CN115037437A - Side channel attack method and system based on deep learning by using SpecAugment technology - Google Patents

Side channel attack method and system based on deep learning by using SpecAugment technology Download PDF

Info

Publication number
CN115037437A
CN115037437A CN202210605557.2A CN202210605557A CN115037437A CN 115037437 A CN115037437 A CN 115037437A CN 202210605557 A CN202210605557 A CN 202210605557A CN 115037437 A CN115037437 A CN 115037437A
Authority
CN
China
Prior art keywords
attack
spectrogram
side channel
track
deep learning
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210605557.2A
Other languages
Chinese (zh)
Inventor
胡红钢
罗志敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Science and Technology of China USTC
Original Assignee
University of Science and Technology of China USTC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology of China USTC filed Critical University of Science and Technology of China USTC
Priority to CN202210605557.2A priority Critical patent/CN115037437A/en
Publication of CN115037437A publication Critical patent/CN115037437A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Medical Informatics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a side channel attack method and a system based on deep learning by using SpecAugment technology, wherein the method comprises the following steps: s1: acquiring a training set and a test set of an attack track of a side channel, and converting the attack track into a spectrogram; s2: adding a time mask or a frequency mask to the spectrogram to obtain an enhanced spectrogram; s3: generating a middle value for each attack track in the training set by using the leakage model, using the middle value as a real label of the attack track, inputting the enhanced spectrogram in the training set and the label thereof into a network for training, and outputting a predicted label of the attack track; s4: inputting the test concentrated enhanced spectrogram into the trained network to obtain a prediction label of the attack track, namely an intermediate value, acquiring corresponding candidate keys according to the intermediate value, and calculating scores of the candidate keys, wherein the highest score is the correct key. According to the method, the enhanced spectrogram is constructed to enhance the leakage information, so that the robustness of the side channel attack network based on deep learning is improved, and the attack performance of the side channel attack network is improved.

