Abstract

基于机器学习或深度学习的侧信道建模攻击本质上是一个有监督分类问题, 而分类标签的依据是泄露模型, 我们经常使用的两种泄露模型是汉明重量 (Hamming Weight, HW)和汉明距离 (Hamming Distance, HD). 当使用 HW/HD 作为采集轨迹的标签时, 会出现数据不平衡的问题. 在本文中, 我们首次使用条件生成对抗网络 (Conditional Generative Adversarial Network, CGAN) 来生成轨迹, 通过数据扩张的方法来构建平衡的训练集, 从而提升模型的攻击效果. 我们选取了三种公开数据集来验证该方法的有效性, 包括无防护的 AES 硬件实现、带有一阶掩码防护的 AES 软件实现以及带有随机延迟防护的 AES 软件实现. 实验结果表明, 由重构的平衡训练集所训练出的模型具有更好的攻击效果, 有效地减少了成功攻击所需的轨迹条数, 并且在具体分析模型的类别预测比例时, 能够正确预测更多的少数类别样本. 这也表明优化后的模型学习到了更全面的类别. 对比 Picek 等在 2019 年的相关工作, 我们的方法有了更进一步的提升.

Alternate abstract:

Side channel profiling attacks based on machine learning or deep learning are essentially a supervised classification problem, where the classification label is based on the leakage models. Among all leakage models, two common models are Hamming weight (HW) and Hamming distance (HD). When HW/HD is adopted for the labels of profiling traces, the dilemma of imbalanced data occurs. This paper exploits the potential of Conditional Generative Adversarial Network (CGAN) to generate traces, and constructs a balanced training set via data augmentation. Consequently, the attack performance of the model is improved. In order to test the effectiveness of this new method, three public data sets are selected for experiments, including an unprotected AES hardware implementation, an AES software implementation with first-order mask protection, and an AES software implementation with random delay protection. The experimental results show that the model trained by the reconstructed balanced training set has better attack effects than other methods, hence can effectively reduce the number of traces required for a successful attack, and can predict correctly more samples of minority categories when the model's category prediction ratio is analyzed in detail. This demonstrates that the optimized model can learn more categories. Compared with the work of Picek et al. in 2019, the proposed method has significant improvements.