Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Defensive ML: Defending Architectural Side-channels with Adversarial Obfuscation (2302.01474v2)

Published 3 Feb 2023 in cs.CR, cs.AR, and cs.LG

Abstract: Side-channel attacks that use ML for signal analysis have become prominent threats to computer security, as ML models easily find patterns in signals. To address this problem, this paper explores using Adversarial Machine Learning (AML) methods as a defense at the computer architecture layer to obfuscate side channels. We call this approach Defensive ML, and the generator to obfuscate signals, defender. Defensive ML is a workflow to design, implement, train, and deploy defenders for different environments. First, we design a defender architecture given the physical characteristics and hardware constraints of the side-channel. Next, we use our DefenderGAN structure to train the defender. Finally, we apply defensive ML to thwart two side-channel attacks: one based on memory contention and the other on application power. The former uses a hardware defender with ns-level response time that attains a high level of security with half the performance impact of a traditional scheme; the latter uses a software defender with ms-level response time that provides better security than a traditional scheme with only 70% of its power overhead.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. One&Done: A Single-Decryption EM-Based Attack on OpenSSL’s Constant-Time Blinded RSA. In USENIX SECURITY, pp.  585–602, Baltimore, MD, 2018. USENIX Association. ISBN 978-1-931971-46-1. URL https://www.usenix.org/conference/usenixsecurity18/presentation/alam.
  2. Wasserstein generative adversarial networks. In International conference on machine learning, pp. 214–223. PMLR, 2017.
  3. High-speed high-security signatures. Journal of cryptographic engineering, 2(2):77–89, 2012.
  4. The PARSEC Benchmark Suite: Characterization and Architectural Implications. In International Conference on Parallel Architectures and Compilation Techniques, October 2008.
  5. Convolutional neural networks with data augmentation against jitter-based countermeasures. In International Conference on Cryptographic Hardware and Embedded Systems, pp.  45–68. Springer, 2017.
  6. Learning phrase representations using rnn encoder–decoder for statistical machine translation. In Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), pp.  1724–1734, 2014.
  7. X-deepsca: Cross-device deep learning side channel attack. In 2019 56th ACM/IEEE Design Automation Conference (DAC), pp. 1–6, 2019.
  8. Branchscope: A new side-channel attack on directional branch predictor. In Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS ’18, pp.  693–707, New York, NY, USA, 2018. Association for Computing Machinery. ISBN 9781450349116. doi: 10.1145/3173162.3173204. URL https://doi.org/10.1145/3173162.3173204.
  9. Understanding noise injection in gans. In International Conference on Machine Learning, pp. 3284–3293. PMLR, 2021.
  10. Generative adversarial networks. NeurIPS, 2014a.
  11. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572, 2014b.
  12. Disintegrated control for energy-efficient and heterogeneous memory systems. In 2013 IEEE 19th International Symposium on High Performance Computer Architecture (HPCA), pp.  424–435. IEEE, 2013.
  13. Scaling with design constraints: Predicting the future of big chips. IEEE Micro, 31(4):16–29, 2011.
  14. Johnson, J. Rethinking floating point for deep learning. NIPS, 2018.
  15. The libgcrypt reference manual. Free Software Foundation Inc, pp.  1–47, 2005.
  16. Template attacks vs. machine learning revisited (and the curse of dimensionality in side-channel analysis). In International Workshop on Constructive Side-Channel Analysis and Secure Design, pp.  20–33. Springer, 2015.
  17. Gan compression: Efficient architectures for interactive conditional gans. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2020.
  18. Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices. PETS2, 2018(4):141–158, 2018. URL https://content.sciendo.com/view/journals/popets/2018/4/article-p141.xml.
  19. Breaking cryptographic implementations using deep learning techniques. In International Conference on Security, Privacy, and Applied Cryptography Engineering, pp.  3–26. Springer, 2016.
  20. Lord of the ring (s): Side channel attacks on the cpu on-chip ring interconnect are practical. USENIX Security Symposium, 2021.
  21. Pandruvada, S. Running Average Power Limit – RAPL. https://01.org/blogs/2014/running-average-power-limit--rapl. Published: June, 2014.
  22. Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277, 2016.
  23. Lowering the bar: Deep learning for side channel analysis. BlackHat USA, Las Vegas, NV, USA, Tech. Rep, 2018.
  24. Poster: When adversary becomes the guardian–towards side-channel security with adversarial attacks. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp.  2673–2675, 2019.
  25. Model compression via distillation and quantization. arXiv preprint arXiv:1802.05668, 2018.
  26. Maya: Falsifying power sidechannels with dynamic control. ISCA, 2021.
  27. Website fingerprinting by power estimation based side-channel attacks on android 7. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pp. 1030–1039. IEEE, 2018.
  28. Mockingbird: Defending against deep-learning-based website fingerprinting attacks with adversarial traces. IEEE Transactions on Information Forensics and Security, PP:1–1, 11 2020. doi: 10.1109/TIFS.2020.3039691.
  29. Survey and benchmarking of machine learning accelerators. In 2019 IEEE high performance extreme computing conference (HPEC), pp.  1–9. IEEE, 2019.
  30. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.
  31. The Structural Simulation Toolkit. SIGMETRICS Perform. Eval. Rev., 38(4), March 2011.
  32. Dropout: a simple way to prevent neural networks from overfitting. The journal of machine learning research, 15(1):1929–1958, 2014.
  33. Invisible probe: Timing attacks with pcie congestion side-channel. In 2021 IEEE Symposium on Security and Privacy (SP), pp. 322–338. IEEE, 2021.
  34. Generating adversarial examples with adversarial networks. IJCAI, 2018.
  35. Zhang, Y. Cache side channels: State of the art and research opportunities. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS ’17, pp.  2617–2619, New York, NY, USA, 2017. Association for Computing Machinery. ISBN 9781450349468. doi: 10.1145/3133956.3136064. URL https://doi.org/10.1145/3133956.3136064.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now