Search

EP-4260222-B1 - NEURAL NETWORK CRYPTOGRAPHY COPROCESSOR PROVIDING COUNTERMEASTURE AGAINST SIDE-CHANNEL ANALYSIS

EP4260222B1EP 4260222 B1EP4260222 B1EP 4260222B1EP-4260222-B1

Inventors

  • LOUBET MOUNDI, PHILIPPE
  • Bourbao, Eric
  • CLAISE, Eric

Dates

Publication Date
20260513
Application Date
20211209

Claims (8)

  1. A method for securing a security device (301) against side-channel analysis attacks while performing a sensitive operation (323), the method comprising: - training (401) an attack neural network (305) to perform a side-channel attack against the security device while performing a sensitive operation; - creating (403) a training data set for a protective neural network (311) by applying a plurality of elementary protection combinations to the sensitive operation while performing the sensitive operation using a plurality of values for the piece of sensitive information, and for each elementary protection combination and sensitive information value, recording in the training data set whether the elementary protection combination prevented the attack neural network from discerning the sensitive information value; - training (405) a protective neural network (311) executing on a coprocessor of the security device using the training data set for the protective neural network such that an input to the protective neural network is a sensitive information value to be protected and an output of the protective neural network is an indicator of which combination of elementary protections to apply to protect the piece of information from being detectable using the attack neural network thereby producing a set of parameters for the protective neural network; and - programming (407) the coprocessor (303) of the security device with the set of parameters for the protective neural network.
  2. The method for securing a security device against side-channel analysis attacks while performing a sensitive operation of Claim 1, wherein the step of training an attack neural network comprises: - collecting (501) side-channel data traces while performing the sensitive operation on the security device using a large set of values for the sensitive information value used to perform the sensitive operation wherein for a given input side-channel data trace the attack neural network produces a predicted value for the sensitive information.
  3. The method for securing a security device against side-channel analysis attacks while performing a sensitive operation of Claim 1, the step of creating a training data set for the protective neural network comprises: - collecting side-channel data traces while performing the sensitive operation on the security device using a large set of values for the piece of sensitive information used to perform the sensitive operation; - applying the attack neural network to the collected side-channel data traces and recording for each collected data trace, whether the attack neural network successfully determined the sensitive information value associated with the data trace thereby producing a training data set with a record, for each combination of sensitive information value and elementary-protection combination, whether the elementary-protection combination successfully protected the sensitive information value from being determined by the attack neural network.
  4. The method for securing a security device against side-channel analysis attacks while performing a sensitive operation of Claim 1, wherein programming the coprocessor (303) of the security device comprises storing the set of parameters in a memory (307) connected to the coprocessor.
  5. The method for securing a security device against side-channel analysis attacks while performing a sensitive operation of Claim 1, wherein the piece of sensitive information is a cryptographic key.
  6. The method for securing a security device against side-channel analysis attacks while performing a sensitive operation of Claim 1, wherein the sensitive operation is either a cryptographic operation selected from a set comprising encryption, decryption, digital signature, and authentication or an operation selected from a set comprising memory transfer of sensitive data, biometric data manipulations, PIN code or password operations.
  7. The method for securing a security device against side-channel analysis attacks while performing a sensitive operation of Claim 1, wherein the combination of elementary protections comprises one or more elementary protections selected from software countermeasures comprising random interrupt, random memory cache flushing, random delay, dummy process, randomized execution order, masking with a random value, and hardware countermeasures comprising random interrupt, random memory cache flushing, activation of complementary computation, random delay, dummy clock cycle, power random noise insertion, power smoothing, jittering, clock randomization, bus encryption, randomized execution order, masking with a random value.
  8. A system for programming a security device (301) having a co-processor (303) operable to execute a neural network (305), the system comprising: a computer (209) connected to a device operable to produce side-channel data traces from an operation of a security device, the computer being programmed with instructions to: - train an attack neural network to perform a side-channel attack against the security device while performing a sensitive operation; - create a training data set for a protective neural network by applying a plurality of elementary protection combinations to the sensitive operation while performing the sensitive operation using a plurality of values for the piece of sensitive information and for each elementary protection combination and sensitive information value, recording in the training data set whether the elementary protection combination prevented the attack neural network from discerning the sensitive information value; - train a protective neural network executing on the coprocessor of the security device using the training data set for the protective neural network such that an input to the protective neural network is a sensitive information value to be protected and an output of the protective neural network is an indicator of which combination of elementary protections to apply to protect the piece of information from being detectable using the attack neural network thereby producing a set of parameters for the protective neural network; and - program the coprocessor of the security device with the set of parameters for the protective neural network.