Description

Side channel attack method and system based on deep learning by using SpecAugment technology
Technical Field
The invention relates to the technical field of cryptology security, in particular to a side channel attack method and a side channel attack system based on deep learning by using SpecAugment technology.
Background
Side channel attacks rely on physical means to threaten the security of cryptographic systems. In the real world, cryptographic algorithms need to be implemented on hardware devices. The device generates runtime, energy consumption, electromagnetic radiation, etc. information when running the algorithm, which is called side channel leakage. Side channel leakage is correlated with the data processed by the chip, i.e. the secret intermediate value of the cryptographic algorithm. Thus, even if the cryptographic algorithm itself is mathematically secure, a side channel attack can be implemented with physical leakage. Among side channel attacks, side channel modeling attacks represented by template attacks are the strongest.
Paul Kocher proposed a timing attack in 1996, who successfully attacked cryptographic algorithms such as Diffie-Hellman, RSA, DSS, etc., which were the initial side channel attacks, by distinguishing different key bits using the difference in the running time of the cryptographic algorithms on the chip. Since the twenty years that side-channel attacks have been proposed, measurement techniques have become increasingly advanced, and the variety of side-channel leakage available to attackers has increased. In addition, the security of various hardware devices in the industry needs to be ensured urgently, and the cryptographic algorithm needs to meet the standardization and publicity conditions. These factors have greatly facilitated the development and progress of side-channel attacks, making it one of the great threats faced by cryptosystems.
Side channel attacks can be divided into two categories, side channel non-modeling attacks (non-modeling attacks) and side channel modeling attacks (modeling attacks). The non-modeling attack means that an attacker directly performs statistical analysis and calculation on an attack track acquired on target equipment to analyze key information used by the equipment. Modeling attacks have stronger assumptions that a modeling device is the same as a target device and that an attacker has full control over the modeling device, i.e., the secret data processed by the modeling device is known to the attacker. Therefore, an attacker can calculate the intermediate value according to the public information and the secret key, and then construct a mathematical model by using the modeling track measured on the modeling equipment, wherein the mathematical model is used for describing the distribution between the side channel leakage and the intermediate value. The attacker can then reverse the intermediate values from the attack trajectory based on the model, thereby recovering the key of the attacking device.
In recent years, deep learning has enjoyed tremendous potential in the area of side channel modeling attacks. Among them, the most commonly used deep neural network is a convolutional neural network. Convolutional neural networks have spatial invariance, a property that naturally resists countermeasures for trajectory de-alignment. Moreover, the internal structure of convolutional neural networks enables them to automatically extract features from high-dimensional data, which alleviates the need for data preprocessing to some extent. With the rapid development of modern computer computing power, various deep learning methods come out endlessly, such as: migration learning, data enhancement and the like. How to implement more efficient modeling attack by using these techniques is one of the current research hotspots.
Data enhancement techniques, which originally appeared in the learning task of computer vision, have also been applied to side channel modeling attack, and it is one of the preprocessing methods to improve the generalization performance of neural networks by data enhancement. By adding a simulated clock jitter effect into the track, the students of Cagli and the like expand an original training set, so that a convolutional neural network can achieve a better attack effect when attacking a data set with non-aligned tracks. In order to eliminate the influence of unbalanced track label categories, the researchers of Picek et al adopt a data enhancement method, SMOTE, to balance the category distribution of the training set. Similarly, wane et al used another data enhancement technique, conditional generation of the antagonistic network CGAN, with different numbers of traces generated for each label, respectively, to achieve class balancing. After the trajectories are converted into the images, the scholars such as Hettwer perform enhancement operations such as random rotation, random displacement, Gaussian blur and the like on the image data, and the capability of cracking the key is further improved. The frequency domain representation of the trace contains effective leakage information, and side channel attack based on the time-frequency representation has better performance, but little work is done to perform data enhancement on the leakage information in the frequency domain.
Disclosure of Invention
In order to solve the technical problem, the invention provides a side channel attack method and system based on deep learning by using SpecAugment technology.
The technical solution of the invention is as follows: a side-channel attack method based on deep learning using SpecAugment techniques, comprising:
step S1: acquiring a data set of an attack track of a side channel, dividing the data set into a training set and a testing set, and converting the attack track into a spectrogram by using short-time Fourier transform;
step S2: adding a time mask or a frequency mask to the spectrogram, and overlapping the time mask or the frequency mask to the spectrogram to obtain an enhanced spectrogram;
step S3: selecting a leakage model, generating a middle value for each attack track in the training set by using the leakage model to serve as a real label of the attack track category, inputting the enhanced spectrogram of the attack track in the training set and the corresponding label thereof into a side channel attack network based on deep learning together for training, and outputting a prediction label of the attack track category; enabling the predicted label and the real label to be close to each other continuously by constructing a loss function; until a well-trained side channel attack network based on deep learning is obtained;
step S4: and inputting the enhanced spectrogram corresponding to the attack track in the test set into the trained side channel attack network based on deep learning to obtain a prediction label of the attack track category, namely, based on the intermediate value of the leakage model, acquiring a corresponding candidate key according to the intermediate value, and calculating the score of each candidate key, wherein the candidate key with the highest score is a correct key.
