Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
156 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Side-Channel Analysis of OpenVINO-based Neural Network Models (2407.16467v2)

Published 23 Jul 2024 in cs.CR and cs.AI

Abstract: Embedded devices with neural network accelerators offer great versatility for their users, reducing the need to use cloud-based services. At the same time, they introduce new security challenges in the area of hardware attacks, the most prominent being side-channel analysis (SCA). It was shown that SCA can recover model parameters with a high accuracy, posing a threat to entities that wish to keep their models confidential. In this paper, we explore the susceptibility of quantized models implemented in OpenVINO, an embedded framework for deploying neural networks on embedded and Edge devices. We show that it is possible to recover model parameters with high precision, allowing the recovered model to perform very close to the original one. Our experiments on GoogleNet v1 show only a 1% difference in the Top 1 and a 0.64% difference in the Top 5 accuracies.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (24)
  1. Reliable information extraction for single trace attacks. In 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE), pages 133–138. IEEE, 2015.
  2. On implementation-level security of edge-based machine learning models. In Security and Artificial Intelligence: A Crossdisciplinary Approach, pages 335–359. Springer, 2022.
  3. {{\{{CSI}}\}}{{\{{NN}}\}}: Reverse engineering of neural network architectures through electromagnetic side channel. In 28th USENIX Security Symposium (USENIX Security 19), pages 515–532, 2019.
  4. A desynchronization-based countermeasure against side-channel analysis of neural networks. In International Symposium on Cyber Security, Cryptology, and Machine Learning, pages 296–306. Springer, 2023.
  5. Sniff: reverse engineering of neural networks with fault attacks. IEEE Transactions on Reliability, 71(4):1527–1539, 2021.
  6. Side channel attacks for architecture extraction of neural networks. CAAI Transactions on Intelligence Technology, 6(1):3–16, 2021.
  7. Imagenet: A large-scale hierarchical image database. In 2009 IEEE conference on computer vision and pattern recognition, pages 248–255. Ieee, 2009.
  8. Modulonet: Neural networks meet modular arithmetic for efficient hardware masking. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 506–556, 2022.
  9. Maskednet: The first hardware inference engine aiming power side-channel protection. In 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pages 197–208. IEEE, 2020.
  10. Deeptheft: Stealing dnn model architectures through power side channel. arXiv preprint arXiv:2309.11894, 2023.
  11. Deep learning. MIT press, 2016.
  12. Cryptography and Embedded Systems Security. Springer Nature Switzerland, 2024.
  13. Quantized neural networks: Training neural networks with low precision weights and activations. Journal of Machine Learning Research, 18(187):1–30, 2018.
  14. Differential power analysis. In Advances in Cryptology—CRYPTO’99: 19th Annual International Cryptology Conference Santa Barbara, California, USA, August 15–19, 1999 Proceedings 19, pages 388–397. Springer, 1999.
  15. Neural network compression framework for fast model inference. arXiv preprint arXiv:2002.08679, 2020.
  16. Deep learning. nature, 521(7553):436–444, 2015.
  17. A survey of convolutional neural networks: analysis, applications, and prospects. IEEE transactions on neural networks and learning systems, 33(12):6999–7019, 2021.
  18. Power analysis attacks: Revealing the secrets of smart cards, volume 31. Springer Science & Business Media, 2008.
  19. Physical side-channel attacks on embedded neural networks: A survey. Applied Sciences, 11(15):6790, 2021.
  20. Scann: Side channel analysis of spiking neural networks. Cryptography, 7(2):17, 2023.
  21. I know what you trained last summer: A survey on stealing machine learning models and defences. ACM Computing Surveys, 55(14s):1–41, 2023.
  22. γ𝛾\gammaitalic_γ-knife: Extracting neural network architecture through software-based power side-channel. IEEE Transactions on Dependable and Secure Computing, 2023.
  23. Going deeper with convolutions. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 1–9, 2015.
  24. Side-channel attack analysis on in-memory computing architectures. IEEE Transactions on Emerging Topics in Computing, 12(1):109–121, 2023.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets