Counteract Side-Channel Analysis of Neural Networks by Shuffling

2022 Design, Automation & Test in Europe Conference & Exhibition (DATE) Pub Date : 2022-03-14 DOI:10.23919/DATE54114.2022.9774710

Manuel Brosch, Matthias Probst, G. Sigl

{"title":"Counteract Side-Channel Analysis of Neural Networks by Shuffling","authors":"Manuel Brosch, Matthias Probst, G. Sigl","doi":"10.23919/DATE54114.2022.9774710","DOIUrl":null,"url":null,"abstract":"Machine learning is becoming an essential part in almost every electronic device. Implementations of neural networks are mostly targeted towards computational performance or memory footprint. Nevertheless, security is also an important part in order to keep the network secret and protect the intellectual property associated to the network. Especially, since neural network implementations are demonstrated to be vulnerable to side-channel analysis, powerful and computational cheap countermeasures are in demand. In this work, we apply a shuffling countermeasure to a microcontroller implementation of a neural network to prevent side-channel analysis. The countermeasure is effective while the computational overhead is low. We investigate the extensions necessary for our countermeasure, and how shuffling increases the effort for an attack in theory. In addition, we demonstrate the increase in effort for an attacker through experiments on real side-channel measurements. Based on the mechanism of shuffling and our experimental results, we conclude that an attack on a commonly used neural network with shuffling is no longer feasible in a reasonable amount of time.","PeriodicalId":232583,"journal":{"name":"2022 Design, Automation & Test in Europe Conference & Exhibition (DATE)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 Design, Automation & Test in Europe Conference & Exhibition (DATE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/DATE54114.2022.9774710","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Machine learning is becoming an essential part in almost every electronic device. Implementations of neural networks are mostly targeted towards computational performance or memory footprint. Nevertheless, security is also an important part in order to keep the network secret and protect the intellectual property associated to the network. Especially, since neural network implementations are demonstrated to be vulnerable to side-channel analysis, powerful and computational cheap countermeasures are in demand. In this work, we apply a shuffling countermeasure to a microcontroller implementation of a neural network to prevent side-channel analysis. The countermeasure is effective while the computational overhead is low. We investigate the extensions necessary for our countermeasure, and how shuffling increases the effort for an attack in theory. In addition, we demonstrate the increase in effort for an attacker through experiments on real side-channel measurements. Based on the mechanism of shuffling and our experimental results, we conclude that an attack on a commonly used neural network with shuffling is no longer feasible in a reasonable amount of time.

查看原文本刊更多论文

基于洗牌的神经网络反侧信道分析

机器学习正在成为几乎所有电子设备的重要组成部分。神经网络的实现主要针对计算性能或内存占用。然而，为了保证网络的机密性和保护与网络相关的知识产权，安全也是一个重要的组成部分。特别是，由于神经网络的实现被证明容易受到侧信道分析的影响，因此需要强大且计算成本低的对抗措施。在这项工作中，我们将洗牌对策应用于神经网络的微控制器实现，以防止侧信道分析。该对策在计算开销低的情况下是有效的。我们研究了我们的对策所需的扩展，以及洗牌如何在理论上增加攻击的努力。此外，我们还通过对真实侧信道测量的实验证明了攻击者的工作量增加。基于洗牌的机制和我们的实验结果，我们得出结论，在合理的时间内，对常用的神经网络进行洗牌攻击不再可行。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 Design, Automation & Test in Europe Conference & Exhibition (DATE)

自引率

0.00%

发文量