Deep Learning Multi-Channel Fusion Attack Against Side-Channel Protected Hardware

Benjamin Hettwer, Daniel Fennes, Jan Richter-Brockmann, Sebastien Leger, Stefan Gehrer, Tim Güneysu

57th Annual Design Automation Conference 2020, DAC 2020, San Francisco, CA, USA, July 19-23, 2020.


State-of-the-art hardware masking approaches like threshold implementations and domain-oriented masking provide a guaranteed level of security even in the presence of glitches. Although provable secure in theory, recent work showed that the effective security order of a masked hardware implementation can be lowered by applying a multi-probe attack or exploiting externally amplified coupling effects. However, the proposed attacks are based on an unrealistic adversary model (i.e. knowledge of masks values during profiling) or require complex measurement setup manipulations.

In this work, we propose a novel attack vector that exploits location dependent leakage from several decoupling capacitors of a modern System-on-Chip (SoC) with 16 nm fabrication technology. We combine the leakage from different sources using a deep learning-based information fusion approach. The results show a remarkable advantage regarding the number of required traces for a successful key recovery compared to state-of-the-art profiled side-channel attacks. All evaluations are performed under realistic conditions, resulting in a real-world attack scenario that is not limited to academic environments.

tags: deep learning, multi-channel fusion, SCA