Arm Newsroom Blog

AI-Assisted DL-SCA Hardware Attacks Will Transform the Threat Landscape

As hackers begin to explore the benefits of deep learning-enabled side-channel attacks, weaponized AI stands to serve in both an offensive and defensive capacity
By Arm Editorial Team

As data becomes the world’s most valuable currency, the time, energy and computational investment required to gain unauthorized access to that data grows more and more worthwhile. The Fifth Wave of Computing sees the emergence of artificial intelligence (AI) and other technologies reliant on data, distributed faster than ever before across the Internet of things (IoT) by 5G networks. A society that relies on the generation, transportation and processing of data at all levels – personal, industrial and governmental – presents a highly rewarding opportunity for malicious parties, ripe for exploitation.

The Spectre and Meltdown attacks of last year cast a very bright spotlight on physical silicon security, reminding the world that vulnerabilities are not limited to software bugs, network weaknesses or human social engineering. Hardware vulnerabilities are not just a result of design oversight; instead, it’s the very nature of using that design in silicon that can create vulnerabilities in an otherwise secure system.

The Advanced Encryption Standard (AES) is a good example: mathematically it’s very strong, yet when committed to silicon the encryption process, leaks sensitive information via electromagnetic radiation or power consumption signature. That’s how researchers at cybersecurity company Fox-IT managed to wirelessly analyze and extract secret AES-256 encryption keys from an SoC in 2017, using what we call side-channel analysis (SCA).

Digital eavesdropping with side-channel analysis

SCA attacks come in many flavors, ranging from analyzing the power and electromagnetic radiation from the hardware to exploiting a system’s microarchitecture. Spectre and Meltdown each describe ways to exploit hardware vulnerabilities inherent in the design of many modern CPUs, using SCA.

SCA attacks start with a ‘data acquisition’ step: during this step an attacker collects the data from the target device. Typically, this data is comprised of power or electromagnetic traces. The next step after data acquisition is the ‘data analysis’ step, which is a two-phase approach for a hacker. The first phase can be a long and labor-intensive explorative process to identify the vulnerabilities within a system – requiring an attacker to analyze vast amounts of data such as power consumption traces in a bid to identify data leakage and to build an attack model. The second stage, applying the attack model and extracting sensitive information, is generally more straightforward.

Nevertheless, it’s a tedious process overall – more so when designs are protected – and likely to vary hugely in effectiveness based on operator expertise. As of this article’s publication, there are no known real-world attacks on systems using Spectre or Meltdown techniques.

Step up, artificial intelligence

However, mankind has a long history of weaponizing every technological breakthrough it makes – it began when our ancestors lifted the first stone or lit the first fire. The pace of modern technological evolution remains matched by the pace at which it is exploited for nefarious gain.

Artificial intelligence (AI) is rapidly expanding our ability to perform complex tasks quickly and in doing so, affecting every aspect of our lives. We’ve welcomed Alexa into our homes, we rely on face unlock features to access our smartphones, and we’re increasingly excited about autonomous vehicles making our commute a whole lot more relaxing. Enabling machines to learn and behave like humans has significant benefits – whether you’re on the path of right or wrong.

If the most tedious part of an SCA attack is that long, exploratory leakage analysis phase, why not outsource it to an AI?

Sadly, that’s not a hypothetical question. There are several published instances showing that machine learning (ML) is being harnessed and put to work seeking out vulnerabilities with serviceable results. However, training an ML algorithm in what to look for still requires significant human investment. ML requires feature extraction – the reduction of the raw data set into a data set that excludes the sample points or variables that don’t contain discriminatory information and feature selection, which is a dimensionality reduction step that removes irrelevant or redundant features. The feature extraction and feature selection steps require significant inputs from a human operator. This can be time consuming, heavily reliant on operator skill and therefore still a major roadblock to automating the tedious portions of SCA attack.

Deep learning (DL) is a subset of machine learning, which is better at overcoming the challenges that an attacker faces with supervised machine learning. Deep learning requires far less (and sometimes zero) human involvement in identifying and extracting features independent of their position in the data set. Deep learning is however a computationally intensive effort. This means, deep learning based SCA can trade machine effort for human effort to carry out attacks. Additionally, there are growing instances where deep learning enabled attacks are producing higher accuracy results compared to the other machine learning methods. For these reasons, deep learning enabled (or DL-SCA) SCA attacks are quickly becoming the weapon of choice for AI-enabled side-channel attackers – and a potentially serious threat to hardware devices at every level.

From a computational perspective, DL-SCA is significantly more intensive. But as hardware and algorithms advance, the barrier to entry will become ever lower. In the interest of drawing a realistic picture, it is important to note that Deep learning enabled SCA is far from being a push-button attack. To be accurate enough to be dangerous, besides large computing power, the DL-SCA technique requires huge amounts of labeled data for the training purposes. Targets will need to be very high value in order to make the process worthwhile for even the most determined attacker.

Fight fire with fire

At this stage, we must rely on traditional counter-measures – but future advancement may render these counter-measures less effective, or in some cases neutralize them completely. Security is never a solved problem. The defensive measures need to keep up with the advances on the offensive side. The industry is actively working on expanding its arsenal of mitigation techniques to counter the threat of these emerging attack vectors. In order to effectively combat DL-SCA attacks, it’s likely we’ll need to detect them before they happen.

It stands to reason, then, that the best defense we have against weaponized AI is… AI. By fighting fire with fire and training machines to recognize the warning signs of newly exploited vulnerabilities rather than just relying on specific attack signatures, we can create an ‘immune system’, capable of rapidly identifying previously unknown zero-day DL-SCA attacks.

This needs to happen at every point in the network – from the cloud to edge servers, right down to a device endpoint level. Ultra-lightweight ML routines might track behavior vectors in a device (power, tasks, device memory) and the network (bandwidth, traffic, deep packet analysis) in order to provide a detailed picture of a system in its ‘normal’ and ‘under attack’ states. These ‘TinyML’ routines will find their ways into the smallest embedded devices and become a first line of defense against DL-SCA attacks.

Rising to the challenge

This is far from the first time we’ve risen to the challenge of developing counter-measures that tackle vulnerabilities head-on. Alongside our partners, we will continue to provide products and services to address security concerns across a variety of verticals and we constantly look to deploy our expertise and innovation to address new hurdles.

We introduced the Platform Security Architecture (PSA) in response to the lack of cross-industry regulation and security standardization which we saw lead to avoidable vulnerabilities in IoT devices. Our Safety Ready programme is designed to ensure our automotive IP provides a trusted platform for vehicles. And our portfolio of secure IP, firmware and software, including Arm TrustZone technology for Cortex-A and Cortex M processors and a range of Arm TrustZone-enabled CPUs, was designed to remove friction and time-to-security across the design and development cycle.

This time it’s AI’s turn – and as over 85% of smartphones are already running AI workloads, we’re uniquely placed to ensure that Arm-powered devices are capable of intelligent defense. We’re dedicating significant resource to enabling AI everywhere and a key part of that effort is being applied to its role in hardware security and mitigating attacks such as DL-SCA.

We can’t stop technology being used for disreputable purposes, but in the fight for secure innovation, we’re happy to continue to lead the way. Arm will continue to track these threats as they evolve and develop solutions to combat them effectively. Watch this space.

Article Text
Copy Text

Any re-use permitted for informational and non-commercial or personal use only.

Editorial Contact

Brian Fuller and Jack Melling
Subscribe to Blogs and Podcasts
Get the latest blogs & podcasts direct from Arm

Latest on Twitter