Search Results (29)

With the rapid development of Internet technology, information security has become increasingly important. Cryptographic analysis techniques, especially side-channel analysis (SCA), pose a significant threat to security systems. The latest SCA technology mainly utilizes the physical leakage signals generated during the operation of encryption devices, such as power consumption, temperature and electromagnetic radiation. These signals themselves carry the physical characteristics of the device, which are related to the encryption algorithm. Among them, the power consumption trace remains the main target of modern SCA research. However, such trajectories often bring about some analytical difficulties, such as the data sequence being too long, the feature points being distributed sparsely, and the internal relationships of the data being complex. These challenges hinder effective analysis. While Transformer architectures are good at capturing long-range dependencies in sequential data, their high computational complexity limits practical deployment. To address this, we propose replacing the self-attention (SA) module in Transformers with a focal modulation module. This modification significantly reduces computational complexity and reduces computational operations during feature extraction, enabling efficient and accurate side-channel attacks. Experimental results on benchmark datasets (ASCAD, AES_RD, AES_HD, DPAv4) demonstrate the superiority of our approach. The proposed method achieves a reduction in training time compared to standard Transformer models, and achieves superior key recovery performance, outperforming existing state-of-the-art models. Full article

The rapid expansion of the Internet of Things (IoT) has opened resource-limited devices to novel physical threats, such as Side-Channel Attacks (SCAs) and Hardware Trojans (HTs). Traditional security mechanisms are often not capable of standing against such hardware-based attacks, specifically on low-power System-on-Chip (SoC) where static defenses can incur 2× to 3× overhead in silicon area and power. Herein, the gap between hardware security and embedded AI is compositionally formulated for discussion. We present a comprehensive survey of the current hardware threat landscape and analyze the emergence of “Secure-by-Design” paradigms, specifically focusing on the integration of Edge AI and TinyML as active, on-chip intrusion detection mechanisms. This review presents a critical analysis of trade-offs for running lightweight ML models on hardware by comparing state-of-the-art approaches. Our analysis highlights that optimized architectures, such as Mamba-Enhanced Convolutional Neural Networks (CNNs) and Gated Recurrent Unit (GRU), can achieve detection accuracies exceeding 99% against SCA and >92% against stealthy Hardware Trojans, while offering up to 75% lower power consumption compared to standard deep learning baselines. Finally, open challenges such as adversarial attacks on defense models are briefly discussed, and the focus is put on future directions toward constructing secure chips based on robust, AI-driven technology. Full article

Electronic devices are now ubiquitous across both professional and personal domains, often containing sensitive information that should remain undisclosed to untrustworthy third parties. Consequently, there is an increased demand for effective security measures to prevent the leakage of confidential data. While some devices utilize mathematically secure algorithms to safeguard sensitive information, there remains a vulnerability to informational leaks through Side-Channel Attacks (SCAs) targeting hardware platforms. Non-profiled SCAs, including Correlation Power Analysis (CPA), are particularly practical since they require access only to the target device. In this study, we propose and investigate the use of Deep Learning (DL) techniques to enhance the effectiveness of non-profiled SCAs through an optimized Deep Learning Power Analysis (DLPA) algorithm. Optimized DLPA attacks are implemented using Multi-Layer Perceptron (MLP) and Convolutional Neural Network (CNN) models, and are applied to the PRIDE SBox-4 block across conventional CMOS-style circuits and secure Sense Amplifier-Based Logic (SABL) Dual Precharge Logic (DPL) structure circuits. Both FinFET and TFET device technologies are evaluated. The experimental results show that the optimized DLPA approach consistently outperforms traditional CPA attacks. The optimized DLPA method succeeds even against TFET-based SABL-DPL circuits, which are resistant to conventional techniques. These findings demonstrate the increased threat posed by DL-based SCAs and highlight the need for evaluating hardware security against advanced machine learning-based methods. Full article

The influence of redundant implementations on success of physical attacks against cryptographic devices is currently under-researched. This is especially an issue in application fields such as wearable health, industrial control systems and the like in which devices are accessible to potential attackers. This paper presents results of an investigation of the TMR application impact on the vulnerability of FPGA-based asymmetric cryptographic accelerators to side-channel analysis attacks. We implemented our cryptographic cores using full- and partial-TMR application approaches and experimentally conducted evaluation of their side-channel resistance. Our results reveal that TMR can significantly impact side-channel leakage, either increasing resistance by introducing noise or amplifying leakage depending on the part of the design where redundancy was applied. Full article

