CAREER: Physical Side-Channels Beyond Cryptography: Transforming the Side-Channel Framework for Deep Learning

职业：超越密码学的物理侧通道：转变深度学习的侧通道框架

• 批准号: 1943245
• 负责人: Aydin Aysu
• 金额: $ 43.87万
• 依托单位: North Carolina State University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1943245&HistoricalAwards=false
• 关键词: CAREER; Physical; Side; Channels; Beyond

Machine Learning (ML) classifiers are hard to develop and are used in safety-critical applications like autonomous driving. Exposing the details of an ML classifier thus results in intellectual property theft and also makes it easier to be fooled by adversaries. Unfortunately, the implementation of an ML classifier may leak information about its inner workings. The primary research goal of this project is to develop secure ML classifier implementations. This work specifically addresses the fundamental electromagnetic and power side-channel vulnerabilities of physical implementations of ML classifiers.The intellectual merit of the project is to extend the physical side-channel analysis framework beyond cryptography for securing deep neural network (NN) classifiers. Although there is research on the mathematical analysis and digital side-channels of NN model extraction, physical side-channels are largely unexplored. The research tasks are to design physical side-channel resilient NN components, to integrate the developed components into a high-level synthesis framework for automatic generation of protected NN hardware accelerators, and to evaluate/benchmark side-channel security and countermeasure overheads.The broader impact of this project includes disseminating publications, distributing open-source hardware and software, and bridging the research on NNs and hardware security. The project also aims developing a college course to teach hardware security for NNs with hands-on experiments. This work may also help the Executive Order on Maintaining American Leadership in Artificial Intelligence, by evaluating the security of the Artificial Intelligence standards being put forward by the National Institute of Standards and Technology (NIST).This project will use a repository with multiple back-up servers to store and log the data, and the major results and hardware and software products will be made publicly available by using resources over the world wide web. Further information on the project repository will be made accessible at https://research.ece.ncsu.edu/aaysu/research/MLSec-CAREER-nsf.html. The repository is intended to be actively maintained for the duration of the project and 5 years after its completion.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

机器学习(ML)分类器很难开发，并且被用于自动驾驶等安全关键应用中。因此，暴露ML分类器的详细信息会导致知识产权被盗，也更容易被对手愚弄。不幸的是，ML分类器的实现可能会泄露有关其内部工作的信息。该项目的主要研究目标是开发安全的ML分类器实现。这项工作专门解决了ML分类器物理实现的基本电磁和功率侧通道漏洞。该项目的智能优点是将物理侧通道分析框架扩展到密码学之外，以确保深度神经网络(NN)分类器的安全。虽然已经有关于神经网络模型提取的数学分析和数字旁路的研究，但物理旁路在很大程度上还没有被探索。研究任务是设计物理侧通道弹性神经网络组件，将开发的组件集成到一个高层综合框架中以自动生成受保护的神经网络硬件加速器，评估/基准侧通道安全和对抗开销，该项目的更广泛影响包括传播出版物、分发开源硬件和软件，以及将NNS和硬件安全的研究联系起来。该项目还旨在开发一门大学课程，通过动手实验为NNS教授硬件安全。这项工作还可能通过评估美国国家标准与技术研究所(NIST)提出的人工智能标准的安全性，来帮助维持美国在人工智能领域的领导地位的行政命令。该项目将使用一个具有多个备份服务器的存储库来存储和记录数据，主要结果以及硬件和软件产品将通过使用万维网上的资源公开提供。有关项目储存库的更多信息将在https://research.ece.ncsu.edu/aaysu/research/MLSec-CAREER-nsf.html.上提供该储存库将在项目期间和完成后5年内积极维护。这一奖励反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Hardware-Software Co-design for Side-Channel Protected Neural Network Inference

用于侧通道保护神经网络推理的硬件-软件协同设计

• DOI: 10.1109/host55118.2023.10133716
• 发表时间: 2023
• 期刊: 2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST
• 作者: Dubey, Anuj;Cammarota, Rosario;Varna, Avinash;Kumar, Raghavan;Aysu, Aydin
• 通讯作者: Aysu, Aydin

ModuloNET: Neural Networks Meet Modular Arithmetic for Efficient Hardware Masking

• DOI: 10.46586/tches.v2022.i1.506-556
• 发表时间: 2021-11
• 期刊: IACR Trans. Cryptogr. Hardw. Embed. Syst.
• 作者: Anuj Dubey;Afzal Ahmad;M. A. Pasha;Rosario Cammarota;Aydin Aysu

BoMaNet: Boolean Masking of an Entire Neural Network

• DOI: 10.1145/3400302.3415649
• 发表时间: 2020-06
• 期刊: 2020 IEEE/ACM International Conference On Computer Aided Design (ICCAD)
• 作者: Anuj Dubey;Rosario Cammarota;Aydin Aysu

Guarding Machine Learning Hardware Against Physical Side-channel Attacks

• DOI: 10.1145/3465377
• 发表时间: 2021-09
• 期刊: ACM Journal on Emerging Technologies in Computing Systems (JETC)
• 作者: Anuj Dubey;Rosario Cammarota;Vikram B. Suresh;Aydin Aysu

High-Fidelity Model Extraction Attacks via Remote Power Monitors

通过远程功率监视器进行高保真模型提取攻击

• DOI: 10.1109/aicas54282.2022.9869973
• 发表时间: 2022
• 期刊: 2022 IEEE 4th International Conference on Artificial Intelligence Circuits and Systems (AICAS
• 作者: Dubey, Anuj;Karabulut, Emre;Awad, Amro;Aysu, Aydin
• 通讯作者: Aysu, Aydin