image image

Stjepan Picek

Profiling Side-channel Analysis: From Templates to Deep Learning


Trainer: Stjepan Picek

Date: 25th - 27th Oct 2021

Time: 9:00am to 5:00pm CEST

Venue: NH Den Haag Hotel, The Netherlands

Training Level: Advance


Note: Regarding COVID-19 safety, Hardwear.io will seek to ensure a safe event, as the health and safety of our exhibitors, delegates, speakers, and staff will always be our number one priority. Hardwear.io will follow all applicable health regulations required by the local (GGD) and government (RIVM and VWA) authorities.


Training Objectives:

Side-channel attacks (SCAs) are powerful attacks based on the information obtained from the implementation of cryptographic devices. Profiling side-channel attacks received a significant amount of attention as this type of attack defines the worst-case security assumptions.

In the last few years, the most explored profiling attacks are based on machine learning and especially deep learning techniques. Such attacks are very powerful as they can break targets protected with countermeasures but also "easier" to deploy as they do not require a pre-processing stage.

In this training, we will concentrate on advanced topics in profiling SCAs where the emphasis will be on machine learning and deep learning techniques. During the training, the students will have the opportunity to learn the theoretical background of several machine learning techniques but also to implement and use them in the SCA context. During the training, we will cover not only the attack phase but also pre-processing and feature engineering phases.

During the training, the students will have the opportunity to develop several side-channel attacks in Python and perform analysis to obtain the secret key.


What to Expect? | Key Learning Objectives:

  • How to prepare a dataset for the attack (pre-processing, feature engineering)
  • How to profile a device using templates and advanced machine learning techniques
  • How to write your own code to mount profiling SCA and how to use a publicly available framework

Training Detailed Description:

Day 1:
  • Introduction to side-channel analysis
    • Basic concepts and principles
    • Simple power analysis and differential power analysis
    • Introduction to side-channel countermeasures (masking, shuffling, etc.)
  • Introduction to profiling attacks
    • Template attack
    • Assignment 1: Template attack and pooled template attack
  • Machine learning-based SCA
    • Basic concepts of machine learning
    • Hyperparameter tuning, ensembles
    • Scikit-learn

Day 2:
  • Machine learning-based SCA
    • Feature engineering techniques
    • Assignment 2: From raw measurements obtain the most relevant features through feature selection and dimensionality reduction
    • Random forest, support vector machines, Naive Bayes, multilayer perceptron
    • Assignment 3: Extracting the cipher key in the Hamming weight and identity leakage models
    • Assignment 4: Countermeasure simulation
  • Deep Learning-based SCA
    • Introduction to deep learning
    • Common methods in SCA (convolutional neural networks, multilayer perceptron, autoencoder)
    • Keras

Day 3:
  • Deep Learning-based SCA
    • AISy framework
    • Latest developments in the deep learning-based SCA:
      • state-of-the-art attacks
      • pre-processing
      • evaluation of the attacks
      • hyperparameter tuning
      • AI explainability
    • Assignment 5: Extracting the AES key with multilayer perceptron and convolutional neural networks
    • Assignment 6: Running state-of-the-art deep learning-based attacks
    • Assignment 7: Removing misalignment with denoising autoencoder

Who Should Attend? | Target Audience:

  • Researchers and students who want to learn the advanced techniques of side-channel analysis
  • Penetration testers, auditors, government officers, and evaluators of secure embedded devices
  • Developers of secure IoT products
  • Any embedded security enthusiast or machine learning enthusiast

What to Bring? | Software and Hardware Requirements:

  • Laptop with Windows or Linux
  • Python installed
  • Keras installed
  • AISy framework installed

What to Bring? | Prerequisite Knowledge and Skills:

  • Basic programming skills (ideally Python)
  • Basic knowledge of crypto algorithms (AES)

Resources Provided at the Training | Deliverables:

  • Lecture slides and assignments
  • Python code and examples
  • Side-channel datasets

ABOUT THE TRAINERS

Stjepan Picek is an associate professor in the Digital Security group at the Radboud University, The Netherlands. His research interests are security/cryptography, machine learning, and evolutionary computation. Before this position, Stjepan was an assistant professor at TU Delft, The Netherlands. Before that, he was a postdoctoral researcher at MIT, USA and KU Leuven, Belgium.

Stjepan finished his Ph.D. in 2015 with a topic on cryptology and evolutionary computation techniques. Stjepan also has several years of experience working in industry and government. Up to now, he gave more than 20 invited talks at conferences and summer schools and published more than 100 refereed papers. Stjepan is a member of the organization committee for International Summer School in Cryptography and a general co-chair for Eurocrypt 2021.