DNN model theft through trojan side-channel on edge FPGA accelerator

DNN model theft through trojan side-channel on edge FPGA accelerator

In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by moni...

Full description

Bibliographic Details
Main Authors:	Chandrasekar, Srivatsan, Lam, Siew-Kei, Thambipillai, Srikanthan
Other Authors:	College of Computing and Data Science
Format:	Conference Paper
Language:	English
Published:	2024
Subjects:	Computer and Information Science Side-channel attacks Deep learning accelerators FPGA security Machine learning security Hardware trojans
Online Access:	https://hdl.handle.net/10356/178536

Similar Items

Mercury: an automated remote side-channel attack to Nvidia deep learning accelerator
by: Yan, Xiaobei, et al.
Published: (2023)

Exploiting FPGA Block Memories for Protected Cryptographic Implementations
by: Bhasin, Shivam, et al.
Published: (2016)

Conventional and deep-learning-based side-channel analysis on embedded devices
by: Gao, Diyan
Published: (2025)

Low-cost design of stealthy hardware trojan for bit-level fault attacks on block ciphers
by: He, Wei, et al.
Published: (2017)

Accelerating continual learning on edge FPGA
by: Piyasena, Duvindu, et al.
Published: (2024)

On comparing side-channel properties of AES and ChaCha20 on microcontrollers
by: Najm, Zakaria, et al.
Published: (2019)

A formal methodology for verifying side-channel vulnerabilities in cache architectures
by: Jiang, Ke, et al.
Published: (2023)

Streamlining DNN obfuscation to defend against model stealing attacks
by: Sun, Yidan, et al.
Published: (2024)

Highly secured arithmetic hiding based S-Box on AES-128 implementation
by: Pammu, Ali Akbar, et al.
Published: (2017)

Practical Evaluation of FSE 2016 Customized Encoding Countermeasure
by: Bhasin, Shivam, et al.
Published: (2018)

Exploring integrity of AEADs with faults: definitions and constructions
by: Saha, Sayandeep, et al.
Published: (2023)

Feature selection methods for non-profiled side-channel attacks on ECC
by: Bhasin, Shivam, et al.
Published: (2019)

Breaking redundancy-based countermeasures with random faults and power side channel
by: Saha, Sayandeep, et al.
Published: (2019)

Laboratory Study Compares Machine Learning Accelerator Technologies
Published: (2023)

Creating from noise: trace generations using diffusion model for side-channel attack
by: Yap, Trevor, et al.
Published: (2024)

Effective side-channel analysis: exploiting new leakages on cryptography circuits secured with side-channel countermeasures
by: Chen, Juncheng
Published: (2024)

Edge accelerator for lifelong deep learning using streaming linear discriminant analysis
by: Piyasena, Duvindu, et al.
Published: (2024)

Defeating low-cost countermeasures against side-channel attacks in lattice-based encryption
by: Ravi, Prasanna, et al.
Published: (2024)

Side channel attack on stream ciphers: a three-step approach to state/key recovery
by: Kumar, Satyam, et al.
Published: (2023)

Practical side-channel based model extraction attack on tree-based machine learning algorithm
by: Jap, Dirmanto, et al.
Published: (2021)

Multiple Fault Attack on PRESENT with a Hardware Trojan Implementation in FPGA
by: Breier, Jakub, et al.
Published: (2016)

Layer sequence extraction of optimized DNNs using side-channel information leaks
by: Sun, Yidan, et al.
Published: (2024)

Side-channel and fault-injection attacks over lattice-based post-quantum schemes (Kyber, Dilithium): survey and new results
by: Ravi, Prasanna, et al.
Published: (2024)

The curse of class imbalance and conflicting metrics with machine learning for side-channel evaluations
by: Picek, Stjepan, et al.
Published: (2022)

Solve Ax=B on an FPGA
by: Ling, Jun Han
Published: (2024)

Secured asynchronous-logic cryptography circuits to countermeasure against side-channel attack
by: Ng, Jun Sheng
Published: (2024)

Hardware accelerator for feature matching with binary search tree
by: Thathsara, Miyuru, et al.
Published: (2024)

Performance estimation of FPGA modules for modular design methodology using artificial neural network
by: Herath, Kalindu, et al.
Published: (2020)

A finer-grain analysis of the leakage (non) resilience of OCB
by: Berti, Francesco, et al.
Published: (2023)

On side channel vulnerabilities of bit permutations in cryptographic algorithms
by: Breier, Jakub, et al.
Published: (2020)

SITM : See-In-The-Middle side-channel assisted middle round differential cryptanalysis on SPN block ciphers
by: Bhasin, Shivam, et al.
Published: (2021)

Will you cross the threshold for me? Generic side-channel assisted chosen-ciphertext attacks on NTRU-based KEMs
by: Ravi, Prasanna, et al.
Published: (2022)

FPGA implementation of real-time target detection algorithm based on YOLOv3 model
by: Zhang, Tuo
Published: (2025)

On use of deep learning for side channel evaluation of black box hardware AES engine
by: Won, Yoo-Seung, et al.
Published: (2021)

Two sides of the same coin : boons and banes of machine learning in hardware security
by: Liu, Wenye, et al.
Published: (2022)

Ownership verification of DNN architectures via hardware cache side channels
by: Lou, Xiaoxuan, et al.
Published: (2022)

In system programming of FPGA without hardware intervention
by: Yang, Zhiren
Published: (2013)

Implementation of event-driven spiking neural networks in field programmable gate array (FPGA)
by: Yuan, Chenhao
Published: (2024)

Secure computing systems using emerging technologies
by: Rajendran, Gokulnath
Published: (2025)

Rapid memory-aware selection of hardware accelerators in programmable SoC design
by: Prakash, Alok, et al.
Published: (2019)