Portable Deep Neural Network based Side Channel Attacks

Case ID:
UA21-079
Invention:

This technology uses deep neural networks to examine the power states of a device performing cryptographic operations and determine the underlying encryption key with high accuracy across varying processor architectures.

Background:
Embedded systems are among devices often the most vulnerable to attacks on their security. They are often used in public or in distributed environments where it becomes a challenge to prevent physical tampering. The Internet of Things has resulted in a dramatic increase in the prevalence embedded devices, many of which process sensitive information. And the rapid technological developments in the defense industry demand high levels of security for technologies used in the field.

One type of security threat particularly important to embedded devices are side-channel attacks. Side-channel attacks use information about a system, such as power states, to infer other, more valuable information. While the concept of side channel attacks has existed since the turn of the millennium, recent developments in machine learning technology, as illustrated in a 2016 article, have dramatically improved the feasibility of such attacks.

This technology builds upon breakthroughs in side channel attack technology to create an attack method that can be used against devices with varying processor architectures, without significantly sacrificing accuracy. Other side channel attack methods include waveform matching with Fourier analysis to improve correlation accuracy of power states and keys, targeting processor branch instructions, measuring keyboard acoustics for password detection, and measuring interrupt latency for coarse-grained information in even the most secure Intel commodity processors.

In addition to its potential offensive applications such as cyber warfare, it provides a valuable method of testing and verifying the security of embedded systems and their resistance to side channel attacks. For example, a research group detected cache-based side-channel attacks through identifying abnormal cache behaviors associated with those attacks. Side channel attack patents filed in the US in the past 5 years tend to concern defensive mechanisms to attacks (i.e. Intent patent US20190042479 A1 filed in 2018).

Applications:

  • Defense applications
  • Secure embedded systems testing
  • Internet of Things security
  • Point of Sale security


Advantages:

  • Portable and versatile (remains effective across different devices and architectures)
  • High accuracy
Patent Information:
Contact For More Information:
Lewis Humphreys
Licensing Manager, Eller College of Mngmt & OTT
The University of Arizona
lewish@tla.arizona.edu
Lead Inventor(s):
Roman Lysecky
Janet Roveda
Manoj Gopale
Gregory Ditzler
Keywords: