基於深度學習降維之功率旁通道洩漏評估機制

周固廷; Ku-Ting Chou

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/101239

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	黃俊郎	zh_TW
dc.contributor.advisor	Jiun-Lang Huang	en
dc.contributor.author	周固廷	zh_TW
dc.contributor.author	Ku-Ting Chou	en
dc.date.accessioned	2025-12-31T16:26:06Z	-
dc.date.available	2026-01-01	-
dc.date.copyright	2025-12-31	-
dc.date.issued	2025	-
dc.date.submitted	2025-12-04	-
dc.identifier.citation	[1] H. Abdi and L. J. Williams. Principal component analysis. Wiley Interdisciplinary Reviews: Computational Statistics, 2(4):433–459, 2010. [2] D. Bank, N. Koenigstein, and R. Giryes. Autoencoders. Machine Learning for Data Science Handbook: Data Mining and Knowledge Discovery Handbook, pages 353–374, 2023. [3] G. Becker, J. Cooper, E. DeMulder, G. Goodwill, J. Jaffe, G. Kenworthy, T. Kouzminov, A. Leiserson, M. Marson, P. Rohatgi, et al. Test vector leakage assessment (TVLA) methodology in practice. In International Cryptographic Module Conference, volume 1001, page 13. sn, 2013. [4] A. K. Bednar, D. Cunningham, T. M. Duffy, and J. D. Perry. Theory into practice: How do we link? In Constructivism and the Technology of Instruction, pages 17–34. Routledge, 2013. [5] A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. Robshaw, Y. Seurin, and C. Vikkelsoe. PRESENT: An ultra-lightweight block cipher. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 450–466. Springer, 2007. [6] E. Brier, C. Clavier, and F. Olivier. Correlation power analysis with a leakage model. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 16–29. Springer, 2004. [7] S. Chari, C. S. Jutla, J. R. Rao, and P. Rohatgi. Towards sound approaches to counteract power-analysis attacks. In Annual International Cryptology Conference, pages 398–412. Springer, 1999. [8] J. Daemen and V. Rijmen. AES proposal: Rijndael. 1999. [9] J. Demme, R. Martin, A. Waksman, and S. Sethumadhavan. Side-channel vulnerability factor: A metric for measuring information leakage. ACM SIGARCH Computer Architecture News, 40(3):106–117, 2012. [10] R. A. Fisher. The use of multiple measurements in taxonomic problems. Annals of Eugenics, 7(2):179–188, 1936. [11] Y. Fukuda, K. Yoshida, and T. Fujino. CA-SCA: Non-profiled deep learning-based side-channel attacks by using cluster analysis. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 108(3):227–241, 2025. [12] G. Fumaroli, A. Martinelli, E. Prouff, and M. Rivain. Affine masking against higher-order side channel analysis. In International Workshop on Selected Areas in Cryptography, pages 262–280. Springer, 2010. [13] B. J. Gilbert Goodwill, J. Jaffe, P. Rohatgi, et al. A testing methodology for side channel resistance validation. In NIST Non-Invasive Attack Testing Workshop, volume 7, pages 115–136, 2011. [14] I. Goodfellow, J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville, and Y. Bengio. Generative adversarial networks. Communications of the ACM, 63(11):139–144, 2020. [15] J. Harrison, E. Toreini, and M. Mehrnezhad. A practical deep learning-based acoustic side channel attack on keyboards. In 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 270–280. IEEE, 2023. [16] M. A. KF, V. Ganesan, R. Bodduna, and C. Rebeiro. PARAM: A microprocessor hardened for power side-channel attack resistance. In 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pages 23–34. IEEE, 2020. [17] P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In Annual International Cryptology Conference, pages 388–397. Springer, 1999. [18] A. Krizhevsky, I. Sutskever, and G. E. Hinton. ImageNet classification with deep convolutional neural networks. Advances in Neural Information Processing Systems, 25, 2012. [19] L. Le, A. Patterson, and M. White. Supervised autoencoders: Improving generalization performance with unsupervised regularizers. Advances in Neural Information Processing Systems, 31, 2018. [20] Y. LeCun, Y. Bengio, and G. Hinton. Deep learning. Nature, 521(7553):436–444, 2015. [21] L. v. d. Maaten and G. Hinton. Visualizing data using t-SNE. Journal of Machine Learning Research, 9(Nov):2579–2605, 2008. [22] T. Moos, F. Wegener, and A. Moradi. DL-LA: Deep learning leakage assessment: A modern roadmap for SCA evaluations. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 552–598, 2021. [23] A. Moradi, B. Richter, T. Schneider, and F.-X. Standaert. Leakage detection with the x2-test. