Time to Leak: Cross-Device Timing Attack On Edge Deep Learning Accelerator

Won, Yoo-Seung; Chatterjee, Soham; Jap, Dirmanto; Bhasin, Shivam; Basu, Arindam

doi:10.1109/iceic51217.2021.9369754

Cited by 10 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Machine Learning as a Service (MLaaS) and artificial intelligent (AI) compilers for mapping pretrained DNN models onto efficient edge accelerator platform. The emerging model extraction techniques [1]- [4] make it feasible to reverse engineer a deployed DNN model and rebuild an AI product or solution with similar quality at a lower cost than re-designing a DNN from scratch. The rampant DNN IP infringement is further exacerbated by the lack of buyer traceability to deter fraudsters from misappropriation of distributed models.…”

Section: Introductionmentioning

confidence: 99%

A Buyer-traceable DNN Model IP Protection Method Against Piracy and Misappropriation

Wang

Zheng

et al. 2022

2022 IEEE 4th International Conference on Artificial Intelligence Circuits and Systems (AICAS)

View full text Add to dashboard Cite

Recently proposed model functionality and attribute extraction techniques have exacerbated unauthorized low-cost reproduction of deep neural network (DNN) models for similar applications. In particular, intellectual property (IP) theft and unauthorized distribution of DNN models by dishonest buyers are very difficult to trace by existing framework of digital rights management (DRM). This paper presents a new buyer-traceable DRM scheme against model piracy and misappropriation. Unlike existing methods that require white-box access to extract the latent information for verification, the proposed method utilizes data poisoning for distributorship embedding and black-box verification. Composite backdoors are installed into the target model during the training process. Each backdoor is created by applying a data augmentation method to some clean images of a selected class. The data-augmented images with a wrong label associated with a buyer are injected into the training dataset. The ownership and distributorship of a backdoor-trained user model can be validated by querying the suspect model with a set of composite triggers. A positive suspect will output the dirty labels that pinpoint the dishonest buyer while an innocent model will output the correct labels with high confidence. The tracking accuracy and robustness of the proposed IP protection method are evaluated on CIFAR-10, CIFAR-100 and GTSRB datasets for different applications. The results show an average of 100% piracy detection rate, 0% false positive rate and 96.81% traitor tracking success rate with negligible model accuracy degradation.

show abstract

Section: Introductionmentioning

confidence: 99%

A Buyer-traceable DNN Model IP Protection Method Against Piracy and Misappropriation

Wang

Zheng

et al. 2022

2022 IEEE 4th International Conference on Artificial Intelligence Circuits and Systems (AICAS)

View full text Add to dashboard Cite

show abstract

“…Unfortunately, side-channel attacks [8][9][10][11][12][13] have been discovered in recent years. Through some characteristic information such as the algorithm execution time and power loss, attackers can reveal some important information of the cryptographic system, even secret information such as private keys.…”

Section: Introductionmentioning

confidence: 99%

Identity-Based and Leakage-Resilient Broadcast Encryption Scheme for Cloud Storage Service

Yu¹,

2022

Applied Sciences

View full text Add to dashboard Cite

Cloud storage services are an important application of cloud computing. An increasing number of data owners store their data on cloud platforms. Since cloud platforms are far away from users, data security and privacy protection are very important issues that need to be addressed. Identity-based broadcast encryption (IBBE) is an important method to provide security and privacy protection for cloud storage services. Because the side channel attacks may lead to the disclosure of the key information of the cryptographic system, which will damage the security of the system, this paper provides an identity-based broadcast encryption with leakage resilience by state partition (LR-SP-IBBE). By using a binary extractor to compensate for the loss in entropy of the symmetric key caused by side-channel attacks, the proposed scheme randomizes the encapsulated symmetric key. Furthermore, using a state partition technique, we split the private key into two parts, and the corresponding decryption was divided into two stages. Through the double-system encryption skill, the security and leakage-resilience were proved in the composite order group model.

show abstract

“…In the past 10 years, cryptography has made great progress in expanding the adversary model to cover side-channel attacks [1][2][3][4], and researchers have built some provably secure cryptographic schemes that can resist some side-channel attacks. In most theoretical work, it is assumed that the participants have complete confidentiality to their local computation.…”

Section: Introductionmentioning

confidence: 99%

“…The side-channel attack obtains secret information about the cryptographic system by measuring the surrounding environment of the machine that is executing the related algorithms. For example, an attacker obtains the relevant confidential information of the cryptographic system by measuring and analyzing the time [4] or the electromagnetic radiation [8] of the specific algorithm. Through the "cold start" attack [9], if an adversary can access the corresponding physical device, it can recover part of the key of the cryptographic system even when the power has just been cut off.…”

Section: Introductionmentioning

confidence: 99%

Anonymous Identity Based Broadcast Encryption against Continual Side Channel Attacks in the State Partition Model

Yu¹,

Ji³

2022

Applied Sciences

View full text Add to dashboard Cite

In the past 10 years, many side-channel attacks have been discovered and exploited one after another by attackers, which have greatly damaged the security of cryptographic systems. Since no existing anonymous broadcast encryption scheme can resist the side-channel attack, the paper presents an anonymous identity-based broadcast encryption against continual side-channel attacks in the state partition model (CLR-SS-AIBBE). Based on split-state technology, the proposed scheme divides the private key into two states, and the decryption operations are correspondingly divided into two steps. Based on the three static hypotheses for a bilinear group with composite order, the proposed scheme can be proved to be fully secure by the dual system encryption technology in the standard model. The leakage ratio about the private key can reach 1/3.

show abstract

Time to Leak: Cross-Device Timing Attack On Edge Deep Learning Accelerator

Cited by 10 publications

References 10 publications

A Buyer-traceable DNN Model IP Protection Method Against Piracy and Misappropriation

A Buyer-traceable DNN Model IP Protection Method Against Piracy and Misappropriation

Identity-Based and Leakage-Resilient Broadcast Encryption Scheme for Cloud Storage Service

Anonymous Identity Based Broadcast Encryption against Continual Side Channel Attacks in the State Partition Model

Contact Info

Product

Resources

About