Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/178536
Title: DNN model theft through trojan side-channel on edge FPGA accelerator
Authors: Chandrasekar, Srivatsan
Lam, Siew-Kei
Thambipillai, Srikanthan
Keywords: Computer and Information Science
Issue Date: 2023
Source: Chandrasekar, S., Lam, S. & Thambipillai, S. (2023). DNN model theft through trojan side-channel on edge FPGA accelerator. 19th International Symposium on Applied Reconfigurable Computing (ARC 2023), LNCS 14251, 146-158. https://dx.doi.org/10.1007/978-3-031-42921-7_10
Project: MOE-T2EP20121-0008 
Conference: 19th International Symposium on Applied Reconfigurable Computing (ARC 2023)
Abstract: In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by monitoring the AXI interface signals of VTA’s submodules. The memory side-channel information is leaked through a UART port, which reveals the DNN architecture information. Our experiments demonstrate the effectiveness of the proposed attack and highlight the need for robust security measures to protect DNN intellectual property (IP) models that are deployed on edge FPGA platforms.
URI: https://hdl.handle.net/10356/178536
ISBN: 9783031429200
DOI: 10.1007/978-3-031-42921-7_10
Schools: College of Computing and Data Science 
Research Centres: Cyber Security Research Centre @ NTU (CYSREN)
Rights: © 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG. All rights reserved.
Fulltext Permission: none
Fulltext Availability: No Fulltext
Appears in Collections:CCDS Conference Papers

Page view(s)

42
Updated on Sep 12, 2024

Google ScholarTM

Check

Altmetric


Plumx

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.