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 209–237, 2018. [24] C. O'Flynn and Z. Chen. Synchronous sampling and clock recovery of internal oscillators for side channel analysis and fault injection. Journal of Cryptographic Engineering, 5(1):53–69, 2015. [25] E. Prouff, M. Rivain, and R. Bevan. Statistical analysis of second order differential power analysis. IEEE Transactions on Computers, 58(6):799–811, 2009. [26] J. Redmon, S. Divvala, R. Girshick, and A. Farhadi. You only look once: Unified, real-time object detection. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pages 779–788, 2016. [27] D. E. Rumelhart, J. L. McClelland, P. R. Group, et al. Parallel distributed processing, volume 1: Explorations in the microstructure of cognition: Foundations. The MIT Press, 1986. [28] T. Schneider and A. Moradi. Leakage assessment methodology: A clear roadmap for side-channel evaluations. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 495–513. Springer, 2015. [29] B. Timon. Non-profiled deep learning-based side-channel attacks with sensitivity analysis. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 107–131, 2019. [30] C. Whitnall and E. Oswald. A critical analysis of ISO 17825 ('Testing methods for the mitigation of non-invasive attack classes against cryptographic modules'). In International Conference on the Theory and Application of Cryptology and Information Security, pages 256–284. Springer, 2019.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/101239	-
dc.description.abstract	旁通道洩漏評估是確保密碼學實作安全性的關鍵流程。然而，業界標準的TVLA方法是一種單變數統計檢定方法，不足以有效偵測複雜的多變數與高階洩漏。現有替代方案雖試圖改良統計檢定方法或是利用機器學習，卻常受限於單變數分析、需要窮舉所有變數組合，或依賴大量實務上難以取得的驗證資料等問題。為了克服這些限制，我們提出基於深度學習降維的旁通道洩漏評估機制（DDR-LA）。本方法無需任何驗證資料即可偵測多變數與高階洩漏，並能同時提供洩漏嚴重度評估與關鍵點識別。此外，DDR-LA能以少量樣本高效運作，有效降低量測成本並提升實務可行性。我們在搭載微處理器的平台上進行加密軟體的洩漏檢測實驗，並將DDR-LA與TVLA進行比較。實驗結果顯示，DDR-LA在簡單洩漏情況下的表現與TVLA一致，但在較複雜的情況中則顯著優於TVLA。尤其在TVLA失效的多變數與高階洩漏情境中，DDR-LA可以偵測到TVLA完全無法察覺的洩漏，證明DDR-LA有潛力成為安全評估標準中，一個比傳統方法更全面的替代方案。	zh_TW
dc.description.abstract	Side-channel leakage assessment is critical for securing cryptographic implementations. However, the industry-standard TVLA method is a univariate test that is insufficient for detecting complex multivariate and higher-order leakages. While other approaches exist, they are either limited by univariate constraints, require exhaustive enumeration of variable combinations, or depend on large, often impractical, validation datasets. To overcome these limitations, we propose DDR-LA, a side-channel leakage assessment method based on deep dimensionality reduction. Our method detects multivariate and higher-order leakages without requiring validation data, simultaneously providing leakage severity assessment and points of interest identification. Furthermore, DDR-LA operates effectively with a small number of samples, reducing measurement costs and enhancing practical feasibility. We validated DDR-LA on cryptographic software running on a microprocessor and compared its performance to TVLA. Experimental results show that DDR-LA performs consistently with TVLA in simple leakage scenarios but significantly outperforms it in challenging cases. Notably, DDR-LA successfully detects multivariate and higher-order leakages where TVLA fails. This demonstrates DDR-LA's potential as a more comprehensive alternative to traditional methods in industrial-grade security assessments.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2025-12-31T16:26:06Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2025-12-31T16:26:06Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	Acknowledgements i 摘要 ii Abstract iii Contents v List of Figures ix List of Tables xv Chapter 1 Introduction 1 1.1 Side-Channel Leakage . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Leakage Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.4 Motivation and Contribution . . . . . . . . . . . . . . . . . . . . . . 3 1.5 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . 5 Chapter 2 Background 6 2.1 Power Side-Channel Leakage . . . . . . . . . . . . . . . . . . . . . 6 2.1.1 Side-Channel Leakage & Intermediate Values . . . . . . . . . . . . 6 2.1.2 Power Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.1.3 Higher-Order Leakage . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2 Non-Profiled Side-Channel Analysis . . . . . . . . . . . . . . . . . . 10 2.2.1 Correlation Power Analysis . . . . . . . . . . . . . . . . . . . . . . 10 2.3 Side-Channel Leakage Assessment . . . . . . . . . . . . . . . . . . 12 2.3.1 Test Vector Leakage Assessment (TVLA) . . . . . . . . . . . . . . 15 2.3.2 Non-Specific TVLA . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.3.3 Leakage Detection with Chi-Squared (χ2) Test . . . . . . . . . . . . 