TY - GEN
T1 - Practical side-channel based model extraction attack on tree-based machine learning algorithm
AU - Jap, Dirmanto
AU - Yli Maeyry, Ville Oskari
AU - Ito, Akira
AU - Ueno, Rei
AU - Bhasin, Shivam
AU - Homma, Naofumi
N1 - Funding Information:
This work was performed in the Cooperative Research Project of the Research Institute of Electrical Communication, Tohoku University with Nanyang Technological University. This research was also supported in part by JST CREST Grant No. JPMJCR19K5, Japan.
Funding Information:
Acknowledgement. This work was performed in the Cooperative Research Project of the Research Institute of Electrical Communication, Tohoku University with Nanyang Technological University. This research was also supported in part by JST CREST Grant No. JPMJCR19K5, Japan.
Publisher Copyright:
© Springer Nature Switzerland AG 2020.
PY - 2020
Y1 - 2020
N2 - Machine learning algorithms have been widely applied to solve various type of problems and applications. Among those, decision tree based algorithms have been considered for small Internet-of-Things (IoT) implementation, due to their simplicity. It has been shown in a recent publication, that Bonsai, a small tree-based algorithm, can be successfully fitted in a small 8-bit microcontroller. However, the security of machine learning algorithm has also been a major concern, especially with the threat of secret parameter recovery which could lead to breach of privacy. With machine learning taking over a significant proportion of industrial tasks, the security issue has become a matter of concern. Recently, secret parameter recovery for neural network based algorithm using physical side-channel leakage has been proposed. In the paper, we investigate the security of widely used decision tree algorithms running on ARM Cortex M3 platform against electromagnetic (EM) side-channel attacks. We show that by focusing on each building block function or component, one could perform divide-and-conquer approach to recover the secret parameters. To demonstrate the attack, we first report the recovery of secret parameters of Bonsai, such as, sparse projection parameters, branching function and node predictors. After the recovery of these parameters, the attacker can then reconstruct the whole architecture.
AB - Machine learning algorithms have been widely applied to solve various type of problems and applications. Among those, decision tree based algorithms have been considered for small Internet-of-Things (IoT) implementation, due to their simplicity. It has been shown in a recent publication, that Bonsai, a small tree-based algorithm, can be successfully fitted in a small 8-bit microcontroller. However, the security of machine learning algorithm has also been a major concern, especially with the threat of secret parameter recovery which could lead to breach of privacy. With machine learning taking over a significant proportion of industrial tasks, the security issue has become a matter of concern. Recently, secret parameter recovery for neural network based algorithm using physical side-channel leakage has been proposed. In the paper, we investigate the security of widely used decision tree algorithms running on ARM Cortex M3 platform against electromagnetic (EM) side-channel attacks. We show that by focusing on each building block function or component, one could perform divide-and-conquer approach to recover the secret parameters. To demonstrate the attack, we first report the recovery of secret parameters of Bonsai, such as, sparse projection parameters, branching function and node predictors. After the recovery of these parameters, the attacker can then reconstruct the whole architecture.
UR - http://www.scopus.com/inward/record.url?scp=85094109821&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85094109821&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-61638-0_6
DO - 10.1007/978-3-030-61638-0_6
M3 - Conference contribution
AN - SCOPUS:85094109821
SN - 9783030616373
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 93
EP - 105
BT - Applied Cryptography and Network Security Workshops - ACNS 2020 Satellite Workshops, AIBlock, AIHWS, AIoTS, Cloud S and P, SCI, SecMT, and SiMLA, Proceedings
A2 - Zhou, Jianying
A2 - Ahmed, Chuadhry Mujeeb
A2 - Conti, Mauro
A2 - Losiouk, Eleonora
A2 - Au, Man Ho
A2 - Batina, Lejla
A2 - Li, Zhou
A2 - Lin, Jingqiang
A2 - Luo, Bo
A2 - Majumdar, Suryadipta
A2 - Meng, Weizhi
A2 - Ochoa, Martín
A2 - Picek, Stjepan
A2 - Portokalidis, Georgios
A2 - Wang, Cong
A2 - Zhang, Kehuan
PB - Springer Science and Business Media Deutschland GmbH
T2 - 2nd ACNS Workshop on Application Intelligence and Blockchain Security, AIBlock 2020, 1st ACNS Workshop on Artificial Intelligence in Hardware Security, AIHWS 2020, 2nd ACNS Workshop on Artificial Intelligence and Industrial IoT Security, AIoTS 2020, 2nd ACNS Workshop on Cloud Security and Privacy, Cloud S and P 2020, 1st ACNS Workshop on Secure Cryptographic Implementation, SCI 2020, 1st ACNS Workshop on Security in Mobile Technologies, SecMT 2020, and 2nd ACNS Workshop on Security in Machine Learning and its Applications, SiMLA 2020, held in parallel with the 18th International Conference on Applied Cryptography and Network Security, ACNS 2020
Y2 - 19 October 2020 through 22 October 2020
ER -