During the last decade, Deep Neural Networks (DNN) have progressively been integrated on all types of platforms, from data centers to embedded systems including low-power processors and, recently, FPGAs. Neural Networks (NN) are expected to become ubiquitous in IoT systems by transforming all sorts of real-world applications, including applications in the safety-critical and security-sensitive domains. However, the underlying hardware security vulnerabilities of embedded NN implementations remain unaddressed. In particular, embedded DNN implementations are vulnerable to Side-Channel Analysis (SCA) attacks, which are especially important in the IoT and edge computing contexts where an attacker can usually gain physical access to the targeted device. A research field has therefore emerged and is rapidly growing in terms of the use of SCA including timing, electromagnetic attacks and power attacks to target NN embedded implementations. Since 2018, research papers have shown that SCA enables an attacker to recover inference models architectures and parameters, to expose industrial IP and endangers data confidentiality and privacy. Without a complete review of this emerging field in the literature so far, this paper surveys state-of-the-art physical SCA attacks relative to the implementation of embedded DNNs on micro-controllers and FPGAs in order to provide a thorough analysis on the current landscape. It provides a taxonomy and a detailed classification of current attacks. It first discusses mitigation techniques and then provides insights for future research leads.
翻译:在过去十年中,深神经网络(DNN)逐渐融入了所有类型的平台,从数据中心到包括低电处理器和最近FPGAs在内的嵌入系统,从数据中心到包括低电处理器和FPGAs在内的嵌入系统。神经网络(NNN)通过改造各种现实世界应用,包括安全关键和安全敏感领域的应用,预计将在IOT系统中无处不在。然而,嵌入的NNNN实施的潜在硬件安全脆弱性仍未得到解决。特别是,嵌入的DNNN实施很容易受到侧气分析(SCA)袭击的伤害,而这种袭击在IoT和边缘计算环境中特别重要,攻击者通常能够实际进入目标装置。因此,出现了一个研究领域,在使用SCA(包括时间、电磁攻击和电源攻击目标NNNE内嵌入实施领域)系统方面,正在迅速增加。自2018年以来,研究文件显示SCA使得攻击者能够恢复推断模型结构和参数,暴露工业IP,并危及数据保密和隐私。在目前文献中对这一新兴领域进行彻底审查的情况下,这一研究技术通常可以导致对目标装置的物理攻击。这一研究领域进行深入分析。本文对SAASTASTA系统进行详细分析。