17 2.4 Deep Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.4.1 Deep Learning in Side-Channel Analysis . . . . . . . . . . . . . . . 20 2.4.2 Deep Learning for Leakage Assessment . . . . . . . . . . . . . . . 22 Chapter 3 Proposed Leakage Assessment Technique — DDR-LA 25 3.1 DDR-LA Framework . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.2 DDR-LA Input/Output Scheme . . . . . . . . . . . . . . . . . . . . 27 3.3 DDR-LA Design Rationale . . . . . . . . . . . . . . . . . . . . . . . 28 3.3.1 Dimensionality Reduction for Leakage Assessment . . . . . . . . . 29 3.3.2 Linear Dimensionality Reduction for Leakage Assessment . . . . . 29 3.3.3 Principal Component Analysis (PCA) for Leakage Assessment . . . 30 3.3.4 Limitations of PCA-based Dimensionality Reduction . . . . . . . . 32 3.4 Detailed Flow of DDR-LA . . . . . . . . . . . . . . . . . . . . . . . 33 3.5 Proposed Deep Dimension Reduction Model . . . . . . . . . . . . . 34 3.5.1 Autoencoder in the Proposed Model . . . . . . . . . . . . . . . . . 36 3.5.2 Classifier in the Proposed Model . . . . . . . . . . . . . . . . . . . 36 3.5.3 Dimension Reduction and Hypothesis Testing using Proposed Model 37 3.5.4 Training the Proposed Model . . . . . . . . . . . . . . . . . . . . . 40 3.5.5 Network Architecture and Hyperparameters . . . . . . . . . . . . . 41 3.6 Locating Leakage with Sensitivity Analysis . . . . . . . . . . . . . . 42 3.7 Comparison between TVLA and DDR-LA . . . . . . . . . . . . . . 44 Chapter 4 Experimental Results 46 4.1 Experimental Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 4.1.1 Communication Scheme . . . . . . . . . . . . . . . . . . . . . . . 48 4.1.2 Clock Speed & Sampling Rate . . . . . . . . . . . . . . . . . . . . 50 4.2 Leakage Severity Assessment on Unprotected Implementations . . . 51 4.2.1 Leakage Severity Assessment on Unprotected Implementations . . . 51 4.2.2 Leakage Severity Assessment on Dataset without Leakage . . . . . 53 4.3 Leakage POI Detection on Unprotected Implementations . . . . . . . 54 4.4 Severity Assessment with Different Power Trace Counts . . . . . . . 61 4.5 POI Detection under Low Power Trace Conditions . . . . . . . . . . 64 4.6 DDR-LA on Artificial Second-Order Power Traces . . . . . . . . . . 72 4.6.1 Univariate Second-Order Power Traces . . . . . . . . . . . . . . . 75 4.6.2 Bivariate Second-Order Power Traces . . . . . . . . . . . . . . . . 78 4.7 DDR-LA on Boolean Masked AES Implementation . . . . . . . . . . 83 4.8 DDR-LA on Affine Masked AES Implementation . . . . . . . . . . 89 Chapter 5 Conclusion & Future Work 94 5.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 5.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 References 97 Appendix A — Mathematical Proofs 102 A.1 Proof of Artificial Generated Second-Order Leakage . . . . . . . . . 102 A.1.1 Power Value Calculation for Fixed and Random Input Sets . . . . . 103 A.1.2 Distribution Assumptions . . . . . . . . . . . . . . . . . . . . . . . 104 A.1.3 Mean and Variance Calculations . . . . . . . . . . . . . . . . . . . 105 A.1.3.1 Mean . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 A.1.3.2 Variance . . . . . . . . . . . . . . . . . . . . . . . . . 106 A.2 Proof of Independence . . . . . . . . . . . . . . . . . . . . . . . . . 108 A.2.1 Evaluating the Left-Hand Side (LHS) . . . . . . . . . . . . . . . . 109 A.2.2 Evaluating the Right-Hand Side (RHS) . . . . . . . . . . . . . . . . 110 A.2.3 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110	-
dc.language.iso	en	-
dc.subject	旁通道洩漏	-
dc.subject	旁通道洩漏評估	-
dc.subject	功率分析	-
dc.subject	深度學習	-
dc.subject	維度降維	-
dc.subject	Side-channel leakage	-
dc.subject	Leakage assessment	-
dc.subject	Power analysis	-
dc.subject	Deep learning	-
dc.subject	Dimensionality reduction	-
dc.title	基於深度學習降維之功率旁通道洩漏評估機制	zh_TW
dc.title	Power Side-Channel Leakage Assessment Mechanism Based on Deep Learning Dimensionality Reduction	en
dc.type	Thesis	-
dc.date.schoolyear	114-1	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	呂學坤;陳裕庭	zh_TW
dc.contributor.oralexamcommittee	Shyue-Kung Lu;Yu-Ting Chen	en
dc.subject.keyword	旁通道洩漏,旁通道洩漏評估功率分析深度學習維度降維	zh_TW
dc.subject.keyword	Side-channel leakage,Leakage assessmentPower analysisDeep learningDimensionality reduction	en
dc.relation.page	110	-
dc.identifier.doi	10.6342/NTU202504755	-
dc.rights.note	同意授權(全球公開)	-
dc.date.accepted	2025-12-05	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	電機工程學系	-
dc.date.embargo-lift	2030-12-03	-
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-114-1.pdf 此日期後於網路公開 2030-12-03	26.73 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。