With the continuous advancement of side-channel attacks (SCA), deep learning-based methods have emerged as a prominent research focus due to their powerful feature extraction and nonlinear modeling capabilities. Traditional convolutional neural networks (CNNs) excel at capturing local temporal dependencies but struggle to model long-range sequential information effectively, limiting attack efficiency and generalization. In this paper, we propose a hybrid deep neural network architecture that integrates Residual Mamba blocks with multi-layer perceptrons (MLP) to enhance the modeling of side-channel information from AES implementations. The Residual Mamba module leverages state-space modeling to capture long-range dependencies, improving the model’s global temporal perception, while the MLP module further fuses high-dimensional features. Experiments conducted on the publicly available ASCAD dataset targeting the second byte of AES demonstrate that our model achieves guessing entropy (GE) rank 1 with fewer than 100 attack traces, significantly outperforming traditional CNNs and recent Transformer-based models. The proposed approach exhibits fast convergence and high attack efficiency, offering an effective new paradigm for deep learning in side-channel analysis with important theoretical and practical implications. Full article

Devices employing cryptographic approaches have to be resistant to physical attacks. Side-Channel Analysis (SCA) and Fault Injection (FI) attacks are frequently used to reveal cryptographic keys. In this paper, we present a combined SCA and laser illumination attack against an Elliptic Curve Scalar Multiplication accelerator, while using different equipment for the measurement of its power traces, i.e., we performed the measurements using a current probe from Riscure and a differential probe from Teledyne LeCroy, with an attack success of 70% and 90%, respectively. Our experiments showed that laser illumination increased the power consumption of the chip, especially its static power consumption, but the success of the horizontal power analysis attacks changed insignificantly. After applying 100% of the laser beam output power and illuminating the smallest area of 143 µm², we observed an offset of 17 mV in the measured trace. We assume that using a laser with a high laser beam power, as well as concentrating on measuring and analysing only static current, can significantly improve the attack’s success. The attacks exploiting the Static Current under Laser Illumination (SCuLI attacks) are novel, and their potential has not yet been fully investigated. These attacks can be especially dangerous against cryptographic chips manufactured in downscaling technologies. If such attacks are feasible, appropriate countermeasures have to be proposed in the future. Full article

Field-programmable gate arrays (FPGAs) are widely used in cloud servers as an acceleration solution for compute-intensive tasks. Cloud FPGAs are typically multi-tenant, enabling resource sharing among multiple users but are vulnerable to power side-channel analysis (SCA) attacks due to their programmability and runtime dynamic reconfigurability. It is well-known that the clock frequencies of the circuits on multi-tenant FPGAs affect power consumption, but their impact on remote correlation power analysis (CPA) attacks has largely been ignored in the literature. This work systematically evaluates how clock frequency variations influence the effectiveness of remote CPA attacks on multi-tenant FPGAs. We develop a theoretical model to quantify this impact and validate our findings through the CPA attacks on processors running AES-128 and SM4 cryptographic algorithms. Our results demonstrate that the runtime clock frequency significantly affects the performance of remote CPA attacks. Our work provides valuable insights into the security implications of frequency scaling in multi-tenant FPGAs and offers guidance on selecting clock frequencies to mitigate power side-channel risks. Full article

Side-channel attacks (SCAs) are powerful techniques used to recover keys from electronic devices by exploiting various physical leakages, such as power, timing, and heat. Although heat is one of the less frequently analyzed channels due to the high noise associated with thermal traces, it poses a significant and growing threat to the security of very large-scale integrated (VLSI) microsystems, particularly system in package (SiP) technologies. Thermal side-channel attacks (TSCAs) exploit temperature variations, risking not only hardware damage from excessive heat dissipation but also enabling the extraction of sensitive data, like cryptographic keys, by observing thermal patterns. This dual threat underscores the need for a synergistic approach to thermal management and security in designing integrated microsystems. In response, this paper presents a novel approach that improves the early detection of abnormal thermal fluctuations in SiP designs, preventing cybercriminals from exploiting such anomalies to extract sensitive information for malicious purposes. Our approach employs a new concept called Thermal Digital Twin (TDT), which integrates two previously separate methods and techniques, resulting in successful outcomes. It combines the gradient direction sensor scan (GDSSCAN) to capture thermal data from the physical field programmable gate array (FPGA), which guarantees rapid thermal scan with a measurement period that could be close to $10 \mathsf{\mu }\mathrm{s},$ a resolution of ${0.5 }^{\circ }$C, and a temperature range from −${40 }^{\circ }$C to ${140 }^{\circ }$C; once the data are transmitted in real time to a Digital Twin created in COMSOL Multiphysics^® 6.0 for simulation using the Finite Element Method (FEM), the real time required by the CPU to perform all the necessary calculations can extend to several seconds or minutes. This integration allows for a detailed analysis of thermal transfer within the SiP model of our FPGA. Implementation and simulations demonstrate that the Thermal Digital Twin (TDT) approach could reduce the risks associated with TSCA by a significant percentage, thereby enhancing the security of FPGA systems against thermal threats. Full article

