Automated Information Leakage Detection: A New Method Combining Machine Learning and Hypothesis Testing with an Application to Side-channel Detection in Cryptographic Protocols

Due to the proliferation of a large amount of publicly available data, information leakage (IL) has become a major problem. IL occurs when secret (sensitive) information of a system is inadvertently disclosed to unauthorized parties through externally observable information. Standard statistical approaches estimate the mutual information between observable (input) and secret information (output), which tends to be a difficult problem for high-dimensional input. Current approaches based on (supervised) machine learning using the accuracy of predictive models on extracted system input and output have proven to be more effective in detecting these leakages. However, these approaches are domain-specific and fail to account for imbalance in the dataset. In this paper, we present a robust autonomous approach to detecting IL, which blends machine learning and statistical techniques, to overcome these shortcomings. We propose to use Fisher's Exact Test (FET) on the evaluated confusion matrix, which inherently takes the imbalances in the dataset into account. As a use case, we consider the problem of detecting padding side-channels or ILs in systems implementing cryptographic protocols. In an extensive experimental study on detecting ILs in synthetic and real-world scenarios, our approach outperforms the state of the art.