2023-6-9 17:0:0 Author: research.nccgroup.com(查看原文) 阅读量:22 收藏
This executable blog post is the fourth in a series related to machine learning and is a fascinating trifecta involving hardened cryptography software, embedded IoT-type hardware, and deep machine learning techniques. While the AES algorithm is designed such that a brute-force secret key guessing attack would likely finish ‘sometime near eternity’, the power side-channel attack demonstrated here retrieves the 128-bit secret key ‘probably closer to lunchtime’. After reviewing the specific attack scenario with its hardware and software elements, we utilize publicly available benchmark profiling data to train a deep machine learning model to support secret key extraction. We then proceed through a methodical process that begins with intermediate model predictions from benchmark attack data and removes the hardening protections to ultimately produce a secret key from approximately 40-100 power traces taken together. While the benchmark-oriented scenario is simplified for clarity, it is very indicative of the difficulty of protecting cryptographic primitives running on embedded hardware from power side-channel attacks.
The Jupyter-based notebook can be found here
Here are some related articles you may find interesting
A Brief Review of Bitcoin Locking Scripts and Ordinals
This article is an attempt at cataloging all the types of bitcoin transaction locking scripts, their prevalence and their security implications. The data presented in this article was lifted directly from the bitcoin blockchain, which required custom code to quickly iterate over the entire blockchain (over 450 GB at the…
How to Spot and Prevent an Eclipse Attack
Studies of blockchain architectures often start with the consensus algorithms and implicitly assume that information flows perfectly through the underlying peer-to-peer network, and peer discovery is sound and fully decentralized. In practice this is not always the case. A few years ago, a team of researchers looked at the Bitcoin1…
Eurocrypt 2023: Death of a KEM
Last month I was lucky enough to attend Eurocrypt 2023, which took place in Lyon, France. It was my first chance to attend an academic cryptography conference and the experience sat somewhere in between the familiar cryptography of the Real World Crypto conference and the abstract world of black holes…
View articles by category
如有侵权请联系:admin#unsafe.sh