Machine Learning Power Side-Channel Attack on SNOW-V
Abstract
This paper demonstrates a power analysis-based Side-Channel Analysis (SCA) attack on the SNOW-V encryption algorithm, which is a 5G mobile communication security standard candidate. Implemented on an STM32 microcontroller, power traces captured with a ChipWhisperer board were analyzed, with Test Vector Leakage Assessment (TVLA) confirming exploitable leakage. Profiling attacks using Linear Discriminant Analysis (LDA) and Fully Connected Neural Networks (FCN) achieved efficient key recovery, with FCN achieving > 5X lower minimum traces to disclosure (MTD) compared to the state-of-the-art Correlational Power Analysis (CPA) assisted with LDA. The results highlight the vulnerability of SNOW-V to machine learning-based SCA and the need for robust countermeasures.
Summary
This paper investigates the vulnerability of the SNOW-V stream cipher, a candidate for 5G mobile communication security, to power side-channel attacks (SCAs). The researchers implemented SNOW-V on an STM32 microcontroller and captured power traces using a ChipWhisperer board. They employed Test Vector Leakage Assessment (TVLA) to confirm the presence of exploitable leakage. The core of their attack involved profiling techniques using Linear Discriminant Analysis (LDA) and Fully Connected Neural Networks (FCNs) to recover the secret key. The study progressively recovered key bits, starting from single bits up to 8 bits. The performance of LDA and FCN was compared in terms of key recovery accuracy and the minimum number of traces to disclosure (MTD). The key finding is that FCNs significantly outperform LDA in recovering the secret key from power traces. Specifically, FCNs achieved a >5x reduction in MTD compared to the state-of-the-art Correlational Power Analysis (CPA) assisted with LDA. The authors highlight that FCNs can effectively learn complex, non-linear leakage patterns without manual feature engineering, leading to higher accuracy even under noisy conditions. This research demonstrates the effectiveness of machine learning-based profiling attacks on SNOW-V and underscores the need for robust countermeasures, such as masking or hiding, to secure SNOW-V against such attacks. The results illustrate the practicality of deep learning-based SCA and its potential to break cryptographic algorithms considered resistant to traditional SCA methods.
Key Insights
- •FCNs achieve >5x lower Minimum Traces to Disclosure (MTD) compared to CPA assisted with LDA, demonstrating superior efficiency in key recovery.
- •FCNs, when combined with PCA for dimensionality reduction, achieve approximately 80% accuracy in recovering 8 bits of the secret key, whereas models without PCA fall below 10%.
- •TVLA was used to confirm the presence of data-dependent leakage in the SNOW-V implementation on an STM32 microcontroller by checking if the absolute t-value exceeds 4.5.
- •LDA is effective for low-dimensional classification, achieving approximately 99% accuracy for 1-bit recovery and 90-95% for 2-bit recovery, but its performance degrades significantly for higher bit recovery (e.g., 60% for 8-bit recovery).
- •PCA improves FCN performance by reducing dimensionality and noise, particularly in higher-bit recovery tasks. For example, PCA improved accuracy from around 85% to 95% for 2-bit recovery, and from nearly 50% to above 75% for 4-bit recovery.
- •Different activation functions in FCNs (ReLU, LeakyReLU, PReLU, SELU, ELU) show varying performance, with SELU and ELU consistently achieving the highest accuracy due to their negative and zero-centered activations.
- •The study targeted LFSR registers a[15] and b[15] in SNOW-V's architecture for key extraction, exploiting update functions dependent on known and key-related LFSR blocks.
Practical Implications
- •The research highlights the vulnerability of SNOW-V to advanced profiling attacks, urging cryptographers and security engineers to implement robust countermeasures like masking or hiding to protect implementations of SNOW-V.
- •Cryptographic hardware and software developers can use the methodology presented (power trace capture, TVLA, LDA/FCN profiling) to evaluate the side-channel resistance of other cryptographic algorithms and implementations.
- •The superior performance of FCNs demonstrates the potential of deep learning in side-channel analysis, encouraging further research into advanced neural architectures and automated feature selection techniques for improved attack efficiency.
- •The findings suggest that traditional SCA countermeasures might be insufficient against machine learning-based attacks, necessitating the development and deployment of more sophisticated defenses.
- •Future research could focus on exploring the resilience of SNOW-V and other cryptographic algorithms against these attacks in diverse leakage scenarios and on different hardware platforms.