invited-talk

Public Access

Machine learning and hardware security: challenges and opportunities

ICCAD '20: Proceedings of the 39th International Conference on Computer-Aided Design

Article No.: 141, Pages 1 - 6

https://doi.org/10.1145/3400302.3416260

Published: 17 December 2020 Publication History

Abstract

Machine learning techniques have significantly changed our lives. They helped improving our everyday routines, but they also demonstrated to be an extremely helpful tool for more advanced and complex applications. However, the implications of hardware security problems under a massive diffusion of machine learning techniques are still to be completely understood. This paper first highlights novel applications of machine learning for hardware security, such as evaluation of post quantum cryptography hardware and extraction of physically unclonable functions from neural networks. Later, practical model extraction attack based on electromagnetic side-channel measurements are demonstrated followed by a discussion of strategies to protect proprietary models by watermarking them.

References

[1]

Yossi Adi, Carsten Baum, Moustapha Cissé, Benny Pinkas, and Joseph Keshet. 2018. Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15--17, 2018, William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 1615--1631. https://www.usenix.org/conference/usenixsecurity18/presentation/adi

[2]

Massimo Alioto. 2017. Enabling the Internet of Things. Springer.

[3]

F. Aydin, P. Kashyap, S. Potluri, P. Franzon, and A. Aysu. 2020. DeePar-SCA: Breaking Parallel Architectures of Lattice Cryptography via Learning Based Side-Channel Attacks. In In International Conference on Embedded Computer Systems: Architectures, Modelling Simulation (SAMOS). https://research.ece.ncsu.edu/aaysu/wp-content/uploads/SAMOS_2020_Camera_Ready_Paper.pdf

[4]

A. Aysu, Y. Tobah, M. Tiwari, A. Gerstlauer, and M. Orshansky. 2018. Horizontal side-channel vulnerabilities of post-quantum key exchange protocols. In 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 81--88.

[5]

Lejla Batina, Shivam Bhasin, Dirmanto Jap, and Stjepan Picek. 2019. {CSI}{NN}: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel. In 28th {USENIX} Security Symposium ({USENIX} Security 19). 515--532.

[6]

Joppe W. Bos, Simon Friedberger, Marco Martinoli, Elisabeth Oswald, and Martijn Stam. 2019. Assessing the Feasibility of Single Trace Power Analysis of Frodo. In Selected Areas in Cryptography - SAC 2018, Carlos Cid and Michael J. Jacobson Jr. (Eds.). Springer International Publishing, Cham, 216--234.

[7]

Jakub Breier, Xiaolu Hou, Dirmanto Jap, Lei Ma, Shivam Bhasin, and Yang Liu. 2018. Deeplaser: Practical fault attack on deep neural networks. arXiv preprint arXiv:1806.05859 (2018).

[8]

Huili Chen, Bita Darvish Rouhani, and Farinaz Koushanfar. 2019. BlackMarks: Blackbox Multibit Watermarking for Deep Neural Networks. CoRR abs/1904.00344 (2019). arXiv:1904.00344 http://arxiv.org/abs/1904.00344

[9]

Xinyun Chen, Wenxiao Wang, Chris Bender, Yiming Ding, Ruoxi Jia, Bo Li, and Dawn Song. 2019. REFIT: a Unified Watermark Removal Framework for Deep Learning Systems with Limited Data. CoRR abs/1911.07205 (2019). arXiv:1911.07205 http://arxiv.org/abs/1911.07205

[10]

Anuj Dubey, Rosario Cammarota, and Aydin Aysu. 2019. MaskedNet: A Pathway for Secure Inference against Power Side-Channel Attacks. arXiv preprint arXiv:1910.13063 (2019).

[11]

Anuj Dubey, Rosario Cammarota, and Aydin Aysu. 2020. BoMaNet: Boolean Masking of an Entire Neural Network. arXiv preprint arXiv:2006.09532 (2020).