As cryptographic implementations leak secret information through side-channel emissions, the Hamming weight (HW) leakage model is widely used in deep learning profiling side-channel analysis (SCA) attacks to expose the leaked model. However, imbalanced datasets often arise from the HW leakage model, increasing the attack complexity and limiting the performance of deep learning-based SCA attacks. Effective management of class imbalance is vital for training deep neural network models to achieve optimized and improved performance results. Recent works focus on either improved deep-learning methodologies or data augmentation techniques. In this work, we propose the hybrid bagging resampling framework, a two-pronged strategy for tackling class imbalance in side-channel datasets, consisting of data augmentation and ensemble learning. We show that adopting this framework can boost attack performance results in a practical setup. From our experimental results, the SMOTEENN ensemble achieved the best performance in the ASCAD dataset, and the basic ensemble performed the best in the CHES dataset, with both contributing over $70\%$ practical improvements in performance compared to the original imbalanced dataset, and accelerating practical attack space in comparison to the classical setup of the attack. Full article

Non-invasive side-channel attacks (SCAs) based on leakage power analysis (LPA) have received more attention recently, since leakage current has gradually become more dominant with further scaled technologies. For SRAM cells, LPA exploits the correlation between data in memory cells and their corresponding leakage power. This paper proposes a novel SRAM design in 7 nm node for countering LPA attacks, based on a single-ended PMOS-reading 9T (nine-transistor) cell design. The leakage current imbalance, delay, stability, and robustness of SRAM cells are examined for the proposed memory cell architecture with layout designs, and results are compared against other SRAM cell designs. Simulation results and failure of LPA attacks in case studies confirm the enhanced resilient behavior for the new SRAM cell design. Full article

Side-channel analysis (SCA) is a class of attacks on the physical implementation of a cipher, which enables the extraction of confidential key information by exploiting unintended leaks generated by a device. In recent years, researchers have observed that neural networks (NNs) can be utilized to perform highly effective SCA profiling, even against countermeasure-hardened targets. This study investigates a new approach to designing NNs for SCA, called neuroevolution to attack side-channel traces yielding convolutional neural networks (NASCTY-CNNs). This method is based on a genetic algorithm (GA) that evolves the architectural hyperparameters to automatically create CNNs for side-channel analysis. The findings of this research demonstrate that we can achieve performance results comparable to state-of-the-art methods when dealing with desynchronized leakages protected by masking techniques. This indicates that employing similar neuroevolutionary techniques could serve as a promising avenue for further exploration. Moreover, the similarities observed among the constructed neural networks shed light on how NASCTY effectively constructs architectures and addresses the implemented countermeasures. Full article

Spiking neural networks (SNNs) are quickly gaining traction as a viable alternative to deep neural networks (DNNs). Compared to DNNs, SNNs are computationally more powerful and energy efficient. The design metrics (synaptic weights, membrane threshold, etc.) chosen for such SNN architectures are often proprietary and constitute confidential intellectual property (IP). Our study indicates that SNN architectures implemented using conventional analog neurons are susceptible to side channel attack (SCA). Unlike the conventional SCAs that are aimed to leak private keys from cryptographic implementations, SCANN $(\underline{\mathrm{SCA}}$ of spiking $\underline{\mathrm{n}}$eural $\underline{\mathrm{n}}$etworks) can reveal the sensitive IP implemented within the SNN through the power side channel. We demonstrate eight unique SCANN attacks by taking a common analog neuron (axon hillock neuron) as the test case. We chose this particular model since it is biologically plausible and is hence a good fit for SNNs. Simulation results indicate that different synaptic weights, neurons/layer, neuron membrane thresholds, and neuron capacitor sizes (which are the building blocks of SNN) yield distinct power and spike timing signatures, making them vulnerable to SCA. We show that an adversary can use templates (using foundry-calibrated simulations or fabricating known design parameters in test chips) and analysis to identify the specifications of the implemented SNN. Full article

