Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/de-gruyter/masking-feedforward-neural-networks-against-power-analysis-attacks-s0YJ9GalaS
References (56)
-
Karine Gandolfi, C. Mourtel, Francis Olivier (2001)
Electromagnetic Analysis: Concrete Results -
K. Simonyan, Andrew Zisserman (2014)
Very Deep Convolutional Networks for Large-Scale Image RecognitionCoRR, abs/1409.1556
-
Yann LeCun, L. Bottou, Yoshua Bengio, P. Haffner (1998)
Gradient-based learning applied to document recognitionProc. IEEE, 86
-
(2009)
KECCAK specifications. Submission to nist -
L. Goubin (2001)
A Sound Method for Switching between Boolean and Arithmetic Masking -
Mingzhi Zeng, Le Nguyen, Bo Yu, O. Mengshoel, Jiang Zhu, Pang Wu, J. Zhang (2014)
Convolutional Neural Networks for human activity recognition using mobile sensors6th International Conference on Mobile Computing, Applications and Services
-
Nils Hammerla, Shane Halloran, T. Plötz (2016)
Deep, Convolutional, and Recurrent Models for Human Activity Recognition Using WearablesArXiv, abs/1604.08880
-
Anuj Dubey, Rosario Cammarota, Aydin Aysu (2020)
BoMaNet: Boolean Masking of an Entire Neural Network2020 IEEE/ACM International Conference On Computer Aided Design (ICCAD)
-
Ashish Kumar, Saurabh Goyal, M. Varma (2017)
Resource-efficient Machine Learning in 2 KB RAM for the Internet of Things -
Siva Yerubandi (2002)
Differential Power Analysis -
Anuj Dubey, Rosario Cammarota, Aydin Aysu (2019)
MaskedNet: The First Hardware Inference Engine Aiming Power Side-Channel Protection2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
-
R. Shokri, Marco Stronati, Congzheng Song, Vitaly Shmatikov (2016)
Membership Inference Attacks Against Machine Learning Models2017 IEEE Symposium on Security and Privacy (SP)
-
A. Shamir (1979)
How to share a secretCommun. ACM, 22
-
J. Coron (2017)
High-Order Conversion from Boolean to Arithmetic MaskingIACR Trans. Cryptogr. Hardw. Embed. Syst., 2018
-
L. Batina, S. Bhasin, Dirmanto Jap, S. Picek (2019)
CSI NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel -
Matthieu Rivain, E. Prouff (2010)
Provably Secure Higher-Order Masking of AESIACR Cryptol. ePrint Arch., 2010
-
S. Gopinath, N. Ghanathe, V. Seshadri, Rahul Sharma (2019)
Compiling KB-sized machine learning models to tiny IoT devicesProceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation
-
M. Renauld, François-Xavier Standaert, Nicolas Veyrat-Charvillon, D. Kamel, D. Flandre (2011)
A Formal Study of Power Variability Issues and Side-Channel Attacks for Nanoscale Devices -
G. Barthe, Sonia Belaïd, François Dupressoir, Pierre-Alain Fouque, B. Grégoire, Pierre-Yves Strub, Rébecca Zucchini (2016)
Strong Non-Interference and Type-Directed Higher-Order MaskingProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
-
J. Coron, J. Großschädl, Mehdi Tibouchi, Praveen Vadnala (2015)
Conversion from Arithmetic to Boolean Masking with Logarithmic ComplexityIACR Cryptol. ePrint Arch., 2014
-
Klas Leino, Matt Fredrikson (2019)
Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership Inference -
Matt Fredrikson, S. Jha, T. Ristenpart (2015)
Model Inversion Attacks that Exploit Confidence Information and Basic CountermeasuresProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
-
J. Coron, E. Prouff, Matthieu Rivain, Thomas Roche (2013)
Higher-Order Side Channel Security and Mask Refreshing -
Suresh Chari, C. Jutla, J. Rao, P. Rohatgi (1999)
Towards Sound Approaches to Counteract Power-Analysis Attacks -
Thilo Krachenfels, F. Ganji, A. Moradi, Shahin Tajik, Jean-Pierre Seifert (2020)
Real-World Snapshots vs. Theory: Questioning the t-Probing Security Model2021 IEEE Symposium on Security and Privacy (SP)
-
Matt Fredrikson, Eric Lantz, S. Jha, Simon Lin, David Page, T. Ristenpart (2014)
Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin DosingProceedings of the ... USENIX Security Symposium. UNIX Security Symposium, 2014
-
Kaiming He, X. Zhang, Shaoqing Ren, Jian Sun (2015)
Deep Residual Learning for Image Recognition2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR)
-
(2017)
Leak Me If You Can : Does TVLA Reveal Success Rate ? -
Sameer Wagh, Divya Gupta, Nishanth Chandran (2019)
SecureNN: 3-Party Secure Computation for Neural Network TrainingProceedings on Privacy Enhancing Technologies, 2019
-
Ekim Yurtsever, Jacob Lambert, Alexander Carballo, K. Takeda (2019)
A Survey of Autonomous Driving: Common Practices and Emerging TechnologiesIEEE Access, 8
-
François-Xavier Standaert (2010)
Introduction to Side-Channel Attacks -
Yiwen Han, Xiaofei Wang, Victor Leung, D. Niyato, Xueqiang Yan, Xu Chen (2019)
Convergence of Edge Computing and Deep Learning: A Comprehensive SurveyIEEE Communications Surveys & Tutorials, 22
-
P. Kocher (1996)
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems -
C. Juvekar, V. Vaikuntanathan, A. Chandrakasan (2018)
Gazelle: A Low Latency Framework for Secure Neural Network Inference -
Ágnes Kiss, M. Naderpour, Jian Liu, N. Asokan, T. Schneider (2019)
SoK: Modular and Efficient Private Decision Tree EvaluationProceedings on Privacy Enhancing Technologies, 2019
-
Milad Nasr, R. Shokri, A. Houmansadr (2018)
Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning2019 IEEE Symposium on Security and Privacy (SP)
-
A. Salem, Yang Zhang, Mathias Humbert, Mario Fritz, M. Backes (2018)
ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning ModelsArXiv, abs/1806.01246
-
N. Lane, Petko Georgiev (2015)
Can Deep Learning Revolutionize Mobile Sensing?Proceedings of the 16th International Workshop on Mobile Computing Systems and Applications
-
Haotong Qin, Ruihao Gong, Xianglong Liu, Xiao Bai, Jingkuan Song, N. Sebe (2020)
Binary Neural Networks: A SurveyArXiv, abs/2004.03333
-
Gunasekaran Manogaran, P. Shakeel, H. Fouad, Yunyoung Nam, S. Baskar, N. Chilamkurti, Revathi Sundarasekar (2019)
Wearable IoT Smart-Log Patch: An Edge Computing-Based Bayesian Deep Learning Network System for Multi Access Physical Monitoring SystemSensors (Basel, Switzerland), 19
-
L. Goubin, J. Patarin (1999)
DES and Differential Power Analysis (The "Duplication" Method) -
A. Pantelopoulos, N. Bourbakis (2010)
A Survey on Wearable Sensor-Based Systems for Health Monitoring and PrognosisIEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 40
-
Shaoshan Liu, Liangkai Liu, Jie Tang, Bo Yu, Yifan Wang, Weisong Shi (2019)
Edge Computing for Autonomous Driving: Opportunities and ChallengesProceedings of the IEEE, 107
-
S. Mangard, Norbert Pramstaller, E. Oswald (2005)
Successfully Attacking Masked AES Hardware Implementations -
Anselme Tueno, F. Kerschbaum, S. Katzenbeisser (2019)
Private Evaluation of Decision Trees using Sublinear CostProceedings on Privacy Enhancing Technologies, 2019
-
Honggang Yu, Haocheng Ma, Kaichen Yang, Yiqiang Zhao, Yier Jin (2020)
DeepEM: Deep Neural Networks Model Recovery through EM Side-Channel Information Leakage2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
-
S. Mukhopadhyay (2015)
Wearable Sensors for Human Activity Monitoring: A ReviewIEEE Sensors Journal, 15
-
Tobias Schneider, A. Moradi (2015)
Leakage Assessment Methodology - A Clear Roadmap for Side-Channel EvaluationsIACR Cryptol. ePrint Arch., 2015
-
J. Balasch, Benedikt Gierlichs, Vincent Grosso, Oscar Reparaz, François-Xavier Standaert (2014)
On the Cost of Lazy Engineering for Masked Software Implementations -
Payman Mohassel, Yupeng Zhang (2017)
SecureML: A System for Scalable Privacy-Preserving Machine Learning2017 IEEE Symposium on Security and Privacy (SP)
-
Alex Graves, Abdel-rahman Mohamed, Geoffrey Hinton (2013)
Speech recognition with deep recurrent neural networks2013 IEEE International Conference on Acoustics, Speech and Signal Processing
-
A. Krizhevsky, Ilya Sutskever, Geoffrey Hinton (2012)
ImageNet classification with deep convolutional neural networksCommunications of the ACM, 60
-
K. Tiri, I. Verbauwhede (2004)
A logic level design methodology for a secure DPA resistant ASIC or FPGA implementationProceedings Design, Automation and Test in Europe Conference and Exhibition, 1
-
Y. Ishai, A. Sahai, D. Wagner (2003)
Private Circuits: Securing Hardware against Probing Attacks -
Nishant Kumar, Mayank Rathee, Nishanth Chandran, Divya Gupta, Aseem Rastogi, Rahul Sharma (2019)
CrypTFlow: Secure TensorFlow Inference2020 IEEE Symposium on Security and Privacy (SP)
-
E. Trichina, T. Korkishko, Kyung-Hee Lee (2004)
Small Size, Low Power, Side Channel-Immune AES Coprocessor: Design and Synthesis Results
- Publisher
- de Gruyter
- Copyright
- © 2022 Konstantinos Athanasiou et al., published by Sciendo
- ISSN
- 2299-0984
- eISSN
- 2299-0984
- DOI
- 10.2478/popets-2022-0025
- Publisher site
- See Article on Publisher Site
Abstract
AbstractRecent advances in machine learning have enabled Neural Network (NN) inference directly on constrained embedded devices. This local approach enhances the privacy of user data, as the inputs to the NN inference are not shared with third-party cloud providers over a communication network. At the same time, however, performing local NN inference on embedded devices opens up the possibility of Power Analysis attacks, which have recently been shown to be effective in recovering NN parameters, as well as their activations and structure. Knowledge of these NN characteristics constitutes a privacy threat, as it enables highly effective Membership Inference and Model Inversion attacks, which can recover information about the sensitive data that the NN model was trained on. In this paper we address the problem of securing sensitive NN inference parameters against Power Analysis attacks. Our approach employs masking, a countermeasure well-studied in the context of cryptographic algorithms. We design a set of gadgets, i.e., masked operations, tailored to NN inference. We prove our proposed gadgets secure against power attacks and show, both formally and experimentally, that they are composable, resulting in secure NN inference. We further propose optimizations that exploit intrinsic characteristics of NN inference to reduce the masking’s runtime and randomness requirements. We empirically evaluate the performance of our constructions, showing them to incur a slowdown by a factor of about 2–5.
Journal
Proceedings on Privacy Enhancing Technologies – de Gruyter
Published: Jan 1, 2022
Keywords: side-channels; neural networks; masking