PermuteV: A Performant Side-channel-Resistant RISC-V Core Securing Edge AI Inference

TL;DR

PermuteV is a RISC-V core designed for edge AI inference that employs hardware-accelerated random permutation of loop execution to resist electromagnetic side-channel attacks, balancing security with efficiency.

Contribution

This paper introduces PermuteV, a novel RISC-V core with a hardware-based permutation mechanism to enhance side-channel security during neural network inference.

Findings

Effective EM SCA resistance demonstrated on FPGA

Minimal hardware area overhead

Low runtime overhead for security features

Abstract

Edge AI inference is becoming prevalent thanks to the emergence of small yet high-performance microprocessors. This shift from cloud to edge processing brings several benefits in terms of energy savings, improved latency, and increased privacy. On the downside, bringing computation to the edge makes them more vulnerable to physical side-channel attacks (SCA), which aim to extract the confidentiality of neural network models, e.g., architecture and weight. To address this growing threat, we propose PermuteV, a performant side-channel resistant RISC-V core designed to secure neural network inference. PermuteV employs a hardware-accelerated defense mechanism that randomly permutes the execution order of loop iterations, thereby obfuscating the electromagnetic (EM) signature associated with sensitive operations. We implement PermuteV on FPGA and perform evaluations in terms of side-channel security, hardware area, and runtime overhead. The experimental results demonstrate that PermuteV can effectively defend against EM SCA with minimal area and runtime overhead.