Hierarchical Hardware Trojan for LUT-based AI Devices and its Evaluation

被引：0

作者：

Nozaki Y. ^{[1
]}

Takemoto S. ^{[2
]}

Ikezaki Y. ^{[2
]}

Yoshikawa M. ^{[1
]}

机构：

[1] Faculty of Science and Technology, Meijo University, 1-501, Shiogamaguchi, Tenpaku-ku, Aichi, Nagoya

[2] Graduate School of Science and Technology, Meijo University, 1-501, Shiogamaguchi, Tenpaku-ku, Aichi, Nagoya

来源：

IEEJ Transactions on Electronics, Information and Systems | 2021年 / 141卷 / 12期

基金：

日本学术振兴会;

关键词：

AI security; FPGA; hardware security; hardware Trojan;

D O I：

10.1541/ieejeiss.141.1234

中图分类号：

学科分类号：

摘要：

To realize Society 5.0, edge AI techniques have attracted attention. On the other hand, security issues of edge AI have been reported. In addition, in the field of hardware security, the threat of hardware Trojan (HT) is emphasized. To defend the AI device from malicious attacks, it is important to check the vulnerability against various attacks. Therefore, this study proposes a new HT for AI inference devices. The proposed HT falsifies the inference result with respect to an arbitrary trigger input. The proposed HT concentrates on the Lookup Table (LUT) structure, and can be achieved by rewriting the LUT table information. As a result, the proposed HT does not need additional trojan trigger and payload circuits, that is, it can be implemented without the circuit overhead. Experiments by field programable gate array show the validity of the proposed HT. © 2021 The Institute of Electrical Engineers of Japan.

引用

页码：1234 / 1240

页数：6

共 18 条

[1]

Courbariaux M., Hubara I., Soudry D., Yaniv R. E., Bengio Y., Binarized Neural Networks: Training Deep Neural Networks with Weights and Activations Constrained to +1 or −1, pp. 1-11, (2016)

[2]

Rastegari M., Ordonez V., Redmon J., Farhadi A., XNOR-Net: ImageNet Classification Using Binary Convolutional Neural Networks, Proc. European Conf. on Computer Vision (ECCV 2016), LNCS, 9908, pp. 525-542, (2016)

[3]

Nakahara H., Yonekawa H., Fujii T., Shimada M., Sato S., GUINNESS: A GUI Based Binarized Deep Neural Network Framework for Software Programmers, IEICE Trans. Information and Systems, E102-D, 5, pp. 1003-1011, (2019)

[4]

Fuchikami R., Issiki F., Fast and Light-weight Binarized Neural Network Implemented in an FPGA using LUT-based Signal Processing and its Time-domain Extension for Multi-bit Processing, Proc. 9th IEEE Int. Conf. on Consumer Electronics (ICCE-Berlin 2019), pp. 120-121, (2019)

[5]

Artificial Intelligence White Paper 2019, (2018)

[6]

Kurakin A., Goodfellow I., Bengio S., Adversarial examples in the physical world, pp. 1-14, (2016)

[7]

Tramer F., Zhang F., Juels A., Reiter M. K., Ristenpart T., Stealing Machine Learning Models via Prediction APIs, Proc. 25th USENIX Security Symposium, pp. 601-618, (2016)

[8]

Kawamura S., Hayashi Y., Domestic Hardware Trojan Research Trends, IEICE Technical Reports, IEICE-HWS, 120, 211, pp. 54-58, (2020)

[9]

Kinugawa M., Hayashi Y., Mori T., Evaluation of EM Information Leakage caused by IEMI with Hardware Trojan, IEEJ Trans. Fundamentals and Materials, 137, 3, pp. 153-157, (2017)

[10]

Kumaki T., Tsukada Y., Yoshikawa M., Ogura T., Fujino T., Implementation and Evaluation of Hardware Trojan-Implanted Cipher Processing Circuit with Development Verification Board, IEICE Trans. Fundamentals of Electronics, Communications and Computer Sciences (Japanese Edition), J98-A, 4, pp. 313-326, (2015)

← 1 2 →