Leveraging Deep Learning Techniques for Cross-Family Side-Channel Attacks on 8-bit Microcontrollers

The decreasing price of consumer electronics and the rise of the Internet of Things (“IoT”) paradigm are contributing to the massive spread of embedded systems and microcontrollers. These low cost devices, often characterized by limited performance, internet connectivity and low power consumption are now permeating our lives with applications in home appliances, wearable devices and industrial controllers. Despite being so widely spread, the protection of the data they handle is rarely tackled. Cryptographic algorithms were developed to provide effective protection mechanisms against cyber attackers, although their implementation on physical devices plays an important role in their attack resistance, exposing new vulnerabilities. The elevated number of embedded devices combined with the importance of sensitive data led to new attack methodologies, known as Side-Channel Analysis (“SCA”). SCA consists of a series of techniques that exploit energy leakages (e.g., power, thermal, electromagnetic) to extract secret information about data handled by a device, and decrease the time needed to lead a successful attack by orders of magnitude with respect to brute-force. In recent years, Deep Learning techniques have been leveraged to achieve improvements in this research field, leading to the rise of Deep Learning Side-Channel Analysis (“DLSCA”). Deep Learning promises to solve some of the problems encountered by classic Side-Channel Analysis techniques, such as the need for human intervention (e.g., features extraction and leakage model selection), and aims at improving the accuracy and the efficiency of the attacks. The relevance of DLSCA is increasing, as demonstrated by the large quantity of studies carried out since the past mid-decade. Similarly, new challenges for researchers in the field are arising, such as the need to use the knowledge acquired during attacks to build effective defensive mechanisms, the portability of attacks across different devices or “ablation” as a solution to design lighter Deep Learning models. Among these challenges, the problem of the portability of attacks is tackled only marginally, needing considerable expertise in both Security for Embedded Systems and Deep Learning Techniques. This work aims at studying the behavior of Deep Learning models in cross-devices scenarios, exploring their capabilities and limits in new portability contexts, taking advantage of the novelties introduced by DLSCA. The knowledge gained from devices in a specific group of microcontrollers (known as "profiling devices", considering Microchip’s PIC18XXXK42 family) is exploited to launch an attack on devices from a different group of microcontrollers (referred to as "attack devices", from Microchip’s PIC18XXXK20 family), despite the differences between the two groups. In the case of Power Side-Channel Analysis, the acquisition of traces from the 8-bit microcontrollers is performed thanks to an open-source toolkit called “ChipWhisperer”, by NewAE. The work relies on the open-source framework “AISY”, developed by the Delft University of Technology, and partly on the framework for DLSCA by eShard. The results obtained demonstrate that it is possible to perform cross-family attacks with all the trained models shown in the thesis, although the best performance can only be achieved leveraging an ad-hoc model tuned for the profiling dataset, correctly configured for the attack.