Project Details
Projekt Print View

Secure Mixed-Signal Neural Networks - SeMSiNN

Subject Area Electronic Semiconductors, Components and Circuits, Integrated Systems, Sensor Technology, Theoretical Electrical Engineering
Computer Architecture, Embedded and Massively Parallel Systems
Term since 2024
Project identifier Deutsche Forschungsgemeinschaft (DFG) - Project number 535473873
 
Artificial intelligence (AI) and especially neural network (NN) inference functionalities are increasingly found in resource-restricted devices, which cannot offload complex computations to remote servers. The “Edge AI” paradigm poses new security challenges, because in addition to known attacks edge devices are physically exposed to potential adversaries and are targets of side-channel and fault-injection attacks. At the same time, such systems often process sensitive data, such as health-related measurements. Moreover, the NN models themselves can have substantial economic value and must be protected against unauthorized extraction. For this reason, there is a thriving new research community focusing on understanding and counteracting security threats specific to NN inference hardware. Project SeMSiNN focuses on security of mixed-signal (MS) NN inference hardware, an approach that is extremely attractive for Edge AI due to radical savings in power demands compared to fully-digital realizations. For the first time, complexities and opportunities of making MS NN inference hardware secure will be explored jointly by an expert in MS technologies and a specialist in protecting hardware against physical attacks. The methodologies developed in this project will enhance the traditional view of MS NN design as a balance between cost and classification accuracy by the third dimension, namely security. The specific work in the project will focus on side-channel and fault-injection attacks. To this end, we will establish an understanding of MS-specific information leakage mechanisms, explore the relevant attack scenarios, and devise and evaluate countermeasures against such attacks. Both non-trivial adaptations of protective techniques originally developed for digital NN hardware (and further classes of circuits, such as cryptographic circuits) and completely new protections that leverage unique properties of MS circuits will be developed and applied on three different levels of abstraction. The work will result in a generic design methodology for for secure MS NN inference hardware, which will be validated by specially optimized simulation procedures and to a limited extent by physical measurements. SeMSiNN creates an inherent synergy within the project, but it also fits well into the matrix structure of the SPP. First communication on possible SPP-wide collaborations (with the group from TU Berlin on optical attacks against MS NN circuits) have been conducted already. We believe that this project will lay the foundation for a new sub-field of security of MS electronics for AI that is currently not covered by state-of-the-art.
DFG Programme Priority Programmes
 
 

Additional Information

Textvergrößerung und Kontrastanpassung