Paper 2024/124
Perceived Information Revisited II: Information-Theoretical Analysis of Deep-Learning Based Side-Channel Attacks
Abstract
Previous studies on deep-learning-based side-channel attacks (DL-SCAs) have shown that traditional performance evaluation metrics commonly used in DL, like accuracy and F1 score, are not effective in evaluating DL-SCA performance. Therefore, some previous studies have proposed new alternative metrics for evaluating the performance of DL-SCAs. Notably, perceived information (PI) and effective perceived information (EPI) are major metrics based on information theory. While it has been experimentally confirmed that these metrics can give the attack success rate (SR) for DL-SCAs, their theoretical validity remains unclear. In this paper, we propose a new theoretically valid performance evaluation metric called latent perceived information (LPI), which serves as an alternative to the existing metrics. LPI is defined as the mutual information between the output of the feature extractor of a neural network (NN) model and the intermediate value, representing the potential attack performance of the trained model. First, we prove that LPI provides an upper bound on the SR of a DL-SCA by modeling and formulating DL-SCA as a communication channel. Additionally, we clarify the conditions under which PI and EPI theoretically provide an upper bound on the SR from the perspective of LPI. For practical computation of LPI, we present two methods. One utilizes the Kraskov (KSG) estimator, a common mutual information estimator, and the other is based on logistic regression. While the KSG estimator is computationally intensive, it yields accurate LPI values. In contrast, the logistic regression is faster but provides a lower bound for LPI. Through experimental attacks on AES software and hardware implementations with masking countermeasures, we demonstrate that the LPI values estimated by these two methods are significantly similar, indicating the reliability and soundness of our proposed estimation techniques. Furthermore, we show that, by using the logistic regression as a classifier, we can significantly improve the attack performance of the trained model when the difference between the SR upper bound by the LPI and its actual SR is large. This indicates that LPI represents the potential for performance improvement in the trained model. Therefore, our study contributes to optimizing the distinguisher for attack performance using the trained model.
Note: We have modified the definition of LPI, and proposed two new estimation methods for LPI in this revision.
Metadata
- Available format(s)
- Category
- Attacks and cryptanalysis
- Publication info
- Published by the IACR in TCHES 2025
- Keywords
- Profiled side-channel attacksPerceived informationSuccess rateDeep learningInformation theory
- Contact author(s)
-
akira itoh @ ntt com
ueno rei 2e @ kyoto-u ac jp
naofumi homma c8 @ tohoku ac jp - History
- 2024-10-16: last of 3 revisions
- 2024-01-29: received
- See all versions
- Short URL
- https://ia.cr/2024/124
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/124, author = {Akira Ito and Rei Ueno and Naofumi Homma}, title = {Perceived Information Revisited {II}: Information-Theoretical Analysis of Deep-Learning Based Side-Channel Attacks}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/124}, year = {2024}, url = {https://eprint.iacr.org/2024/124} }