Search Results (8)

Neural networks have become pivotal in advancing applications across various domains, including healthcare, finance, surveillance, and autonomous systems. To achieve low latency and high efficiency, field-programmable gate arrays (FPGAs) are increasingly being employed as accelerators for neural network inference in cloud and edge devices. However, the rising costs and complexity of neural network training have led to the widespread use of outsourcing of training, pre-trained models, and machine learning services, raising significant concerns about security and trust. Specifically, malicious actors may embed neural Trojans within NNs, exploiting them to leak sensitive data through side-channel analysis. This paper builds upon our prior work, where we demonstrated the feasibility of embedding Trojan side-channels in neural network weights, enabling the extraction of classification results via remote power side-channel attacks. In this expanded study, we introduced a broader range of experiments to evaluate the robustness and effectiveness of this attack vector. We detail a novel training methodology that enhanced the correlation between power consumption and network output, achieving up to a 33% improvement in reconstruction accuracy over benign models. Our approach eliminates the need for additional hardware, making it stealthier and more resistant to conventional hardware Trojan detection methods. We provide comprehensive analyses of attack scenarios in both controlled and variable environmental conditions, demonstrating the scalability and adaptability of our technique across diverse neural network architectures, such as MLPs and CNNs. Additionally, we explore countermeasures and discuss their implications for the design of secure neural network accelerators. To the best of our knowledge, this work is the first to present a passive output recovery attack on neural network accelerators, without explicit trigger mechanisms. The findings emphasize the urgent need to integrate hardware-aware security protocols in the development and deployment of neural network accelerators. Full article

Convolutional neural networks (CNNs) have demonstrated significant superiority in modern artificial intelligence (AI) applications. To accelerate the inference process of CNNs, reconfigurable CNN accelerators that support diverse networks are widely employed for AI systems. Given the ubiquitous deployment of these AI systems, there is a growing concern regarding the security of CNN accelerators and the potential attacks they may face, including hardware Trojans. This paper proposes a hardware Trojan designed to attack a crucial component of FPGA-based CNN accelerators: the reconfigurable interconnection network. Specifically, the hardware Trojan alters the data paths during activation, resulting in incorrect connections in the arithmetic circuit and consequently causing erroneous convolutional computations. To address this issue, the paper introduces a novel detection technique based on physically unclonable functions (PUFs) to safeguard the reconfigurable interconnection network against hardware Trojan attacks. Experimental results demonstrate that by incorporating a mere 0.27% hardware overhead to the accelerator, the proposed hardware Trojan can degrade the inference accuracy of popular neural network architectures, including LeNet, AlexNet, and VGG, by a significant range of 8.93% to 86.20%. The implemented arbiter-PUF circuit on a Xilinx Zynq XC7Z100 platform successfully detects the presence and location of hardware Trojans in a reconfigurable interconnection network. This research highlights the vulnerability of reconfigurable CNN accelerators to hardware Trojan attacks and proposes a promising detection technique to mitigate potential security risks. The findings underscore the importance of addressing hardware security concerns in the design and deployment of AI systems utilizing FPGA-based CNN accelerators. Full article

Universal adversarial perturbations are image-agnostic and model-independent noise that, when added to any image, can mislead the trained deep convolutional neural networks into the wrong prediction. Since these universal adversarial perturbations can seriously jeopardize the security and integrity of practical deep learning applications, the existing techniques use additional neural networks to detect the existence of these noises at the input image source. In this paper, we demonstrate an attack strategy that, when activated by rogue means (e.g., malware, trojan), can bypass these existing countermeasures by augmenting the adversarial noise at the AI hardware accelerator stage. We demonstrate the accelerator-level universal adversarial noise attack on several deep learning models using co-simulation of the software kernel of the Conv2D function and the Verilog RTL model of the hardware under the FuseSoC environment. Full article

