poster

Public Access

Stealing Neural Network Structure through Remote FPGA Side-channel Analysis

Authors:

Yicheng Zhang,

Rozhin Yasaei,

Hao Chen,

Zhou Li,

Mohammad Abdullah Al FaruqueAuthors Info & Claims

FPGA '21: The 2021 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays

Page 225

https://doi.org/10.1145/3431920.3439468

Published: 17 February 2021 Publication History

Abstract

Deep Neural Network (DNN) models have been extensively developed by companies for a wide range of applications. The development of a customized DNN model with great performance requires costly investments, and its structure (layers and hyper-parameters) is considered intellectual property and holds immense value. However, in this paper, we found the model secret is vulnerable when a cloud-based FPGA accelerator executes it. We demonstrate an end-to-end attack based on remote power side-channel analysis and machine-learning-based secret inference against different DNN models. The evaluation result shows that an attacker can reconstruct the layer and hyper-parameter sequence at over 90% accuracy using our method, which can significantly reduce her model development workload. We believe the threat presented by our attack is tangible, and new defense mechanisms should be developed against this threat.

Cited By

View all

Glamočanin OBazaz HPayer MStojilović M(2023)Temperature Impact on Remote Power Side-Channel Attacks on Shared FPGAs2023 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE56975.2023.10136979(1-6)Online publication date: Apr-2023
https://doi.org/10.23919/DATE56975.2023.10136979
Zhang YPandey DWu DKundu TLi RShu T(2023)Accuracy-Constrained Efficiency Optimization and GPU Profiling of CNN Inference for Detecting Drainage Crossing LocationsProceedings of the SC '23 Workshops of the International Conference on High Performance Computing, Network, Storage, and Analysis10.1145/3624062.3624260(1780-1788)Online publication date: 12-Nov-2023
https://dl.acm.org/doi/10.1145/3624062.3624260
Glamočanin OShrivastava SYao JArdo NPayer MStojilović M(2023)Instruction-Level Power Side-Channel Leakage Evaluation of Soft-Core CPUs on Shared FPGAsJournal of Hardware and Systems Security10.1007/s41635-023-00135-17:2-3(72-99)Online publication date: 4-Oct-2023
https://doi.org/10.1007/s41635-023-00135-1
Show More Cited By

Index Terms

Stealing Neural Network Structure through Remote FPGA Side-channel Analysis
1. Hardware
  1. Integrated circuits
    1. Reconfigurable logic and FPGAs
2. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

Attacking and Securing the Clock Randomization and Duplication Side-Channel Attack Countermeasure
Foundations and Practice of Security
Abstract
The emergence of deep learning has revolutionized side-channel attacks, making them a serious threat to cryptographic systems. Clock randomization is a well-established mitigation technique against side-channel attacks that, when combined with ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Informer: Protecting Intel SGX from Cross-Core Side Channel Threats
Information and Communications Security
Abstract
As one of the major threats facing Intel SGX, side-channel attacks have been widely researched and disclosed as actual vulnerabilities in recent years, which can severely harm the integrity and confidentiality of programs protected by SGX. Most ...

Comments

Information & Contributors

Information

Published In

FPGA '21: The 2021 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays

February 2021

240 pages

ISBN:9781450382182

DOI:10.1145/3431920

General Chair:
Lesley Shannon
Simon Fraser University, Canada
,
Program Chair:
Michael Adler
Intel, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 February 2021

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

Conference

FPGA '21

Sponsor:

SIGDA

FPGA '21: The 2021 ACM/SIGDA International Symposium on Field Programmable Gate Arrays

February 28 - March 2, 2021

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 125 of 627 submissions, 20%

Upcoming Conference

FPGA '25

Sponsor:
sigda

The 2025 ACM/SIGDA International Symposium on Field Programmable Gate Arrays

February 27 - March 1, 2025

Monterey , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Glamočanin OBazaz HPayer MStojilović M(2023)Temperature Impact on Remote Power Side-Channel Attacks on Shared FPGAs2023 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE56975.2023.10136979(1-6)Online publication date: Apr-2023
https://doi.org/10.23919/DATE56975.2023.10136979
Zhang YPandey DWu DKundu TLi RShu T(2023)Accuracy-Constrained Efficiency Optimization and GPU Profiling of CNN Inference for Detecting Drainage Crossing LocationsProceedings of the SC '23 Workshops of the International Conference on High Performance Computing, Network, Storage, and Analysis10.1145/3624062.3624260(1780-1788)Online publication date: 12-Nov-2023
https://dl.acm.org/doi/10.1145/3624062.3624260
Glamočanin OShrivastava SYao JArdo NPayer MStojilović M(2023)Instruction-Level Power Side-Channel Leakage Evaluation of Soft-Core CPUs on Shared FPGAsJournal of Hardware and Systems Security10.1007/s41635-023-00135-17:2-3(72-99)Online publication date: 4-Oct-2023
https://doi.org/10.1007/s41635-023-00135-1
Mahmoud DLenders VStojilović M(2022)Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous EraACM Computing Surveys10.1145/349833755:3(1-40)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3498337
Rakin AChowdhuryy MYao FFan D(2022)DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833743(1157-1174)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833743
Dubey AKarabulut EAwad AAysu A(2022)High-Fidelity Model Extraction Attacks via Remote Power Monitors2022 IEEE 4th International Conference on Artificial Intelligence Circuits and Systems (AICAS)10.1109/AICAS54282.2022.9869973(328-331)Online publication date: 13-Jun-2022
https://doi.org/10.1109/AICAS54282.2022.9869973

Abstract

Cited By

Index Terms

Recommendations

Attacking and Securing the Clock Randomization and Duplication Side-Channel Attack Countermeasure

Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures

Informer: Protecting Intel SGX from Cross-Core Side Channel Threats

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Share

Share this Publication link

Share on social media

Affiliations