Compared with the prior art, the invention has the following advantages:
the invention discloses a side channel attack method based on deep learning by using a SpecAugent technology, which comprises the steps of converting a one-dimensional side channel attack track into a two-dimensional spectrogram through short-time Fourier transform, performing time mask or frequency mask enhancement operation on the spectrogram, and splicing the generated spectrogram and an original spectrogram to construct an enhanced spectrogram for network training. The method aims to enhance the leakage information and resist the disturbance of the prediction result caused by the loss of short-segment time information or the loss of short-segment frequency information, so that the characteristics of the side channel attack network learning based on deep learning have robustness to the partial loss of the frequency information or the track information, and the attack performance of the side channel attack network learning is improved.
Drawings
FIG. 1 is a flowchart of a deep learning-based side channel attack method using SpecAugment technology according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating the effect of data enhancement using a time mask and a frequency mask according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating average key ranking results of an ASCAD data set under three types of leakage models in the embodiment of the present invention;
FIG. 4 is a schematic diagram of a side channel attack network structure based on deep learning according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of side channel attack network parameters based on deep learning in an embodiment of the present invention;
FIG. 6 is a block diagram illustrating a side channel attack system based on deep learning using SpecAugment technology according to an embodiment of the present invention.
Detailed Description
The invention provides a side channel attack method based on deep learning by using a SpecAugent technology, which is characterized in that leakage information is enhanced by constructing an enhanced spectrogram, so that characteristics of side channel attack network learning based on deep learning have robustness to partial loss of frequency information or track information, and thus the attack performance is improved.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings.
For a better understanding of the present embodiments, SpecAugment technology is introduced:
the SpecAment technology originally provides a data enhancement technology for improving the accuracy of automatic voice recognition. To realize voice recognition, one-dimensional voice data must be converted into a two-dimensional frequency domain representation, and then a two-dimensional image is used to train a network. In a conventional speech recognition task, speech data is usually processed, including enhancement operations such as cropping and noise superposition, and then a two-dimensional image is generated by using the enhanced one-dimensional data. The SpecAugment technology firstly generates a logarithmic Mel spectrogram and then directly transfers enhancement operation to an image, thereby avoiding frequent conversion between audio data and a visual image and realizing remarkable improvement on identification accuracy.
The side channel leakage track and the voice data have similar mathematical expressions, and are vectors on a time axis, and the modeling attack and the automatic voice recognition based on deep learning are classification tasks essentially. In addition, the frequency domain representation of the side channel track can reveal the leakage information, and the method is effectively used for network modeling and improving the attack effect.
Therefore, the SpecAugment technology is improved, and the image representation of the attack trajectory on the frequency domain can be enhanced, so that the calculation cost caused by a large amount of conversion of a time domain and the frequency domain in an iteration process is saved, and meanwhile, learnable information is added for network training through the enhanced frequency spectrum.
Example one
As shown in fig. 1, a side channel attack method based on deep learning and using a SpecAugment technique provided by an embodiment of the present invention includes the following steps:
step S1: acquiring a data set of an attack track of a side channel, dividing the data set into a training set and a testing set, and converting the attack track into a spectrogram by using short-time Fourier transform;
step S2: adding a time mask or a frequency mask to the spectrogram, and overlapping the time mask or the frequency mask to the spectrogram to obtain an enhanced spectrogram;
step S3: selecting a leakage model, generating a middle value for each attack track in a training set by using the leakage model to serve as a real label of the class of the attack track, inputting an enhanced spectrogram of the attack track in the training set and a corresponding label thereof into a side channel attack network based on deep learning together for training, and outputting a predicted label of the class of the attack track; constructing a loss function to enable the predicted label and the real label to be close to each other continuously; until a trained side channel attack network based on deep learning is obtained;
step S4: inputting the enhanced spectrogram corresponding to the attack track in the test set into a trained side channel attack network based on deep learning to obtain a prediction label of the attack track category, namely an intermediate value based on a leakage model, acquiring corresponding candidate keys according to the intermediate value, and calculating the score of each candidate key, wherein the candidate key with the highest score is a correct key.
In one embodiment, the step S1: acquiring a data set of an attack track of a side channel, dividing the data set into a training set and a testing set, and converting the attack track into a spectrogram by using short-time Fourier transform, which specifically comprises the following steps:
step S11: acquiring a data set of an attack track of a side channel, wherein the attack track comprises: modeling a track and an attack track, and respectively constructing a corresponding training set and a corresponding testing set;
the embodiment of the invention adopts an ASCAD data set as a training set and a testing set. Because the ASCAD data set comprises the modeling track and the attack track, the modeling track can be used for constructing a training set, and the attack track can be used for constructing a testing set.
For the human ear to perceive the non-linear behavior in frequency units of hertz, the frequency domain representation chosen by the SpecAugment method is a logarithmic Mel-gram in decibels on the vertical axis. However, the attack trajectory data does not have such characteristics. Therefore, the embodiment of the invention adopts the following steps to perform short-time fourier transform (STFT) on the attack trajectory, thereby acquiring the two-dimensional spectrogram.
