School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, China.
Sensors (Basel). 2022 Jun 21;22(13):4671. doi: 10.3390/s22134671.
Although side-channel attacks based on deep learning are widely used in AES encryption algorithms, there is little research on lightweight algorithms. Lightweight algorithms have fewer nonlinear operations, so it is more difficult to attack successfully. Taking SPECK, a typical lightweight encryption algorithm, as an example, directly selecting the initial key as the label can only crack the first 16-bit key. In this regard, we evaluate the leakage of SPECK's operations (modular addition, XOR, shift), and finally select the result of XOR operation as the label, and successfully recover the last 48-bit key. Usually, the divide and conquer method often used in side-channel attacks not only needs to train multiple models, but also the different bytes of the key are regarded as unrelated individuals. Through the visualization method, we found that different key bytes overlap in the position of the complete electromagnetic leakage signal. That is, when SPECK generates a round key, there is a connection between different bytes of the key. In this regard, we propose a transfer learning method for different byte keys. This method can take advantage of the similarity of key bytes, improve the performance starting-point of the model, and reduce the convergence time of the model by 50%.
虽然基于深度学习的侧信道攻击被广泛应用于 AES 加密算法中,但针对轻量级算法的研究却很少。轻量级算法的非线性运算较少,因此成功攻击的难度更大。以典型的轻量级加密算法 SPECK 为例,直接选择初始密钥作为标签,只能破解前 16 位密钥。针对这一问题,我们评估了 SPECK 操作(模加、异或、移位)的泄漏情况,最终选择异或操作的结果作为标签,并成功恢复了最后 48 位密钥。通常,侧信道攻击中常用的分治方法不仅需要训练多个模型,而且还将密钥的不同字节视为互不相关的个体。通过可视化方法,我们发现不同的密钥字节在完整电磁泄漏信号的位置上存在重叠。也就是说,当 SPECK 生成轮密钥时,密钥的不同字节之间存在关联。有鉴于此,我们提出了一种针对不同字节密钥的迁移学习方法。该方法可以利用密钥字节的相似性,提高模型的起点性能,并将模型的收敛时间缩短 50%。
