK. Using a deep residual network, Gohr trains several neural network based distinguishers on 8-round SPECK-32/64. The analysis follows an 'all-in-one' differential cryptanalysis approach, which considers all the output differences effect under the same input difference. Usually, the all-in-one differential cryptanalysis is more effective compared to the one using only one single differential trail. However, when the cipher is non-Markov or its block size is large, it is usually very hard to fully compute. Inspired by Gohr's work, we try to simulate the all-in-one differentials for non-Markov ciphers through machine learning. Our idea here is to reduce a distinguishing problem to a classification problem, so that it can be efficiently managed by machine learning. As a proof of concept, we show several distinguishers for four high profile ciphers, each of which works with trivial complexity. In particular, we show differential distinguishers for 8-round Gimli-Hash, Gimli-Cipher and Gimli-Permutation; 3-round Ascon-Permutation; 10-round Knot-256 permutation and 12-round Knot-512 permutation; and 4-round Chaskey-Permutation. Finally, we explore more on choosing an efficient machine learning model and observe that only a three layer neural network can be used. Our analysis shows the attacker is able to reduce the complexity of finding distinguishers by using machine learning techniques.

Xing Hu,Ling Liang,Lei Deng,Shuangchen Li,Xinfeng Xie,Yu Ji,Yufei Ding,Chang Liu,Timothy Sherwood,Yuan Xie

DOI: https://doi.org/10.1145/3373376.3378460

2019-01-01

Abstract:As neural networks continue their reach into nearly every aspect of software operations, the details of those networks become an increasingly sensitive subject. Even those that deploy neural networks embedded in physical devices may wish to keep the inner working of their designs hidden – either to protect their intellectual property or as a form of protection from adversarial inputs. The specific problem we address is how, through heavy system stack, given noisy and imperfect memory traces, one might reconstruct the neural network architecture including the set of layers employed, their connectivity, and their respective dimension sizes. Considering both the intra-layer architecture features and the inter-layer temporal association information introduced by the DNN design empirical experience, we draw upon ideas from speech recognition to solve this problem. We show that off-chip memory address traces and PCIe events provide ample information to reconstruct such neural network architectures accurately. We are the first to propose such accurate model extraction techniques and demonstrate an end-to-end attack experimentally in the context of an off-the-shelf Nvidia GPU platform with full system stack. Results show that the proposed techniques achieve a high reverse engineering accuracy and improve the one's ability to conduct targeted adversarial attack with success rate from 14.6%∼25.5% (without network architecture knowledge) to 75.9% (with extracted network architecture).

