Power-Based Attacks on Spatial DNN Accelerators

08/28/2021
by   Ge Li, et al.
0

With proliferation of DNN-based applications, the confidentiality of DNN model is an important commercial goal. Spatial accelerators, that parallelize matrix/vector operations, are utilized for enhancing energy efficiency of DNN computation. Recently, model extraction attacks on simple accelerators, either with a single processing element or running a binarized network, were demonstrated using the methodology derived from differential power analysis (DPA) attack on cryptographic devices. This paper investigates the vulnerability of realistic spatial accelerators using general, 8-bit, number representation. We investigate two systolic array architectures with weight-stationary dataflow: (1) a 3 × 1 array for a dot-product operation, and (2) a 3 × 3 array for matrix-vector multiplication. Both are implemented on the SAKURA-G FPGA board. We show that both architectures are ultimately vulnerable. A conventional DPA succeeds fully on the 1D array, requiring 20K power measurements. However, the 2D array exhibits higher security even with 460K traces. We show that this is because the 2D array intrinsically entails multiple MACs simultaneously dependent on the same input. However, we find that a novel template-based DPA with multiple profiling phases is able to fully break the 2D array with only 40K traces. Corresponding countermeasures need to be investigated for spatial DNN accelerators.

READ FULL TEXT
research
04/16/2021

Random and Adversarial Bit Error Robustness: Energy-Efficient and Secure DNN Accelerators

Deep neural network (DNN) accelerators received considerable attention i...
research
05/17/2022

QAPPA: Quantization-Aware Power, Performance, and Area Modeling of DNN Accelerators

As the machine learning and systems community strives to achieve higher ...
research
04/13/2023

PowerGAN: A Machine Learning Approach for Power Side-Channel Attack on Compute-in-Memory Accelerators

Analog compute-in-memory (CIM) accelerators are becoming increasingly po...
research
08/10/2021

Survey and Benchmarking of Precision-Scalable MAC Arrays for Embedded DNN Processing

Reduced-precision and variable-precision multiply-accumulate (MAC) opera...
research
06/19/2021

Evaluating Spatial Accelerator Architectures with Tiled Matrix-Matrix Multiplication

There is a growing interest in custom spatial accelerators for machine l...
research
10/05/2021

RASA: Efficient Register-Aware Systolic Array Matrix Engine for CPU

As AI-based applications become pervasive, CPU vendors are starting to i...
research
12/04/2022

SoK: Fully Homomorphic Encryption Accelerators

Fully Homomorphic Encryption (FHE) is a key technology enabling privacy-...

Please sign up or login with your details

Forgot password? Click here to reset