Time to Leak: Cross-Device Timing Attack On Edge Deep Learning Accelerator

Yoo-Seung Won; Soham Chatterjee; Dirmanto Jap; Shivam Bhasin; Arindam Basu

doi:10.1109/ICEIC51217.2021.9369754

Time to Leak: Cross-Device Timing Attack On Edge Deep Learning Accelerator

Yoo-Seung Won
, Soham Chatterjee
, Dirmanto Jap
, Shivam Bhasin
, Arindam Basu

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

16 Citations (Scopus)

Abstract

Edge deep learning accelerators are optimised hardware to enable efficient inference on the edge. The models deployed on these accelerators are often proprietary and thus sensitive for commercial and privacy reasons. In this paper, we demonstrate practical vulnerability of deployed deep learning models to timing side-channel attacks. By measuring the execution time of the inference, the adversary can determine and reconstruct the model from a known family of well known deep learning model and then use available techniques to recover remaining hyperparameters. The vulnerability is validated on Intel Compute Stick 2 for VGG and ResNet family of models. Moreover, the presented attack is quite devastating as it can be performed in a cross-device setting, where adversary profiles constructed on a legally own device can be used to exploit the victim device with a single query and still can achieve near perfect success rate.

Original language	English
Title of host publication	2021 International Conference on Electronics, Information, and Communication (ICEIC)
Publisher	IEEE
ISBN (Electronic)	978-1-7281-9161-4
ISBN (Print)	978-1-7281-9162-1
DOIs	https://doi.org/10.1109/ICEIC51217.2021.9369754
Publication status	Published - Jan 2021
Externally published	Yes
Event	20th International Conference on Electronics, Information, and Communication(ICEIC 2021) - Jeju Shinhwa World and virtual, Jeju, Korea, Republic of Duration: 31 Jan 2021 → 3 Feb 2021 http://iceic.org/2021/

Publication series

Name	International Conference on Electronics, Information, and Communication, ICEIC

Conference

Conference	20th International Conference on Electronics, Information, and Communication(ICEIC 2021)
Place	Korea, Republic of
City	Jeju
Period	31/01/21 → 3/02/21
Internet address	http://iceic.org/2021/

Research Keywords

High performance edge machine learning processing unit
Intel Compute Stick 2
Timing analysis

Access Output

10.1109/ICEIC51217.2021.9369754

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

Won, Y.-S., Chatterjee, S., Jap, D., Bhasin, S., & Basu, A. (2021). Time to Leak: Cross-Device Timing Attack On Edge Deep Learning Accelerator. In 2021 International Conference on Electronics, Information, and Communication (ICEIC) Article 9369754 (International Conference on Electronics, Information, and Communication, ICEIC). IEEE. https://doi.org/10.1109/ICEIC51217.2021.9369754

@inproceedings{de49106170554679b70fd460996ec29b,

title = "Time to Leak: Cross-Device Timing Attack On Edge Deep Learning Accelerator",

abstract = "Edge deep learning accelerators are optimised hardware to enable efficient inference on the edge. The models deployed on these accelerators are often proprietary and thus sensitive for commercial and privacy reasons. In this paper, we demonstrate practical vulnerability of deployed deep learning models to timing side-channel attacks. By measuring the execution time of the inference, the adversary can determine and reconstruct the model from a known family of well known deep learning model and then use available techniques to recover remaining hyperparameters. The vulnerability is validated on Intel Compute Stick 2 for VGG and ResNet family of models. Moreover, the presented attack is quite devastating as it can be performed in a cross-device setting, where adversary profiles constructed on a legally own device can be used to exploit the victim device with a single query and still can achieve near perfect success rate.",

keywords = "High performance edge machine learning processing unit, Intel Compute Stick 2, Timing analysis",

author = "Yoo-Seung Won and Soham Chatterjee and Dirmanto Jap and Shivam Bhasin and Arindam Basu",

