SCA strikes back : reverse engineering neural network architectures using side channels
Our previous work selected for Top Picks in Hardware and Embedded Security 2020 demonstrates that it is possible to reverse engineer neural networks by using side-channel attacks. We developed a framework that considers each part of the neural network separately and then, by combining the informatio...
Saved in:
Main Authors: | , , , |
---|---|
Other Authors: | |
Format: | Article |
Language: | English |
Published: |
2021
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/153411 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-153411 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1534112021-12-11T20:11:59Z SCA strikes back : reverse engineering neural network architectures using side channels Batina, Lejla Bhasin, Shivam Jap, Dirmanto Picek, Stjepan Temasek Laboratories @ NTU Science::Mathematics::Discrete mathematics::Cryptography Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Biological Neural Networks Neurons Our previous work selected for Top Picks in Hardware and Embedded Security 2020 demonstrates that it is possible to reverse engineer neural networks by using side-channel attacks. We developed a framework that considers each part of the neural network separately and then, by combining the information, manages to reverse engineer all relevant hyper-parameters and parameters. Our work is a proof of concept (but also a realistic demonstration) that such attacks are possible and warns that more effort should be given to developing countermeasures. While we have used microcontrollers for our experiments, the attack applies to other targets like FPGAs and GPUs. National Research Foundation (NRF) Accepted version This research is partly supported by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme / Cyber-Hardware Forensic & Assurance Evaluation R&D Programme (Award: NRF2018NCR-NCR009-0001) 2021-12-07T13:44:55Z 2021-12-07T13:44:55Z 2021 Journal Article Batina, L., Bhasin, S., Jap, D. & Picek, S. (2021). SCA strikes back : reverse engineering neural network architectures using side channels. IEEE Design and Test. https://dx.doi.org/10.1109/MDAT.2021.3128436 2168-2364 https://hdl.handle.net/10356/153411 10.1109/MDAT.2021.3128436 en NRF2018NCR-NCR009-0001 IEEE Design and Test © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/MDAT.2021.3128436. application/pdf |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Science::Mathematics::Discrete mathematics::Cryptography Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Biological Neural Networks Neurons |
spellingShingle |
Science::Mathematics::Discrete mathematics::Cryptography Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Biological Neural Networks Neurons Batina, Lejla Bhasin, Shivam Jap, Dirmanto Picek, Stjepan SCA strikes back : reverse engineering neural network architectures using side channels |
description |
Our previous work selected for Top Picks in Hardware and Embedded Security 2020 demonstrates that it is possible to reverse engineer neural networks by using side-channel attacks. We developed a framework that considers each part of the neural network separately and then, by combining the information, manages to reverse engineer all relevant hyper-parameters and parameters. Our work is a proof of concept (but also a realistic demonstration) that such attacks are possible and warns that more effort should be given to developing countermeasures. While we have used microcontrollers for our experiments, the attack applies to other targets like FPGAs and GPUs. |
author2 |
Temasek Laboratories @ NTU |
author_facet |
Temasek Laboratories @ NTU Batina, Lejla Bhasin, Shivam Jap, Dirmanto Picek, Stjepan |
format |
Article |
author |
Batina, Lejla Bhasin, Shivam Jap, Dirmanto Picek, Stjepan |
author_sort |
Batina, Lejla |
title |
SCA strikes back : reverse engineering neural network architectures using side channels |
title_short |
SCA strikes back : reverse engineering neural network architectures using side channels |
title_full |
SCA strikes back : reverse engineering neural network architectures using side channels |
title_fullStr |
SCA strikes back : reverse engineering neural network architectures using side channels |
title_full_unstemmed |
SCA strikes back : reverse engineering neural network architectures using side channels |
title_sort |
sca strikes back : reverse engineering neural network architectures using side channels |
publishDate |
2021 |
url |
https://hdl.handle.net/10356/153411 |
_version_ |
1720447111457144832 |