Leaky Nets: Recovering Embedded Neural Network Models and Inputs through Simple Power and Timing Side-Channels -- Attacks and Defenses

TL;DR

This paper demonstrates how embedded neural network models and their inputs can be recovered through simple power and timing side-channel attacks, highlighting security vulnerabilities and proposing countermeasures.

Contribution

It introduces practical timing and power analysis attacks on embedded neural networks and evaluates their effectiveness across various micro-controller platforms.

Findings

Successfully recovered model parameters and inputs from embedded neural networks.

Demonstrated attacks on floating point, fixed point, and binary networks.

Analyzed the overhead of proposed countermeasures.

Abstract

With the recent advancements in machine learning theory, many commercial embedded micro-processors use neural network models for a variety of signal processing applications. However, their associated side-channel security vulnerabilities pose a major concern. There have been several proof-of-concept attacks demonstrating the extraction of their model parameters and input data. But, many of these attacks involve specific assumptions, have limited applicability, or pose huge overheads to the attacker. In this work, we study the side-channel vulnerabilities of embedded neural network implementations by recovering their parameters using timing-based information leakage and simple power analysis side-channel attacks. We demonstrate our attacks on popular micro-controller platforms over networks of different precisions such as floating point, fixed point, binary networks. We are able to successfully recover not only the model parameters but also the inputs for the above networks. Countermeasures against timing-based attacks are implemented and their overheads are analyzed.