survey 2025

Application-Specific Power Side-Channel Attacks and Countermeasures: A Survey

Sahan Sanjaya 1, Aruna Jayasena 2, Prabhat Mishra 1

1 University of Florida

2 University of Tennessee

0 citations · 146 references · arXiv
α

Published on arXiv

2512.23785

Model Theft

OWASP ML Top 10 — ML05

Key Finding

Power side-channel attacks are the most researched side-channel type (36.5% of published work 2015–2020) and have expanded well beyond cryptography to include ML model architecture extraction and confidential input recovery.

Side-channel attacks try to extract secret information from a system by analyzing different side-channel signatures, such as power consumption, electromagnetic emanation, thermal dissipation, acoustics, time, etc. Power-based side-channel attack is one of the most prominent side-channel attacks in cybersecurity, which rely on data-dependent power variations in a system to extract sensitive information. While there are related surveys, they primarily focus on power side-channel attacks on cryptographic implementations. In recent years, power-side channel attacks have been explored in diverse application domains, including key extraction from cryptographic implementations, reverse engineering of machine learning models, user behavior data exploitation, and instruction-level disassembly. In this paper, we provide a comprehensive survey of power side-channel attacks and their countermeasures in different application domains. Specifically, this survey aims to classify recent power side-channel attacks and provide a comprehensive comparison based on application-specific considerations.

Key Contributions

  • Comprehensive taxonomy of power side-channel attacks across four application domains: cryptographic implementations, ML model reverse engineering, user behavior data exploitation, and instruction-level disassembly
  • Comparative analysis of application-specific countermeasures at hardware, circuit, and algorithm levels
  • Identification of gaps in existing surveys that focus narrowly on cryptographic implementations, extending coverage to ML and other domains

🛡️ Threat Analysis

Model Theft

The survey explicitly covers power side-channel attacks used to reverse engineer ML model architectures and extract proprietary model parameters — a physical model theft vector distinct from API-based extraction.

Details

Domains
vision
Model Types
cnntraditional_ml
Threat Tags
physicalblack_boxinference_time
Applications
cryptographic implementationsml model inference acceleratorsuser behavior profiling systemsembedded systems
Read PDF arXiv DOI

Similar Papers

attack

Data Augmentation Techniques to Reverse-Engineer Neural Network Weights from Input-Output Queries

2025 0 cit.
Model Theft
75%
attack

Delving into Cryptanalytic Extraction of PReLU Neural Networks

2025 0 cit.
Model Theft
69%
defense

A PUF-Based Approach for Copy Protection of Intellectual Property in Neural Network Models

2026 0 cit.
Model Theft
67%
defense

DivQAT: Enhancing Robustness of Quantized Convolutional Neural Networks against Model Extraction Attacks

2025 0 cit.
Model Theft
67%
defense

Defense against Unauthorized Distillation in Image Restoration via Feature Space Perturbation

2025 0 cit.
Model Theft
62%
defense

MirageNet:A Secure, Efficient, and Scalable On-Device Model Protection in Heterogeneous TEE and GPU System

2026 0 cit.
Model Theft
62%
attack

DiMEx: Breaking the Cold Start Barrier in Data-Free Model Extraction via Latent Diffusion Priors

2026 0 cit.
Model Theft
62%
defense

DeepTracer: Tracing Stolen Model via Deep Coupled Watermarks

2025 1 cit.
Model Theft
62%