Locality-based electromagnetic leakage assessment using CNN


  • Ian Heffron US Air Force
  • James Dean




side-channel analysis, localized leakage, neural networks, electromagnetic leakage, leakage detection


Deep learning side-channel analysis (SCA) attacks have recently gained in popularity.  The ability of deep learning models to retrieve a key byte while minimizing the need for pre-processing steps in both cases of misaligned traces and when the leakage model is multivariate has contributed to the popularity gain.  Near-field electromagnetic (EM) probes have enabled leakage capture with high spatial resolution, and the field of deep learning side-channel research looks to find models which reduce the required number of leakage traces to retrieve a key byte successfully.  However, despite the many papers researching techniques to reduce the number of traces required for a successful attack, location-based research for EM SCA remains untouched.  Due to the nature of EM probes and the architecture of different boards and chips, the location of the collection probe becomes important when attempting to extract the secret key within a reasonable timeframe and with a level of certainty in the result.  Our contribution is a framework to determine the best location to assess localized EM leakage against a given chip platform.  We use a raster scan to collect localized leakage results at 25 points in a 5x5 grid pattern on a ChipWhisperer Lite XMEGA board running an open-source implementation of the AES-128 encryption algorithm.  We demonstrate the use of our framework to locate the best points for an attacker to execute a profiling attack by identifying the grid point with the most detectable leakage for a chip platform.  We further execute a smaller localized 25-point raster scan in a grid over the identified location to further refine our estimate of the optimal collection location.  We then demonstrate that this location can be used to execute a side-channel profiling attack against the same chip architecture and will result in a lower number of traces required to retrieve the key byte.