Due to globalization in the semiconductor industry, malevolent modifications made in the hardware circuitry, known as hardware Trojans (HTs), have rendered the security of the chip very critical. Over the years, many methods have been proposed to detect and mitigate these HTs in general integrated circuits. However, insufficient effort has been made for hardware Trojans (HTs) in the network-on-chip. In this study, we implement a countermeasure to congeal the network-on-chip hardware design in order to prevent changes from being made to the network-on-chip design. We propose a collaborative method which uses flit integrity and dynamic flit permutation to eliminate the hardware Trojan inserted into the router of the NoC by a disloyal employee or a third-party vendor corporation. The proposed method increases the number of received packets by up to 10% more compared to existing techniques, which contain HTs in the destination address of the flit. Compared to the runtime HT mitigation method, the proposed scheme also decreases the average latency for the hardware Trojan inserted in the flit’s header, tail, and destination field up to 14.7%, 8%, and 3%, respectively. Full article

The globalization of integrated circuit (IC) design and fabrication has given rise to severe concerns with respect to modeling strategic interaction between malicious attackers and Hardware Trojan (HT) defenders using game theory. The quantitative assessment of attacker actions has made the game very challenging. In this paper, a novel rough set theory framework is proposed to analyze HT threat. The problem is formulated as an attribute weight calculation and element assessment in an information system without decision attributes. The proposed method introduces information content in the rough set that allows calculation of the weight of both core attributes and non-core attributes. For quantitative assessment, the HT threat is characterized by the closeness coefficient. In order to allow HT defenders to use fast and effective countermeasures, a threat classification method based on the k-means algorithm is proposed, and the Best Workspace Prediction (BWP) index is used to determine the number of clusters. Statistical tests were performed on the benchmark circuits in Trust-hub in order to demonstrate the effectiveness of the proposed technique for assessing HT threat. Compared with k-means, equidistant division-based k-means, and k-means++, our method shows a significant improvement in both cluster accuracy and running time. Full article

Split manufacturing was introduced as a countermeasure against hardware-level security threats such as IP piracy, overbuilding, and insertion of hardware Trojans. However, the security promise of split manufacturing has been challenged by various attacks which exploit the well-known working principles of design tools to infer the missing back-end-of-line (BEOL) interconnects. In this work, we define the security of split manufacturing formally and provide the associated proof, and we advocate accordingly for a novel, formally secure paradigm. Inspired by the notion of logic locking, we protect the front-end-of-line (FEOL) layout by embedding secret keys which are implemented through the BEOL in such a way that they become indecipherable to foundry-based attacks. At the same time, our technique is competitive with prior art in terms of layout overhead, especially for large-scale designs (ITC’99 benchmarks). Furthermore, another concern for split manufacturing is its practicality (despite successful prototyping). Therefore, we promote an alternative implementation strategy, based on package-level routing, which enables formally secure IP protection without splitting at all, and thus, without the need for a dedicated BEOL facility. We refer to this as “poor man’s split manufacturing” and we study the practicality of this approach by means of physical-design exploration. Full article

Security of IoT devices is getting a lot of attention from researchers as they are becoming prevalent everywhere. However, implementation of hardware security in these devices has been overlooked, and many researches have mainly focused on software, network, and cloud security. A deeper understanding of hardware Trojans (HTs) and protection against them is of utmost importance right now as they are the prime threat to the hardware. This paper emphasizes the need for a secure hardware-level foundation for security of these devices, as depending on software security alone is not adequate enough. These devices must be protected against sophisticated attacks, especially if the groundwork for the attacks is already laid in devices during design or manufacturing process, such as with HTs. This paper will discuss the stealthy nature of these HT, highlight HT taxonomy and insertion methods, and provide countermeasures. Full article

Due to the outsourcing of chip manufacturing, countermeasures against Integrated Circuit (IC) piracy, reverse engineering, IC overbuilding and hardware Trojans (HTs) become a hot research topic. To protect an IC from these attacks, logic encryption techniques have been considered as a low-cost defense mechanism. In this paper, our proposal is to insert the multiplexer (MUX) with two cases: (i) we randomly insert MUXs equal to half of the output bit number (half MUX insertions); and (ii) we insert MUXs equal to the number of output bits (full MUX insertions). Hamming distance is adopted as a security evaluation. We also measure the delay, power and area overheads with the proposed technique. Full article