Deep Side-Channel Attack Method Integrating Convolutional Block Attention Mechanism and Triplet Metric Learning
-
摘要: 侧信道攻击是密码芯片物理安全的主要威胁之一,利用深度学习技术恢复密钥已成为侧信道攻击领域内研究热点。然而,现有基于深度学习的攻击方法在特征提取阶段往往缺乏对关键泄露区间的聚焦能力。特别是在长波形和高维噪声场景下,模型容易被无关背景噪声干扰,导致特征提取效率低下、猜测熵收敛缓慢。针对上述问题,本文提出一种融合卷积块注意力机制与三元组度量学习的侧信道攻击方法。该方法从泄露特征提取入手,在卷积神经网络中嵌入通道注意力与空间注意力模块,对不同特征通道和时域位置进行自适应加权,以增强泄露相关特征并减弱噪声干扰。在此基础上,引入三元组损失作为优化目标,用于引导注意力加权后的特征在嵌入空间中形成可分的簇结构。实验结果表明,本文方法在公开数据集上均优于度量学习及深度学习方法,其中在ASCAD_f(HW)场景下,攻击性能提升9.4%以上;在ASCAD_r(HW)场景下,本文方法实现猜测熵收敛所需的攻击轨迹数量减少10.7%以上。此外,去同步实验与消融实验进一步证实了该方法具备鲁棒性,并验证了核心组件协同设计的合理性。Abstract:
Objective Side-channel attack (SCA) constitutes one of the primary threats to the physical security of cryptographic chips, and leveraging deep learning techniques for key recovery has emerged as a research hotspot in the field of side-channel attack. However, existing deep analysis methods lack the ability to focus on key leakage intervals during feature extraction, especially in long-waveform and high-dimensional noise scenarios. They are easily disturbed by irrelevant background noise, leading to low feature extraction efficiency and slow guessing entropy convergence. To address these issues, this study proposes a deep side-channel analysis method integrating the Convolutional Block Attention Module (CBAM) and triplet loss, aiming to enhance the model's ability to capture weak leakage features in complex noise environments and improve key recovery efficiency. Methods The proposed method introduces CBAM into the convolutional neural network (CNN) to construct an adaptive feature extraction network. CBAM includes two sub-modules: Channel Attention Module (CAM) and Spatial Attention Module (SAM). CAM adaptively adjusts the weights of different feature channels to emphasize channels containing high signal-to-noise ratio (SNR) leakage information, while SAM locates key Points of Interest (POI) in the time domain to suppress background noise in non-leakage intervals. After feature calibration by CBAM, triplet loss is adopted as the optimization objective to constrain the distribution of embedded features, forcing similar samples to form compact clusters and different samples to maintain sufficient separation in the feature space. Finally, a multivariate Gaussian template attack is implemented using the optimized embedded features to recover the key. The overall framework is shown in ( Fig.2 ).Results and Discussions Experiments are conducted on two public benchmark datasets (ASCAD and AES_HD) with guessing entropy (GE) and the minimum number of traces required for GE convergence to 1 ($ {T}_{GE0} $) as evaluation metrics. On the ASCAD dataset: (1) In the ASCAD_f (HW) scenario, the proposed method only needs 144 traces to recover the key, reducing by 51.0% compared with the traditional CNN model; (2) In the ASCAD_f (ID) scenario, merely 61 traces are required, a reduction of 68.0% from the traditional CNN; (3) In the random key setting (ASCAD_r), the method achieves convergence with 176 (HW) and 137 (ID) traces respectively, outperforming mainstream methods such as RL-SCA and Metric Learning ( Table 2 ,Fig.3 ). On the low-SNR AES_HD dataset, the method reduces to1219 traces, which is lower than MHA and NLS, and the guessing entropy converges smoothly without obvious fluctuations (Table 2 ,Fig.4 ). Furthermore, the desynchronization experiments demonstrate that even under strong desynchronization noise interference, the proposed method can still adaptively lock onto effective leakage moments, exhibiting excellent robustness against time-domain jitter(Table 3 ). Ablation studies further confirm the positive synergistic effect of the proposed architecture and thoroughly validate the rationality of core components (Table 4 ).Conclusions This study proposes an effective deep side-channel analysis method by integrating the CBAM attention mechanism and metric learning. The CBAM module enables the network to actively focus on key leakage information, solving the problem of insufficient focusing ability in traditional CNN-based methods. The triplet loss optimizes the discriminability of embedded features, further improving the accuracy of template matching. Experimental results on ASCAD and AES_HD datasets demonstrate that the method significantly reduces the number of traces required for key recovery and accelerates the convergence of guessing entropy, outperforming existing mainstream methods in both fixed and random key scenarios, as well as in low-SNR environments. Future work will focus on improving the adaptability of the model in scenarios with more severe synchronization disturbances, and enhancing its generalization ability in small sample scenarios. -
Key words:
- Side-channel attacks /
- Deep learning /
- CBAM /
- Triplet loss /
- Hardware security
-
表 1 融合CBAM的特征提取网络结构参数
块 层级 输出尺寸 参数配置 设计动机 Input Input $ (L,1) $ — 接收原始迹线,L为迹线长度;
输入按通道维扩展为一维序列。Block 1 Conv1D $ (L,64) $ Filters: 64, Kernel: 15,
Padding: same, Activation: SELU,
Initializer: LeCun Normal大卷积核捕捉波形整体轮廓;SELU保持数值稳定。 CBAM $ (L,64) $ Ratio: 8 关键层:在降采样前对特征进行通道与空间维度的加权校准。 AvgPool1D $ (L/15,64) $ Pool size: 15, Stride: 15 平均池化保留能量特征,大幅压缩时间维度。 Block 2 Conv1D $ (L/15,128) $ Filters: 128, Kernel: 3, Padding: same, Stride: 1, Activation: SELU, Initializer: LeCun Normal 小卷积核提取深层局部细节;增加通道数丰富特征语义。 CBAM $ (L/15,128) $ Ratio: 8 关键层:进一步聚焦高层语义特征中的有效成分。 AvgPool1D $ (L/30,128) $ Pool size: 2, Stride: 2 进一步降维。 Embedding Flatten $ ({N}_{flat}) $ — 展平特征图。 Dense $ \left(16/32\right) $ Activation: Linear 映射至32维嵌入空间,作为度量学习的输入。 表 2 攻击性能对比
方法 ASCAD_f ASCAD_r AES_HD HW ID HW ID HW MHA[5] — — — — 2174 DCMHA[5] — — — — 2068 CNN[8] 294 191 — — — RL-SCA[10] 906 242 911 490 4415 FS-SCA[11] 532 — 538 78 — LMA-SCA[19] — 87 — 78 — Metric Learning[22] 159 64 197 188 1768 NLS[23] — — — — 1252 SACNN[28] 298 — 212 — — AutoSCA-MLP[29] 447 120 617 3481 — AutoSCA-CNN[29] 539 257 496 2975 — EL-SCA[30] — — 470 105 — CCE[31] >2000 963 2840 > 3000 — FLR+SoftNN[32] 832 716 2592 > 10000 — FLR+Center[32] 790 728 3867 9681 — CNN-fusion[33] — 149 — — 1116 Ours 144 61 176 137 1219 表 3 去同步迹线结果
表 4 消融实验结果
方法 ASCAD_f ASCAD_r AES_HD HW ID HW ID HW Baseline 2064 506 5841 > 10000 3051 Baseline+CBAM 1534 448 4926 > 10000 2656 Baseline+Triplet 153 67 197 276 4059 Ours_post-pool 157 92 284 360 2805 Ours_Relu 281 904 825 1171 4844 Ours_dim2 > 10000 > 10000 > 10000 > 10000 5994 Ours_dim128 2631 357 9287 4140 > 10000 Ours 144 61 176 137 1219 -
[1] MANGARD S, OSWALD E, and POPP T. Power Analysis Attacks: Revealing the Secrets of Smart Cards[M]. New York: Springer, 2007. [2] CHARI S, RAO J R, and ROHATGI P. Template attacks[C]. 4th International Workshop on Cryptographic Hardware and Embedded Systems, Redwood Shores, USA, 2002: 13–28. doi: 10.1007/3-540-36400-5_3. [3] 郑帅, 徐向荣, 肖利民, 等. 面向缓存侧信道攻击防护的快速刷写技术[J]. 电子与信息学报, 2025, 47(9): 3178–3186. doi: 10.11999/JEIT250471.ZHENG Shuai, XU Xiangrong, XIAO Limin, et al. Mitigating cache side-channel attacks via fast flushing mechanism[J]. Journal of Electronics & Information Technology, 2025, 47(9): 3178–3186. doi: 10.11999/JEIT250471. [4] LERMAN L, POUSSIER R, BONTEMPI G, et al. Template attacks vs. machine learning revisited (and the curse of dimensionality in side-channel analysis)[C]. 6th International Workshop on Constructive Side-Channel Analysis and Secure Design, Berlin, Germany, 2015: 20–33. doi: 10.1007/978-3-319-21476-4_2. [5] 蒋玲腊, 陈文, 孙伟, 等. 融合动态可组合多头注意力的深度学习侧信道分析方法研究[J/OL]. 计算机科学, 2025: 1–15. https://link.cnki.net/urlid/50.1075.TP.20251129.1824.004, 2025.JIANG Lingla, CHEN Wen, SUN Wei, et al. Research on a deep learning-based side-channel analysis method with dynamically composable multi-head attention[J/OL]. Computer Science, 2025: 1–15 https://link.cnki.net/urlid/50.1075.TP.20251129.1824.004, 2025. [6] 金诚斌, 高宜文, 高锐, 等. 嵌入式AI硬件单元的侧信道分析方法概述[J]. 密码学报(中英文), 2025, 12(4): 729–751. doi: 10.13868/j.cnki.jcr.000791.JIN Chengbin, GAO Yiwen, GAO Rui, et al. Systematic study on physical side-channel attack against embedded AI hardware units[J]. Journal of Cryptologic Research, 2025, 12(4): 729–751. doi: 10.13868/j.cnki.jcr.000791. [7] WU Lichao and PICEK S. Remove some noise: On pre-processing of side-channel measurements with autoencoders[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020, 2020(4): 389–415. doi: 10.13154/tches.v2020.i4.389-415. [8] ZAID G, BOSSUET L, HABRARD A, et al. Methodology for efficient CNN architectures in profiling attacks[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020, 2020(1): 1–36. doi: 10.13154/tches.v2020.i1.1-36. [9] LU Xiangjun, ZHANG Chi, CAO Pei, et al. Pay attention to raw traces: A deep learning architecture for end-to-end profiling attacks[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021, 2021(3): 235–274. doi: 10.46586/tches.v2021.i3.235-274. [10] RIJSDIJK J, WU Lichao, PERIN G, et al. Reinforcement learning for hyperparameter tuning in deep learning-based side-channel analysis[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2021, 2021(4): 677–707. doi: 10.46586/tches.v2021.i3.677-707. [11] PERIN G, WU Lichao, and PICEK S. Exploring feature selection scenarios for deep learning-based side-channel analysis[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022, 2022(4): 828–861. doi: 10.46586/tches.v2022.i4.828-861. [12] HE Pengfei, ZHANG Ying, GAN Han, et al. Side-channel attacks based on attention mechanism and multi-scale convolutional neural network[J]. Computers and Electrical Engineering, 2024, 119: 109515. doi: 10.1016/j.compeleceng.2024.109515. [13] 张倩, 高宜文, 刘月君, 等. 基于循环展开结构的抗侧信道攻击SM4 IP核设计[J]. 密码学报(中英文), 2025, 12(3): 645–661. doi: 10.13868/j.cnki.jcr.000786.ZHANG Qian, GAO Yiwen, LIU Yuejun, et al. Design of SM4 IP cores against side-channel attacks based on loop unrolling architecture[J]. Journal of Cryptologic Research, 2025, 12(3): 645–661. doi: 10.13868/j.cnki.jcr.000786. [14] PICEK S, HEUSER A, JOVIC A, et al. Side-channel analysis and machine learning: A practical perspective[C]. 2017 International Joint Conference on Neural Networks (IJCNN), Anchorage, USA, 2017: 4095–4102. doi: 10.1109/IJCNN.2017.7966373. [15] 罗玉玲, 徐海洋, 欧阳雪, 等. 高效侧信道分析: 从协同去噪到自适应B样条降维[J]. 电子与信息学报, 2026, 48(3): 1354–1365. doi: 10.11999/JEIT251047.LUO Yuling, XU Haiyang, OUYANG Xue, et al. High-efficiency side-channel analysis: From collaborative denoising to adaptive B-spline dimension reduction[J]. Journal of Electronics & Information Technology, 2026, 48(3): 1354–1365. doi: 10.11999/JEIT251047. [16] LI Kaibin, LIANG Yihuai, ZHOU Zhengchun, et al. HypSCA: A hyperbolic embedding method for enhanced side-channel attack[R]. Paper 2025/1199, 2025. [17] CAGLI E, DUMAS C, and PROUFF E. Convolutional neural networks with data augmentation against jitter-based countermeasures: Profiling attacks without pre-processing[C]. The 19th International Conference on Cryptographic Hardware and Embedded Systems, Taipei, China, 2017: 45–68. doi: 10.1007/978-3-319-66787-4_3. [18] KARAYALCIN S, KRČEK M, and PICEK S. SoK: Deep learning-based side-channel analysis trends and challenges[J/OL]. IACR Cryptology ePrint Archive, 2025(1309). (查阅网上资料, 未找到本条文献信息, 请确认). [19] KULKARNI P, VERNEUIL V, PICEK S, et al. Order vs. chaos: A language model approach for side-channel attacks[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024, 2024(1): 1–32. (查阅网上资料, 未找到本条文献信息, 请确认). [20] HUANG Hai, WU Jinming, TANG Xinling, et al. Deep learning-based improved side-channel attacks using data denoising and feature fusion[J]. PLoS One, 2025, 20(4): e0315340. doi: 10.1371/journal.pone.0315340. [21] KARAYALCIN S, KRČEK M, and PICEK S. Interpreting emergent features in deep learning-based side-channel analysis[C]. The Thirty-ninth Annual Conference on Neural Information Processing Systems, San Diego, USA, 2025. [22] WU Lichao, PERIN G, and PICEK S. The best of two worlds: Deep learning-assisted template attack[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022, 2022(3): 413–437. doi: 10.46586/tches.v2022.i3.413-437. [23] LI Kaibin, LIANG Yihuai, MENG Hua, et al. Deep metric learning-based side-channel analysis with improved robustness and efficiency[J]. Applied Intelligence, 2025, 55(10): 712. doi: 10.1007/s10489-025-06586-z. [24] 谢豪, 田曦, 廖威, 等. 基于射频侧信道的密码芯片安全测评方法[J]. 密码学报(中英文), 2024, 11(3): 706–718. doi: 10.13868/j.cnki.jcr.000703.XIE Hao, TIAN Xi, LIAO Wei, et al. Cryptographic chip security evaluation method based on radio frequency side channel[J]. Journal of Cryptologic Research, 2024, 11(3): 706–718. doi: 10.13868/j.cnki.jcr.000703. [25] WOO S, PARK J, LEE J Y, et al. CBAM: Convolutional block attention module[C]. 15th European Conference on Computer Vision, Munich, Germany, 2018: 3–19. doi: 10.1007/978-3-030-01234-2_1. [26] LECUN Y, BOTTOU L, ORR G B, et al. Efficient backProp[M]. ORR G B and MÜLLER K R. Neural Networks: Tricks of the Trade. Berlin: Springer, 1998: 9–50. doi: 10.1007/3-540-49430-8_2. [27] BENADJILA R, PROUFF E, STRULLU R, et al. Deep learning for side-channel analysis and introduction to ASCAD database[J]. Journal of Cryptographic Engineering, 2020, 10(2): 163–188. doi: 10.1007/s13389-019-00220-8. [28] HAJRA S, ALAM M, SAHA S, et al. On the instability of softmax attention-based deep learning models in side-channel analysis[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 514–528. doi: 10.1109/TIFS.2023.3326667. [29] WU Lichao, PERIN G, and PICEK S. I choose you: Automated hyperparameter tuning for deep learning-based side-channel analysis[J]. IEEE Transactions on Emerging Topics in Computing, 2024, 12(2): 546–557. doi: 10.1109/TETC.2022.3218372. [30] PERIN G, CHMIELEWSKI Ł, and PICEK S. Strength in numbers: Improving generalization with ensembles in machine learning-based profiled side-channel analysis[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020, 2020(4): 337–364. doi: 10.13154/tches.v2020.i4.337-364. [31] KERKHOF M, WU Lichao, PERIN G, et al. No (good) loss no gain: Systematic evaluation of loss functions in deep learning-based side-channel analysis[J]. Journal of Cryptographic Engineering, 2023, 13(3): 311–324. doi: 10.1007/s13389-023-00320-6. [32] YAP T, PICEK S, and BHASIN S. Beyond the last layer: Deep feature loss functions in side-channel analysis[C]. Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security, Copenhagen, Denmark, 2023: 73–82. doi: 10.1145/3605769.3623996. [33] NI Lei, WANG Pengjun, ZHANG Yuejun, et al. Profiling side-channel attacks based on CNN model fusion[J]. Microelectronics Journal, 2023, 139: 105901. doi: 10.1016/j.mejo.2023.105901. -
下载: