Abstract
In many scenarios, people have a demand for deploying the artificial intelligence applications on the edge device of IoT. For some special applications, these embedded devices are always required real-time reponse; hence, it is necessary to process machine learning algorithms on microprocessors. However, these devices may be subjected to side-channel attacks (SCA). During the execution, these devices will generate the leakage information can be captured to get the secret data. In this work, we investigate how to reverse engineer the weights of a convolutional neural network (CNN) which is deployed on ARM Cortex-M3 using Chosen Pixel Horizontal Power Analysis (CP-HPA).
We conduct the experiment on ELMO emulating leaks for the ARM Cortex-M3. ARM Cortex-M3 microprocessors are often used to deploy CNNs. Here, we show that it is possible to recover the weights of a CNN using CP-HPA assuming that the adversary only has the knowledge of the architectures. We increase the accuracy of our attack through setting up chosen input pixel to correlate the selected multiplication. We are able to successfully recover the weights of a CMSIS-NN implementation CNN, and accuracy of our attack is 84.625%.
This work is supported by the National Key R &D Program of China (Grant No. 2020AAA0107703), the National Natural Science Foundation of China (Grant No.62132008, 62072247, 62071222), the Natural Science Foundation of Jiangsu Province, China (Grant No. BK20220075).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Amiel, F., Feix, B., Villegas, K.: Power analysis for secret recovering and reverse engineering of public key algorithms. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 110–125. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77360-3_8
Batina, L., Bhasin, S., Jap, D., Picek, S.: \(\{\)CSI\(\}\)\(\{\)NN\(\}\): reverse engineering of neural network architectures through electromagnetic side channel. In: 28th USENIX Security Symposium (USENIX Security), pp. 515–532 (2019)
Batina, L., Bhasin, S., Jap, D., Picek, S.: Poster: recovering the input of neural networks via single shot side-channel attacks. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2657–2659 (2019)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3
Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17650-0_5
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_25
Gao, S.: sca-research/ELMO. https://github.com/bristol-sca/ELMO (2021)
Hua, W., Zhang, Z., Suh, G.E.: Reverse engineering convolutional neural networks through side-channel information leaks. In: 2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC), pp. 1–6. IEEE (2018)
Kim, J., Hong, S., Han, D.G., Lee, S.: Improved side-channel attack on des with the first four rounds masked. ETRI J. 31(5), 625–627 (2009)
Kober, J., Bagnell, J.A., Peters, J.: Reinforcement learning in robotics: a survey. Int. J. Robot. Res. 32(11), 1238–1274 (2013)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
Krizhevsky, A., Nair, V., Hinton, G.: CIFAR-10. Canadian Institute for Advanced Research (2009)
Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. Advances in Neural Information Processing Systems 25 (2012)
Lai, L., Suda, N., Chandra, V.: CMSIS-NN: efficient neural network kernels for Arm Cortex-M CPUs. arXiv preprint arXiv:1801.06601 (2018)
LeCun, Y., Bengio, Y., et al.: Convolutional networks for images, speech, and time series. The Handbook of Brain Theory and Neural Networks 3361(10), 1995 (1995)
Lo, O., Buchanan, W.J., Carson, D.: Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA). J. Cyber Secur. Technol. 1(2), 88–107 (2017)
Maji, S., Banerjee, U., Chandrakasan, A.P.: Leaky nets: recovering embedded neural network models and inputs through simple power and timing side-channels-attacks and defenses. IEEE Internet Things J. 8(15), 12079–12092 (2021)
McCann, D., Oswald, E., Whitnall, C.: Towards practical tools for side channel aware software engineering: ‘grey box’ modelling for instruction leakages. In: 26th USENIX Security Symposium (USENIX Security), pp. 199–216 (2017)
Teufl, P., Payer, U., Lackner, G.: From NLP (natural language processing) to MLP (machine language processing). In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 256–269. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14706-7_20
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
He, S., Wu, W., Li, Y., Zhou, L., Fang, L., Liu, Z. (2022). Recovering the Weights of Convolutional Neural Network via Chosen Pixel Horizontal Power Analysis. In: Wang, L., Segal, M., Chen, J., Qiu, T. (eds) Wireless Algorithms, Systems, and Applications. WASA 2022. Lecture Notes in Computer Science, vol 13472. Springer, Cham. https://doi.org/10.1007/978-3-031-19214-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-031-19214-2_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19213-5
Online ISBN: 978-3-031-19214-2
eBook Packages: Computer ScienceComputer Science (R0)