DeepStrike: Remotely-Guided Fault Injection Attacks on DNN Accelerator in Cloud-FPGA

As Field-programmable gate arrays (FPGAs) are widely adopted in clouds to accelerate Deep Neural Networks (DNN), such virtualization environments have posed many new security issues. This work investigates the integrity of DNN FPGA accelerators in clouds. It proposes DeepStrike, a remotely-guided at...

Full description

Saved in:
Bibliographic Details
Published in2021 58th ACM/IEEE Design Automation Conference (DAC) pp. 295 - 300
Main Authors Luo, Yukui, Gongye, Cheng, Fei, Yunsi, Xu, Xiaolin
Format Conference Proceeding
LanguageEnglish
Published IEEE 05.12.2021
Subjects
Cloud computing
Design automation
Field programmable gate arrays
Logic gates
Neural network hardware
Neural networks
Physical layer security
Security
Sensor phenomena and characterization
Timing
Online AccessGet full text
DOI10.1109/DAC18074.2021.9586262

Cover

More Information
Summary:As Field-programmable gate arrays (FPGAs) are widely adopted in clouds to accelerate Deep Neural Networks (DNN), such virtualization environments have posed many new security issues. This work investigates the integrity of DNN FPGA accelerators in clouds. It proposes DeepStrike, a remotely-guided attack based on power glitching fault injections targeting DNN execution. We characterize the vulnerabilities of different DNN layers against fault injections on FPGAs and leverage time-to-digital converter (TDC) sensors to precisely control the timing of fault injections. Experimental results show that our proposed attack can successfully disrupt the FPGA DSP kernel and misclassify the target victim DNN application.
DOI:10.1109/DAC18074.2021.9586262