Research Article
BibTex RIS Cite

Nesnelerin İnternetinde Çok Katmanlı Algılayıcı Kullanarak Zamanlama Analizi Saldırısı ile Özel Anahtar Tahminlemesi

Year 2021, Volume: IDAP-2021 : 5th International Artificial Intelligence and Data Processing symposium Issue: Special, 385 - 390, 20.10.2021
https://doi.org/10.53070/bbd.990849

Abstract

Doğrudan kaynağa erişim olmasa bile, gizlenmek istenen veriler hakkında bilgi sahibi olunmasını sağlayan yan kanal saldırılarından biri olan Zamanlama Analizi Saldırıları; bir işlemin veya algoritmanın farklı şartlar altında harcadığı sürelerin yorumlanmasıyla, sistem hakkında bilgi edinmeyi amaçlayan bir saldırı türüdür. Bu çalışmada, belirlenmiş bir senaryodaki özel anahtarın zamanlama analizi yöntemiyle Çok Katmanlı Algılayıcı (MLP – Multilayer Perceptron) kullanılarak sistem analiz edilmiştir. Analiz sonucunda zamanlama bilgisi kullanılarak gizli anahtarın tahminlenmesi amaçlanmıştır. Yapılan çalışma sonucunda sunulan yöntemle, %95’in üzerinde doğruluk oranına sahip bir şekilde gizli anahtar tahminlenmiş olup, Nesnelerin İnterneti (IoT – Internet of Things) alanında zamanlama analizi saldırılarının ciddi bir tehdit oluşturabileceği ortaya koyulmuştur.

Supporting Institution

İnönü Üniversitesi

Project Number

FBG-2020-2143

Thanks

Bu çalışma, İnönü Üniversitesi Bilimsel Araştırma Projeleri Bölümü'nün (BAPB) FBG-2020-2143 sayılı projesi ile desteklenmiştir. Yazar, değerli geri bildirimleri için İnönü Üniversitesi BAPB’ye teşekkür eder.

References

  • Kocher, P. C. (1996, August). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Annual International Cryptology Conference (pp. 104-113). Springer, Berlin, Heidelberg.
  • Janke, M., & Laackmann, P. (2002). Power and timing analysis attacks against security controllers. Infineon Technologies AG, Technology Update, Smart Cards.
  • Anderson, R., & Kuhn, M. (1996, November). Tamper resistance-a cautionary note. In Proceedings of the second Usenix workshop on electronic commerce (Vol. 2, pp. 1-11).
  • Ordu, L., & Yalçın, S. B. Ö. (2016, December) Yan-Kanal Analizi Saldırılarına Genel Bakış.
  • Öztemel, E. (2003). Yapay sinir ağlari. PapatyaYayincilik, Istanbul.
  • Libbrecht, M. W., & Noble, W. S. (2015). Machine learning applications in genetics and genomics. Nature Reviews Genetics, 16(6), 321-332.
  • Kourou, K., Exarchos, T. P., Exarchos, K. P., Karamouzis, M. V., & Fotiadis, D. I. (2015). Machine learning applications in cancer prognosis and prediction. Computational and structural biotechnology journal, 13, 8-17.
  • Vovk, V., Gammerman, A., & Saunders, C. (1999). Machine-learning applications of algorithmic randomness.
  • Gardner, M. W., & Dorling, S. R. (1998). Artificial neural networks (the multilayer perceptron)—a review of applications in the atmospheric sciences. Atmospheric environment, 32(14-15), 2627-2636.
  • Isa, N. A. M., & Mamat, W. M. F. W. (2011). Clustered-hybrid multilayer perceptron network for pattern recognition application. Applied Soft Computing, 11(1), 1457-1466.
  • Hontoria, L., Aguilera, J., & Zufiria, P. (2005). An application of the multilayer perceptron: solar radiation maps in Spain. Solar energy, 79(5), 523-530.
  • Teoh, T. T., Chiew, G., Franco, E. J., Ng, P. C., Benjamin, M. P., & Goh, Y. J. (2018, July). Anomaly detection in cyber security attacks on networks using MLP deep learning. In 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE) (pp. 1-5). IEEE.
  • Ben Fredj, O., Mihoub, A., Krichen, M., Cheikhrouhou, O., & Derhab, A. (2020, November). CyberSecurity attack prediction: a deep learning approach. In 13th International Conference on Security of Information and Networks (pp. 1-6).
  • Aseeri, A. O., Zhuang, Y., & Alkatheiri, M. S. (2018, July). A machine learning-based security vulnerability study on xor pufs for resource-constraint internet of things. In 2018 IEEE International Congress on Internet of Things (ICIOT) (pp. 49-56). IEEE.
  • Anitha, A. A., & Arockiam, L. (2019). ANNIDS: artificial neural network based intrusion detection system for Internet of Things. Int. J. Innov. Technol. Explor. Eng. Regul, (2019), 8.
  • Liu, C., Yang, J., Chen, R., Zhang, Y., & Zeng, J. (2011, July). Research on immunity-based intrusion detection technology for the Internet of Things. In 2011 Seventh International Conference on Natural Computation (Vol. 1, pp. 212-216). IEEE.
  • Ullah, F., Naeem, H., Jabbar, S., Khalid, S., Latif, M. A., Al-Turjman, F., & Mostarda, L. (2019). Cyber security threats detection in internet of things using deep learning approach. IEEE Access, 7, 124379-124389.
  • Zarpelão, B. B., Miani, R. S., Kawakani, C. T., & de Alvarenga, S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, 84, 25-37.

