Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.5.855

Reverse Engineering of Deep Learning Network Secret Information Through Side Channel Attack  

Park, Sujin (Korea University)
Lee, Juheon (Korea University)
Kim, HeeSeok (Korea University)
Abstract
As the need for a deep learning accelerator increases with the development of IoT equipment, research on the implementation and safety verification of the deep learning accelerator is actively. In this paper, we propose a new side channel analysis methodology for secret information that overcomes the limitations of the previous study in Usenix 2019. We overcome the disadvantage of limiting the range of weights and restoring only a portion of the weights in the previous work, and restore the IEEE754 32bit single-precision with 99% accuracy with a new method using CPA. In addition, it overcomes the limitations of existing studies that can reverse activation functions only for specific inputs. Using deep learning, we reverse activation functions with 99% accuracy without conditions for input values with a new method. This paper not only overcomes the limitations of previous studies, but also proves that the proposed new methodology is effective.
Keywords
Power Analysis Attack; Side-Channel Analysis; CPA; Deep Learning; MLP;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 S. Mangard, E. Oswald, and T. Popp,"Simple Power Analysis," PowerAnalysis Attacks: Revealing the Secrets of Smart Cards, pp.101-118,Jan. 2008.
2 H. Maghrebi and T. Portigliatti, and E. Prouff, "Breaking cryptographic implementations using deep learning techniques," International Conference on Security, Privacy, and Applied Cryptography Engineering, LNCS 10076, pp. 3-26, 2016.
3 H. Yu, H. Ma, K. Yang, Y. Zhao, and Y. Jin, "DeepEM: Deep Neural Networks Model Recovery through EM Side-Channel Information Leakage," In Proceedings of the 2020 IEEE International Symposium on Hardware Oriented Security and Trust, pp. 209-218, Dec. 2020.
4 M. MendezReal, and R. Salvador,"Physical Side-Channel Attackson Embedded Neural Networks: A Survey," Applied Sciences, pp. 6790,July. 2021.
5 Sung-hyun Jin, Su-hri Kim, Hee-seokKim, and Seok-hie Hong, "Recentadvances in deep learning-basedside-channel analysis," ETRI Journal,42(2), pp. 292-304, April. 2020.   DOI
6 S. Maji, U. Banerjee, and A.P.Chandrakasan, "Leaky Nets:Recovering Embedded Neural Network Models and Inputs through Simple Power and Timing Side-Channels-Attacks and Defenses," IEEEInternet Things Journal, pp. 12079-12092, Feb.2021.
7 Francois-Xavier Standaert,"Introduction to side-channel attacks," Secure integrated circuits andsystems, pp. 27-42, Dec. 2010.
8 F. Zhang, X. Lou, X. Zhao, W. He, R. Ding, S. Qureshi, and K. Ren, "Persistent fault analysis on block ciphers," IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 150-172, Aug. 2018.
9 K. Yoshida, M. Shiozaki, S. Okura, T. Kubota, and T. Fujino, "Model Reverse-Engineering Attack against Systolic-Array-Based DNN Accelerator Using Correlation Power Analysis" IEICE Trans. Fundam. Electron.Commun. Computer Science, pp.152-161, Jan. 2021.
10 G. Takatoi, T. Sugawara, K.Sakiyama, Y. Li, "Simple Electromagnetic Analysis AgainstActivation Functions of DeepNeural Networks," Applied Cryptography and Network Security Workshops, LNCS12418, pp. 181-197, Oct. 2020
11 W. Hua, Z. Zhang, and G.E. Suh,"Reverse engineering convolutional neural networks through side-channel information leaks," In Proceedings of the 55th Annual Design Automation Conference, pp. 1-6, June. 2018
12 X. Hu, L. Liang, S. Li, L. Deng, P.Zuo, Y. Ji, X. Xie, Y. Ding, C. Liu,T. Sherwood, and Y. Xie,"Deep Sniffer: A DNNModel Extraction Framework Basedon Learning Architectural Hints," Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 385-399, Mar.2020.
13 P. Kocher, J. Jaffe, and B. Jun,"Differential power analysis," Advances in Cryptology, CRYPTO' 99,LNCS 1666, pp.388-397. 999.
14 K. Yoshida, T. Kubota, S.Okura, M. Shiozaki, and T. Fujino, "Model Reverse-Engineering Attack using Correlation Power Analysis against Systolic Array Based Neural Network Accelerator," In Proceedings of the 2020 IEEE International Symposium on Circuits and Systems, pp. 1-5, Oct. 2020.
15 Y. LeCun, Y. Bengio, and G. Hinton,"Deep learning," Nature 521,pp.436-444, May. 2015.   DOI
16 I.J. Goodfellow, J. Shlens, andC.Szegedy, "Explaining and HarnessingAdversarial Examples," International Conference on Learning Representations, Poster, Mar. 2015.
17 E. Brier, C. Clavier, and F. Olivier,"Correlation power analysis withaleakage model," Cryptographic Hardware and Embedded Systems, LNCS 3156, pp.16-29, 2004.
18 E. Cagli, C. Dumas, and E. Prouff, "Convolutional neural networks with data augmentation against jitter-based countermeasures," International Conference on Cryptographic Hardware and Embedded Systems, LNCS 10529, pp. 45-68, 2017.
19 L. Batina, S. Bhasin, D. Jap, and S. Picek, "CSI NN: Reverse engineering of neural network architectures through electromagnetic side channel," Proceedings of the 28th USENIX Conference on Security Symposium, pp. 515-532, Aug. 2019