Hardware Trojan Attacks on the Reconfigurable Interconnections of Field-Programmable Gate Array-Based Convolutional Neural Network Accelerators and a Physically Unclonable Function-Based Countermeasure Detection Technique
Convolutional neural networks (CNNs) have demonstrated significant superiority in modern artificial intelligence (AI) applications. To accelerate the inference process of CNNs, reconfigurable CNN accelerators that support diverse networks are widely employed for AI systems. Given the ubiquitous depl...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2024-01-01
|
| Series: | Micromachines |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2072-666X/15/1/149 |
| _version_ | 1797342932971290624 |
|---|---|
| author | Jia Hou Zichu Liu Zepeng Yang Chen Yang |
| author_facet | Jia Hou Zichu Liu Zepeng Yang Chen Yang |
| author_sort | Jia Hou |
| collection | DOAJ |
| description | Convolutional neural networks (CNNs) have demonstrated significant superiority in modern artificial intelligence (AI) applications. To accelerate the inference process of CNNs, reconfigurable CNN accelerators that support diverse networks are widely employed for AI systems. Given the ubiquitous deployment of these AI systems, there is a growing concern regarding the security of CNN accelerators and the potential attacks they may face, including hardware Trojans. This paper proposes a hardware Trojan designed to attack a crucial component of FPGA-based CNN accelerators: the reconfigurable interconnection network. Specifically, the hardware Trojan alters the data paths during activation, resulting in incorrect connections in the arithmetic circuit and consequently causing erroneous convolutional computations. To address this issue, the paper introduces a novel detection technique based on physically unclonable functions (PUFs) to safeguard the reconfigurable interconnection network against hardware Trojan attacks. Experimental results demonstrate that by incorporating a mere 0.27% hardware overhead to the accelerator, the proposed hardware Trojan can degrade the inference accuracy of popular neural network architectures, including LeNet, AlexNet, and VGG, by a significant range of 8.93% to 86.20%. The implemented arbiter-PUF circuit on a Xilinx Zynq XC7Z100 platform successfully detects the presence and location of hardware Trojans in a reconfigurable interconnection network. This research highlights the vulnerability of reconfigurable CNN accelerators to hardware Trojan attacks and proposes a promising detection technique to mitigate potential security risks. The findings underscore the importance of addressing hardware security concerns in the design and deployment of AI systems utilizing FPGA-based CNN accelerators. |
| first_indexed | 2024-03-08T10:40:23Z |
| format | Article |
| id | doaj.art-67f229b415984ad7a86f2439d5bb0031 |
| institution | Directory Open Access Journal |
| issn | 2072-666X |
| language | English |
| last_indexed | 2024-03-08T10:40:23Z |
| publishDate | 2024-01-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Micromachines |
| spelling | doaj.art-67f229b415984ad7a86f2439d5bb00312024-01-26T17:45:32ZengMDPI AGMicromachines2072-666X2024-01-0115114910.3390/mi15010149Hardware Trojan Attacks on the Reconfigurable Interconnections of Field-Programmable Gate Array-Based Convolutional Neural Network Accelerators and a Physically Unclonable Function-Based Countermeasure Detection TechniqueJia Hou0Zichu Liu1Zepeng Yang2Chen Yang3School of Microelectronics, Xi’an Jiaotong University, Xi’an 710049, ChinaSchool of Microelectronics, Xi’an Jiaotong University, Xi’an 710049, ChinaSchool of Microelectronics, Xi’an Jiaotong University, Xi’an 710049, ChinaSchool of Microelectronics, Xi’an Jiaotong University, Xi’an 710049, ChinaConvolutional neural networks (CNNs) have demonstrated significant superiority in modern artificial intelligence (AI) applications. To accelerate the inference process of CNNs, reconfigurable CNN accelerators that support diverse networks are widely employed for AI systems. Given the ubiquitous deployment of these AI systems, there is a growing concern regarding the security of CNN accelerators and the potential attacks they may face, including hardware Trojans. This paper proposes a hardware Trojan designed to attack a crucial component of FPGA-based CNN accelerators: the