[12]

Lixin Fan, KamWoh Ng, and Chee Seng Chan. 2019. Rethinking Deep Neural Network Ownership Verification: Embedding Passports to Defeat Ambiguity Attacks. In NeurIPS 2019, 8--14 December 2019, Vancouver, BC, Canada. 4716--4725.

[13]

R. Gilmore, N. Hanley, and M. O'Neill. 2015. Neural network based attack on a masked implementation of AES. In 2015 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 106--111.

[14]

Benjamin Hettwer, Tobias Horn, Stefan Gehrer, and Tim Güneysu. 2020. Encoding Power Traces as Images for Efficient Side-Channel Analysis. arXiv:2004.11015 [cs.CR]

[15]

Gabriel Hospodar, Benedikt Gierlichs, Elke De Mulder, Ingrid Verbauwhede, and Joos Vandewalle. 2011. Machine learning in side-channel analysis: a first study. Journal of Cryptographic Engineering 1, 4 (2011), 293.

[16]

Gabriel Hospodar, Roel Maes, and Ingrid Verbauwhede. 2012. Machine learning attacks on 65nm Arbiter PUFs: Accurate modeling poses strict bounds on usability. In 2012 IEEE international workshop on Information forensics and security (WIFS). IEEE, 37--42.

[17]

Jaehun Kim, Stjepan Picek, Annelie Heuser, Shivam Bhasin, and Alan Hanjalic. 2019. Make Some Noise. Unleashing the Power of Convolutional Neural Networks for Profiled Side-channel Analysis. IACR Transactions on Cryptographic Hardware and Embedded Systems 2019, 3 (May 2019), 148--179.

[18]

Serge Leef. 2019. Automatic Implementation of Secure Silicon. In ACM Great Lakes Symposium on VLSI. 3.

Digital Library

[19]

Erwan Le Merrer, Patrick Pérez, and Gilles Trédan. 2020. Adversarial frontier stitching for remote neural network watermarking. Neural Computing and Applications 32, 13 (2020), 9233--9244.

[20]

Michael Naehrig, Erdem Alkim, Joppe Bos, Léo Ducas, Karen Easterbrook, Brian LaMacchia, Patrick Longa, Ilya Mironov, Valeria Nikolaenko, Christopher Peikert, et al. 2017. FrodoKEM. Technical report, National Institute of Standards and Technology (2017).

[21]

Hiroki Nakahara, Haruyoshi Yonekawa, Tomoya Fujii, Masayuki Shimoda, and Shimpei Sato. 2019. GUINNESS: A GUI based binarized deep neural network framework for software programmers. IEICE TRANSACTIONS on Information and Systems 102, 5 (2019), 1003--1011.

[22]

Ryota Namba and Jun Sakuma. 2019. Robust Watermarking of Neural Network with Exponential Weighting. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019, Auckland, New Zealand, July 09--12, 2019, Steven D. Galbraith, Giovanni Russello, Willy Susilo, Dieter Gollmann, Engin Kirda, and Zhenkai Liang (Eds.). ACM, 228--240.

Digital Library

[23]

National Institute of Science and Technology, Computer Security Resource Center. 2020. Post-Quantum Cryptography PQC Round 3 Submissions. https://csrc.nist.gov/Projects/post-quantum-cryptography/round-3-submissions.

[24]

Emmanuel Prouff, Remi Strullu, Ryad Benadjila, Eleonora Cagli, and Cecile Dumas. 2018. Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ASCAD Database. Cryptology ePrint Archive, Report 2018/053. https://eprint.iacr.org/2018/053.

[25]

Konrad Rieck, Philipp Trinius, Carsten Willems, and Thorsten Holz. 2011. Automatic analysis of malware behavior using machine learning. Journal of Computer Security 19, 4 (2011), 639--668.

Digital Library

[26]

Bita Darvish Rouhani, Huili Chen, and Farinaz Koushanfar. 2019. DeepSigns: An End-to-End Watermarking Framework for Ownership Protection of Deep Neural Networks. In ASPLOS 2019, Providence, RI, USA, April 13--17, 2019, Iris Bahar, Maurice Herlihy, Emmett Witchel, and Alvin R. Lebeck (Eds.). ACM, 485--497.

