Please use this identifier to cite or link to this item:
https://hdl.handle.net/10356/178536
Title: | DNN model theft through trojan side-channel on edge FPGA accelerator | Authors: | Chandrasekar, Srivatsan Lam, Siew-Kei Thambipillai, Srikanthan |
Keywords: | Computer and Information Science | Issue Date: | 2023 | Source: | Chandrasekar, S., Lam, S. & Thambipillai, S. (2023). DNN model theft through trojan side-channel on edge FPGA accelerator. 19th International Symposium on Applied Reconfigurable Computing (ARC 2023), LNCS 14251, 146-158. https://dx.doi.org/10.1007/978-3-031-42921-7_10 | Project: | MOE-T2EP20121-0008 | Conference: | 19th International Symposium on Applied Reconfigurable Computing (ARC 2023) | Abstract: | In this paper, we present a novel hardware trojan assisted side-channel attack to reverse engineer DNN architectures on edge FPGA accelerators. In particular, our attack targets the widely-used Versatile Tensor Accelerator (VTA). A hardware trojan is employed to track the memory transactions by monitoring the AXI interface signals of VTA’s submodules. The memory side-channel information is leaked through a UART port, which reveals the DNN architecture information. Our experiments demonstrate the effectiveness of the proposed attack and highlight the need for robust security measures to protect DNN intellectual property (IP) models that are deployed on edge FPGA platforms. | URI: | https://hdl.handle.net/10356/178536 | ISBN: | 9783031429200 | DOI: | 10.1007/978-3-031-42921-7_10 | Schools: | College of Computing and Data Science | Research Centres: | Cyber Security Research Centre @ NTU (CYSREN) | Rights: | © 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG. All rights reserved. | Fulltext Permission: | none | Fulltext Availability: | No Fulltext |
Appears in Collections: | CCDS Conference Papers |
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.