DNN model theft through trojan side-channel on edge FPGA accelerator

In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by moni...

Full description

Saved in:
Bibliographic Details
Main Authors: Chandrasekar, Srivatsan, Lam, Siew-Kei, Thambipillai, Srikanthan
Other Authors: College of Computing and Data Science
Format: Conference or Workshop Item
Language:English
Published: 2024
Subjects:
Online Access:https://hdl.handle.net/10356/178536
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-178536
record_format dspace
spelling sg-ntu-dr.10356-1785362024-07-01T01:39:40Z DNN model theft through trojan side-channel on edge FPGA accelerator Chandrasekar, Srivatsan Lam, Siew-Kei Thambipillai, Srikanthan College of Computing and Data Science 19th International Symposium on Applied Reconfigurable Computing (ARC 2023) Cyber Security Research Centre @ NTU (CYSREN) Computer and Information Science Side-channel attacks Deep learning accelerators FPGA security Machine learning security Hardware trojans In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by monitoring the AXI interface signals of VTA’s submodules. The memory side-channel information is leaked through a UART port, which reveals the DNN architecture information. Our experiments demonstrate the effectiveness of the proposed attack and highlight the need for robust security measures to protect DNN intellectual property (IP) models that are deployed on edge FPGA platforms. Ministry of Education (MOE) Nanyang Technological University This work was supported in part by NTU-DESAY SV Research Program 2018–0980; and in part by the Ministry of Education, Singapore, under its Academic Research Fund Tier 2, under Grant MOE-T2EP20121-0008. 2024-07-01T01:39:39Z 2024-07-01T01:39:39Z 2023 Conference Paper Chandrasekar, S., Lam, S. & Thambipillai, S. (2023). DNN model theft through trojan side-channel on edge FPGA accelerator. 19th International Symposium on Applied Reconfigurable Computing (ARC 2023), LNCS 14251, 146-158. https://dx.doi.org/10.1007/978-3-031-42921-7_10 9783031429200 https://hdl.handle.net/10356/178536 10.1007/978-3-031-42921-7_10 2-s2.0-85174448328 LNCS 14251 146 158 en MOE-T2EP20121-0008 © 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG. All rights reserved.
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Computer and Information Science
Side-channel attacks
Deep learning accelerators
FPGA security
Machine learning security
Hardware trojans
spellingShingle Computer and Information Science
Side-channel attacks
Deep learning accelerators
FPGA security
Machine learning security
Hardware trojans
Chandrasekar, Srivatsan
Lam, Siew-Kei
Thambipillai, Srikanthan
DNN model theft through trojan side-channel on edge FPGA accelerator
description In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by monitoring the AXI interface signals of VTA’s submodules. The memory side-channel information is leaked through a UART port, which reveals the DNN architecture information. Our experiments demonstrate the effectiveness of the proposed attack and highlight the need for robust security measures to protect DNN intellectual property (IP) models that are deployed on edge FPGA platforms.
author2 College of Computing and Data Science
author_facet College of Computing and Data Science
Chandrasekar, Srivatsan
Lam, Siew-Kei
Thambipillai, Srikanthan
format Conference or Workshop Item
author Chandrasekar, Srivatsan
Lam, Siew-Kei
Thambipillai, Srikanthan
author_sort Chandrasekar, Srivatsan
title DNN model theft through trojan side-channel on edge FPGA accelerator
title_short DNN model theft through trojan side-channel on edge FPGA accelerator
title_full DNN model theft through trojan side-channel on edge FPGA accelerator
title_fullStr DNN model theft through trojan side-channel on edge FPGA accelerator
title_full_unstemmed DNN model theft through trojan side-channel on edge FPGA accelerator
title_sort dnn model theft through trojan side-channel on edge fpga accelerator
publishDate 2024
url https://hdl.handle.net/10356/178536
_version_ 1806059851037540352