SCA Strikes Back

None, None; None, None; None, None; None, None

SCA Strikes Back

Reverse Engineering Neural Network Architectures using Side Channels

Journal Article (2022)

Author(s)

Lejla Batina (Radboud Universiteit Nijmegen)

Shivam Bhasin (Nanyang Technological University)

Dirmanto Jap (Nanyang Technological University)

S. Picek (TU Delft - Cyber Security)

Research Group

Cyber Security

Copyright

DOI related publication

https://doi.org/10.1109/MDAT.2021.3128436

Correlation Neurons Computer architecture Machine learning algorithms Timing Electromagnetics Biological neural networks

To reference this document use:

https://resolver.tudelft.nl/uuid:9b832d09-9b7f-424f-affa-f199dbda70df

More Info

expand_more

Publication Year

2022

Language

English

Copyright

Research Group

Cyber Security

Issue number

4

Volume number

39

Pages (from-to)

7-14

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

This paper was selected for Top Picks in Hardware and Embedded Security 2020 and it presents a physical side-channel attack aiming at reverse engineering neural networks implemented on an edge device. The attack does not need access to training data and allows for neural network recovery by feeding known random inputs. We successfully reverse engineer information about layers, neurons, activation functions, and weights associated with neurons. This attack opens a new door in the domain of security of neural networks. Follow-up works by other researchers have shown this attack to be applicable for various settings and difficult to protect against.

Files

SCA_Strikes_Back_Reverse_Engin... (pdf)

(pdf | 1.43 Mb)

- Embargo expired in 01-07-2023

License info not available