DeepStrike: Remotely-Guided Fault Injection Attacks on DNN Accelerator   in Cloud-FPGA

Yukui Luo; Cheng Gongye; Yunsi Fei; Xiaolin Xu

arXiv:2105.09453·cs.CR·March 17, 2022

DeepStrike: Remotely-Guided Fault Injection Attacks on DNN Accelerator in Cloud-FPGA

Yukui Luo, Cheng Gongye, Yunsi Fei, Xiaolin Xu

PDF

TL;DR

DeepStrike demonstrates a novel remote fault injection attack on FPGA-based DNN accelerators in cloud environments, exploiting power glitches and TDC sensors to cause misclassification and disrupt DNN computations.

Contribution

This work introduces DeepStrike, the first remotely-guided fault injection attack on FPGA DNN accelerators using power glitching and TDC sensors for precise timing control.

Findings

01

Successfully disrupts FPGA DSP kernels

02

Causes targeted misclassification in DNNs

03

Identifies vulnerabilities across different DNN layers

Abstract

As Field-programmable gate arrays (FPGAs) are widely adopted in clouds to accelerate Deep Neural Networks (DNN), such virtualization environments have posed many new security issues. This work investigates the integrity of DNN FPGA accelerators in clouds. It proposes DeepStrike, a remotely-guided attack based on power glitching fault injections targeting DNN execution. We characterize the vulnerabilities of different DNN layers against fault injections on FPGAs and leverage time-to-digital converter (TDC) sensors to precisely control the timing of fault injections. Experimental results show that our proposed attack can successfully disrupt the FPGA DSP kernel and misclassify the target victim DNN application.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.