year = "2021",

month = jan,

doi = "10.1109/ICEIC51217.2021.9369754",

language = "English",

isbn = "978-1-7281-9162-1",

series = "International Conference on Electronics, Information, and Communication, ICEIC",

publisher = "IEEE",

booktitle = "2021 International Conference on Electronics, Information, and Communication (ICEIC)",

address = "United States",

note = "20th International Conference on Electronics, Information, and Communication(ICEIC 2021) ; Conference date: 31-01-2021 Through 03-02-2021",

url = "http://iceic.org/2021/",

}

Won, Y-S, Chatterjee, S, Jap, D, Bhasin, S & Basu, A 2021, Time to Leak: Cross-Device Timing Attack On Edge Deep Learning Accelerator. in 2021 International Conference on Electronics, Information, and Communication (ICEIC)., 9369754, International Conference on Electronics, Information, and Communication, ICEIC, IEEE, 20th International Conference on Electronics, Information, and Communication(ICEIC 2021), Jeju, Korea, Republic of, 31/01/21. https://doi.org/10.1109/ICEIC51217.2021.9369754

Time to Leak: Cross-Device Timing Attack On Edge Deep Learning Accelerator. / Won, Yoo-Seung; Chatterjee, Soham; Jap, Dirmanto et al.
2021 International Conference on Electronics, Information, and Communication (ICEIC). IEEE, 2021. 9369754 (International Conference on Electronics, Information, and Communication, ICEIC).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - Time to Leak

T2 - 20th International Conference on Electronics, Information, and Communication(ICEIC 2021)

AU - Won, Yoo-Seung

AU - Chatterjee, Soham

AU - Jap, Dirmanto

AU - Bhasin, Shivam

AU - Basu, Arindam

PY - 2021/1

Y1 - 2021/1

N2 - Edge deep learning accelerators are optimised hardware to enable efficient inference on the edge. The models deployed on these accelerators are often proprietary and thus sensitive for commercial and privacy reasons. In this paper, we demonstrate practical vulnerability of deployed deep learning models to timing side-channel attacks. By measuring the execution time of the inference, the adversary can determine and reconstruct the model from a known family of well known deep learning model and then use available techniques to recover remaining hyperparameters. The vulnerability is validated on Intel Compute Stick 2 for VGG and ResNet family of models. Moreover, the presented attack is quite devastating as it can be performed in a cross-device setting, where adversary profiles constructed on a legally own device can be used to exploit the victim device with a single query and still can achieve near perfect success rate.

AB - Edge deep learning accelerators are optimised hardware to enable efficient inference on the edge. The models deployed on these accelerators are often proprietary and thus sensitive for commercial and privacy reasons. In this paper, we demonstrate practical vulnerability of deployed deep learning models to timing side-channel attacks. By measuring the execution time of the inference, the adversary can determine and reconstruct the model from a known family of well known deep learning model and then use available techniques to recover remaining hyperparameters. The vulnerability is validated on Intel Compute Stick 2 for VGG and ResNet family of models. Moreover, the presented attack is quite devastating as it can be performed in a cross-device setting, where adversary profiles constructed on a legally own device can be used to exploit the victim device with a single query and still can achieve near perfect success rate.

KW - High performance edge machine learning processing unit

KW - Intel Compute Stick 2

KW - Timing analysis

UR - https://www.scopus.com/pages/publications/85102977996

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85102977996&origin=recordpage

U2 - 10.1109/ICEIC51217.2021.9369754

DO - 10.1109/ICEIC51217.2021.9369754

M3 - RGC 32 - Refereed conference paper (with host publication)

SN - 978-1-7281-9162-1

T3 - International Conference on Electronics, Information, and Communication, ICEIC

BT - 2021 International Conference on Electronics, Information, and Communication (ICEIC)

PB - IEEE

Y2 - 31 January 2021 through 3 February 2021

ER -

Time to Leak: Cross-Device Timing Attack On Edge Deep Learning Accelerator

Abstract

Publication series

Conference

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Cite this