reconfigurable interconnection network. Specifically, the hardware Trojan alters the data paths during activation, resulting in incorrect connections in the arithmetic circuit and consequently causing erroneous convolutional computations. To address this issue, the paper introduces a novel detection technique based on physically unclonable functions (PUFs) to safeguard the reconfigurable interconnection network against hardware Trojan attacks. Experimental results demonstrate that by incorporating a mere 0.27% hardware overhead to the accelerator, the proposed hardware Trojan can degrade the inference accuracy of popular neural network architectures, including LeNet, AlexNet, and VGG, by a significant range of 8.93% to 86.20%. The implemented arbiter-PUF circuit on a Xilinx Zynq XC7Z100 platform successfully detects the presence and location of hardware Trojans in a reconfigurable interconnection network. This research highlights the vulnerability of reconfigurable CNN accelerators to hardware Trojan attacks and proposes a promising detection technique to mitigate potential security risks. The findings underscore the importance of addressing hardware security concerns in the design and deployment of AI systems utilizing FPGA-based CNN accelerators.https://www.mdpi.com/2072-666X/15/1/149convolutional neural networkreconfigurable CNN acceleratorhardware Trojanphysical unclonable functionfield-programmable gate array (FPGA) |
| spellingShingle | Jia Hou Zichu Liu Zepeng Yang Chen Yang Hardware Trojan Attacks on the Reconfigurable Interconnections of Field-Programmable Gate Array-Based Convolutional Neural Network Accelerators and a Physically Unclonable Function-Based Countermeasure Detection Technique Micromachines convolutional neural network reconfigurable CNN accelerator hardware Trojan physical unclonable function field-programmable gate array (FPGA) |
| title | Hardware Trojan Attacks on the Reconfigurable Interconnections of Field-Programmable Gate Array-Based Convolutional Neural Network Accelerators and a Physically Unclonable Function-Based Countermeasure Detection Technique |
| title_full | Hardware Trojan Attacks on the Reconfigurable Interconnections of Field-Programmable Gate Array-Based Convolutional Neural Network Accelerators and a Physically Unclonable Function-Based Countermeasure Detection Technique |
| title_fullStr | Hardware Trojan Attacks on the Reconfigurable Interconnections of Field-Programmable Gate Array-Based Convolutional Neural Network Accelerators and a Physically Unclonable Function-Based Countermeasure Detection Technique |
| title_full_unstemmed | Hardware Trojan Attacks on the Reconfigurable Interconnections of Field-Programmable Gate Array-Based Convolutional Neural Network Accelerators and a Physically Unclonable Function-Based Countermeasure Detection Technique |
| title_short | Hardware Trojan Attacks on the Reconfigurable Interconnections of Field-Programmable Gate Array-Based Convolutional Neural Network Accelerators and a Physically Unclonable Function-Based Countermeasure Detection Technique |
| title_sort | hardware trojan attacks on the reconfigurable interconnections of field programmable gate array based convolutional neural network accelerators and a physically unclonable function based countermeasure detection technique |
| topic | convolutional neural network reconfigurable CNN accelerator hardware Trojan physical unclonable function field-programmable gate array (FPGA) |
| url | https://www.mdpi.com/2072-666X/15/1/149 |
| work_keys_str_mv | AT jiahou hardwaretrojanattacksonthereconfigurableinterconnectionsoffieldprogrammablegatearraybasedconvolutionalneuralnetworkacceleratorsandaphysicallyunclonablefunctionbasedcountermeasuredetectiontechnique AT zichuliu hardwaretrojanattacksonthereconfigurableinterconnectionsoffieldprogrammablegatearraybasedconvolutionalneuralnetworkacceleratorsandaphysicallyunclonablefunctionbasedcountermeasuredetectiontechnique AT zepengyang hardwaretrojanattacksonthereconfigurableinterconnectionsoffieldprogrammablegatearraybasedconvolutionalneuralnetworkacceleratorsandaphysicallyunclonablefunctionbasedcountermeasuredetectiontechnique AT chenyang hardwaretrojanattacksonthereconfigurableinterconnectionsoffieldprogrammablegatearraybasedconvolutionalneuralnetworkacceleratorsandaphysicallyunclonablefunctionbasedcountermeasuredetectiontechnique |