Digital Library

[27]

Sayandeep Saha, Dirmanto Jap, Sikhar Patranabis, Debdeep Mukhopadhyay, Shivam Bhasin, and Pallab Dasgupta. 2018. Automatic characterization of exploitable faults: A machine learning approach. IEEE Transactions on Information Forensics and Security 14, 4 (2018), 954--968.

[28]

G. E. Suh and S. Devadas. 2007. Physical Unclonable Functions for Device Authentication and Secret Key Generation. In 2007 44th ACM/IEEE Design Automation Conference. 9--14.

[29]

Yusuke Uchida, Yuki Nagai, Shigeyuki Sakazawa, and Shin'ichi Satoh. 2017. Embedding watermarks into deep neural networks. In Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval. 269--277.

Digital Library

[30]

E. I. Vatajelu, G. Di Natale, and P. Prinetto. 2016. Towards a highly reliable SRAM-based PUFs. In 2016 Design, Automation Test in Europe Conference Exhibition (DATE). 273--276.

[31]

E. I. Vatajelu, G. D. Natale, M. S. Mispan, and B. Halak. 2019. On the Encryption of the Challenge in Physically Unclonable Functions. In 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design (IOLTS). 115--120.

[32]

Honggang Yu, Haocheng Ma, Kaichen Yang, Yiqiang Zhao, and Yier Jin. [n.d.]. DeepEM: Deep Neural Networks Model Recovery through EM Side-Channel Information Leakage. ([n. d.]). To Appear in IEEE HOST 2020.

[33]

Jialong Zhang, Zhongshu Gu, Jiyong Jang, Hui Wu, Marc Ph. Stoecklin, Heqing Huang, and Ian Molloy. 2018. Protecting Intellectual Property of Deep Neural Networks with Watermarking. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, AsiaCCS 2018, Incheon, Republic of Korea, June 04--08, 2018, Jong Kim, Gail-Joon Ahn, Seungjoo Kim, Yongdae Kim, Javier López, and Taesoo Kim (Eds.). ACM, 159--172.

Digital Library

Cited By

Hasan MHoque TGanji FWoodard DForte DShomaji S(2024)A Resource-Efficient Binary CNN Implementation for Enabling Contactless IoT AuthenticationJournal of Hardware and Systems Security10.1007/s41635-024-00153-78:3(160-173)Online publication date: 26-Jul-2024
https://doi.org/10.1007/s41635-024-00153-7
Nyako KDevkota SLi FBorra V(2023)Building Trust in Microelectronics: A Comprehensive Review of Current Techniques and Adoption ChallengesElectronics10.3390/electronics1222461812:22(4618)Online publication date: 11-Nov-2023
https://doi.org/10.3390/electronics12224618
Chen HBabar M(2023)Security for Machine Learning-based Software Systems: a survey of threats, practices and challengesACM Computing Surveys10.1145/3638531Online publication date: 28-Dec-2023
https://doi.org/10.1145/3638531
Show More Cited By

Index Terms

Machine learning and hardware security: challenges and opportunities
1. Computing methodologies
  1. Machine learning
    1. Machine learning approaches
      1. Neural networks
2. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

A Survey on Machine Learning in Hardware Security
Hardware security is currently a very influential domain, where each year countless works are published concerning attacks against hardware and countermeasures. A significant number of them use machine learning, which is proven to be very effective in ...
Machine Learning for Hardware Security: Opportunities and Risks

Recently, machine learning algorithms have been utilized by system defenders and attackers to secure and attack hardware, respectively. In this work, we investigate the impact of machine learning on hardware security. We explore the defense and attack ...
A Review on Hardware Security Countermeasures for IoT: Emerging Mechanisms and Machine Learning Solutions
PCI '20: Proceedings of the 24th Pan-Hellenic Conference on Informatics

The evolution of the Internet of Things (IoT) ecosystem necessitates the mitigation of security threats not only in the software domain but also in the hardware. However, owing to the inherent characteristics and limitations of the IoT devices, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICCAD '20: Proceedings of the 39th International Conference on Computer-Aided Design

