Skip to main content

Recovering the Weights of Convolutional Neural Network via Chosen Pixel Horizontal Power Analysis

  • Conference paper
  • First Online:
Wireless Algorithms, Systems, and Applications (WASA 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13472))

Abstract

In many scenarios, people have a demand for deploying the artificial intelligence applications on the edge device of IoT. For some special applications, these embedded devices are always required real-time reponse; hence, it is necessary to process machine learning algorithms on microprocessors. However, these devices may be subjected to side-channel attacks (SCA). During the execution, these devices will generate the leakage information can be captured to get the secret data. In this work, we investigate how to reverse engineer the weights of a convolutional neural network (CNN) which is deployed on ARM Cortex-M3 using Chosen Pixel Horizontal Power Analysis (CP-HPA).

We conduct the experiment on ELMO emulating leaks for the ARM Cortex-M3. ARM Cortex-M3 microprocessors are often used to deploy CNNs. Here, we show that it is possible to recover the weights of a CNN using CP-HPA assuming that the adversary only has the knowledge of the architectures. We increase the accuracy of our attack through setting up chosen input pixel to correlate the selected multiplication. We are able to successfully recover the weights of a CMSIS-NN implementation CNN, and accuracy of our attack is 84.625%.

This work is supported by the National Key R &D Program of China (Grant No. 2020AAA0107703), the National Natural Science Foundation of China (Grant No.62132008, 62072247, 62071222), the Natural Science Foundation of Jiangsu Province, China (Grant No. BK20220075).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Amiel, F., Feix, B., Villegas, K.: Power analysis for secret recovering and reverse engineering of public key algorithms. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 110–125. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_8

    Chapter  Google Scholar 

  2. Batina, L., Bhasin, S., Jap, D., Picek, S.: \(\{\)CSI\(\}\)\(\{\)NN\(\}\): reverse engineering of neural network architectures through electromagnetic side channel. In: 28th USENIX Security Symposium (USENIX Security), pp. 515–532 (2019)

    Google Scholar 

  3. Batina, L., Bhasin, S., Jap, D., Picek, S.: Poster: recovering the input of neural networks via single shot side-channel attacks. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2657–2659 (2019)

    Google Scholar 

  4. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2

    Chapter  Google Scholar 

  5. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  6. Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17650-0_5

    Chapter  Google Scholar 

  7. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_25

    Chapter  Google Scholar 

  8. Gao, S.: sca-research/ELMO. https://github.com/bristol-sca/ELMO (2021)

  9. Hua, W., Zhang, Z., Suh, G.E.: Reverse engineering convolutional neural networks through side-channel information leaks. In: 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC), pp. 1–6. IEEE (2018)

    Google Scholar 

  10. Kim, J., Hong, S., Han, D.G., Lee, S.: Improved side-channel attack on des with the first four rounds masked. ETRI J. 31(5), 625–627 (2009)

    Article  Google Scholar 

  11. Kober, J., Bagnell, J.A., Peters, J.: Reinforcement learning in robotics: a survey. Int. J. Robot. Res. 32(11), 1238–1274 (2013)

    Article  Google Scholar 

  12. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25

    Chapter  Google Scholar 

  13. Krizhevsky, A., Nair, V., Hinton, G.: CIFAR-10. Canadian Institute for Advanced Research (2009)

    Google Scholar 

  14. Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. Advances in Neural Information Processing Systems 25 (2012)

    Google Scholar 

  15. Lai, L., Suda, N., Chandra, V.: CMSIS-NN: efficient neural network kernels for Arm Cortex-M CPUs. arXiv preprint arXiv:1801.06601 (2018)

  16. LeCun, Y., Bengio, Y., et al.: Convolutional networks for images, speech, and time series. The Handbook of Brain Theory and Neural Networks 3361(10), 1995 (1995)

    Google Scholar 

  17. Lo, O., Buchanan, W.J., Carson, D.: Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA). J. Cyber Secur. Technol. 1(2), 88–107 (2017)

    Article  Google Scholar 

  18. Maji, S., Banerjee, U., Chandrakasan, A.P.: Leaky nets: recovering embedded neural network models and inputs through simple power and timing side-channels-attacks and defenses. IEEE Internet Things J. 8(15), 12079–12092 (2021)

    Article  Google Scholar 

  19. McCann, D., Oswald, E., Whitnall, C.: Towards practical tools for side channel aware software engineering: ‘grey box’ modelling for instruction leakages. In: 26th USENIX Security Symposium (USENIX Security), pp. 199–216 (2017)

    Google Scholar 

  20. Teufl, P., Payer, U., Lackner, G.: From NLP (natural language processing) to MLP (machine language processing). In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 256–269. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14706-7_20

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Zhe Liu .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

He, S., Wu, W., Li, Y., Zhou, L., Fang, L., Liu, Z. (2022). Recovering the Weights of Convolutional Neural Network via Chosen Pixel Horizontal Power Analysis. In: Wang, L., Segal, M., Chen, J., Qiu, T. (eds) Wireless Algorithms, Systems, and Applications. WASA 2022. Lecture Notes in Computer Science, vol 13472. Springer, Cham. https://doi.org/10.1007/978-3-031-19214-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-19214-2_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-19213-5

  • Online ISBN: 978-3-031-19214-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics