Secret Key Classification Based on Electromagnetic Analysis and Feature Extraction Using Machine-Learning Approach

  • Naila MukhtarEmail author
  • Yinan Kong
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 878)


Despite having a secure algorithm running on a cryptographic chip, in an embedded system device on the network, secret private data is still vulnerable due to Side-Channel leakage information. In this paper, we have focused on retrieving secret-key information obtained from one of the Side Channels, namely Electromagnetic radiation signals. We have captured leaked Electromagnetic signals from a Kintex-7 FPGA, while AES is running over it, and analyzed them using machine and deep-learning based algorithms to classify each bit of the key. Moreover, we aim to analyze the effect of having different signal properties as features in these classification algorithms. The results will help in defining which features give maximum information about the captured signal, hence leading to key recovery.


Side-Channel analysis Embedded system security Signal-processing Machine-learning classification Neural-network classification 


  1. 1.
    Gilmore, R., Hanley, N., O’Neill, M.: Neural network based attack on a masked implementation of AES. In: Hardware Oriented Security and Trust (HOST), pp. 106–111. IEEE Computer Society (2015)Google Scholar
  2. 2.
    Maghrebi, H., Portigliatti, T., Prouff, E.: Breaking cryptographic implementations using deep learning techniques. In: Carlet, C., Hasan, M.A., Saraswat, V. (eds.) SPACE 2016. LNCS, vol. 10076, pp. 3–26. Springer, Cham (2016). Scholar
  3. 3.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). Scholar
  4. 4.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). Scholar
  5. 5.
    Rivest, R.L.: Cryptography and machine learning. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 427–439. Springer, Heidelberg (1993). Scholar
  6. 6.
    Levina, A., Sleptsova, D., Zaitsev, O.: Side-channel attacks and machine learning approach. In: FRUCT, pp. 181–186 (2016)Google Scholar
  7. 7.
    Longo, J., De Mulder, E., Page, D., Tunstall, M.: SoC it to EM: electromagnetic side-channel attacks on a complex system-on-chip. Cryptology ePrint Archive, Report 2015/561 (2015)Google Scholar
  8. 8.
    de Mulder, E., Ors, S.B., Preneel, B., Verbauwhede, I.: Differential electromagnetic attack on an FPGA implementation of elliptic curve cryptosystems, pp. 1–6 (2006)Google Scholar
  9. 9.
    Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 444–461. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  10. 10.
    Lerman, L., Bontempi, G., Markowitch, O.: A machine learning approach against a masked AES. J. Cryptogr. Eng. 5, 123–139 (2013)CrossRefGoogle Scholar
  11. 11.
    Oswald, D., Paar, C.: Improving side-channel analysis with optimal linear transforms. In: Mangard, S. (ed.) CARDIS 2012. LNCS, vol. 7771, pp. 219–233. Springer, Heidelberg (2013). Scholar
  12. 12.
    Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: Side-channel leakage and trace compression using normalized inter-class variance. Cryptology ePrint Archive, Report 2014/1020 (2014)Google Scholar
  13. 13.
    Renauld, M., Standaert, F.-X., Veyrat-Charvillon, N.: Algebraic side-channel attacks on the AES: why time also matters in DPA. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 97–111. Springer, Heidelberg (2009). Scholar
  14. 14.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008). Scholar
  15. 15.
    Lerman, L., Bontempi, G., Markowitch, O.: Power analysis attack: an approach based on machine learning. Int. J. Appl. Cryptogr. (IJACT) 3, 97–115 (2014)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Kira, K., Rendell, L.A.: A practical approach to feature selection. In: Proceedings of the Ninth International Workshop on Machine Learning, pp. 249–256. Morgan Kaufmann Publishers Inc. (1992)CrossRefGoogle Scholar
  17. 17.
    Yun, C., Shin, D., Jo, H., Yang, J., Kim, S.: An experimental study on feature subset selection methods. In: Seventh International Conference on Computer and Information Technology, pp. 77–82. IEEE Computer Society (2007)Google Scholar
  18. 18.
    Hospodar, G., De Mulder, E., Gierlichs, B., Verbauwhede, I., Vandewalle, J.: Least squares support vector machines for side-channel analysis. In: 2nd Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE) (2011)Google Scholar
  19. 19.
    NIST, FIPS-197: Advance Encryption Standard (2001)Google Scholar
  20. 20.
  21. 21.
  22. 22.
    Lerman, L., Bontempi, G., Markowitch, O.: Side channel attack: an approach based on machine learning. In: Constructive Side-Channel Analysis and Secure Design, pp. 29–41. Springer (2011)Google Scholar
  23. 23.
    Bogdanov, A., Kizhvatov, I.: Beyond the limits of DPA: combined side-channel collision attacks. IEEE Trans. Comput. 8, 1153–1164 (2012)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Archambeau, C., Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Template attacks in principal subspaces. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 1–14. Springer, Heidelberg (2006). Scholar
  25. 25.
    Batina, L., Hogenboom, J., van Woudenberg, J.G.J.: Getting more from PCA: first results of using principal component analysis for extensive power analysis. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 383–397. Springer, Heidelberg (2012). Scholar
  26. 26.
    Bohy, L., Neve, M., Samyde, D., Quisquater, J.: Principal and independent component analysis for crypto-systems with hardware unmasked units. In: Proceedings of e-Smart (2003)Google Scholar
  27. 27.
    Standaert, F.-X., Archambeau, C.: Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 411–425. Springer, Heidelberg (2008). Scholar
  28. 28.
    Kocher, P., Lee, R., McGraw, G., Raghunathan, A., Ravi, S.: Security as a new dimension in embedded system design. In: Proceedings of the 41st Design Automation Conference, pp. 753–760 (2004)Google Scholar
  29. 29.
    Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)CrossRefGoogle Scholar
  30. 30.
    Mitchell, T.M., Hill, M.: Generative and discriminative classifiers: Naive Bayes and logistic regression. In: Machine Learning (2016)Google Scholar
  31. 31.
    Genkin, D., Pachmanov, L., Pipman, I., Tromer, E., Yarom, Y.: ECDSA key extraction from mobile devices via nonintrusive physical side channels. Cryptology ePrint Archive, Report 2016/230 (2016)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Macquarie UniversitySydneyAustralia

Personalised recommendations