On Reverse Engineering Neural Network Implementation on GPU

Łukasz Chmielewski*, Léo Weissbart

*Corresponding author for this work

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

10 Citations (Scopus)

Abstract

In recent years machine learning has become increasingly mainstream across industries. Additionally, Graphical Processing Unit (GPU) accelerators are widely deployed in various neural network (NN) applications, including image recognition for autonomous vehicles and natural language processing, among others. Since training a powerful network requires expensive data collection and computing power, its design and parameters are often considered a secret intellectual property of their manufacturers. However, hardware accelerators can leak crucial information about the secret neural network designs through side-channels, like Electro-Magnetic (EM) emanations, power consumption, or timing. We propose and evaluate non-invasive and passive reverse engineering methods to recover NN designs deployed on GPUs through EM side-channel analysis. We employ a well-known technique of simple EM analysis and timing analysis of NN layers execution. We consider commonly used NN architectures, namely Multilayer Perceptron and Convolutional Neural Networks. We show how to recover the number of layers and neurons as well as the types of activation functions. Our experimental results are obtained on a setup that is as close as possible to a real-world device in order to properly assess the applicability and extendability of our methods. We analyze the NN execution of a PyTorch python framework implementation running on Nvidia Jetson Nano, a module computer embedding a Tegra X1 SoC that combines an ARM Cortex-A57 CPU and a 128-core GPU within a Maxwell architecture. Our results show the importance of side-channel protections for NN accelerators in real-world applications.

Original languageEnglish
Title of host publicationApplied Cryptography and Network Security Workshops - ACNS 2021 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, and SiMLA, 2021, Proceedings
EditorsJianying Zhou, Chuadhry Mujeeb Ahmed, Lejla Batina, Sudipta Chattopadhyay, Olga Gadyatskaya, Chenglu Jin, Jingqiang Lin, Eleonora Losiouk, Bo Luo, Suryadipta Majumdar, Mihalis Maniatakos, Daisuke Mashima, Weizhi Meng, Stjepan Picek, Masaki Shimaoka, Chunhua Su, Cong Wang
PublisherSpringer
Pages96-113
Number of pages18
ISBN (Print)9783030816445
DOIs
Publication statusPublished - 2021
Eventsatellite workshops held around the 19th International Conference on Applied Cryptography and Network Security, ACNS 2021, 3rd International Workshop on Application Intelligence and Blockchain Security, AIBlock 2021, 2nd International Workshop on Artificial Intelligence in Hardware Security, AIHWS 2021, 3rd International Workshop on Artificial Intelligence and Industrial IoT Security, AIoTS 2021, 1st International Workshop on Critical Infrastructure and Manufacturing System Security, CIMSS 2021, 3rd International Workshop on Cloud Security and Privacy, Cloud S and P 2021, 2nd International Workshop on Secure Cryptographic Implementation, SCI 2021, 2nd International Workshop on Security in Mobile Technologies, SecMT 2021, 3rd International Workshop on Security in Machine Learning and its Applications, SiMLA 2021 - Virtual, Online
Duration: 21 Jun 202124 Jun 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12809 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conferencesatellite workshops held around the 19th International Conference on Applied Cryptography and Network Security, ACNS 2021, 3rd International Workshop on Application Intelligence and Blockchain Security, AIBlock 2021, 2nd International Workshop on Artificial Intelligence in Hardware Security, AIHWS 2021, 3rd International Workshop on Artificial Intelligence and Industrial IoT Security, AIoTS 2021, 1st International Workshop on Critical Infrastructure and Manufacturing System Security, CIMSS 2021, 3rd International Workshop on Cloud Security and Privacy, Cloud S and P 2021, 2nd International Workshop on Secure Cryptographic Implementation, SCI 2021, 2nd International Workshop on Security in Mobile Technologies, SecMT 2021, 3rd International Workshop on Security in Machine Learning and its Applications, SiMLA 2021
CityVirtual, Online
Period21/06/2124/06/21

Keywords

  • Deep neural network
  • Reverse engineering
  • Side-channel analysis
  • Simple power analysis

Fingerprint

Dive into the research topics of 'On Reverse Engineering Neural Network Implementation on GPU'. Together they form a unique fingerprint.

Cite this