Step S12: carrying out short-time Fourier transform on each attack track, replacing instantaneous signals with signals in each time window, and then respectively carrying out discrete Fourier transform on each window to obtain frequency information of non-stationary data, so that the one-dimensional attack track can be converted into a two-dimensional spectrogram; wherein, the short-time Fourier transform is shown as formula (1):
Figure BDA0003671163690000051
where STFT is a short-time Fourier transform function, F (m, ω) is a piecewise discrete Fourier transform of windowed data, x [ n ] represents the value of the input signal at time n, w [ n ] is a window function sliding on the time axis, m represents the window position, and H represents the size of the overlapping section of the windows.
Discrete fourier transform DFT is a special fourier transform whose time-domain representation and frequency-domain representation are both discrete. But DFT is not suitable for non-stationary data such as side channel traces, so embodiments of the present invention use a short time fourier transform, STFT, to limit the analysis of the signal to a short period of time by windowing, where the signal is considered approximately stationary. The instantaneous signal is replaced by the signal in each time window, and then DFT is executed for each window, so that the frequency information of the non-stationary data can be analyzed.
In general, an STFT is used without considering the phase information it contains, but only the amplitude information it contains, and the amplitude values are represented in the form of a frequency spectrum. That is, the frequency spectrum is a function of the energy of the input data over time and frequency. The side channel trace represents also the energy magnitude, the only difference being that the trace is a one-dimensional representation of the energy and the spectrum is a two-dimensional representation of the energy.
In one embodiment, the step S2: adding a time mask or a frequency mask to the spectrogram, and overlapping the time mask or the frequency mask to the spectrogram to obtain an enhanced spectrogram, specifically comprising:
step S21: adding a time mask: assuming that the spectrogram has tau time frames and the time mask parameter is T, randomly selecting the parameter T from the uniform distribution from 0 to T, and randomly selecting the parameter T from the interval of [0, tau-T) ] 0 . Then, for the time frame [ t ] 0 ,t 0 + t) masking operation, i.e. the amplitude of the spectrogram in the time frame is set to 0;
in addition, a parameter m is set T The number of the time masks applied is represented, and a plurality of time masks can be added to the spectrogram; an upper limit parameter p is introduced into the time mask to limit the width of a single mask not to exceed the product of tau and p;
or adding a frequency mask: assuming that the spectrogram has v frequency bands and the frequency mask parameter is F, randomly selecting the parameter F from the uniform distribution of 0 to F, and randomly selecting the parameter F from the interval of [0, v-F ] 0 (ii) a Then, for the time frame [ f 0 ,f 0 + f) masking operation, namely setting the amplitudes of the spectrogram in the frequency band to be 0;
likewise, a parameter m is set F The number of the applied frequency masks is represented, and a plurality of frequency masks can be added to the spectrogram;
step S22: and superposing the time mask or the frequency mask to the spectrogram to obtain the enhanced spectrogram.
When an attack trajectory is collected on target equipment, the attack trajectory may lose part of information on a time axis due to reasons such as a fault of measurement equipment or an instability of a measurement circuit. Therefore, the enhancement operation of time mask is performed on the frequency spectrum, and the information loss in the time direction can be resisted while the leakage information of the original frequency spectrum is kept. Similarly, by performing a frequency masking operation on the spectrogram, the enhanced spectrum can resist information loss in the frequency direction. In STFT, the signal within the time window is only approximately stationary. In addition, even if there is an overlap interval between adjacent windows, the signals at the edges of the windows are not fully utilized, so that the frequency information in the spectrogram is more likely to be lost. Therefore, the two mask enhancement operations are in principle the same, but the frequency mask is more helpful to enhance leakage than the time mask, and the generalization capability of the network is improved.
As shown in fig. 2, the transition from the attack trajectory to the spectrogram is shown, and a time mask (white vertical rectangles in the figure represent the time mask) and a frequency mask (white horizontal rectangles in the figure represent the frequency mask) are added to the spectrogram.
In one embodiment, the step S3: selecting a leakage model, generating a middle value for each attack track in a training set by using the leakage model to serve as a real label of the class of the attack track, inputting an enhanced spectrogram of the attack track in the training set and a corresponding label thereof into a side channel attack network based on deep learning together for training, and outputting a predicted label of the class of the attack track; constructing a loss function to enable the predicted label and the real label to be close to each other continuously; until a well-trained side channel attack network based on deep learning is obtained, the method specifically comprises the following steps:
step S31: selecting a leakage model, based on the leakage model,for the training set
Figure BDA0003671163690000064
Generating an intermediate value as a real label y of each attack track i (ii) a Wherein the content of the first and second substances,
Figure BDA0003671163690000065
in the presence of N p Attack trajectory, i ═ 1, …, N p
Common leakage models include identity models, hamming weight models, least significant bit models, and the like.
a) And the identity model (ID model) calculates an intermediate value according to the plaintext corresponding to the attack track and the secret key, and directly uses the intermediate value as a track label. Taking an AES attack algorithm as an example, if a first key byte in the first round of encryption is attacked and the selected target intermediate value is the first S-box output in the first round of encryption, the corresponding label is:
Figure BDA0003671163690000061
wherein, P 0 For the plaintext corresponding to the attack trajectory, k * Is the correct key; y (k) * ) To calculate a median function;
b) the hamming weight model (HW model) calculates the hamming weight of the intermediate value, i.e. the number of bits 1 in binary form of the intermediate value, as a trajectory label, i.e.:
