Leaky Nets: Recovering Embedded Neural Network Models and Inputs Through Simple Power and Timing Side-Channels—Attacks and Defenses
- 23 February 2021
- journal article
- research article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Internet of Things Journal
- Vol. 8 (15), 12079-12092
- https://doi.org/10.1109/jiot.2021.3061314
Abstract
With the recent advancements in machine learning theory, many commercial embedded micro-processors use neural network models for a variety of signal processing applications. However, their associated side-channel security vulnerabilities pose a major concern. There have been several proof-of-concept attacks demonstrating the extraction of their model parameters and input data. But, many of these attacks involve specific assumptions, have limited applicability, or pose huge overheads to the attacker. In this work, we study the side-channel vulnerabilities of embedded neural network implementations by recovering their parameters using timing-based information leakage and simple power analysis side-channel attacks. We demonstrate our attacks on popular micro-controller platforms over networks of different precisions such as floating point, fixed point, binary networks. We are able to successfully recover not only the model parameters but also the inputs for the above networks. Countermeasures against timing-based attacks are implemented and their overheads are analyzed.Keywords
Funding Information
- Analog Devices
- Texas Instruments
This publication has 29 references indexed in Scilit:
- Wearable system-on-module for prosopagnosia rehabilitationPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- DeepChess: End-to-End Deep Neural Network for Automatic Learning in ChessLecture Notes in Computer Science, 2016
- EIEACM SIGARCH Computer Architecture News, 2016
- Convolutional Neural Networks for Medical Image Analysis: Full Training or Fine Tuning?IEEE Transactions on Medical Imaging, 2016
- Soft Analytical Side-Channel AttacksLecture Notes in Computer Science, 2014
- Horizontal Correlation Analysis on ExponentiationLecture Notes in Computer Science, 2010
- Algebraic Methods in Side-Channel Collision Attacks and Practical Collision DetectionLecture Notes in Computer Science, 2008
- Correlation Power Analysis with a Leakage ModelLecture Notes in Computer Science, 2004
- A Collision-Attack on AESLecture Notes in Computer Science, 2004
- Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other SystemsLecture Notes in Computer Science, 1996