Presentation
Security of Approximate Neural Networks against Power Side-channel Attack
DescriptionEmerging low-energy computing technologies, in
particular approximate computing, are becoming increasingly
relevant in key applications. A significant use case for these
technologies is reduced energy consumption in Artificial Neural
Networks (ANNs), an increasingly pressing concern with the
rapid growth of AI deployments. It is essential we understand the
security implications of approximate computing in an ANN con-
text before this practice becomes commonplace. In this work, we
examine the test case of approximate ANN processing elements
(PE) in terms of information leakage via the power side channel.
We perform a weight extraction Differential Power Analysis
(DPA) attack under three approximation scenarios: overclocking,
voltage scaling, and circuit level bitwise approximation. We
demonstrate that as the degree of approximation increases the
Signal to Noise Ratio (SNR) of power traces rapidly degrades.
We show that the Measurement to Disclosure (MTD) increases
for all approximate techniques. An MTD of 48 under precise
computing is increased to at minimum 200 (bitwise approximate
circuit at 25% approximation), and under some approximation
scenarios >1024. i.e. an increase in attack difficulty of at least
x4 and potentially over x20. A relative Security-Power-Delay
(SPD) analysis reveals that, in addition to the across the board
improvement vs precise computing, voltage and clock scaling
both significantly outperform approximate circuits with voltage
scaling as the highest performing technique.
particular approximate computing, are becoming increasingly
relevant in key applications. A significant use case for these
technologies is reduced energy consumption in Artificial Neural
Networks (ANNs), an increasingly pressing concern with the
rapid growth of AI deployments. It is essential we understand the
security implications of approximate computing in an ANN con-
text before this practice becomes commonplace. In this work, we
examine the test case of approximate ANN processing elements
(PE) in terms of information leakage via the power side channel.
We perform a weight extraction Differential Power Analysis
(DPA) attack under three approximation scenarios: overclocking,
voltage scaling, and circuit level bitwise approximation. We
demonstrate that as the degree of approximation increases the
Signal to Noise Ratio (SNR) of power traces rapidly degrades.
We show that the Measurement to Disclosure (MTD) increases
for all approximate techniques. An MTD of 48 under precise
computing is increased to at minimum 200 (bitwise approximate
circuit at 25% approximation), and under some approximation
scenarios >1024. i.e. an increase in attack difficulty of at least
x4 and potentially over x20. A relative Security-Power-Delay
(SPD) analysis reveals that, in addition to the across the board
improvement vs precise computing, voltage and clock scaling
both significantly outperform approximate circuits with voltage
scaling as the highest performing technique.
Event Type
Research Manuscript
TimeMonday, June 2311:30am - 11:45am PDT
Location3003, Level 3
Security
SEC3: Hardware Security: Attack & Defense