Figure BDA0003671163690000062
c) the least significant bit model (LSB model) designates the least significant bits of the intermediate values as trace tags, i.e.:
Figure BDA0003671163690000063
the leakage model selected by the embodiment of the invention is the least significant bit model, and the attack performance of the neural network under the leakage model is far superior to that of the other two models. As shown in fig. 3, taking an ASCAD data set as an example, a comparison of attack performances under three leakage models is shown.
Step S32: order training set
Figure BDA0003671163690000072
The enhanced spectrogram corresponding to each attack track is t i Its corresponding real label y i Will (t) i ,y i ) Inputting a side channel attack network based on deep learning together to train a prediction label of a category of an output attack track, and constructing a loss function shown in a formula (2) to enable the prediction label and a real label to be continuously close to each other; until a trained side channel attack network based on deep learning is obtained;
Figure BDA0003671163690000071
wherein, F θ Representing side channel attack networks based on deep learning, F θ (t i ) Enhanced spectrogram t representing a prediction i Probability of label of, i.e. t i A corresponding predicted signature of the attack trajectory.
Since the size of the input spectrum is determined by the parameters of the STFT, the length and width represent the number of frequency bands and the number of time frames, respectively, in relation to the window length. If one window is long, it will result in low time resolution and high frequency resolution. Conversely, if the window is short, the spectrogram contains a large number of time frames and a small number of frequency bands. Considering the shape change of the two-dimensional image after passing through the convolution layer and the pooling layer, the spectrogram close to the square shape is more beneficial for the network to fully learn the time information and the frequency information. When the time resolution and the frequency resolution are not balanced, the difference between the frequency band number and the time frame number is large. Assume the spectrogram shape is a b, where a < b. After several convolutions and pooling, the value of a is reduced to 1, and the value of b is still larger, which means that many characteristic information is still available in the time direction, and the information in the frequency direction is learned. This imbalance of information is likely to result in the model not well characterizing the leaked information reflected by the spectrogram. Therefore, in order to generate a suitable spectrogram, the window length needs to be properly selected so as to strike a balance between the two resolutions as much as possible. Typically, window sizes from 64 to 256 are suitable for most cases. The window length in this range can be limited to one clock, i.e. the segmented DFT performed for one window is stable. Moreover, such a window length may also ensure sufficient frequency resolution. Regarding the size of the overlap interval, in order to make the best use of the signals at the boundary of two time windows when performing STFT, the embodiment of the present invention selects a larger overlap interval. Specifically, for the ASCAD dataset, the window length and overlap interval size selected by the present invention are 128 and 116, respectively, and the size of the generated spectrum is 65 × 60. For more AES _ RD data sets of trace sample points, the invention sets the time window size and overlap window size to 240 and 210, respectively, with the corresponding spectrogram shape of 121 × 118. In addition, the present invention selects Hanning function as the window function, which is a common choice in STFT.
As shown in fig. 4, which is a schematic structural diagram of a side channel attack network based on deep learning, the embodiment of the present invention constructs a side channel attack network based on deep learning based on a VGG-16 network.
a) The first layer is an input layer, which inputs an enhanced spectrogram of 65 × 60 size and its corresponding labels into the network.
b) The second layer is a two-dimensional convolution layer, the number of filters is 32; the size of the convolution kernel is set to 3 x 3, aiming to better capture subtle features; the convolution step is 1 × 1 to reduce information loss in the time and frequency dimensions; the filling mode is set to same, so that the convolution operation is traversed to each point in the enhanced spectrogram; the activation function uses the relu function.
c) The third layer is the largest pooling layer, and both the pooling window size and the pooling stride are set to 2 × 2. The pooling operation downsamples the enhanced spectrogram, reduces the height and width of the frequency spectrum to half, reduces the parameter number of the neural network, and increases the integration degree of the features in the image.
d) The convolution block composed of the convolution layer and the maximum pooling layer is repeated by the fourth layer and the fifth layer, and the processes of feature extraction and parameter dimension reduction are continued, except that the filter number of the convolution layer is set to be 64.
e) In the embodiment of the invention, under the condition of selecting the least significant bit leakage model, the side channel attack is implemented as a two-classification problem. Two convolution blocks are already sufficient to achieve good attack performance, so embodiments of the present invention do not add more convolution operations, which instead are more likely to result in model overfitting. Next, the sixth layer is a flattening layer, converting the three-dimensional input into a one-dimensional matrix.
f) The seventh layer and the eighth layer are two fully connected layers, and the local features extracted before are integrated to form a complete feature map. The number of nodes in each layer is 4096, and the relu function is used for the activation function.
g) The output layer is also a fully connected layer, and the number of neurons is 2, because all tracks under the least significant bit leakage model correspond to two categories. This layer calculates the values of 2 output nodes using the softmax activation function, which are used to represent the probabilities corresponding to the respective classes.
h) The embodiment of the invention selects a classical cross entropy function as a loss function for measuring the difference between a predicted label and a real label; selecting RMSprop as an optimizer for executing a gradient descent algorithm; and the learning rate is set to 0.00001.
As shown in fig. 5, the parameter setting of the deeply learned side channel attack network structure in the embodiment of the present invention is shown.
