PhD defense Arnaud Varillon: Deep Learning for Embedded Cybersecurity
Télécom Paris, 19 place Marguerite Perey F-91120 Palaiseau [getting there], amphi 7 and in videoconferencing
Jury
- Lejla BATINA, Professor, Radboud University, Netherlands (Reviewer)
- Roselyne CHOTIN, Professor, Sorbonne Université, LIP6, France (Examiner)
- Jean-Luc DANGER, Professor, Télécom Paris, France (Supervisor)
- Margaux DUGARDIN, Research Engineer, Direction Générale de l’Armement – Maîtrise de l’Information, France (Guest)
- Benoît GERARD, Research Engineer, Agence nationale de la sécurité des systèmes d’information, France (Examiner)
- Philippe MAURINE, Associate Professor, Université de Montpellier, France (Reviewer)
- Stjepan PICEK, Associate Professor, Radboud University, Netherlands (Examiner)
- Guénaël RENAULT, Professor, École Polytechnique, France (Examiner)
- Laurent SAUVAGE, Associate Professor, Télécom Paris, France (Co-Supervisor)
Abstract
Public-key cryptography is one of the core pillars of cybersecurity, in particular thanks to the authentication schemes it enables. It is embedded in many ubiquitous objects, such as hardware wallets. Side-channel attacks are one of the major threats to such devices. In particular, the advances in machine learning, and more specifically deep learning, which have marked the last ten years, seem likely to make such attacks remarkably effective. In such a hostile environment, assessing the true security level of devices intended for cryptographic use is of utmost importance: indeed, it has now even become vital to the smooth running of information systems.
… reputed to be the more secure ones in the face of such attacks (“power” and “EM” channels), which manipulate the secret key bit by bit. Numerous contributions, which mainly use deep learning, have been published on this subject. Unfortunately, none of them provides any guarantee regarding the robustness of the device under study in the face of such attacks: each time, the method being described does not allow one to state with certainty that it is not possible to find a more powerful attack than that being presented. The security level of the latter devices is therefore potentially underestimated. More specifically, fundamental aspects of the classification task associated with any attack, such as the shape of its decision boundary or the optimality – in terms of attack performance – of the features derived from the sampling of the side-channel under consideration, are never addressed. Therefore, we have sought to find methodologies that are as close to optimality as possible given the conditions imposed by the exercise (for example, the possibility of configuring the key used by the target for in-depth analyses).
Initially, assuming that an attacker can control the key that is parameterized in the target, only vertical attacks are considered. In this context, the optimal effectiveness of the joint use of NICV, for feature selection, and the perceptron, for classification, is highlighted from a theoretical point of view. In particular, the security of a cryptographic library hitherto considered robust (libecc) is called into question. Secondly, assuming that an attacker cannot set the key as he wishes in the target, yet still has a functionally perfect clone, another procedure is proposed for carrying out the security evaluation, this time using horizontal (collision-based) attacks based on an unsupervised learning technique which, because it requires (by definition) minimal training at most, is better suited to such a scenario. Compared to the state of the art, the approach followed is closer to optimality without however achieving it, but avenues are suggested to get there in the near future. Last, to validate these findings, experimental verifications have been carried out on a board (STM32F407) which features a Cortex-M4 processor that can be found in many hardware wallets (e.g. Trezor Model T).