Extraction of binarized neural network architecture and secret parameters using side-channel information

Ville Oskari Yli Maeyry, Akira Ito, Naofumi Homma, Shivam Bhasin, Dirmanto Jap

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In recent years, neural networks have been applied to various applications. To speed up the evaluation, a method using binarized network weights has been introduced, facilitating extremely efficient hardware implementation. Using electromagnetic (EM) side-channel analysis techniques, this study presents a framework of model extraction from practical binarized neural network (BNN) hardware. The target BNN hardware is generated and synthesized using open-source and commercial high-level synthesis tools GUINNESS and Xilinx SDSoC, respectively. With the hardware implemented on an up-to-date FPGA chip, we demonstrate how the layers can be identified from a single EM trace measured during the network evaluation, and we also demonstrate how an attacker may use side-channel attacks to recover secret weights used in the network.

Original languageEnglish
Title of host publication2021 IEEE International Symposium on Circuits and Systems, ISCAS 2021 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728192017
DOIs
Publication statusPublished - 2021
Event53rd IEEE International Symposium on Circuits and Systems, ISCAS 2021 - Daegu, Korea, Republic of
Duration: 2021 May 222021 May 28

Publication series

NameProceedings - IEEE International Symposium on Circuits and Systems
Volume2021-May
ISSN (Print)0271-4310

Conference

Conference53rd IEEE International Symposium on Circuits and Systems, ISCAS 2021
Country/TerritoryKorea, Republic of
CityDaegu
Period21/5/2221/5/28

Keywords

  • Binarized neural network
  • High-level synthesis
  • Machine learning
  • Model extraction
  • Side-channel attacks

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Extraction of binarized neural network architecture and secret parameters using side-channel information'. Together they form a unique fingerprint.

Cite this