My Photo
2nd Year PhD Student — Télécom Paris

AI-enhanced side-channel attack pipelines, combining hardware simulation, machine learning, and microarchitectural analysis for modern SoCs and CPUs.

  • Automating leakage-based attacks using AI.
  • Gem5 simulation of microarchitectural leak sources.
  • Evaluating attacks on RISC-V, ARM, and x86 platforms.
  • Developing next-gen detection and mitigation strategies.
PhD Research Overview

Advanced AI-Driven Automation
for Side-Channel Attacks.

I am a PhD researcher at Télécom Paris, working on AI-based automation of side-channel attacks and their analysis. My work explores how machine learning, hardware simulation, and microarchitectural modeling can advance modern hardware security.

AI-Based SCA Automation Microarchitectural Leaks RISC-V / Gem5 Hardware Security
Explore Attacks View Research Focus

Publications

Selected Research Outputs

Decoding Attack Behaviors by Analyzing Patterns in Instruction-Based Attacks using gem5

M. Awais, Maria Mushtaq, Lirida NAVINER, Florent BRUGUIER, Javad Haj Yahya, Pascal Boniot
Presented at IEEE/RSP Conference on Hardware Security, Regligh USA, 2024.

We introduce a fully automated attack pipeline that leverages machine learning and microarchitectural simulation (Gem5) to analyze power, EM, and cache-based side-channel leakages.

DOI PDF Code
Leveraging gem5 and Machine Learning for End-to-End Detection of Cache-based Side- Channel Attack Patterns

M. Awais, Maria Mushtaq, Lirida NAVINER, Florent BRUGUIER, Javad Haj Yahya, Pascal Boniot
Published in 13th International Workshop on Security Proofs for Embedded Systems (PROOFs 2025), Kuala Lumpur, Malaysia, September 18, 2025.

This paper demonstrates timing variances in branch predictors, pipeline stalls, and cache hierarchies on RISC-V using Gem5, providing insights into microarchitectural leakage sources.

DOI PDF Code
Opcode Analysis of Real Encryption-Based Microarchitectural Attacks Using gem5

M. Awais, Mahreen Khan, Maria Mushtaq, Lirida NAVINER, Javad Haj Yahya, Florent BRUGUIER, Ludovic Apvrille, Renaud Pacalet.
Published in 7th Computing, Communications and IoT Applications Conference (IEEE ComComAp 2025), Madrid, Spain 2025.

This paper demonstrates timing variances in branch predictors, pipeline stalls, and cache hierarchies on RISC-V using Gem5, providing insights into microarchitectural leakage sources.

DOI PDF Code
Time Cache Accesses / EM Leakage

Overview

What Are Side-Channel Attacks?

Side-channel attacks exploit indirect information leaked by hardware during computation, such as execution time, power consumption, electromagnetic emissions, or microarchitectural behavior. Instead of breaking cryptography mathematically, attackers observe how a device behaves while performing sensitive operations.

Research in hardware security aims to model, measure, and mitigate these leaks at multiple layers: circuit, microarchitecture, firmware, and software. This includes secure design of CPUs, accelerators, cryptographic engines, and embedded systems.

Key Concepts
  • Information leakage channels
  • Cryptographic implementations (AES, RSA, ECC)
  • Microarchitectural attacks (cache, branch predictor, TLB)
  • Countermeasures and secure-by-design architectures

Taxonomy

Types of Side-Channel Attacks I focus on

Power Analysis of IOTs

Power analysis on IoT devices reveals data-dependent consumption patterns that attackers can exploit to extract cryptographic keys and sensitive operations. Measures dynamic power consumption of a IOT device during cryptographic operations to recover secret keys (SPA / DPA / CPA).

Gem5 Simulations IOTs Benchmark Testing
Timing Attacks

Exploit variations in execution time caused by data-dependent branches, memory accesses, or microarchitectural events.Abuse shared resources such as caches, branch predictors, or speculative execution units (e.g., cache-timing, Spectre-like attacks)

FLUSH + Reload Prime Probe Spectre Varient Attacks Constant-Time / Formal Analysis
OpCode Analysis

Opcode-level profiling links specific instruction sequences to distinctive leakage patterns, enabling fine-grained attribution and optimization of side-channel attacks on modern processors. Analysis of OpCodes by doing the simulation on gem5 and the detailed analysis of the O3 pipline.

Cryptographic OpCodes / AES OpCode / hardware-level OpenSSL
ISA Modifications

Custom ISA extensions in RISC-V enable controlled leakage points, making it possible to analyze, trigger, and evaluate side-channel vulnerabilities with fine-grained architectural visibility.“ISA-level CSR modifications expose microarchitectural behavior with high precision, enabling deeper analysis and exploitation of side-channel vulnerabilities

RISC-V ISA CSRs

Mitigation

Hardware & Software Countermeasures

Algorithmic Countermeasures

Masking, hiding, constant-time implementations, and randomized encodings reduce correlation between leakage and secrets.

Microarchitectural Isolation

Cache partitioning, constant-latency memories, and flushing / fencing strategies for untrusted code and enclaves.

Secure Hardware Design

Side-channel–resistant logic styles, balanced routing, power-noise injection, and secure SoC/FPGA architectures.

Verification & Testing

Formal leakage models, leakage assessment, TVLA tests, and simulation (e.g., Gem5, RTL-level analysis) to quantify risk.

Typical Secure-Design Workflow
1. Threat Modeling

Identify attackers, capabilities (local/remote, physical access), and targeted assets.

2. Leakage Assessment

Measure or simulate side-channel leakage on prototypes or models.

3. Countermeasure Design

Integrate algorithmic and hardware-level protections; evaluate overhead.

4. Validation & Certification

Perform standardized tests (e.g., TVLA, certification labs) and iterate on design.

Research Focus

Current & Future Work

RISC-V / x86 / ARM Platforms

Designing and evaluating microarchitectural side-channel attacks on open ISAs (RISC-V) and commercial architectures (x86 / ARM) using simulation and real hardware.

  • Gem5-based attack pipelines
  • ISA-level characterization
  • Cache, branch, and speculative leaks
Measurement & Datasets

Capturing and analyzing power/EM/timing traces to build datasets for statistical and machine learning–based side-channel analysis.

  • Lab experiments on FPGA / SoC boards
  • Signal processing & feature engineering
  • ML-based key recovery & detection
Defenses & Tooling

Building tools to evaluate countermeasures, automate experiments, and support secure-by-design hardware development.

  • Leakage-aware design flows
  • Automated testbenches
  • Visualization dashboards

Get in Touch

Contact & Collaboration

Welcome, and thank you for visiting—feel free to explore my work, connect with me, and collaborate on cutting-edge research in hardware security and side-channel analysis.