In one embodiment, the step S4: inputting the enhanced spectrogram corresponding to the attack track in the test set into a trained side channel attack network based on deep learning to obtain a prediction label of the attack track category, namely an intermediate value based on a leakage model, acquiring corresponding candidate keys according to the intermediate value, calculating the score of each candidate key, wherein the candidate key with the highest score is a correct key, and the method specifically comprises the following steps of:
step S41: will testInputting the enhanced spectrogram corresponding to the attack track in the set V into the trained side channel attack network based on deep learning to obtain a prediction label z of the attack track category i (ii) a Wherein, let the test set have N a An attack track;
step S42: based on the leakage model, the label z can be predicted from i Obtaining a corresponding intermediate value; obtaining corresponding candidate key k according to the intermediate value i K is calculated according to equation (3) i Log likelihood score of
Figure BDA0003671163690000081
Figure BDA0003671163690000082
Wherein v is i For the enhanced spectrogram corresponding to the attack track in the test set V, i is 1, …, N a ;z i Is v i The predictive tag of (a);
candidate key k with highest score i As the correct key.
In this step, an attacker attacks the device to be tested by using the attack trajectory in the test set, and tries to resolve the key used by the device. Firstly, the enhanced spectrogram corresponding to the attack track in the test set is input into the trained side channel attack network based on deep learning, and a corresponding prediction label z can be obtained i . Due to the label z i Is a compromise model based on a candidate key k i And enhanced spectrogram v i The label calculated corresponding to the plaintext can be deduced reversely to obtain the corresponding candidate key. And calculating the probability of each candidate key on the predicted label obtained by all attack tracks in the test set, and taking the log-likelihood values of all the probabilities as the scores of the candidate keys, wherein the highest score is taken as the correct key.
In the side channel attack field, success rate and key ranking are two common indexes for evaluating attack performance, and the key ranking is used as an evaluation standard for measuring the attack performance in the embodiment of the invention. The attacker computes the logarithm for each candidate key in the test phaseLikelihood scores are summed, and all candidate keys are sorted in descending order based on the scores, a candidate key vector is obtained, represented as
Figure BDA0003671163690000091
Key rank is defined as the correct key k i The position in this candidate key vector, namely:
Figure BDA0003671163690000092
where k represents a single candidate key,
Figure BDA0003671163690000096
a key space is represented that is a space of keys,
Figure BDA0003671163690000093
and
Figure BDA0003671163690000094
respectively representing a candidate key k and a candidate key k i The notation 1 indicates that the result is increased by 1 if the condition indicated by the subscript is satisfied, otherwise the result is unchanged.
In an actual attack, since the existence of noise can cause some influence on the single attack result, the attack process is usually repeated for a certain number of times, and the average key ranking is used as an evaluation index. According to the definition of candidate key vector g, g 1 Is considered to be the most likely correct key guess, and
Figure BDA0003671163690000095
is the least probable key guess. Therefore, when g is 1 Corresponds to k i I.e., the key rank equals 0, the attack is successful. The intuitive criteria for evaluating the attack performance is the number of attack trajectories needed to converge the average key rank to 0, with less number giving better attack performance.
The invention discloses a side channel attack method based on deep learning by using SpecAugment technology, which comprises the steps of converting a one-dimensional side channel attack track into a two-dimensional spectrogram through short-time Fourier transform, performing time mask or frequency mask enhancement operation on the spectrogram, and splicing the generated spectrogram and an original spectrogram to construct an enhanced spectrogram for network training. The method aims to enhance the leakage information and resist the disturbance of the prediction result caused by the loss of short-segment time information or the loss of short-segment frequency information, so that the characteristics of the side channel attack network learning based on deep learning have robustness to the partial loss of the frequency information or the track information, and the attack performance of the side channel attack network learning is improved.
Example two
As shown in fig. 6, an embodiment of the present invention provides a side channel attack system based on deep learning using SpecAugment technology, including the following modules:
the acquisition spectrogram module 51 is configured to acquire a data set of an attack trajectory of a side channel, divide the data set into a training set and a test set, and convert the attack trajectory into a spectrogram by using short-time fourier transform;
an enhanced spectrogram acquiring module 52, configured to add a time mask or a frequency mask to the spectrogram and superimpose the time mask or the frequency mask on the spectrogram to obtain an enhanced spectrogram;
a side channel attack network module 53 for training deep learning, configured to select a leakage model, generate an intermediate value for each attack trajectory in the training set by using the leakage model, use the intermediate value as a true tag of the attack trajectory category, input the enhanced spectrogram of the attack trajectory in the training set and the corresponding tag together into a side channel attack network based on deep learning for training, and output a prediction tag of the attack trajectory category; constructing a loss function to enable the predicted label and the real label to be close to each other continuously; until a well-trained side channel attack network based on deep learning is obtained;
the correct key obtaining module 54 is configured to input the enhanced spectrogram corresponding to the attack trajectory in the test set into the trained side channel attack network based on deep learning, obtain a prediction tag of the attack trajectory category, that is, an intermediate value based on the leakage model, obtain corresponding candidate keys according to the intermediate value, and calculate a score of each candidate key, where the candidate key with the highest score is the correct key.
The above examples are provided for the purpose of describing the present invention only and are not intended to limit the scope of the present invention. The scope of the invention is defined by the appended claims. Various equivalent substitutions and modifications can be made without departing from the spirit and principles of the invention, and are intended to be within the scope of the invention.

