In the field of machine learning security, as one of the attack surfaces especially for edge devices, the application of side-channel analysis such as correlation power/electromagnetic analysis (CPA/CEMA) is expanding. Aiming to evaluate the leakage resistance of neural network (NN) model parameters, i.e. weights and biases, we conducted a feasibility study of CPA/CEMA on floating-point (FP) operations, which are the basic operations of NNs. This paper proposes approaches to recover weights and biases using CPA/CEMA on multiplication and addition operations, respectively. It is essential to take into account the characteristics of the IEEE 754 representation in order to realize the recovery with high precision and efficiency. We show that CPA/CEMA on FP operations requires different approaches than traditional CPA/CEMA on cryptographic implementations such as the AES.

Side-channel analysis is one of the most investigated hardware Trojan detection approaches. However, nearly all the side-channel analysis approaches require golden chips for reference, which are hard to obtain actually. Besides, majority of existing Trojan detection algorithms focus on the data similarity and ignore the Trojan misclassification during the detection. In this paper, we propose a cost-sensitive golden chip-free hardware Trojan detection framework, which aims to minimize the probability of Trojan misclassification during the detection. The post-layout simulation data of voltage variations at different process corners is utilized as a golden reference. Further, a classification algorithm based on the combination of principal component analysis and Naïve bayes is exploited to identify the existence of hardware Trojan with a minimum misclassification risk. Experimental results on ASIC demonstrate that the proposed approach improves the detection accuracy ratio compared with the three detection algorithms and distinguishes the Trojan with only 0.27% area occupies even under ±15% process variations.

The growing threat of Hardware Trojans (HT) in the System-on-Chips (SoC) industry has given way to the embedded systems researchers to propose a series of detection methodologies to identify and detect the presence of Trojan circuits or logics inside a host design in the various stages of the chip design and manufacturing process. Many state of the art works propose different techniques for HT detection among which the popular choice remains the Side-Channel Analysis (SCA) based methods that perform differential analysis targeting the difference in consumption of power, change in electromagnetic emanation or the delay in propagation of logic in various paths of the circuit. Even though the effectiveness of these methods are well established, the evaluation is carried out on simplistic models such as AES coprocessors and the analytical approaches used for these methods are limited by some statistical metrics such as direct comparison of EM traces or the T-test coefficients. In this paper, we propose two new detection methodologies based on Machine Learning algorithms. The first method consists in applying the supervised Machine Learning (ML) algorithms on raw EM traces for the classification and detection of HT. It offers a detection rate close to 90% and false negative smaller than 5%. In the second method, we propose an outlier/novelty algorithms based approach. This method combined with the T-test based signal processing technique, when compared with state-of-the-art, offers a better performance with a detection rate close to 100% and a false positive smaller than 1%. In different experiments, the false negative is nearly the same level than the false positive and for that reason the authors only show the false positive value on the results. We have evaluated the performance of our method on a complex target design: RISC-V generic processor. Three HTs with their corresponding sizes: 0.53%, 0.27% and 0.09% of the RISC-V processors are inserted for the experimentation. In this paper we provide elaborative details of our tests and experimental process for reproducibility. The experimental results show that the inserted HTs, though minimalistic, can be successfully detected using our new methodology.

Due to outsourcing of numerous stages of the IC manufacturing process to different foundries, the security risk, such as hardware Trojan becomes a potential threat. In this paper, we present a layout aware localized hardware Trojan detection method that magnifies the detection sensitivity for small Trojan in power-based side-channel analysis. A scan segmentation approach with a modified launch-on-capture (LoC) transition delay fault test pattern application technique is proposed so as to maximize the dynamic power consumption of any target region. The new architecture allows activating any target region and keeping others quiet, which reduces total circuit toggling activity. We evaluate our approach on ISCAS89 benchmark and two practical circuits to demonstrate its effectiveness in side-channel analysis.

The implementation security of the RSA cryptosystem, under the threat of side-channel analysis, has attracted the attentions of many researchers. Boer et al. had proposed the MRED-DPA attack on RSA-CRT by choosing ciphertexts of equi-distant data. Their attack can be applied to RSA-OAEP decryption but not RSA-PSS signing because of the PSS random padding. We propose a new DPA attack on an implementation of RSA-CRT, with the Montgomery reduction. The proposed attack assumes only known ciphertexts, and can be applied to both RSA-OAEP decryption and RSA-PSS signing even if a random padding technique is used in practice. This study also presents experimental results to verify the proposed attack. Finally, this study proposes a CRT-based message blinding technique as a low-cost DPA countermeasure.

This paper proposes a differential fault analysis on the stream cipher MUGI, which uses two kinds of update functions of an intermediate state. MUGI was proposed by Hitachi, Ltd. in 2002 and is specified as ISO/IEC 18033-4 for keystream generation. Differential fault analysis (DFA) is a type of fault analysis, which is considered to be a serious threat against secure devices such as smart cards. DFA on MUGI was first proposed at ICISC 2010 [25]; however, the attack condition for the successful attack such as the position into which the fault is injected was restricted. In this paper, we extend the attack methods which are more practical, based on a one-byte and a multi-byte fault models using the relationship between two kinds of update functions that are mutually dependent. In the proposed attack, the attacker can know the position affected by the fault injection even if he has no control of the timing of the fault injection. As a result, a 128-bit secret key can be recovered using 13 pairs of correct and faulty outputs on average.

Power analysis can be used to attack many implementations of cryptosystems, e.g., RSA and ECC, and the doubling attack is a collision based power analysis performed on two chosen ciphertexts. In this paper, we introduced a modified doubling attack to threaten RSA and ECC implementations by exploiting only one chosen ciphertext of small order. To attack the RSA implementations we selected an input of order two while to attack the ECC implementations we exploited one chosen invalid point of small order on a cryptographically weak curve rather than on the original curve. We showed that several existing power analysis countermeasures for RSA and ECC implementations are still vulnerable to the proposed attack. To prevent the proposed attack, we suggested countermeasures for RSA as well as for ECC.

In this paper, we will report practical modifications of the side-channel analysis to (EC)DSA [1],[2],[5],[34] that Leadbitter et al. have proposed in [16]. To apply the analyses, we assume that the window method is used in the exponentiation or elliptic curve (EC) scalar multiplication and the side-channel information described in Sect. 3.2 can be collected. So far, the method in [16] hasn't been effective when the size q of a cyclic group used in (EC)DSA is 160 bit long and the window size w < 9. We show that the modified method we propose in this paper is effective even when q is 160 bit long and w=4. This shows that our method is effective for various practical implementations, e.g., that in resource restricted environment like IC card devises. First, we estimate the window size w necessary for the proposed analyses (attacks) to succeed. Then by experiment of the new method, we show that private keys of (EC)DSA can be obtained under the above assumptions, in practical time and with sufficient success rate. The result raises the necessity of countermeasures against the analyses (attacks) in the window method based implementation of (EC)DSA.