AI-Assisted DL-SCA Hardware Attacks Will Transform the Threat Landscape
As data becomes the world’s most valuable currency, the time, energy and computational investment required to gain unauthorized access to that data grows more and more worthwhile. The Fifth Wave of Computing sees the emergence of artificial intelligence (AI) and other technologies reliant on data, distributed faster than ever before across the Internet of things (IoT) by 5G networks. A society that relies on the generation, transportation and processing of data at all levels – personal, industrial and governmental – presents a highly rewarding opportunity for malicious parties, ripe for exploitation.
The Spectre and Meltdown attacks of last year cast a very bright spotlight on physical silicon security, reminding the world that vulnerabilities are not limited to software bugs, network weaknesses or human social engineering. Hardware vulnerabilities are not just a result of design oversight; instead, it’s the very nature of using that design in silicon that can create vulnerabilities in an otherwise secure system.
The Advanced Encryption Standard (AES) is a good example: mathematically it’s very strong, yet when committed to silicon the encryption process, leaks sensitive information via electromagnetic radiation or power consumption signature. That’s how researchers at cybersecurity company Fox-IT managed to wirelessly analyze and extract secret AES-256 encryption keys from an SoC in 2017, using what we call side-channel analysis (SCA).
Digital eavesdropping with side-channel analysis
SCA attacks come in many flavors, ranging from analyzing the power and electromagnetic radiation from the hardware to exploiting a system’s microarchitecture. Spectre and Meltdown each describe ways to exploit hardware vulnerabilities inherent in the design of many modern CPUs, using SCA.
SCA attacks start with a ‘data acquisition’ step: during this step an attacker collects the data from the target device. Typically, this data is comprised of power or electromagnetic traces. The next step after data acquisition is the ‘data analysis’ step, which is a two-phase approach for a hacker. The first phase can be a long and labor-intensive explorative process to identify the vulnerabilities within a system – requiring an attacker to analyze vast amounts of data such as power consumption traces in a bid to identify data leakage and to build an attack model. The second stage, applying the attack model and extracting sensitive information, is generally more straightforward.
Nevertheless, it’s a tedious process overall – more so when designs are protected – and likely to vary hugely in effectiveness based on operator expertise. As of this article’s publication, there are no known real-world attacks on systems using Spectre or Meltdown techniques.
Step up, artificial intelligence
However, mankind has a long history of weaponizing every technological breakthrough it makes – it began when our ancestors lifted the first stone or lit the first fire. The pace of modern technological evolution remains matched by the pace at which it is exploited for nefarious gain.
Artificial intelligence (AI) is rapidly expanding our ability to perform complex tasks quickly and in doing so, affecting every aspect of our lives. We’ve welcomed Alexa into our homes, we rely on face unlock features to access our smartphones, and we’re increasingly excited about autonomous vehicles making our commute a whole lot more relaxing. Enabling machines to learn and behave like humans has significant benefits – whether you’re on the path of right or wrong.
If the most tedious part of an SCA attack is that long, exploratory leakage analysis phase, why not outsource it to an AI?
Sadly, that’s not a hypothetical question. There are several published instances showing that machine learning (ML) is being harnessed and put to work seeking out vulnerabilities with serviceable results. However, training an ML algorithm in what to look for still requires significant human investment. ML requires feature extraction – the reduction of the raw data set into a data set that excludes the sample points or variables that don’t contain discriminatory information and feature selection, which is a dimensionality reduction step that removes irrelevant or redundant features. The feature extraction and feature selection steps require significant inputs from a human operator. This can be time consuming, heavily reliant on operator skill and therefore still a major roadblock to automating the tedious portions of SCA attack.
Deep learning (DL) is a subset of machine learning, which is better at overcoming the challenges that an attacker faces with supervised machine learning. Deep learning requires far less (and sometimes zero) human involvement in identifying and extracting features independent of their position in the data set. Deep learning is however a computationally intensive effort. This means, deep learning based SCA can trade machine effort for human effort to carry out attacks. Additionally, there are growing instances where deep learning enabled attacks are producing higher accuracy results compared to the other machine learning methods. For these reasons, deep learning enabled (or DL-SCA) SCA attacks are quickly becoming the weapon of choice for AI-enabled side-channel attackers – and a potentially serious threat to hardware devices at every level.
From a computational perspective, DL-SCA is significantly more intensive. But as hardware and algorithms advance, the barrier to entry will become ever lower. In the interest of drawing a realistic picture, it is important to note that Deep learning enabled SCA is far from being a push-button attack. To be accurate enough to be dangerous, besides large computing power, the DL-SCA technique requires huge amounts of labeled data for the training purposes. Targets will need to be very high value in order to make the process worthwhile for even the most determined attacker.
