Politecnico di Torino (logo)

Security for Embedded AI accelerators

Luca Parrini

Security for Embedded AI accelerators.

Rel. Paolo Ernesto Prinetto. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Elettronica (Electronic Engineering), 2022


Since the demand of devices running machine learning algorithms is rapidly increasing, hardware security is a growing concern for IoT companies. There are, in fact, multiple works showing that an hypothetical successful attack on a device, could reverse engineer all the details of a pre-trained Neural Network architecture (i.e. number of layers, activation functions, weights...), and compromise the Intellectual property of the company over the algorithm, causing a significant economic damage. One of the most concrete types of threat with this purpose, in fact, are Side-Channel Attacks that have been proved to be really effective and particularly hard to mitigate. In this report I will describe the work that I conducted during my internship with Bosch related to this topic. After a brief introduction on the theory behind these type of attacks, I will explain the hardware structure of the embedded machine learning accelerator focusing on the logic identified as possible target, the used tools to extract the side-channel statistics and then the different attacks which have been conducted. Last but not least, I will describe the countermeasures developed to mitigate these threats.

Relators: Paolo Ernesto Prinetto
Academic year: 2021/22
Publication type: Electronic
Number of Pages: 58
Additional Information: Tesi secretata. Fulltext non presente
Corso di laurea: Corso di laurea magistrale in Ingegneria Elettronica (Electronic Engineering)
Classe di laurea: New organization > Master science > LM-29 - ELECTRONIC ENGINEERING
Aziende collaboratrici: Robert Bosch GmbH
URI: http://webthesis.biblio.polito.it/id/eprint/22576
Modify record (reserved for operators) Modify record (reserved for operators)