Recovering the Weights of Convolutional Neural Network via Chosen Pixel Horizontal Power Analysis

• Published in: Wireless Algorithms, Systems, and Applications pp. 93 - 104
• Main Authors: He, Sihan, Wu, Weibin, Li, Yanbin, Zhou, Lu, Fang, Liming, Liu, Zhe
• Format: Book Chapter
• Language: English
• Published: Cham Springer Nature Switzerland
• Series: Lecture Notes in Computer Science
• Subjects: ARM Cortex-M3; CNN; CP-HPA; SCA
• ISBN: 3031192133; 9783031192135
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-031-19214-2_8

In many scenarios, people have a demand for deploying the artificial intelligence applications on the edge device of IoT. For some special applications, these embedded devices are always required real-time reponse; hence, it is necessary to process machine learning algorithms on microprocessors. However, these devices may be subjected to side-channel attacks (SCA). During the execution, these devices will generate the leakage information can be captured to get the secret data. In this work, we investigate how to reverse engineer the weights of a convolutional neural network (CNN) which is deployed on ARM Cortex-M3 using Chosen Pixel Horizontal Power Analysis (CP-HPA). We conduct the experiment on ELMO emulating leaks for the ARM Cortex-M3. ARM Cortex-M3 microprocessors are often used to deploy CNNs. Here, we show that it is possible to recover the weights of a CNN using CP-HPA assuming that the adversary only has the knowledge of the architectures. We increase the accuracy of our attack through setting up chosen input pixel to correlate the selected multiplication. We are able to successfully recover the weights of a CMSIS-NN implementation CNN, and accuracy of our attack is 84.625%.