REDACTOR: eFPGA Redaction for DNN Accelerator Security

TL;DR

This paper investigates the use of eFPGA redaction to enhance security in DNN accelerators, focusing on module selection, implementation, and overhead analysis to prevent IP theft.

Contribution

It introduces a methodology for redacting critical DNN modules using eFPGAs, including design, synthesis, and physical implementation, with comprehensive overhead evaluation.

Findings

Redaction effectively conceals critical modules.

Overhead in power, area, and delay is manageable.

Redacted accelerators maintain functionality with security enhancements.

Abstract

With the ever-increasing integration of artificial intelligence into daily life and the growing importance of well-trained models, the security of hardware accelerators supporting Deep Neural Networks (DNNs) has become paramount. As a promising solution to prevent hardware intellectual property theft, eFPGA redaction has emerged. This technique selectively conceals critical components of the design, allowing authorized users to restore functionality post-fabrication by inserting the correct bitstream. In this paper, we explore the redaction of DNN accelerators using eFPGAs, from specification to physical design implementation. Specifically, we investigate the selection of critical DNN modules for redaction using both regular and fracturable look-up tables. We perform synthesis, timing verification, and place & route on redacted DNN accelerators. Furthermore, we evaluate the overhead of incorporating eFPGAs into DNN accelerators in terms of power, area, and delay, finding it reasonable given the security benefits.