Search for: All records

We propose AccHashtag, the first framework for high-accuracy detection of fault-injection attacks on Deep Neural Networks (DNNs) with provable bounds on detection performance. Recent literature in fault-injection attacks shows the severe DNN accuracy degradation caused by bit flips. In this scenario, the attacker changes a few DNN weight bits during execution by injecting faults to the dynamic random-access memory (DRAM). To detect bit flips, AccHashtag extracts a unique signature from the benign DNN prior to deployment. The signature is used to validate the model’s integrity and verify the inference output on the fly. We propose a novel sensitivity analysis that identifies the most vulnerable DNN layers to the fault-injection attack. The DNN signature is constructed by encoding the weights in vulnerable layers using a low-collision hash function. During DNN inference, new hashes are extracted from the target layers and compared against the ground-truth signatures. AccHashtag incorporates a lightweight methodology that allows for real-time fault detection on embedded platforms. We devise a specialized compute core for AccHashtag on field-programmable gate arrays (FPGAs) to facilitate online hash generation in parallel to DNN execution. Extensive evaluations with the state-of-the-art bit-flip attack on various DNNs demonstrate the competitive advantage of AccHashtag in terms of both attack detection and execution overhead. 

We propose SenseHash, a novel design for the lightweight in-hardware mystification of the sensed data at the origin. The framework aims to ensure the privacy of sensitive sensor values while preserving their utility. The sensors are assumed to interface to various (potentially malicious) communication and computing components in the Internet-of-things (IoT) and other emerging pervasive computing scenarios. The primary security primitives of our work are Locality Sensitive Hashing (LSH) combined with Differential Privacy (DP) and secure construction of LSH. Our construction allows (i) sub-linear search in sensor readings while ensuring their security against triangulation attack, and (ii) differentially private statistics of the readings. SenseHash includes hardware architecture as well as accompanying protocols to efficiently utilize the secure readings in practical scenarios. Alongside these scenarios, we present an automated workflow to generalize the application of the mystified readings. Proof-of-concept FPGA implementation of the system demonstrates its practicability and low overhead in terms of hardware resources, energy consumption, and protocol execution time.