Jakub Breier,Dirmanto Jap,Xiaolu Hou,Shivam Bhasin,Yang Liu

DOI: https://doi.org/10.1109/tr.2021.3105697

IF: 5.883

2021-01-01

IEEE Transactions on Reliability

Abstract:Neural networks have been shown to be vulnerable against fault injection attacks. These attacks change the physical behavior of the device during the computation, resulting in a change of value that is currently being computed. They can be realized by various techniques, ranging from clock/voltage glitching to application of lasers to rowhammer. Previous works have mostly explored fault attacks for output misclassification, thus affecting the reliability of neural networks. In this article, we investigate the possibility to reverse engineer neural networks with fault attacks. Sign bit flip fault attack enables the reverse engineering by changing the sign of intermediate values. We develop the first exact extraction method on deep-layer feature extractor networks that provably allows the recovery of proprietary model parameters. Our experiments with Keras library show that the precision error for the parameter recovery for the tested networks is less than <span class="mjpage"><svg xmlns:xlink="http://www.w3.org/1999/xlink" width="5.48ex" height="2.676ex" style="vertical-align: -0.338ex;" viewBox="0 -1006.6 2359.3 1152.1" role="img" focusable="false" xmlns="http://www.w3.org/2000/svg"><g stroke="currentColor" fill="currentColor" stroke-width="0" transform="matrix(1 0 0 -1 0 0)"> <use xlink:href="#MJMAIN-31"></use> <use xlink:href="#MJMAIN-30" x="500" y="0"></use><g transform="translate(1001,393)"> <use transform="scale(0.707)" xlink:href="#MJMAIN-2212" x="0" y="0"></use><g transform="translate(550,0)"> <use transform="scale(0.707)" xlink:href="#MJMAIN-31"></use> <use transform="scale(0.707)" xlink:href="#MJMAIN-33" x="500" y="0"></use></g></g></g></svg></span> with the usage of 64-bit floats, which improves the current state of the art by six orders of magnitude.<svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><defs id="MathJax_SVG_glyphs"><path stroke-width="1" id="MJMAIN-31" d="M213 578L200 573Q186 568 160 563T102 556H83V602H102Q149 604 189 617T245 641T273 663Q275 666 285 666Q294 666 302 660V361L303 61Q310 54 315 52T339 48T401 46H427V0H416Q395 3 257 3Q121 3 100 0H88V46H114Q136 46 152 46T177 47T193 50T201 52T207 57T213 61V578Z"></path><path stroke-width="1" id="MJMAIN-30" d="M96 585Q152 666 249 666Q297 666 345 640T423 548Q460 465 460 320Q460 165 417 83Q397 41 362 16T301 -15T250 -22Q224 -22 198 -16T137 16T82 83Q39 165 39 320Q39 494 96 585ZM321 597Q291 629 250 629Q208 629 178 597Q153 571 145 525T137 333Q137 175 145 125T181 46Q209 16 250 16Q290 16 318 46Q347 76 354 130T362 333Q362 478 354 524T321 597Z"></path><path stroke-width="1" id="MJMAIN-2212" d="M84 237T84 250T98 270H679Q694 262 694 250T679 230H98Q84 237 84 250Z"></path><path stroke-width="1" id="MJMAIN-33" d="M127 463Q100 463 85 480T69 524Q69 579 117 622T233 665Q268 665 277 664Q351 652 390 611T430 522Q430 470 396 421T302 350L299 348Q299 347 308 345T337 336T375 315Q457 262 457 175Q457 96 395 37T238 -22Q158 -22 100 21T42 130Q42 158 60 175T105 193Q133 193 151 175T169 130Q169 119 166 110T159 94T148 82T136 74T126 70T118 67L114 66Q165 21 238 21Q293 21 321 74Q338 107 338 175V195Q338 290 274 322Q259 328 213 329L171 330L168 332Q166 335 166 348Q166 366 174 366Q202 366 232 371Q266 376 294 413T322 525V533Q322 590 287 612Q265 626 240 626Q208 626 181 615T143 592T132 580H135Q138 579 143 578T153 573T165 566T175 555T183 540T186 520Q186 498 172 481T127 463Z"></path></defs></svg>

Amjed Abbas Ahmed,Mohammad Kamrul Hasan,Shayla Islam,Azana Hafizah Mohd Aman,Nurhizam Safie

DOI: https://doi.org/10.5755/j02.eie.33995

2023-09-07

Elektronika ir Elektrotechnika

Abstract:Deep learning (DL) is a new option that has just been made available for side-channel analysis. DL approaches for profiled side-channel attacks (SCA) have dominated research till now. In this attack, the attacker has complete control over the profiling device and can collect many traces for a range of critical parameters to characterise device leakage before the attack. In this study, we apply DL algorithms to non-profiled data. An attacker can only retrieve a limited number of side-channel traces from a closed device with an unknown key value in non-profiled mode. The authors conducted this research. Key estimations and deep learning measurements can reveal the secret key. We prove that this is doable. This technology is excellent for non-profits. DL and neural networks can benefit these organisations. Neural networks can provide a new technique to verify the safety of hardware cryptographic algorithms. It was recently suggested. This study creates a non-profiled SCA utilising convolutional neural networks (CNNs) on an AVR microcontroller with 8 bits of memory and the AES-128 cryptographic algorithm. We used aligned power traces with several samples to demonstrate how challenging CNN-based SCA is in practise. This will help us reach our goals. Here is another technique to create a solid CNN data set. In particular, CNN-based SCA experiment data and noise effects are examined. These experiments employ power traces with Gaussian noise. The CNN-based SCA works well with our data set for non-profiled attacks. Gaussian noise on power traces causes many more issues. These results show that our method can recover more bytes successfully from SCA compared to other methods in correlation power analysis (CPA) and DL-SCA without regularisation.

