Uncover Secrets Through the Cover: A Deep Learning-Based Side-Channel Attack Against Kyber Implementations With Anti-Tampering Covers

The probe can directly contact the microcontroller in a typical EM side-channel attack (SCA) targeting cryptographic implementations. However, in a more practical setting such as security level 2 of FIPS 140-3 or ISO/IEC 19790 standards, the microcontroller is required to be safeguarded by an opaque anti-tampering cover. This raises an interesting problem: Can we still launch EM attacks against microcontrollers running cryptographic implementations even when equipped with the cover? This paper proposes an improved deep-learning-based profiled attack against NIST KEM standard Kyber. Our key observation is that the distance between the probe and the microcontroller results in attenuation of signal strength. Moreover, the cover restricts the proximity of the probe, thereby limiting the signal-to-noise ratio. We propose an Adaptive Slimmed Pyramid Network (ASPN) model to instantiate a distinguisher in a plaintext-checking oracle-based SCA, which is generic and easy to implement. The proposed ASPN approach significantly enhances the feature extraction process by employing a pyramid network structure, while simultaneously avoiding the inclusion of excessive parameters. Real-world experiments demonstrate that our proposed distinguishers achieve an accuracy above $99\%$ with an $18$ mm cover and higher than $89\%$ accuracy even with a $24$ mm cover.