Stochastic Training for Side-Channel Resilient AI
Anuj Dubey, Aydin Aysu
TL;DR
This paper introduces a stochastic training approach that enhances the resilience of AI models on edge devices against side-channel attacks by using randomized configurations, achieving reduced leakage with minimal accuracy loss.
Contribution
It presents a novel training methodology that improves side-channel attack resistance without hardware modifications, suitable for existing edge AI hardware.
Findings
Reduced side-channel leakage on Google Coral Edge TPU
Maintained high model accuracy with ~1% degradation
Demonstrated robustness over 20,000 traces
Abstract
The confidentiality of trained AI models on edge devices is at risk from side-channel attacks exploiting power and electromagnetic emissions. This paper proposes a novel training methodology to enhance resilience against such threats by introducing randomized and interchangeable model configurations during inference. Experimental results on Google Coral Edge TPU show a reduction in side-channel leakage and a slower increase in t-scores over 20,000 traces, demonstrating robustness against adversarial observations. The defense maintains high accuracy, with about 1% degradation in most configurations, and requires no additional hardware or software changes, making it the only applicable solution for existing Edge TPUs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptographic Implementations and Security · Security and Verification in Computing · Adversarial Robustness in Machine Learning