Fight fire with fire
At this stage, we must rely on traditional counter-measures – but future advancement may render these counter-measures less effective, or in some cases neutralize them completely. Security is never a solved problem. The defensive measures need to keep up with the advances on the offensive side. The industry is actively working on expanding its arsenal of mitigation techniques to counter the threat of these emerging attack vectors. In order to effectively combat DL-SCA attacks, it’s likely we’ll need to detect them before they happen.
It stands to reason, then, that the best defense we have against weaponized AI is… AI. By fighting fire with fire and training machines to recognize the warning signs of newly exploited vulnerabilities rather than just relying on specific attack signatures, we can create an ‘immune system’, capable of rapidly identifying previously unknown zero-day DL-SCA attacks.
This needs to happen at every point in the network – from the cloud to edge servers, right down to a device endpoint level. Ultra-lightweight ML routines might track behavior vectors in a device (power, tasks, device memory) and the network (bandwidth, traffic, deep packet analysis) in order to provide a detailed picture of a system in its ‘normal’ and ‘under attack’ states. These ‘TinyML’ routines will find their ways into the smallest embedded devices and become a first line of defense against DL-SCA attacks.
Rising to the challenge
This is far from the first time we’ve risen to the challenge of developing counter-measures that tackle vulnerabilities head-on. Alongside our partners, we will continue to provide products and services to address security concerns across a variety of verticals and we constantly look to deploy our expertise and innovation to address new hurdles.
We introduced the Platform Security Architecture (PSA) in response to the lack of cross-industry regulation and security standardization which we saw lead to avoidable vulnerabilities in IoT devices. Our Safety Ready programme is designed to ensure our automotive IP provides a trusted platform for vehicles. And our portfolio of secure IP, firmware and software, including Arm TrustZone technology for Cortex-A and Cortex M processors and a range of Arm TrustZone-enabled CPUs, was designed to remove friction and time-to-security across the design and development cycle.
This time it’s AI’s turn – and as over 85% of smartphones are already running AI workloads, we’re uniquely placed to ensure that Arm-powered devices are capable of intelligent defense. We’re dedicating significant resource to enabling AI everywhere and a key part of that effort is being applied to its role in hardware security and mitigating attacks such as DL-SCA.
We can’t stop technology being used for disreputable purposes, but in the fight for secure innovation, we’re happy to continue to lead the way. Arm will continue to track these threats as they evolve and develop solutions to combat them effectively. Watch this space.
Any re-use permitted for informational and non-commercial or personal use only.
Editorial Contact
Latest on Twitter
🗓️ Join us on Wednesday July 31 for our next financial results conference call.
After market close, we'll report our earnings results for the first quarter of fiscal year 2025, followed by a conference call to review our results and business outlook: https://okt.to/koqGT0
The "Write Once, Deploy Everywhere" approach to code is key to seamless deployment for developers.
Through expert talks and demos @WeAreDevs, we demonstrated how this is a game-changer for building and deploying next generation apps at scale.
Thanks to everyone who joined us!🙌
With the escalating need for power-efficient systems, @FujitsuFNC's turned to Arm to build the FUJITSU-MONAKA CPU - a processor designed to help achieve energy savings of 40% in Japanese data centers by 2030.
+ That's without compromising AI innovation: https://okt.to/WM0F3A
Arm KleidiAI brings 30% performance improvements to @Google AI Edge's MediaPipe and XNNPACK running the Gemma 2B LLM. 💪
This is the first integration of many, as we enable more LLMs to run as effectively and efficiently as possible on Arm mobile CPUs: https://okt.to/qLW8He
Flooding can happen anytime, but early warning systems can help reduce its impact on communities and protect lives.
We're proud to work with @UNICEF_uk and support the team in Karonga, Malawi to bring the latest in flood alert technology to communities:
How can developers stay ahead in the age of AI?
Andy Wafaa shares details on the tools required to optimize code, increase accessibility, and shape the future of computing at @WeAreDevs World Congress: https://okt.to/wJakX3
Since 2012, Raspberry Pi's been changing the game for businesses in the ecosystem.🚀
Founder & CEO, Eben Upton shares the origin story of Raspberry Pi and why he chose Arm as the architecture of choice:
Interview recorded in Jan 2023.
Arm Education in Conversation with Eben Upton
In this episode, we interview Eben Upton, founder and CEO of Raspberry Pi (Trading) Ltd. Eben shares with us the...
okt.to
In the age of AI, collaboration is crucial to solve technological and societal challenges.
