A PUF-Based Approach for Copy Protection of Intellectual Property in Neural Network Models

TL;DR

This paper proposes a novel method using Physically Unclonable Functions (PUFs) to bind neural network models to specific hardware, preventing unauthorized copying and execution on cloned devices by degrading accuracy on non-original hardware.

Contribution

It introduces a PUF-based technique to securely link neural network weights to hardware, enhancing intellectual property protection against cloning.

Findings

Degrades model accuracy on cloned hardware

Effectively links NN models to specific hardware

Outlines potential improvements for robustness

Abstract

More and more companies' Intellectual Property (IP) is being integrated into Neural Network (NN) models. This IP has considerable value for companies and, therefore, requires adequate protection. For example, an attacker might replicate a production machines' hardware and subsequently simply copy associated software and NN models onto the cloned hardware. To make copying NN models onto cloned hardware infeasible, we present an approach to bind NN models - and thus also the IP contained within them - to their underlying hardware. For this purpose, we link an NN model's weights, which are crucial for its operation, to unique and unclonable hardware properties by leveraging Physically Unclonable Functions (PUFs). By doing so, sufficient accuracy can only be achieved using the target hardware to restore the original weights, rendering proper execution of the NN model on cloned hardware impossible. We demonstrate that our approach accomplishes the desired degradation of accuracy on various NN models and outline possible future improvements.