Fault Injection on Embedded Neural Networks: Impact of a Single Instruction Skip

TL;DR

This paper investigates the security vulnerabilities of embedded neural networks by experimentally demonstrating how electromagnetic and laser fault injections can cause instruction skips, potentially altering model predictions on microcontrollers.

Contribution

It is the first to experimentally analyze the impact of instruction skip faults on neural network inference in embedded systems using electromagnetic and laser injections.

Findings

Instruction skip faults can alter neural network inference outcomes.

Fault injections can target control flow to compromise model integrity.

Adversaries can exploit these faults to manipulate predictions.

Abstract

With the large-scale integration and use of neural network models, especially in critical embedded systems, their security assessment to guarantee their reliability is becoming an urgent need. More particularly, models deployed in embedded platforms, such as 32-bit microcontrollers, are physically accessible by adversaries and therefore vulnerable to hardware disturbances. We present the first set of experiments on the use of two fault injection means, electromagnetic and laser injections, applied on neural networks models embedded on a Cortex M4 32-bit microcontroller platform. Contrary to most of state-of-the-art works dedicated to the alteration of the internal parameters or input values, our goal is to simulate and experimentally demonstrate the impact of a specific fault model that is instruction skip. For that purpose, we assessed several modification attacks on the control flow of a neural network inference. We reveal integrity threats by targeting several steps in the inference program of typical convolutional neural network models, which may be exploited by an attacker to alter the predictions of the target models with different adversarial goals.