Secure eFPGA-Enabled Edge LLM Inference: Architectural and Hardware Countermeasures

TL;DR

This paper proposes a hybrid ASIC+eFPGA architecture for edge transformer inference that enhances security against side-channel, fault injection, and supply-chain attacks while maintaining high performance.

Contribution

It introduces a novel integrated architecture combining ASIC and eFPGA to enable security mechanisms like runtime monitoring and patching for edge LLM inference.

Findings

Enhanced security against side-channel and fault injection attacks.

Maintained high performance of ASIC-based transformer inference.

Enabled post-deployment security updates via reconfigurable logic.

Abstract

Edge deployment of transformer-based models increasingly relies on ASIC accelerators due to their high performance and energy efficiency, achieved through optimized dataflows, specialized architectures, low-bitwidth computation, and efficient memory hierarchies. However, these advantages come with significant security vulnerabilities. ASIC-based DNN accelerators are susceptible to side-channel attacks (e.g., power, electromagnetic, and timing analysis) and fault injection attacks (e.g., voltage manipulation, clock glitches, and memory perturbations), which can lead to model extraction or compromised inference integrity. Furthermore, threats introduced during design and fabrication, such as hardware Trojans or untrusted third-party IPs, further expand the attack surface. To address these challenges, we explore a hybrid ASIC+eFPGA architecture that combines the efficiency of ASICs with the flexibility of reconfigurable logic. The integrated eFPGA enables security-oriented mechanisms such as adaptive runtime monitoring, side-channel mitigation and post-deployment patching. By leveraging these capabilities, the proposed approach enhances system resilience against both runtime and supply-chain attacks, while preserving the performance benefits of ASIC-based transformer inference.