November 2020

1396 pages

ISBN:9781450380263

DOI:10.1145/3400302

General Chair:
Yuan Xie
Univ. of California, Santa Barbara, CA

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGDA: ACM Special Interest Group on Design Automation

In-Cooperation

IEEE CAS
IEEE CEDA
IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 December 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Invited-talk

Funding Sources

European Union
NSF
JST CREST, Japan

Conference

ICCAD '20

Sponsor:

SIGDA

ICCAD '20: IEEE/ACM International Conference on Computer-Aided Design

November 2 - 5, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 457 of 1,762 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
809
Total Downloads

Downloads (Last 12 months)245
Downloads (Last 6 weeks)53

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hasan MHoque TGanji FWoodard DForte DShomaji S(2024)A Resource-Efficient Binary CNN Implementation for Enabling Contactless IoT AuthenticationJournal of Hardware and Systems Security10.1007/s41635-024-00153-78:3(160-173)Online publication date: 26-Jul-2024
https://doi.org/10.1007/s41635-024-00153-7
Nyako KDevkota SLi FBorra V(2023)Building Trust in Microelectronics: A Comprehensive Review of Current Techniques and Adoption ChallengesElectronics10.3390/electronics1222461812:22(4618)Online publication date: 11-Nov-2023
https://doi.org/10.3390/electronics12224618
Chen HBabar M(2023)Security for Machine Learning-based Software Systems: a survey of threats, practices and challengesACM Computing Surveys10.1145/3638531Online publication date: 28-Dec-2023
https://doi.org/10.1145/3638531
Oliynyk DMayer RRauber A(2023)I Know What You Trained Last Summer: A Survey on Stealing Machine Learning Models and DefencesACM Computing Surveys10.1145/359529255:14s(1-41)Online publication date: 29-Apr-2023
https://dl.acm.org/doi/10.1145/3595292
Vennila ABalambigai SArulmurugan AHema MKamali MKishore M(2023)XG Boost Algorithm based Hardware Trojan Detection in Hardware Circuits2023 Fifth International Conference on Electrical, Computer and Communication Technologies (ICECCT)10.1109/ICECCT56650.2023.10179698(1-5)Online publication date: 22-Feb-2023
https://doi.org/10.1109/ICECCT56650.2023.10179698
Amuru DZahra AVudumula HCherupally PGurram SAhmad AAbbas Z(2023)AI/ML algorithms and applications in VLSI design and technologyIntegration10.1016/j.vlsi.2023.06.00293(102048)Online publication date: Nov-2023
https://doi.org/10.1016/j.vlsi.2023.06.002
Farahmandi FRahman MRajendran STehranipoor MFarahmandi FRahman MRajendran STehranipoor M(2023)The Future of CAD for Hardware SecurityCAD for Hardware Security10.1007/978-3-031-26896-0_18(397-403)Online publication date: 28-Jan-2023
https://doi.org/10.1007/978-3-031-26896-0_18
Farahmandi FRahman MRajendran STehranipoor MFarahmandi FRahman MRajendran STehranipoor M(2023)CAD for Machine Learning in Hardware SecurityCAD for Hardware Security10.1007/978-3-031-26896-0_10(211-230)Online publication date: 28-Jan-2023
https://doi.org/10.1007/978-3-031-26896-0_10
Takatoi GSugawara TSakiyama KHara-Azumi YLi Y(2022)The Limits of SEMA on Distinguishing Similar Activation Functions of Embedded Deep Neural NetworksApplied Sciences10.3390/app1209413512:9(4135)Online publication date: 20-Apr-2022
https://doi.org/10.3390/app12094135
Sisejkovic DLeupers RSisejkovic DLeupers R(2022)Research DirectionsLogic Locking10.1007/978-3-031-19123-7_11(159-161)Online publication date: 28-Sep-2022
https://doi.org/10.1007/978-3-031-19123-7_11
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents