BoMaNet: Boolean Masking of an Entire Neural Network

Recent work on stealing machine learning (ML) models from inference engines with physical side-channel attacks warrant an urgent need for effective side-channel defenses. This work proposes the first fully-masked neural network inference engine design. Masking uses secure multi-party computation to...

Full description

Saved in:
Bibliographic Details
Published in2020 IEEE/ACM International Conference On Computer Aided Design (ICCAD) pp. 1 - 9
Main Authors Dubey, Anuj, Cammarota, Rosario, Aysu, Aydin
Format Conference Proceeding
LanguageEnglish
Published Association on Computer Machinery 02.11.2020
Subjects
adders
AND gates
BoMaNet
Boolean algebra
Computational modeling
Cryptography
effective side-channel defenses
entire neural network
field programmable gate arrays
glitch-resistance
Hardware
inference mechanisms
integer addition masking
learning (artificial intelligence)
logic gates
machine learning models
masked design
Masking
ML models
model stealing
neural nets
neural network inference engine design
Neural networks
Neurons
nonlinear operations
physical side-channel attacks
random shares
secret-dependent computations
secure hardware primitives
secure inference engine
secure multiparty computation
security of data
side-channel attacks
statistical relation
Training
Trichina's secure Boolean masking style
Xilinx Spartan-6 FPGA
XOR gates
Online AccessGet full text

Cover

More Information
Summary:Recent work on stealing machine learning (ML) models from inference engines with physical side-channel attacks warrant an urgent need for effective side-channel defenses. This work proposes the first fully-masked neural network inference engine design. Masking uses secure multi-party computation to split the secrets into random shares and to decorrelate the statistical relation of secret-dependent computations to side-channels (e.g., the power draw). In this work, we construct secure hardware primitives to mask all the linear and non-linear operations in a neural network. We address the challenge of masking integer addition by converting each addition into a sequence of XOR and AND gates and by augmenting Trichina's secure Boolean masking style. We improve the traditional Trichina's AND gates by adding pipelining elements for better glitch-resistance and we architect the whole design to sustain a throughput of 1 masked addition per cycle. We implement the proposed secure inference engine on a Xilinx Spartan-6 (XC6SLX75) FPGA. The results show that masking incurs an overhead of 3.5% in latency and 5.9× in area. Finally, we demonstrate the security of the masked design with 2M traces.
ISSN:1558-2434
DOI:10.1145/3400302.3415649