1 research outputs found
SoWaF: Shuffling of Weights and Feature Maps: A Novel Hardware Intrinsic Attack (HIA) on Convolutional Neural Network (CNN)
Security of inference phase deployment of Convolutional neural network (CNN)
into resource constrained embedded systems (e.g. low end FPGAs) is a growing
research area. Using secure practices, third party FPGA designers can be
provided with no knowledge of initial and final classification layers. In this
work, we demonstrate that hardware intrinsic attack (HIA) in such a "secure"
design is still possible. Proposed HIA is inserted inside mathematical
operations of individual layers of CNN, which propagates erroneous operations
in all the subsequent CNN layers that lead to misclassification. The attack is
non-periodic and completely random, hence it becomes difficult to detect. Five
different attack scenarios with respect to each CNN layer are designed and
evaluated based on the overhead resources and the rate of triggering in
comparison to the original implementation. Our results for two CNN
architectures show that in all the attack scenarios, additional latency is
negligible (<0.61%), increment in DSP, LUT, FF is also less than 2.36%. Three
attack scenarios do not require any additional BRAM resources, while in two
scenarios BRAM increases, which compensates with the corresponding decrease in
FF and LUTs. To the authors' best knowledge this work is the first to address
the hardware intrinsic CNN attack with the attacker does not have knowledge of
the full CNN.Comment: 5 pages, 6 figures, 2 tables, ISCAS 2021 Conferenc