Deep learning (DL)-based side-channel analysis (SCA) has posed a severe challenge to the security and privacy of embedded devices. During its execution, an attacker exploits physical SCA leakages collected from profiling devices to create a DL model for recovering secret information from victim devices. Despite this success, recent works have demonstrated that certain countermeasures, such as random delay interrupts or clock jitters, would make these attacks more complex and less practical in real-world scenarios. To address this challenge, we present a novel denoising scheme that exploits the U-Net model to pre-process SCA traces for “noises” (i.e., countermeasures) removal. Specifically, we first pre-train the U-Net model on the paired noisy-clean profiling traces to obtain suitable parameters. This model is then fine-tuned on the noisy-only traces collected from the attacking device. The well-trained model will be finally deployed on the attacking device to remove the noises (i.e., countermeasures) from the measured power traces. In particular, a new inductive transfer learning method is also utilized in our scheme to transfer knowledge learned from the source domain (i.e., profiling device) to the target domain (i.e., attacking device) to improve the model’s generalization ability. During our experimental evaluations, we conduct a detailed analysis of various countermeasures separately or combined and show that the proposed denoising model outperforms current state-of-the-art work by a large margin, e.g., a reduction of at least 30% in computation costs and 5× in guessing entropy. Full article

With the in-depth integration of deep learning and side-channel analysis (SCA) technology, the security threats faced by embedded devices based on the Internet of Things (IoT) have become increasingly prominent. By building a neural network model as a discriminator, the correlation between the side information leaked by the cryptographic device, the key of the cryptographic algorithm, and other sensitive data can be explored. Then, the security of cryptographic products can be evaluated and analyzed. For the AES-128 cryptographic algorithm, combined with the CW308T-STM32F3 demo board on the ChipWhisperer experimental platform, a Correlation Power Analysis (CPA) is performed using the four most common deep learning methods: the multilayer perceptron (MLP), the convolutional neural network (CNN), the recurrent neural network (RNN), and the long short-term memory network (LSTM) model. The performance of each model is analyzed in turn when the samples are small data sets, sufficient data sets, and data sets of different scales. Finally, each model is comprehensively evaluated by indicators such as classifier accuracy, network loss, training time, and rank of side-channel attacks. The experimental results show that the convolutional neural network CNN classifier has higher accuracy, lower loss, better robustness, stronger generalization ability, and shorter training time. The rank value is 2, that is, only two traces can recover the correct key byte information. The comprehensive performance effect is better. Full article

Privacy-preserving of medical information (such as medical records and images) is an essential right for patients to ensure security against undesired access parties. This right is typically protected by law through firm regulations set by healthcare authorities. However, sensitive-private data usually requires the application of further security and privacy mechanisms such as encipherment (encryption) techniques. ’Medical images’ is one such example of highly demanding security and privacy standards. This is due to the quality and nature of the information carried among these images, which are usually sensitive-private information with few features and tonal variety. Hence, several state-of-the-art encryption mechanisms for medical images have been proposed and developed; however, only a few were efficient and promising. This paper presents a hybrid crypto-algorithm, MID-Crypt, to secure the medical image communicated between medical laboratories and doctors’ accounts. MID-Crypt is designed to efficiently hide medical image features and provide high-security standards. Specifically, MID-Crypt uses a mix of Elliptic-curve Diffie–Hellman (ECDH) for image masking and Advanced Encryption Standard (AES) with updatable keys for image encryption. Besides, a key management module is used to organize the public and private keys, the patient’s digital signature provides authenticity, and integrity is guaranteed by using the Merkle tree. Also, we evaluated our proposed algorithm in terms of several performance indicators including, peak signal-to-noise ratio (PSNR) analysis, correlation analysis, entropy analysis, histogram analysis, and timing analysis. Consequently, our empirical results revealed the superiority of MID-Crypt scoring the best performance values for PSNR, correlation, entropy, and encryption overhead. Finally, we compared the security measures for the MID-Crypt algorithm with other studies, the comparison revealed the distinguishable security against several common attacks such as side-channel attacks (SCA), differential attacks, man-in-the-middle attacks (MITM), and algebraic attacks. Full article