Description

BACKGROUND OF THE INVENTION The present invention relates generally to electronic cryptography technology, and in particular to protecting a security device against side-channel attacks. Electronic communication and commerce can be powerful yet dangerous tools. With the wide-spread availability of network technology, such as the Internet, there is an ever-increasing use of online tools for communication and commerce. Every year more users find it easier or quicker to conduct important transactions, whether in the form of correspondence or commerce, using computers and computer networks. However, there is always the risk that the security of electronic transactions is compromised through interception by third parties who do not have the right to partake in the transactions. When malicious third parties obtain access to otherwise private transactions and data there is risk of economic loss, privacy loss, and even loss of physical safety. Cryptography is one mechanism employed to avoid intrusion into the privacy of electronic transactions and data. Cryptography is a technology for hiding a message in the presence of third parties using mathematical techniques in which a message is encrypted in such a way that it can only be decrypted using a secret key that should only be known by the recipient and/or sender of a message. Cryptographic algorithms have inputs and outputs. In the case of encryption, the input is a message that is to be protected in plaintext. The plaintext message is manipulated by the cryptographic algorithm to produce a ciphertext, the output. To produce the ciphertext the cryptographic algorithm performs certain mathematical operations that include the use of a secret key. The key may be a shared secret, e.g., between a sender and recipient, or may be a private key held by the recipient. Traditionally, both sender and recipient of a cryptographic message were considered secure. Cryptography's primary use was to transmit an encoded message from the sender to the recipient without fear that an intermediary would be able to decode the message. If an attacker has no access to the sender's or recipient's cryptographic devices, the attacker is limited to using the encoded message itself or possibly an encoded message and a corresponding plaintext message, to discern the cryptographic key used to encode or decode the message. However, if the attacker has access to the cryptographic device, the picture changes dramatically. One mechanism of ensuring that a private key is indeed kept private is to store the private key and any related key material on a secure portable device, e.g., a smart card or a mobile device. A smart card is a small tamper resistant computer often in the form of a credit card sized and shaped package. Smart cards may be used to store cryptographic keys and cryptography engines for performing encryption, decryption, and digital signatures. In one example, a user may receive an encrypted message and uses his smart card to decrypt the message by first authenticating to the smart card and then passing the message to the smart card for decryption. If authentication is successful, the smart card may use a cryptographic key stored on the card, and a corresponding cryptography engine, to decrypt the message and provide the decrypted message to the user. Similarly, if a user wishes to cryptographically sign a message, the user may pass the message to the user's smart card, which uses a cryptographic key of the user to digitally sign the message and to provide the signature back to the user or to a third-party recipient. If an attacker has access to the smart card, the attacker may make repeated observations of, for example, power consumption or electromagnetic emission, during the execution of the cryptographic algorithms and use such ancillary information in attempts to discern the secrets stored on the smart card, specifically secret cryptographic keys stored on the smart card. One such attack is the so-called side-channel attack. Side-channel attacks make use of the program timing, power consumption and/or the electronic emanation of a device that performs a cryptographic computation. The behavior of the device (timing, power consumption and electronic emanation) varies and depends directly on the program and on the data manipulated in the cryptographic algorithm. An attacker could take advantage of these variations to infer sensitive data leading to the recovery of a private key. In parallel to the development of side-channel analysis attacks, techniques have been developed to protect against attempts to recover keys, or other sensitive information, from side-channel leakages. These techniques, known as countermeasures, include attempts to hide the operations of the cryptography device from any side-channel data leakage, for example, by masking the data while being manipulated by cryptographic algorithms, by introducing dummy instructions, altering order of instructions, or manipulati