CAREER: Physical Side-Channels Beyond Cryptography: Transforming the Side-Channel Framework for Deep Learning
North Carolina State University, Raleigh NC
Investigators
Abstract
Machine Learning (ML) classifiers are hard to develop and are used in safety-critical applications like autonomous driving. Exposing the details of an ML classifier thus results in intellectual property theft and also makes it easier to be fooled by adversaries. Unfortunately, the implementation of an ML classifier may leak information about its inner workings. The primary research goal of this project is to develop secure ML classifier implementations. This work specifically addresses the fundamental electromagnetic and power side-channel vulnerabilities of physical implementations of ML classifiers. The intellectual merit of the project is to extend the physical side-channel analysis framework beyond cryptography for securing deep neural network (NN) classifiers. Although there is research on the mathematical analysis and digital side-channels of NN model extraction, physical side-channels are largely unexplored. The research tasks are to design physical side-channel resilient NN components, to integrate the developed components into a high-level synthesis framework for automatic generation of protected NN hardware accelerators, and to evaluate/benchmark side-channel security and countermeasure overheads. The broader impact of this project includes disseminating publications, distributing open-source hardware and software, and bridging the research on NNs and hardware security. The project also aims developing a college course to teach hardware security for NNs with hands-on experiments. This work may also help the Executive Order on Maintaining American Leadership in Artificial Intelligence, by evaluating the security of the Artificial Intelligence standards being put forward by the National Institute of Standards and Technology (NIST). This project will use a repository with multiple back-up servers to store and log the data, and the major results and hardware and software products will be made publicly available by using resources over the world wide web. Further information on the project repository will be made accessible at https://research.ece.ncsu.edu/aaysu/research/MLSec-CAREER-nsf.html. The repository is intended to be actively maintained for the duration of the project and 5 years after its completion. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →