ERI: Foundations of Machine Learning for Side-channel Analysis
Worcester Polytechnic Institute, Worcester MA
Investigators
Abstract
In light of the attacks against real-world hardware platforms, the research on their vulnerabilities and corresponding countermeasures has gained further importance. As a prime example of such attacks, one targeting the users’ private keys used in hardware devices for authentication can be mentioned, where analyzing electromagnetic emanation, power consumption, and timing (often referred to as side-channel leakages) results in compromising the security of the device. Due to the effectiveness of such attacks leveraging side-channels, a great deal of attention has been paid to, particularly AI-assisted security verification. The involvement of standardization (e.g., National Institute of Standards and Technology) and certification bodies in the activities related to the development of tools for side-channel analysis further highlights the importance of this matter. In spite of the effort made in this respect, due to difficulties with regard to the constantly growing number of known side-channel attacks, evaluation of side-channel resiliency could be less practical. To tackle this and in line with the standardization activities, this project aims to address some of the fundamental shortcomings of the existing approaches relying on machine learning, specifically, deep learning, as a powerful tool to assess the security of devices against side-channel attacks. Hence, the results obtained through this project are expected to improve the security of millions of devices used across sensitive applications, including healthcare, intelligence, finance, transportation, and defense. Moreover, the research activities performed in this project are closely integrated with education and outreach efforts as both graduate, and undergraduate students will work on the project, thus gaining cutting-edge skills and expertise in hardware security. More technically, this project will answer these vital questions: 1) Which deep learning model can approximate the leakage properties of a cryptographic implementation with less complexity and high interpretability? 2) How can the generalization of the results achieved for one instance of the implementation to another be explained? 3) Besides deep learning, which other machine learning frameworks, preferably provable ones, can be applied to offer a guarantee that a cryptosystem is robust against machine learning-enhanced side-channel analysis? In doing so, the project creates a novel set of techniques relying on the theoretical foundations of deep learning to assess the security of cryptosystems and their respective embedded devices in practice. Furthermore, experimentation on real-world cryptographic implementations, namely unprotected and with countermeasures against side-channel analysis, will be conducted. Side-channel measurements from these systems will be made publicly available. This is indeed geared to the needs of the standardization and certification bodies, industry, and researchers focusing on security evaluation for cryptosystems. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →