A Review of Confidentiality Threats Against Embedded Neural Network Models

TL;DR

This paper reviews confidentiality threats to embedded neural network models, emphasizing attack types like model extraction, data leakage, and the underexplored role of Side-Channel Analysis in compromising model security.

Contribution

It provides a comprehensive overview of attacks on embedded DNN confidentiality, highlighting the significance of Side-Channel Analysis as a novel threat vector.

Findings

Side-Channel Analysis can extract model parameters from power and electromagnetic signals.

Model extraction and data leakage are major confidentiality threats in embedded neural networks.

Security measures against SCA are urgently needed for IoT systems.

Abstract

Utilization of Machine Learning (ML) algorithms, especially Deep Neural Network (DNN) models, becomes a widely accepted standard in many domains more particularly IoT-based systems. DNN models reach impressive performances in several sensitive fields such as medical diagnosis, smart transport or security threat detection, and represent a valuable piece of Intellectual Property. Over the last few years, a major trend is the large-scale deployment of models in a wide variety of devices. However, this migration to embedded systems is slowed down because of the broad spectrum of attacks threatening the integrity, confidentiality and availability of embedded models. In this review, we cover the landscape of attacks targeting the confidentiality of embedded DNN models that may have a major impact on critical IoT systems, with a particular focus on model extraction and data leakage. We highlight the fact that Side-Channel Analysis (SCA) is a relatively unexplored bias by which model's confidentiality can be compromised. Input data, architecture or parameters of a model can be extracted from power or electromagnetic observations, testifying a real need from a security point of view.