Masking Feedforward Neural Networks Against Power Analysis Attacks

Recent advances in machine learning have enabled Neural Network (NN) inference directly on constrained embedded devices. This local approach enhances the privacy of user data, as the inputs to the NN inference are not shared with third-party cloud providers over a communication network. At the same...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Athanasiou Konstantinos, Wahl Thomas, Ding A. Adam, Fei Yunsi
Formato: article
Lenguaje:EN
Publicado: Sciendo 2022
Materias:
Acceso en línea:https://doaj.org/article/6c1c8759e6a64fc0854425b0d7278bbc
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:6c1c8759e6a64fc0854425b0d7278bbc
record_format dspace
spelling oai:doaj.org-article:6c1c8759e6a64fc0854425b0d7278bbc2021-12-05T14:11:10ZMasking Feedforward Neural Networks Against Power Analysis Attacks2299-098410.2478/popets-2022-0025https://doaj.org/article/6c1c8759e6a64fc0854425b0d7278bbc2022-01-01T00:00:00Zhttps://doi.org/10.2478/popets-2022-0025https://doaj.org/toc/2299-0984Recent advances in machine learning have enabled Neural Network (NN) inference directly on constrained embedded devices. This local approach enhances the privacy of user data, as the inputs to the NN inference are not shared with third-party cloud providers over a communication network. At the same time, however, performing local NN inference on embedded devices opens up the possibility of Power Analysis attacks, which have recently been shown to be effective in recovering NN parameters, as well as their activations and structure. Knowledge of these NN characteristics constitutes a privacy threat, as it enables highly effective Membership Inference and Model Inversion attacks, which can recover information about the sensitive data that the NN model was trained on. In this paper we address the problem of securing sensitive NN inference parameters against Power Analysis attacks. Our approach employs masking, a countermeasure well-studied in the context of cryptographic algorithms. We design a set of gadgets, i.e., masked operations, tailored to NN inference. We prove our proposed gadgets secure against power attacks and show, both formally and experimentally, that they are composable, resulting in secure NN inference. We further propose optimizations that exploit intrinsic characteristics of NN inference to reduce the masking’s runtime and randomness requirements. We empirically evaluate the performance of our constructions, showing them to incur a slowdown by a factor of about 2–5.Athanasiou KonstantinosWahl ThomasDing A. AdamFei YunsiSciendoarticleside-channelsneural networksmaskingEthicsBJ1-1725Electronic computers. Computer scienceQA75.5-76.95ENProceedings on Privacy Enhancing Technologies, Vol 2022, Iss 1, Pp 501-521 (2022)
institution DOAJ
collection DOAJ
language EN
topic side-channels
neural networks
masking
Ethics
BJ1-1725
Electronic computers. Computer science
QA75.5-76.95
spellingShingle side-channels
neural networks
masking
Ethics
BJ1-1725
Electronic computers. Computer science
QA75.5-76.95
Athanasiou Konstantinos
Wahl Thomas
Ding A. Adam
Fei Yunsi
Masking Feedforward Neural Networks Against Power Analysis Attacks
description Recent advances in machine learning have enabled Neural Network (NN) inference directly on constrained embedded devices. This local approach enhances the privacy of user data, as the inputs to the NN inference are not shared with third-party cloud providers over a communication network. At the same time, however, performing local NN inference on embedded devices opens up the possibility of Power Analysis attacks, which have recently been shown to be effective in recovering NN parameters, as well as their activations and structure. Knowledge of these NN characteristics constitutes a privacy threat, as it enables highly effective Membership Inference and Model Inversion attacks, which can recover information about the sensitive data that the NN model was trained on. In this paper we address the problem of securing sensitive NN inference parameters against Power Analysis attacks. Our approach employs masking, a countermeasure well-studied in the context of cryptographic algorithms. We design a set of gadgets, i.e., masked operations, tailored to NN inference. We prove our proposed gadgets secure against power attacks and show, both formally and experimentally, that they are composable, resulting in secure NN inference. We further propose optimizations that exploit intrinsic characteristics of NN inference to reduce the masking’s runtime and randomness requirements. We empirically evaluate the performance of our constructions, showing them to incur a slowdown by a factor of about 2–5.
format article
author Athanasiou Konstantinos
Wahl Thomas
Ding A. Adam
Fei Yunsi
author_facet Athanasiou Konstantinos
Wahl Thomas
Ding A. Adam
Fei Yunsi
author_sort Athanasiou Konstantinos
title Masking Feedforward Neural Networks Against Power Analysis Attacks
title_short Masking Feedforward Neural Networks Against Power Analysis Attacks
title_full Masking Feedforward Neural Networks Against Power Analysis Attacks
title_fullStr Masking Feedforward Neural Networks Against Power Analysis Attacks
title_full_unstemmed Masking Feedforward Neural Networks Against Power Analysis Attacks
title_sort masking feedforward neural networks against power analysis attacks
publisher Sciendo
publishDate 2022
url https://doaj.org/article/6c1c8759e6a64fc0854425b0d7278bbc
work_keys_str_mv AT athanasioukonstantinos maskingfeedforwardneuralnetworksagainstpoweranalysisattacks
AT wahlthomas maskingfeedforwardneuralnetworksagainstpoweranalysisattacks
AT dingaadam maskingfeedforwardneuralnetworksagainstpoweranalysisattacks
AT feiyunsi maskingfeedforwardneuralnetworksagainstpoweranalysisattacks
_version_ 1718371303969259520