engineering, electrical & electronic

Lejla Batina,Shivam Bhasin,Dirmanto Jap,Stjepan Picek

DOI: https://doi.org/10.48550/arXiv.1810.09076

2018-10-22

Abstract:Machine learning has become mainstream across industries. Numerous examples proved the validity of it for security applications. In this work, we investigate how to reverse engineer a neural network by using only power side-channel information. To this end, we consider a multilayer perceptron as the machine learning architecture of choice and assume a non-invasive and eavesdropping attacker capable of measuring only passive side-channel leakages like power consumption, electromagnetic radiation, and reaction time. We conduct all experiments on real data and common neural net architectures in order to properly assess the applicability and extendability of those attacks. Practical results are shown on an ARM CORTEX-M3 microcontroller. Our experiments show that the side-channel attacker is capable of obtaining the following information: the activation functions used in the architecture, the number of layers and neurons in the layers, the number of output classes, and weights in the neural network. Thus, the attacker can effectively reverse engineer the network using side-channel information. Next, we show that once the attacker has the knowledge about the neural network architecture, he/she could also recover the inputs to the network with only a single-shot measurement. Finally, we discuss several mitigations one could use to thwart such attacks.

Cryptography and Security

Fusen Wang,Jun Sang,Qi Liu,Chunlin Huang,Jinghan Tan

DOI: https://doi.org/10.48550/arXiv.2103.05242

2021-03-09

Cryptography and Security

Abstract:In this paper, we propose a known-plaintext attack (KPA) method based on deep learning for traditional chaotic encryption scheme. We employ the convolutional neural network to learn the operation mechanism of chaotic cryptosystem, and accept the trained network as the final decryption system. To evaluate the attack performance of different networks on different chaotic cryptosystem, we adopt two neural networks to perform known-plaintext attacks on two distinct chaotic encryption schemes. The experimental results demonstrate the potential of deep learning-based method for known-plaintext attack against chaotic cryptosystem. Different from the previous known-plaintext attack methods, which were usually limited to a specific chaotic cryptosystem, a neural network can be applied to the cryptanalysis of various chaotic cryptosystems with deep learning-based approach, while several different networks can be designed for the cryptanalysis of chaotic cryptosystems. This paper provides a new idea for the cryptanalysis of chaotic image encryption algorithm.

Ren Pang,Changjiang Li,Zhaohan Xi,Shouling Ji,Ting Wang

DOI: https://doi.org/10.48550/arxiv.2210.12179

2022-01-01

Abstract:This paper asks the intriguing question: is it possible to exploit neural architecture search (NAS) as a new attack vector to launch previously improbable attacks? Specifically, we present EVAS, a new attack that leverages NAS to find neural architectures with inherent backdoors and exploits such vulnerability using input-aware triggers. Compared with existing attacks, EVAS demonstrates many interesting properties: (i) it does not require polluting training data or perturbing model parameters; (ii) it is agnostic to downstream fine-tuning or even re-training from scratch; (iii) it naturally evades defenses that rely on inspecting model parameters or training data. With extensive evaluation on benchmark datasets, we show that EVAS features high evasiveness, transferability, and robustness, thereby expanding the adversary's design spectrum. We further characterize the mechanisms underlying EVAS, which are possibly explainable by architecture-level ``shortcuts'' that recognize trigger patterns. This work raises concerns about the current practice of NAS and points to potential directions to develop effective countermeasures.