If one of my research topics catches your interest, feel free to contact me for possible Bachelor Thesis, Master Thesis or research internship opportunities.
Stichworte: Side channel analysis, DPA, Neural Networks, Machine Learning
Beschreibung
Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANN is very time consuming and computational expensive. Thus, the intellectual property stored as ANN is an asset worth to protect.
An possible attack scenario would be to extract the network parameters such as the layer structure, weights and biases to build a copy of the network. Since there is a trend to perform neural network based classification on edge devices possible hardware attacks like Side-Channel Analysis must be considered.
Some attacks are already present. Batina et al. completely retrieve an ANN executed on an ARM Cortex microcontroller [1] . Since it is more common to execute an ANN on a more parallel HW to increase performance attacking FPGA implementations is also worthwise. Dubey et al. published an attack on a binary neural network (BNN) implemented on a FPGA and furthermore masked the network in order to counter their network [2, 3].
In this work, possible side-channel based attack vectors should be investigated. Based on these attack vectors, possible attacks should be performed on hardware accelerators for neural networks.
References
L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
A. Dubey, R. Cammarota, and A. Aysu, “Maskednet: A pathway for secure inference against power side-channel attacks,” arXiv preprint arXiv:1910.13063, 2019.
A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network,” arXiv preprint arXiv:2006.09532, 2020.
Voraussetzungen
Knowledge about Side-Channel Analysis (attending “Sichere Implementierung kryptographischer Verfahren” or something similar is a must)
Gruber, M.; Probst, M.; Tempelmeier, M.: Statistical Ineffective Fault Analysis of GIMLI. 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2020IEEE International Symposium on Hardware Oriented Security and Trust (HOST)mehr…
2019
Gruber, M. and Probst, M. and Tempelmeier, M.: Persistent Fault Analysis of OCB, DEOXYS and COLM. 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2019Atlanta, USAmehr…