Together with a group of academics at our Cambridge office, we've developed a "Call for Action," identifying the steps needed to ensure AI adoption in both the public and private sectors.
Ready to upscale your mobile game development without losing performance?
👉 Say hello to Arm Accuracy Super Resolution
It's our open source solution derived from FSR2, designed to increase the resolution of images from low to high with our efficient shader code:
.@AWSCloud Graviton4 is here! 🙌
Announced in GA, Graviton4 uses Arm Neoverse V2 to provide the most powerful, energy efficient AWS processor to date.
It follows 5+ years of collaboration on Graviton to enable CPU silicon innovation in the Amazon Cloud: https://okt.to/UWM0FR
Proud to partner with @AlzheimersBRACE to support dementia research and foster community. 🤝
From running the Bristol Half-Marathon to raising £2K+ for charity and spreading awareness, shoutout to our team for making a real impact. 💙
Not sure where to start with running Llama models? We've got you. Our 🆕 learning path teaches you how to build and run a simple Android Chat app with different Llama models using ExecuTorch and XNNPACK.
Dive into the step-by-step guide in the link below.
⚡ Silicon is defining and revolutionizing technology.
With the help of our partners, we're at the forefront of its evolution, driving innovative new approaches to silicon design with CSS and chiplets to define the future of computing.
More in @WSJ. 👇
Paid Program: The Evolution of Silicon
From Moore’s Law to today’s modern designs for AI, silicon is defining technology markets now and in the future.
okt.to
Arm CSS for Client is unleashing the power of the Armv9 architecture for AI innovation.
CSS for Client delivers physical implementations across Arm CPUs and GPUs, simplifying SoC builds for the fastest path to production silicon.
Learn more👇 https://okt.to/Q3yLjc
The advancements in large multimodal models and GenAI herald a new era in AI robotics.
That’s why tomorrow's robotics are harnessing the power of LLMs to improve energy efficiency, security, and functional safety.
🦾 And it's all happening #onArm: https://okt.to/6nbZ9m
The world's leading AI companies are prioritizing data center efficiency to scale and grow. And they're doing it #onArm.
Arm CMO Ami Badani joined The Artificial Human Podcast to discuss why efficiency is crucial to driving AI innovation.
The Artificial Human - How green is my AI? - BBC Sounds
Aleks Krotoski and Kevin Fong ask, how green is my AI?
okt.to
Here's a glimpse of our #INWED24 celebrations in Kenya, Ghana and Switzerland.
The Arm-Ambassador-led events brought everyone together to celebrate the significant impact of women engineers and to inspire future innovators to help bridge the STEM gap: https://okt.to/9ZAuna
Find $ARM in the Nasdaq-100 Index from today. 🙌
As we go from strength-to-strength as a public company, we're excited to join industry leading companies on the @Nasdaq stock exchange, emphasizing the importance of Arm tech among the global ecosystem: https://okt.to/gpRsAe
Create the best possible AI experiences with KleidiAI. ⚡
KleidiAI provides a collection of highly optimized AI kernels that can be embedded directly into popular AI frameworks as part of Kleidi Libraries.
Ready to reap the benefits?
🥳 Our partners @HPE and @NVIDIA are making turnkey private-cloud AI a reality!
Announced this week, NVIDIA AI Computing by HPE brings the power and efficiency of Grace Hopper Superchips, built #onArm, to the HPE ProLiant Compute DL384 Gen12 server.
HPE ProLiant Compute DL384 Gen12 | HPE Store United Kingdom
okt.to
For #WorldRefugeeDay, we're celebrating our partnership with @Refugees & @UNRefugeesUK to ensure AI tools for humanitarian efforts are used responsibly.
By supporting @UNHCRinnovation, we can ensure diversity is built into tools from the ground up:
We're putting the foundations in place for a thriving, diverse, chiplet ecosystem in Automotive.
From participation in @imec_int's Automotive Chiplet Program, to our role in SOAFEE, here's how we're ensuring interoperability and performance for chiplets: https://okt.to/eBfYgd
Here's to our fantastic, award-winning Internal Comms team. 👏
At the #ICEAwards, the team took home 3️⃣ awards for:
⭐ Best event
⭐ Best Internal Comms from the tech, media and telecommunications sector
⭐ Best Internal Comms Campaign in a large business under 10,000 employees
Rene Haas joined the Samsung Foundry Forum to discuss our almost 30-year partnership and the possibilities of Arm CSS.
By removing the complexity from SoC development, Arm CSS enables our partners to move faster in the age of AI, with the support of partners like Samsung.