Claims (6)

1. A side channel attack method based on deep learning by using SpecAugment technology, which is characterized by comprising the following steps:
step S1: acquiring a data set of an attack track of a side channel, dividing the data set into a training set and a testing set, and converting the attack track into a spectrogram by using short-time Fourier transform;
step S2: adding a time mask or a frequency mask to the spectrogram, and overlapping the time mask or the frequency mask to the spectrogram to obtain an enhanced spectrogram;
step S3: selecting a leakage model, generating a middle value for each attack track in the training set by using the leakage model to serve as a real label of the attack track category, inputting the enhanced spectrogram of the attack track in the training set and the corresponding label into a side channel attack network based on deep learning together for training, and outputting a predicted label of the attack track category; enabling the predicted label and the real label to be close to each other continuously by constructing a loss function; until a well-trained side channel attack network based on deep learning is obtained;
step S4: and inputting the enhanced spectrogram corresponding to the attack track in the test set into the trained side channel attack network based on deep learning to obtain a prediction label of the attack track category, namely, based on the intermediate value of the leakage model, acquiring a corresponding candidate key according to the intermediate value, and calculating the score of each candidate key, wherein the candidate key with the highest score is a correct key.
2. The method for side channel attack based on deep learning using SpecAugment technique according to claim 1, wherein said step S1: acquiring a data set of an attack track of a side channel, dividing the data set into a training set and a testing set, and converting the attack track into a spectrogram by using short-time Fourier transform, which specifically comprises the following steps:
step S11: acquiring a data set of an attack track of a side channel, wherein the attack track comprises: modeling a track and an attack track, and respectively constructing a corresponding training set and a corresponding testing set;
step S12: carrying out short-time Fourier transform on each attack track, replacing instantaneous signals with signals in each time window, and then respectively carrying out discrete Fourier transform on each window to obtain frequency information of non-stationary data, so that the one-dimensional attack tracks can be converted into a two-dimensional spectrogram; wherein, the short-time Fourier transform is shown as formula (1):
Figure FDA0003671163680000011
where STFT is a short-time Fourier transform function, F (m, ω) is a piecewise discrete Fourier transform of windowed data, x [ n ] represents the value of the input signal at time n, w [ n ] is a window function sliding on the time axis, m represents the window position, and H represents the size of the overlapping section of the windows.
3. The method for side channel attack based on deep learning using SpecAugment technique according to claim 2, wherein said step S2: adding a time mask or a frequency mask to the spectrogram, and overlapping the time mask or the frequency mask to the spectrogram to obtain an enhanced spectrogram, specifically comprising:
step S21: add time mask: assuming that the spectrogram has tau time frames and the time mask parameter is T, randomly selecting the parameter T from the uniform distribution of 0 to T, and randomly selecting the parameter T from the interval of [0, tau-T) ] 0 . Then, for the time frame [ t ] 0 ,t 0 + t) masking operation, i.e. the amplitudes of the spectrogram in the time frame are all set to 0;
or adding a frequency mask: assuming that the spectrogram has v frequency bands in totalThe frequency mask parameter is F, the parameter F is randomly selected from the uniform distribution from 0 to F, and then the parameter F is randomly selected from the interval of [0, v-F ] 0 (ii) a Then, for the time frame [ f 0 ,f 0 + f) masking operation, namely setting the amplitudes of the spectrogram in the frequency band to be 0;
step S22: and superposing the time mask or the frequency mask to the spectrogram to obtain an enhanced spectrogram.
4. The method for side channel attack based on deep learning using SpecAugment technique according to claim 3, wherein said step S3: selecting a leakage model, generating a middle value for each attack track in the training set by using the leakage model to serve as a real label of the attack track category, inputting the enhanced spectrogram of the attack track in the training set and the corresponding label thereof into a side channel attack network based on deep learning together for training, and outputting a prediction label of the attack track category; enabling the predicted label and the real label to be close to each other continuously by constructing a loss function; until a trained side channel attack network based on deep learning is obtained, the method specifically comprises the following steps:
step S31: selecting a leakage model, and aligning the training set based on the leakage model
Figure FDA0003671163680000021
Generating an intermediate value as a real label y of each attack track i (ii) a Wherein the content of the first and second substances,
Figure FDA0003671163680000022
in which is N p Attack trajectory, i ═ 1, …, N p
Step S32: order the training set
Figure FDA0003671163680000023
The enhanced spectrogram corresponding to each attack track is t i Its corresponding real label y i Will (t) i ,y i ) AStarting to input a side channel attack network based on deep learning to train a prediction label of a category of the output attack track, and constructing a loss function shown in a formula (2) to enable the prediction label and the real label to be continuously close to each other; until a well-trained side channel attack network based on deep learning is obtained;
Figure FDA0003671163680000024
wherein, F θ Representing said deep learning based side channel attack network, F θ (t i ) Enhanced spectrogram t representing a prediction i Probability of label of, i.e. t i A corresponding predicted signature of the attack trajectory.
5. The method for side channel attack based on deep learning using SpecAugment technique according to claim 4, wherein said step S4: inputting the enhanced spectrogram corresponding to the attack track in the test set into the trained side channel attack network based on deep learning to obtain a prediction label of the attack track category, namely, based on the intermediate value of the leakage model, obtaining a corresponding candidate key according to the intermediate value, calculating the score of each candidate key, wherein the candidate key with the highest score is a correct key, and specifically comprises the following steps:
step S41: inputting the enhanced spectrogram corresponding to the attack track in the test set V into the trained side channel attack network based on deep learning to obtain a prediction label z of the attack track category i (ii) a Wherein let the test set have N a An attack trajectory;
step S42: based on the leakage model, z can be predicted from the predicted label i Obtaining a corresponding intermediate value; obtaining a corresponding candidate key k according to the intermediate value i Calculating k according to equation (3) i Log likelihood score of
Figure FDA0003671163680000031
Figure FDA0003671163680000032
Wherein v is i For the enhanced spectrogram corresponding to the attack track in the test set V, i is 1, …, N a ;z i Is v i The predictive tag of (a);
candidate key k with highest score i As the correct key.
6. A side channel attack system based on deep learning using SpecAugment technology, comprising the following modules:
the acquisition spectrogram module is used for acquiring a data set of an attack track of a side channel, dividing the data set into a training set and a testing set, and converting the attack track into a spectrogram by using short-time Fourier transform;
the acquisition and enhancement spectrogram module is used for adding a time mask or a frequency mask to the spectrogram and overlapping the time mask or the frequency mask to the spectrogram to obtain an enhancement spectrogram;
the side channel attack network module for training deep learning is used for selecting a leakage model, generating a middle value for each attack track in the training set by using the leakage model, using the middle value as a real label of the class of the attack track, inputting the enhanced spectrogram of the attack track in the training set and the corresponding label into the side channel attack network based on the deep learning together for training, and outputting a prediction label of the class of the attack track; enabling the predicted label and the real label to be close to each other continuously by constructing a loss function; until a trained side channel attack network based on deep learning is obtained;
and the correct key obtaining module is used for inputting the enhanced spectrogram corresponding to the attack track in the test set into the trained side channel attack network based on deep learning to obtain a prediction label of the attack track category, namely, based on the intermediate value of the leakage model, obtaining a corresponding candidate key according to the intermediate value, calculating the score of each candidate key, and taking the candidate key with the highest score as the correct key.
CN202210605557.2A 2022-05-31 2022-05-31 Side channel attack method and system based on deep learning by using SpecAugment technology Pending CN115037437A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210605557.2A CN115037437A (en) 2022-05-31 2022-05-31 Side channel attack method and system based on deep learning by using SpecAugment technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210605557.2A CN115037437A (en) 2022-05-31 2022-05-31 Side channel attack method and system based on deep learning by using SpecAugment technology

