As data becomes the world’s most valuable currency, the time, energy and computational investment required to gain unauthorized access to that data grows more and more worthwhile. The Fifth Wave of Computing sees the emergence of artificial intelligence (AI) and other technologies reliant on data, distributed faster than ever before across the Internet of things (IoT) by 5G networks. A society that relies on the generation, transportation and processing of data at all levels – personal, industrial and governmental – presents a highly rewarding opportunity for malicious parties, ripe for exploitation.
and Meltdown attacks of last year cast a very bright spotlight on physical silicon
security, reminding the world that vulnerabilities are not limited to software
bugs, network weaknesses or human social engineering. Hardware vulnerabilities
are not just a result of design oversight; instead, it’s the very nature of using
that design in silicon that can create vulnerabilities in an otherwise secure
Encryption Standard (AES)
is a good example: mathematically it’s very strong, yet when committed to
silicon the encryption process, leaks sensitive information via electromagnetic
radiation or power consumption signature. That’s how researchers at
cybersecurity company Fox-IT managed to wirelessly analyze and extract secret
AES-256 encryption keys from an SoC in 2017, using what we call side-channel
Digital eavesdropping with side-channel analysis
come in many flavors, ranging from analyzing the power and electromagnetic
radiation from the hardware to exploiting a system’s microarchitecture. Spectre
and Meltdown each describe ways to exploit hardware vulnerabilities inherent in
the design of many modern CPUs, using SCA.
start with a ‘data acquisition’ step: during this step an attacker collects the
data from the target device. Typically, this data is comprised of power or electromagnetic
traces. The next step after data acquisition is the ‘data analysis’ step, which
is a two-phase approach for a hacker. The first phase can be a long and
labor-intensive explorative process to identify the vulnerabilities within a
system – requiring an attacker to analyze vast amounts of data such as power
consumption traces in a bid to identify data leakage and to build an attack
model. The second stage, applying the attack model and extracting sensitive
information, is generally more straightforward.
Nevertheless, it’s a tedious process overall – more so when designs are protected – and likely to vary hugely in effectiveness based on operator expertise. As of this article’s publication, there are no known real-world attacks on systems using Spectre or Meltdown techniques.
Step up, artificial intelligence
has a long history of weaponizing every technological breakthrough it makes –
it began when our ancestors lifted the first stone or lit the first fire. The
pace of modern technological evolution remains matched by the pace at which it
is exploited for nefarious gain.
intelligence (AI) is rapidly expanding our ability to perform complex tasks
quickly and in doing so, affecting every aspect of our lives. We’ve welcomed
Alexa into our homes, we rely on face unlock features to access our smartphones,
and we’re increasingly excited about autonomous vehicles making our commute a
whole lot more relaxing. Enabling machines to learn and behave like humans has
significant benefits – whether you’re on the path of right or wrong.
If the most
tedious part of an SCA attack is that long, exploratory leakage analysis phase,
why not outsource it to an AI?
that’s not a hypothetical question. There are several published instances
showing that machine learning (ML) is being harnessed and put to work seeking
out vulnerabilities with serviceable results. However, training an ML algorithm
in what to look for still requires significant human investment. ML requires feature
extraction – the reduction of the raw data set into a data set that excludes
the sample points or variables that don’t contain discriminatory information and
feature selection, which is a dimensionality reduction step that removes
irrelevant or redundant features. The feature extraction and feature selection
steps require significant inputs from a human operator. This can be time
consuming, heavily reliant on operator skill and therefore still a major roadblock
to automating the tedious portions of SCA attack.
Deep learning (DL) is a subset of machine learning, which is better at overcoming the challenges that an attacker faces with supervised machine learning. Deep learning requires far less (and sometimes zero) human involvement in identifying and extracting features independent of their position in the data set. Deep learning is however a computationally intensive effort. This means, deep learning based SCA can trade machine effort for human effort to carry out attacks. Additionally, there are growing instances where deep learning enabled attacks are producing higher accuracy results compared to the other machine learning methods. For these reasons, deep learning enabled (or DL-SCA) SCA attacks are quickly becoming the weapon of choice for AI-enabled side-channel attackers – and a potentially serious threat to hardware devices at every level.
computational perspective, DL-SCA is significantly more intensive. But as
hardware and algorithms advance, the barrier to entry will become ever lower. In the interest of drawing a realistic
picture, it is important to note that Deep learning enabled SCA is far from being
a push-button attack. To be accurate enough to be dangerous, besides large
computing power, the DL-SCA technique requires huge amounts of labeled data for
the training purposes. Targets will need to be very high value in order to make
the process worthwhile for even the most determined attacker.
Fight fire with fire
stage, we must rely on traditional counter-measures – but future advancement may render
these counter-measures less effective, or in some cases neutralize them
completely. Security is never a solved problem. The defensive measures need to
keep up with the advances on the offensive side. The industry is actively
working on expanding its arsenal of mitigation techniques to counter the threat
of these emerging attack vectors. In order to effectively combat DL-SCA
attacks, it’s likely we’ll need to detect them before they happen.
to reason, then, that the best defense we have against weaponized AI is… AI. By fighting fire with fire and training
machines to recognize the warning signs of newly exploited vulnerabilities rather
than just relying on specific attack signatures, we can create an ‘immune
system’, capable of rapidly identifying previously unknown zero-day DL-SCA attacks.
This needs to happen at every point in the network – from the cloud to edge servers, right down to a device endpoint level. Ultra-lightweight ML routines might track behavior vectors in a device (power, tasks, device memory) and the network (bandwidth, traffic, deep packet analysis) in order to provide a detailed picture of a system in its ‘normal’ and ‘under attack’ states. These ‘TinyML’ routines will find their ways into the smallest embedded devices and become a first line of defense against DL-SCA attacks.
Rising to the challenge
This is far from the first time we’ve risen to the
challenge of developing counter-measures that tackle vulnerabilities head-on. Alongside our partners, we will
continue to provide products and services to address security concerns across a
variety of verticals and we constantly look to deploy our expertise and
innovation to address new hurdles.
introduced the Platform Security Architecture (PSA) in response to the lack of
cross-industry regulation and security standardization which we saw lead to
avoidable vulnerabilities in IoT devices. Our Safety Ready programme is
designed to ensure our automotive IP provides a trusted platform for vehicles. And
our portfolio of secure IP, firmware and software, including Arm TrustZone
technology for Cortex-A and Cortex M processors and a range of Arm
TrustZone-enabled CPUs, was
designed to remove friction and time-to-security across the design and
This time it’s AI’s turn – and as over 85% of smartphones are already running AI workloads, we’re uniquely placed to ensure that Arm-powered devices are capable of intelligent defense. We’re dedicating significant resource to enabling AI everywhere and a key part of that effort is being applied to its role in hardware security and mitigating attacks such as DL-SCA.
stop technology being used for disreputable purposes, but in the fight for
secure innovation, we’re happy to continue to lead the way. Arm will continue
to track these threats as they evolve and develop solutions to combat them
effectively. Watch this space.