Timing Analysis Attack For Private Key Prediction Using Multilayer Perceptron in IoT

Year 2021, Volume: IDAP-2021 : 5th International Artificial Intelligence and Data Processing symposium Issue: Special, 385 - 390, 20.10.2021
https://doi.org/10.53070/bbd.990849

Abstract

Timing Analysis Attacks are one of the side channel attacks that allows to be informed about the data that is wanted to be hidden, even if there is no direct access to the source. It is a type of attack aimed at learning about the system by interpreting the amount of time that a process of algorithm spends under different circumstances. In this study, the system was analyzed using a multilayer sensor (MLP – Multilayer Perceptron) by timing analysis of the private key in a specified scenario. As a result of the analysis, it is aimed to estimate the secret key using timing information. As a result of the analysis, it is aimed to estimate the secret key using timing information. As a result of the study, the secret key was estimated with an accuracy rate of more than 95% and it was revealed that timing analysis attacks could pose a serious threat in the Internet of Things (IoT) area.

Project Number

FBG-2020-2143

References

  • Kocher, P. C. (1996, August). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Annual International Cryptology Conference (pp. 104-113). Springer, Berlin, Heidelberg.
  • Janke, M., & Laackmann, P. (2002). Power and timing analysis attacks against security controllers. Infineon Technologies AG, Technology Update, Smart Cards.
  • Anderson, R., & Kuhn, M. (1996, November). Tamper resistance-a cautionary note. In Proceedings of the second Usenix workshop on electronic commerce (Vol. 2, pp. 1-11).
  • Ordu, L., & Yalçın, S. B. Ö. (2016, December) Yan-Kanal Analizi Saldırılarına Genel Bakış.
  • Öztemel, E. (2003). Yapay sinir ağlari. PapatyaYayincilik, Istanbul.
  • Libbrecht, M. W., & Noble, W. S. (2015). Machine learning applications in genetics and genomics. Nature Reviews Genetics, 16(6), 321-332.
  • Kourou, K., Exarchos, T. P., Exarchos, K. P., Karamouzis, M. V., & Fotiadis, D. I. (2015). Machine learning applications in cancer prognosis and prediction. Computational and structural biotechnology journal, 13, 8-17.
  • Vovk, V., Gammerman, A., & Saunders, C. (1999). Machine-learning applications of algorithmic randomness.
  • Gardner, M. W., & Dorling, S. R. (1998). Artificial neural networks (the multilayer perceptron)—a review of applications in the atmospheric sciences. Atmospheric environment, 32(14-15), 2627-2636.
  • Isa, N. A. M., & Mamat, W. M. F. W. (2011). Clustered-hybrid multilayer perceptron network for pattern recognition application. Applied Soft Computing, 11(1), 1457-1466.
  • Hontoria, L., Aguilera, J., & Zufiria, P. (2005). An application of the multilayer perceptron: solar radiation maps in Spain. Solar energy, 79(5), 523-530.
  • Teoh, T. T., Chiew, G., Franco, E. J., Ng, P. C., Benjamin, M. P., & Goh, Y. J. (2018, July). Anomaly detection in cyber security attacks on networks using MLP deep learning. In 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE) (pp. 1-5). IEEE.
  • Ben Fredj, O., Mihoub, A., Krichen, M., Cheikhrouhou, O., & Derhab, A. (2020, November). CyberSecurity attack prediction: a deep learning approach. In 13th International Conference on Security of Information and Networks (pp. 1-6).
  • Aseeri, A. O., Zhuang, Y., & Alkatheiri, M. S. (2018, July). A machine learning-based security vulnerability study on xor pufs for resource-constraint internet of things. In 2018 IEEE International Congress on Internet of Things (ICIOT) (pp. 49-56). IEEE.
  • Anitha, A. A., & Arockiam, L. (2019). ANNIDS: artificial neural network based intrusion detection system for Internet of Things. Int. J. Innov. Technol. Explor. Eng. Regul, (2019), 8.
  • Liu, C., Yang, J., Chen, R., Zhang, Y., & Zeng, J. (2011, July). Research on immunity-based intrusion detection technology for the Internet of Things. In 2011 Seventh International Conference on Natural Computation (Vol. 1, pp. 212-216). IEEE.
  • Ullah, F., Naeem, H., Jabbar, S., Khalid, S., Latif, M. A., Al-Turjman, F., & Mostarda, L. (2019). Cyber security threats detection in internet of things using deep learning approach. IEEE Access, 7, 124379-124389.
  • Zarpelão, B. B., Miani, R. S., Kawakani, C. T., & de Alvarenga, S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, 84, 25-37.
There are 18 citations in total.

Details

Primary Language Turkish
Subjects Software Engineering, Software Testing, Verification and Validation, Control Engineering, Mechatronics and Robotics
Journal Section PAPERS
Authors

Muhammed Saadetdin Kaya 0000-0003-1749-5604

Kenan İnce 0000-0003-4709-9557

Project Number FBG-2020-2143
Publication Date October 20, 2021
Submission Date September 3, 2021
Acceptance Date September 16, 2021
Published in Issue Year 2021 Volume: IDAP-2021 : 5th International Artificial Intelligence and Data Processing symposium Issue: Special

Cite

APA Kaya, M. S., & İnce, K. (2021). Nesnelerin İnternetinde Çok Katmanlı Algılayıcı Kullanarak Zamanlama Analizi Saldırısı ile Özel Anahtar Tahminlemesi. Computer Science, IDAP-2021 : 5th International Artificial Intelligence and Data Processing symposium(Special), 385-390. https://doi.org/10.53070/bbd.990849

The Creative Commons Attribution 4.0 International License 88x31.png is applied to all research papers published by JCS and

A Digital Object Identifier (DOI) Logo_TM.png is assigned for each published paper