CN-121984659-A - Side channel detection method based on hybrid model

Abstract

The invention discloses a side channel detection method based on a hybrid model, and belongs to the field of side channel detection. The method comprises the steps of signal acquisition, data preprocessing, mixed model training, mixed model reasoning, parameter estimation and result output. The invention adopts the pearson correlation coefficient to analyze the initial power consumption track data set, screens out the part which is strongly correlated with the key leakage, builds a new track data set, screens out the optimal side channel analysis model through reasonable label construction and model training and test flow, and effectively solves the problem of unbalanced track of the data set in the prior art.

Inventors

• MA XIN
• SUN CHAO
• WEN DA
• YU SHILONG

Assignees

• 北京理工大学深圳汽车研究院(电动车辆国家工程实验室深圳研究院)
• 深圳艾钜思科技有限公司

Dates

Publication Date

20260505

Application Date

20260210

Claims (6)

1. 1. The side channel detection method based on the mixed model is characterized by comprising the following steps of: s1, signal acquisition, namely capturing instantaneous power consumption fluctuation of the password equipment when encryption/decryption operation is carried out by using a signal acquisition module through non-invasive voltage sampling, wherein the instantaneous power consumption fluctuation contains leakage information related to a secret key; S2, preprocessing data, namely removing redundant data and suppressing noise through statistical analysis by utilizing a data preprocessing module, solving the problem of unbalanced labels, and providing high-quality input for model training; s3, training a mixed model, namely, utilizing a mixed model training module, optimizing local feature extraction capacity through a layered training strategy, and then strengthening time sequence associated modeling capacity to ensure that the model captures short-term mutation and long-term dependence simultaneously; s4, mixed model reasoning, namely inputting test set data into a trained model through a mixed model reasoning module, merging probability sequencing with multiple tracks, and estimating a secret key with high accuracy, and screening out a model version with optimal performance; S5, parameter estimation, namely estimating key parameters of each layer of the model by using a parameter estimation module through gradient descent and statistical analysis, and optimizing super parameters of a data preprocessing link to ensure the stability of the model in different scenes; And S6, outputting results, namely converting the model reasoning results into visual detection reports through a result output module, covering key speculation results, model performance indexes and risk assessment, and providing decision basis for side channel attack defense.
2. 2. The mixed model based side channel detection method of claim 1, wherein the data preprocessing includes key feature screening and data balance optimization; The key feature screening is specifically to define a Hamming Weight (HW) -voltage value (V) correlation model, namely, calculating the Hamming weight output by an S box of an AES 1 st round for each track, taking the Hamming weight as a leakage label, and calculating pearson correlation coefficients with voltage values of 10,000 sampling points in the track one by one: Wherein, the For the hamming value of each sample point, For the hamming average of all the sample points, For the voltage value of each sampling point, Setting a correlation coefficient threshold value |r| >0.7, screening out sampling points meeting the conditions, forming the sampling points into a simplified track, and eliminating irrelevant redundant data; The data balance optimization is specifically that the label distribution of the statistic reduced track is that the sample ratio of HW=4 is highest, the sample ratios of HW=0 and HW=8 are the highest, the SMOTE oversampling algorithm is adopted to expand few types of samples, Z-Score standardization is carried out on the expanded data set, the magnitude difference of voltage values is eliminated, and the model is prevented from deviating to the high-voltage value samples.
3. 3. The method for detecting side channels based on the mixed model according to claim 1, wherein in the process of training the mixed model, the preprocessed reduced tracks are divided into a training set and a testing set according to a ratio of 7:3, and the label of each track outputs hamming weight for the corresponding AES 1 st round S box, and simultaneously records the real subkey corresponding to each track.
4. 4. The method for detecting side channels based on the mixed model according to claim 1, wherein in the mixed model estimation, two core indexes are set, namely a key recovery success rate, an inference delay, a target threshold value is 95% of the success rate and the delay is <5ms.
5. 5. The method for detecting side channels based on the mixed model according to claim 1, wherein the parameter estimation includes a convolution layer parameter and an LSTM gating parameter, the convolution layer parameter calculates a gradient by back propagation, updates a 3×3 convolution kernel weight of 3 convolution layers, and the LSTM gating parameter estimates weights and offsets of an input gate, a forget gate, and an output gate.
6. 6. The method for detecting the side channel based on the mixed model according to claim 1, wherein the result output comprises a subkey presumption result table and a power consumption leakage thermodynamic diagram, wherein the subkey presumption result table lists presumption values of the AES16 subkeys and corresponding rank values, marks whether recovery is successful or not, and the power consumption leakage thermodynamic diagram draws a thermodynamic diagram of a correlation coefficient between an original track sampling point and hamming weight based on a pearson correlation coefficient in a preprocessing stage.

Description

Side channel detection method based on hybrid model Technical Field The invention relates to side channel detection, in particular to a side channel detection method based on a mixed model. Background Side channel detection techniques aim to identify potential attacks or recover sensitive information by analyzing physical information (e.g., power consumption, electromagnetic radiation, computation time, etc.) revealed when cryptographic devices perform encryption/decryption operations, the technological evolution of which has transitioned from traditional statistical methods to a deep learning driven intelligent analysis phase. The traditional statistical side channel detection technology has the core defects of extremely poor noise resistance, dependence on manual modeling and characteristic engineering and incapability of processing high-dimensional data redundancy, and is simple in power consumption analysis (SPA) and differential power consumption analysis (DPA) and template attack (TEMPLATE ATTACK). The single deep learning model based side channel detection technology, CNN dominant side channel detection technology and LSTM/RNN dominant side channel detection technology have the core defects that the characteristic extraction capability has natural limitation, the model bias is caused by data unbalance, the robustness to protective measures is insufficient, and the model generalization capability is poor. Whether the traditional statistical method or the single deep learning model is adopted, the contradiction between three major core contradictions in side channel detection, namely the contradiction between high-dimensional redundancy and effective feature extraction, the contradiction between time sequence association and local mutation capture, and the contradiction between data imbalance and model generalization are not solved. The defects cause that the prior art is low in efficiency and needs massive data in an actual scene, or poor in robustness and easy to crack by protective measures, and cannot meet the high-efficiency detection requirements of resource-limited devices such as intelligent cards, sensors of the Internet of things and the like. Disclosure of Invention The invention aims to provide a side channel analysis method based on BiLSTM and CNN mixed model, which improves the accuracy of side channel analysis by constructing a specific data set processing flow and a model training method. The technical scheme is that the side channel detection method based on the hybrid model comprises the following steps: s1, signal acquisition, namely capturing instantaneous power consumption fluctuation of the password equipment when encryption/decryption operation is carried out by using a signal acquisition module through non-invasive voltage sampling, wherein the instantaneous power consumption fluctuation contains leakage information related to a secret key; S2, preprocessing data, namely removing redundant data and suppressing noise through statistical analysis by utilizing a data preprocessing module, solving the problem of unbalanced labels, and providing high-quality input for model training; s3, training a mixed model, namely, utilizing a mixed model training module, optimizing local feature extraction capacity through a layered training strategy, and then strengthening time sequence associated modeling capacity to ensure that the model captures short-term mutation and long-term dependence simultaneously; s4, mixed model reasoning, namely inputting test set data into a trained model through a mixed model reasoning module, merging probability sequencing with multiple tracks, and estimating a secret key with high accuracy, and screening out a model version with optimal performance; S5, parameter estimation, namely estimating key parameters of each layer of the model by using a parameter estimation module through gradient descent and statistical analysis, and optimizing super parameters of a data preprocessing link to ensure the stability of the model in different scenes; And S6, outputting results, namely converting the model reasoning results into visual detection reports through a result output module, covering key speculation results, model performance indexes and risk assessment, and providing decision basis for side channel attack defense. Further, the data preprocessing comprises key feature screening and data balance optimization; The key feature screening is specifically to define a Hamming Weight (HW) -voltage value (V) correlation model, namely, calculating the Hamming weight output by an S box of an AES 1 st round for each track, taking the Hamming weight as a leakage label, and calculating pearson correlation coefficients with voltage values of 10,000 sampling points in the track one by one: Wherein, the For the hamming value of each sample point,For the hamming average of all the sample points,For the voltage value of each sampling point,Setting a correlation coefficient threshol