Publications (1)

Publication Number Publication Date
CN115037437A true CN115037437A (en) 2022-09-09

Family

ID=83122586

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210605557.2A Pending CN115037437A (en) 2022-05-31 2022-05-31 Side channel attack method and system based on deep learning by using SpecAugment technology

Country Status (1)

Country Link
CN (1) CN115037437A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116388956A (en) * 2023-03-16 2023-07-04 中物院成都科学技术发展中心 Side channel analysis method based on deep learning

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116388956A (en) * 2023-03-16 2023-07-04 中物院成都科学技术发展中心 Side channel analysis method based on deep learning

Similar Documents

Publication Publication Date Title
Ding et al. Intrusion detection system for NSL-KDD dataset using convolutional neural networks
CN110048827B (en) Class template attack method based on deep learning convolutional neural network
Masure et al. Gradient visualization for general characterization in profiling attacks
CN108718310A (en) Multi-level attack signatures generation based on deep learning and malicious act recognition methods
US20200125836A1 (en) Training Method for Descreening System, Descreening Method, Device, Apparatus and Medium
CN111652290A (en) Detection method and device for confrontation sample
CN108052863A (en) Electrical energy power quality disturbance recognition methods based on the maximum variance method of development
CN113111731A (en) Deep neural network black box countermeasure sample generation method and system based on channel measurement information
CN115114965B (en) Wind turbine generator gearbox fault diagnosis method, device, equipment and storage medium
CN111985411A (en) Energy trace preprocessing method based on Sinc convolution noise reduction self-encoder
CN108596398A (en) Time Series Forecasting Methods and device based on condition random field Yu Stacking algorithms
CN115037437A (en) Side channel attack method and system based on deep learning by using SpecAugment technology
CN111934852A (en) AES password chip electromagnetic attack method and system based on neural network
Mogushi Reduction of transient noise artifacts in gravitational-wave data using deep learning
CN112966611A (en) Energy trace noise self-adaption method of DWT attention mechanism
Zhou et al. Few-shot website fingerprinting attack with cluster adaptation
Liao et al. Fast Fourier Transform with Multi-head Attention for Specific Emitter Identification
Das et al. A deep learning-based audio-in-image watermarking scheme
Goel et al. Fast locally optimal detection of targeted universal adversarial perturbations
CN116260565A (en) Chip electromagnetic side channel analysis method, system and storage medium
CN117152486A (en) Image countermeasure sample detection method based on interpretability
CN115270891A (en) Method, device, equipment and storage medium for generating signal countermeasure sample
CN115565548A (en) Abnormal sound detection method, abnormal sound detection device, storage medium and electronic equipment
CN112463387B (en) Method for identifying deep learning model on local server based on GPU space-time resource consumption
CN113159317B (en) Antagonistic sample generation method based on dynamic residual corrosion

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination