Litcius/Paper detail

Leaky Nets: Recovering Embedded Neural Network Models and Inputs Through Simple Power and Timing Side-Channels—Attacks and Defenses

Saurav Maji, Utsav Banerjee, Anantha P. Chandrakasan

2021IEEE Internet of Things Journal48 citationsDOIOpen Access PDF

Abstract

With the recent advancements in machine learning theory, many commercial embedded microprocessors use neural network (NN) models for a variety of signal processing applications. However, their associated side-channel security vulnerabilities pose a major concern. There have been several proof-of-concept attacks demonstrating the extraction of their model parameters and input data. But, many of these attacks involve specific assumptions, have limited applicability, or pose huge overheads to the attacker. In this work, we study the side-channel vulnerabilities of embedded NN implementations by recovering their parameters using timing-based information leakage and simple power analysis side-channel attacks. We demonstrate our attacks on popular microcontroller platforms over networks of different precisions, such as floating point, fixed point, and binary networks. We are able to successfully recover not only the model parameters but also the inputs for the above networks. Countermeasures against timing-based attacks are implemented and their overheads are analyzed.

Topics & Concepts

Computer scienceArtificial neural networkMicrocontrollerEmbedded systemImplementationSimple (philosophy)Signal processingBinary numberReal-time computingVariety (cybernetics)Feature extractionPower (physics)Power analysisDeep learningDistributed computingComputer engineeringSIGNAL (programming language)CryptographyThreat modelAttack modelLeakage (economics)Recurrent neural networkAdversarial Robustness in Machine LearningSecurity and Verification in ComputingCryptographic Implementations and Security