Secure mixed signal neural networks

Functions from the field of artificial intelligence (AI) and especially neural network (NN) inference are increasingly being found in resource-limited devices that cannot outsource complex calculations to external servers. This "Edge AI" paradigm creates new security challenges as attackers now have physical access to devices, in addition to known attacks, and can perform side channel and error injection attacks. At the same time, such systems often process sensitive data such as health-related measurements. In addition, the NN models themselves can have substantial economic value, so they must be protected against unauthorized extraction. For the reasons mentioned, there is a growing interest in dealing with specific security threats and protective measures for the NN inference hardware. Project SeMSiNN looks at the security of mixed-signal (MS) NN inference hardware, an approach that is particularly attractive for edge AI because it leads to radical energy savings compared to fully digital realizations.

Secure mixed signal neural networks
Functional sketch of an MS NN inference hardware that uses compute-in-memory to overcome the von Neumann energy and latency bottleneck for data transmission of classic digital computers.

Concrete work will focus on side channel and error injection attacks. We will build an understanding of MS-specific mechanisms for information leaks, explore relevant attack scenarios and propose and evaluate countermeasures against such attacks.

Publications

  1. Wilhelmstätter, S.; Conrad, J.; Upadhyaya, D.; Polian, I.; Ortmanns, M.
    Attacking a Joint Protection Scheme for Deep Neural Network Hardware Accelerators and Models
    6th IEEE International Conference on Artificial Intelligence Circuits and Systems (AICAS), Abu Dhabi, UAE, 2024, pp. 144-148
    DOI: 10.1109/AICAS59952.2024.10595935
  2. Wilhelmstätter, S.; Conrad, J.; Upadhyaya, D.; Polian, I.; Ortmanns, M.
    Enabling Power Side-Channel Attack Simulation on Mixed-Signal Neural Network Accelerators
    IEEE International Conference on Omni-Layer Intelligent Systems (COINS), London, UK, 2024, pp. 1-5
    DOI: 10.1109/COINS61597.2024.10622156
Funding and project partners

This project is funded by the German Research Society (DFG) as part of SPP 2253 Nano Security under project number OR 245/21-1 | PO 1220/20-1.

Project partners are Prof. Dr. rer. nat. habil. Ilia Polian and M.Sc. Devanshi Upadhyaya from the Institute of Computer Engineering at the University of Stuttgart.