Side Channel Countermeasures Based On Adversarial Attack

With the advanced development of deep learning and embedded device technology,cryptographic components have been embedded everywhere,and modern cryptographic products are becoming potentially vulnerable to deep learning side-channel attacks.Deep learning has demonstrated excellent performance in cryptographic systems where side-channel countermeasures are deployed.Existing side-channel countermeasures are designed to counter the previous traditional side-channel attacks,and they often perform poorly when facing deep learning side-channel attacks.Therefore,there is an urgent need for a new type of side-channel countermeasure against deep learning side-channel attacks.Recent studies have shown that deep learning models are vulnerable to adversarial attacks that slightly perturb the input,resulting in deep learning model misclassification.Using the characteristic of deep learning classifiers to be vulnerable to adversarial attacks,a protection scheme based on adversarial attack technology is specifically designed for deep learning side-channel attacks.We use one-pixel and adversarial attack technology based on the generative adversarial network to generate adversarial examples on side-channel traces and determine the noise insertion position,by the distribution of adversarial examples,and the side-channel characteristics of the noise.One-pixel attacks can generate the smallest adversarial perturbations;unlike such one-pixel attacks,GAN-based adversarial attacks generate larger perturbations,but GAN can generate various generated examples.By imposing various restrictions on the GAN generator,it can generate generated traces that meet our requirem ents.Simultaneously,the distribution of GAN-generated examples is closer to the original distribution.This work is the first to attempt to apply adversarial attack technology to the field of side-channel countermeasures.We implemented two protection schemes based on one-pixel attacks and GAN,using the software and hardware methods,respectively,to prove the feasibility of the scheme.Furthermore,the security of the scheme was verified using real attack experiments(including deep learning side-channel attacks and traditional template attacks).Experiments show that our scheme can effectively protect cryptographic devices from side-channel attacks based on deep learning and traditional side-channel attacks.Furthermore,we discussed the impact of hyperparameters of the deep learning model on our countermeasure,which provides a reference for selecting model hyperparameters in deep learning side-channel attacks.