SCA strikes back : reverse engineering neural network architectures using side channels

Our previous work selected for Top Picks in Hardware and Embedded Security 2020 demonstrates that it is possible to reverse engineer neural networks by using side-channel attacks. We developed a framework that considers each part of the neural network separately and then, by combining the informatio...

Full description

Saved in:
Bibliographic Details
Main Authors: Batina, Lejla, Bhasin, Shivam, Jap, Dirmanto, Picek, Stjepan
Other Authors: Temasek Laboratories @ NTU
Format: Article
Language:English
Published: 2021
Subjects:
Online Access:https://hdl.handle.net/10356/153411
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-153411
record_format dspace
spelling sg-ntu-dr.10356-1534112021-12-11T20:11:59Z SCA strikes back : reverse engineering neural network architectures using side channels Batina, Lejla Bhasin, Shivam Jap, Dirmanto Picek, Stjepan Temasek Laboratories @ NTU Science::Mathematics::Discrete mathematics::Cryptography Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence Biological Neural Networks Neurons Our previous work selected for Top Picks in Hardware and Embedded Security 2020 demonstrates that it is possible to reverse engineer neural networks by using side-channel attacks. We developed a framework that considers each part of the neural network separately and then, by combining the information, manages to reverse engineer all relevant hyper-parameters and parameters. Our work is a proof of concept (but also a realistic demonstration) that such attacks are possible and warns that more effort should be given to developing countermeasures. While we have used microcontrollers for our experiments, the attack applies to other targets like FPGAs and GPUs. National Research Foundation (NRF) Accepted version This research is partly supported by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme / Cyber-Hardware Forensic & Assurance Evaluation R&D Programme (Award: NRF2018NCR-NCR009-0001) 2021-12-07T13:44:55Z 2021-12-07T13:44:55Z 2021 Journal Article Batina, L., Bhasin, S., Jap, D. & Picek, S. (2021). SCA strikes back : reverse engineering neural network architectures using side channels. IEEE Design and Test. https://dx.doi.org/10.1109/MDAT.2021.3128436 2168-2364 https://hdl.handle.net/10356/153411 10.1109/MDAT.2021.3128436 en NRF2018NCR-NCR009-0001 IEEE Design and Test © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/MDAT.2021.3128436. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Science::Mathematics::Discrete mathematics::Cryptography
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence
Biological Neural Networks
Neurons
spellingShingle Science::Mathematics::Discrete mathematics::Cryptography
Engineering::Computer science and engineering::Computing methodologies::Artificial intelligence
Biological Neural Networks
Neurons
Batina, Lejla
Bhasin, Shivam
Jap, Dirmanto
Picek, Stjepan
SCA strikes back : reverse engineering neural network architectures using side channels
description Our previous work selected for Top Picks in Hardware and Embedded Security 2020 demonstrates that it is possible to reverse engineer neural networks by using side-channel attacks. We developed a framework that considers each part of the neural network separately and then, by combining the information, manages to reverse engineer all relevant hyper-parameters and parameters. Our work is a proof of concept (but also a realistic demonstration) that such attacks are possible and warns that more effort should be given to developing countermeasures. While we have used microcontrollers for our experiments, the attack applies to other targets like FPGAs and GPUs.
author2 Temasek Laboratories @ NTU
author_facet Temasek Laboratories @ NTU
Batina, Lejla
Bhasin, Shivam
Jap, Dirmanto
Picek, Stjepan
format Article
author Batina, Lejla
Bhasin, Shivam
Jap, Dirmanto
Picek, Stjepan
author_sort Batina, Lejla
title SCA strikes back : reverse engineering neural network architectures using side channels
title_short SCA strikes back : reverse engineering neural network architectures using side channels
title_full SCA strikes back : reverse engineering neural network architectures using side channels
title_fullStr SCA strikes back : reverse engineering neural network architectures using side channels
title_full_unstemmed SCA strikes back : reverse engineering neural network architectures using side channels
title_sort sca strikes back : reverse engineering neural network architectures using side channels
publishDate 2021
url https://hdl.handle.net/10356/153411
_version_ 1720447111457144832