DNN model theft through trojan side-channel on edge FPGA accelerator
In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by moni...
Saved in:
Main Authors: | , , |
---|---|
Other Authors: | |
Format: | Conference or Workshop Item |
Language: | English |
Published: |
2024
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/178536 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-178536 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1785362024-07-01T01:39:40Z DNN model theft through trojan side-channel on edge FPGA accelerator Chandrasekar, Srivatsan Lam, Siew-Kei Thambipillai, Srikanthan College of Computing and Data Science 19th International Symposium on Applied Reconfigurable Computing (ARC 2023) Cyber Security Research Centre @ NTU (CYSREN) Computer and Information Science Side-channel attacks Deep learning accelerators FPGA security Machine learning security Hardware trojans In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by monitoring the AXI interface signals of VTA’s submodules. The memory side-channel information is leaked through a UART port, which reveals the DNN architecture information. Our experiments demonstrate the effectiveness of the proposed attack and highlight the need for robust security measures to protect DNN intellectual property (IP) models that are deployed on edge FPGA platforms. Ministry of Education (MOE) Nanyang Technological University This work was supported in part by NTU-DESAY SV Research Program 2018–0980; and in part by the Ministry of Education, Singapore, under its Academic Research Fund Tier 2, under Grant MOE-T2EP20121-0008. 2024-07-01T01:39:39Z 2024-07-01T01:39:39Z 2023 Conference Paper Chandrasekar, S., Lam, S. & Thambipillai, S. (2023). DNN model theft through trojan side-channel on edge FPGA accelerator. 19th International Symposium on Applied Reconfigurable Computing (ARC 2023), LNCS 14251, 146-158. https://dx.doi.org/10.1007/978-3-031-42921-7_10 9783031429200 https://hdl.handle.net/10356/178536 10.1007/978-3-031-42921-7_10 2-s2.0-85174448328 LNCS 14251 146 158 en MOE-T2EP20121-0008 © 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG. All rights reserved. |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Computer and Information Science Side-channel attacks Deep learning accelerators FPGA security Machine learning security Hardware trojans |
spellingShingle |
Computer and Information Science Side-channel attacks Deep learning accelerators FPGA security Machine learning security Hardware trojans Chandrasekar, Srivatsan Lam, Siew-Kei Thambipillai, Srikanthan DNN model theft through trojan side-channel on edge FPGA accelerator |
description |
In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by monitoring the AXI interface signals of VTA’s submodules. The memory side-channel information is leaked through a UART port, which reveals the DNN architecture information. Our experiments demonstrate the effectiveness of the proposed attack and highlight the need for robust security measures to protect DNN intellectual property (IP) models that are deployed on edge FPGA platforms. |
author2 |
College of Computing and Data Science |
author_facet |
College of Computing and Data Science Chandrasekar, Srivatsan Lam, Siew-Kei Thambipillai, Srikanthan |
format |
Conference or Workshop Item |
author |
Chandrasekar, Srivatsan Lam, Siew-Kei Thambipillai, Srikanthan |
author_sort |
Chandrasekar, Srivatsan |
title |
DNN model theft through trojan side-channel on edge FPGA accelerator |
title_short |
DNN model theft through trojan side-channel on edge FPGA accelerator |
title_full |
DNN model theft through trojan side-channel on edge FPGA accelerator |
title_fullStr |
DNN model theft through trojan side-channel on edge FPGA accelerator |
title_full_unstemmed |
DNN model theft through trojan side-channel on edge FPGA accelerator |
title_sort |
dnn model theft through trojan side-channel on edge fpga accelerator |
publishDate |
2024 |
url |
https://hdl.handle.net/10356/178536 |
_version_ |
1806059851037540352 |