Picture for Lejla Batina

Lejla Batina

CNN architecture extraction on edge GPU

Add code
Jan 24, 2024
Peter Horvath, Lukasz Chmielewski, Leo Weissbart, Lejla Batina, Yuval Yarom

Neural networks have become popular due to their versatility and state-of-the-art results in many applications, such as image classification, natural language processing, speech recognition, forecasting, etc. These applications are also used in resource-constrained environments such as embedded devices. In this work, the susceptibility of neural network implementations to reverse engineering is explored on the NVIDIA Jetson Nano microcomputer via side-channel analysis. To this end, an architecture extraction attack is presented. In the attack, 15 popular convolutional neural network architectures (EfficientNets, MobileNets, NasNet, etc.) are implemented on the GPU of Jetson Nano and the electromagnetic radiation of the GPU is analyzed during the inference operation of the neural networks. The results of the analysis show that neural network architectures are easily distinguishable using deep learning-based side-channel analysis.

* Will appear at the AIHWS 2024 workshop at ACNS 2024 
Viaarxiv icon
Github IconAccess Paper or Ask Questions
Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Playing with blocks: Toward re-usable deep learning models for side-channel profiled attacks

Add code
Mar 17, 2022
Servio Paguada, Lejla Batina, Ileana Buhan, Igor Armendariz
Figure 1 for Playing with blocks: Toward re-usable deep learning models for side-channel profiled attacks
Figure 2 for Playing with blocks: Toward re-usable deep learning models for side-channel profiled attacks
Figure 3 for Playing with blocks: Toward re-usable deep learning models for side-channel profiled attacks
Figure 4 for Playing with blocks: Toward re-usable deep learning models for side-channel profiled attacks

This paper introduces a deep learning modular network for side-channel analysis. Our deep learning approach features the capability to exchange part of it (modules) with others networks. We aim to introduce reusable trained modules into side-channel analysis instead of building architectures for each evaluation, reducing the body of work when conducting those. Our experiments demonstrate that our architecture feasibly assesses a side-channel evaluation suggesting that learning transferability is possible with the network we propose in this paper.

Viaarxiv icon
Github IconAccess Paper or Ask Questions
Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Being Patient and Persistent: Optimizing An Early Stopping Strategy for Deep Learning in Profiled Attacks

Add code
Nov 29, 2021
Servio Paguada, Lejla Batina, Ileana Buhan, Igor Armendariz
Figure 1 for Being Patient and Persistent: Optimizing An Early Stopping Strategy for Deep Learning in Profiled Attacks
Figure 2 for Being Patient and Persistent: Optimizing An Early Stopping Strategy for Deep Learning in Profiled Attacks
Figure 3 for Being Patient and Persistent: Optimizing An Early Stopping Strategy for Deep Learning in Profiled Attacks
Figure 4 for Being Patient and Persistent: Optimizing An Early Stopping Strategy for Deep Learning in Profiled Attacks

The absence of an algorithm that effectively monitors deep learning models used in side-channel attacks increases the difficulty of evaluation. If the attack is unsuccessful, the question is if we are dealing with a resistant implementation or a faulty model. We propose an early stopping algorithm that reliably recognizes the model's optimal state during training. The novelty of our solution is an efficient implementation of guessing entropy estimation. Additionally, we formalize two conditions, persistence and patience, for a deep learning model to be optimal. As a result, the model converges with fewer traces.

Viaarxiv icon
Github IconAccess Paper or Ask Questions
Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon