DNN model theft through trojan side-channel on edge FPGA accelerator

DNN model theft through trojan side-channel on edge FPGA accelerator

In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by moni...

وصف كامل

محفوظ في:
التفاصيل البيبلوغرافية
المؤلفون الرئيسيون: Chandrasekar, Srivatsan, Lam, Siew-Kei, Thambipillai, Srikanthan
مؤلفون آخرون: College of Computing and Data Science
التنسيق: Conference or Workshop Item
اللغة:English
منشور في: 2024
الموضوعات:
Computer and Information Science
Side-channel attacks
Deep learning accelerators
FPGA security
Machine learning security
Hardware trojans
الوصول للمادة أونلاين:https://hdl.handle.net/10356/178536
الوسوم: إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
الوصف
الملخص:In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by monitoring the AXI interface signals of VTA’s submodules. The memory side-channel information is leaked through a UART port, which reveals the DNN architecture information. Our experiments demonstrate the effectiveness of the proposed attack and highlight the need for robust security measures to protect DNN intellectual property (IP) models that are deployed on edge FPGA platforms.

مواد مشابهة