DNN model theft through trojan side-channel on edge FPGA accelerator

DNN model theft through trojan side-channel on edge FPGA accelerator

In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by moni...

Full description

Bibliographic Details
Main Authors: Chandrasekar, Srivatsan, Lam, Siew-Kei, Thambipillai, Srikanthan
Other Authors: College of Computing and Data Science
Format: Conference Paper
Language:English
Published: 2024
Subjects:
Computer and Information Science
Side-channel attacks
Deep learning accelerators
FPGA security
Machine learning security
Hardware trojans
Online Access:https://hdl.handle.net/10356/178536
Description
Summary:In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by monitoring the AXI interface signals of VTA’s submodules. The memory side-channel information is leaked through a UART port, which reveals the DNN architecture information. Our experiments demonstrate the effectiveness of the proposed attack and highlight the need for robust security measures to protect DNN intellectual property (IP) models that are deployed on edge FPGA platforms.

Similar Items