Uncertainty Analysis in Cryptographic Key Recovery for Machine Learning-Based Power Measurements Attacks

The present work concerns side-channel attacks on cryptographic devices protected with the advanced encryption standard (AES). In this regard, the assessment of guessing entropy (GE) and the related uncertainty is proposed for machine-learning-based attacks based on power measurements. For the first time, the GE was assessed on the entire key while uncertainty was introduced in the field of side-channel attacks, thus allowing a more rigorous vulnerability test for a device. Notably, a state-of-the-art attack relying on a multilayer perceptron is exploited for classifying power traces leaked from physically accessible devices. A public database was exploited for the sake of results' reproducibility. Thanks to cross-validation, the uncertainty associated with retrieving a single key byte can be quantified and then propagated to the entire key by means of the Monte Carlo method. It is thus shown that when exploiting about 4000 attack records (traces), there is a 10% probability to retrieve the secret key as a whole with less than ten attempts. This implies that a full cryptographic key can be discovered on average ten times for every 100 similar devices by a side-channel attack. This poses security threats particularly relevant in an Internet-of-Things scenario and addresses the need for improved vulnerability testing and proper countermeasures.