Time to leak : cross-device timing attack on edge deep learning accelerator
Edge deep learning accelerators are optimised hard ware to enable efficient inference on the edge. The models deployed on these accelerators are often proprietary and thus sensitive for commercial and privacy reasons. In this paper, we demonstrate practical vulnerability of deployed deep learning mo...
| Main Authors: | , , , , |
|---|---|
| Other Authors: | |
| Format: | Conference Paper |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/147150 |
| _version_ | 1826115578334543872 |
|---|---|
| author | Won, Yoo-Seung Chatterjee, Soham Jap, Dirmanto Bhasin, Shivam Basu, Arindam |
| author2 | School of Electrical and Electronic Engineering |
| author_facet | School of Electrical and Electronic Engineering Won, Yoo-Seung Chatterjee, Soham Jap, Dirmanto Bhasin, Shivam Basu, Arindam |
| author_sort | Won, Yoo-Seung |
| collection | NTU |
| description | Edge deep learning accelerators are optimised hard ware to enable efficient inference on the edge. The models deployed on these accelerators are often proprietary and thus sensitive for commercial and privacy reasons. In this paper, we demonstrate practical vulnerability of deployed deep learning models to timing side-channel attacks. By measuring the execution time of the inference, the adversary can determine and reconstruct the model from a known family of well known deep learning model and then use available techniques to recover remaining hyperparameters. The vulnerability is validated on Intel Compute Stick 2 for VGG and ResNet family of models. Moreover, the presented attack is quite devastating as it can be performed in a cross-device setting, where adversary profiles constructed on a legally own device can be used to exploit the victim device with a single query and still can achieve near perfect success rate. |
| first_indexed | 2024-10-01T03:57:47Z |
| format | Conference Paper |
| id | ntu-10356/147150 |
| institution | Nanyang Technological University |
| language | English |
| last_indexed | 2024-10-01T03:57:47Z |
| publishDate | 2021 |
| record_format | dspace |
| spelling | ntu-10356/1471502021-03-27T20:11:28Z Time to leak : cross-device timing attack on edge deep learning accelerator Won, Yoo-Seung Chatterjee, Soham Jap, Dirmanto Bhasin, Shivam Basu, Arindam School of Electrical and Electronic Engineering 2021 International Conference on Electronics, Information, and Communication (ICEIC) Temasek Laboratories Engineering::Computer science and engineering::Information systems::Information systems applications Deep Learning Performance Evaluation Edge deep learning accelerators are optimised hard ware to enable efficient inference on the edge. The models deployed on these accelerators are often proprietary and thus sensitive for commercial and privacy reasons. In this paper, we demonstrate practical vulnerability of deployed deep learning models to timing side-channel attacks. By measuring the execution time of the inference, the adversary can determine and reconstruct the model from a known family of well known deep learning model and then use available techniques to recover remaining hyperparameters. The vulnerability is validated on Intel Compute Stick 2 for VGG and ResNet family of models. Moreover, the presented attack is quite devastating as it can be performed in a cross-device setting, where adversary profiles constructed on a legally own device can be used to exploit the victim device with a single query and still can achieve near perfect success rate. National Research Foundation (NRF) Accepted version This research is supported in parts by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme / Cyber-Hardware Forensic & Assurance Evaluation R&D Programme (Award: NRF2018NCR-NCR009-0001). 2021-03-24T07:38:55Z 2021-03-24T07:38:55Z 2021 Conference Paper Won, Y., Chatterjee, S., Jap, D., Bhasin, S. & Basu, A. (2021). Time to leak : cross-device timing attack on edge deep learning accelerator. 2021 International Conference on Electronics, Information, and Communication (ICEIC), 1-4. https://dx.doi.org/10.1109/ICEIC51217.2021.9369754 978-1-7281-9161-4 https://hdl.handle.net/10356/147150 10.1109/ICEIC51217.2021.9369754 1 4 en © 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/ICEIC51217.2021.9369754 application/pdf |
| spellingShingle | Engineering::Computer science and engineering::Information systems::Information systems applications Deep Learning Performance Evaluation Won, Yoo-Seung Chatterjee, Soham Jap, Dirmanto Bhasin, Shivam Basu, Arindam Time to leak : cross-device timing attack on edge deep learning accelerator |
| title | Time to leak : cross-device timing attack on edge deep learning accelerator |
| title_full | Time to leak : cross-device timing attack on edge deep learning accelerator |
| title_fullStr | Time to leak : cross-device timing attack on edge deep learning accelerator |
| title_full_unstemmed | Time to leak : cross-device timing attack on edge deep learning accelerator |
| title_short | Time to leak : cross-device timing attack on edge deep learning accelerator |
| title_sort | time to leak cross device timing attack on edge deep learning accelerator |
| topic | Engineering::Computer science and engineering::Information systems::Information systems applications Deep Learning Performance Evaluation |
| url | https://hdl.handle.net/10356/147150 |
| work_keys_str_mv | AT wonyooseung timetoleakcrossdevicetimingattackonedgedeeplearningaccelerator AT chatterjeesoham timetoleakcrossdevicetimingattackonedgedeeplearningaccelerator AT japdirmanto timetoleakcrossdevicetimingattackonedgedeeplearningaccelerator AT bhasinshivam timetoleakcrossdevicetimingattackonedgedeeplearningaccelerator AT basuarindam timetoleakcrossdevicetimingattackonedgedeeplearningaccelerator |