Evaluating Data Encryption Effects on the Resilience of an Artificial Neural Network

Nowadays, many electronic systems store valuable Intellectual Property (IP) information inside Non-Volatile Memories (NVMs). Therefore, encryption mechanisms are widely used in order to protect such information from being stolen or modified by human attacks. Encryption techniques can be used for protecting the application code, or sensitive sets of data in the NVM. In particular, in machine-learning applications, the weights of an Artificial Neural Network (ANN) represent a highly valuable IP stemming from long time invested in training the system along the development phase. On the other side, systems implementing ANN applications are increasingly used in safety-critical domains (e.g., autonomous driving), where a high reliability level is required. In a previous paper, we have shown that encryption techniques, applied to the application code of generic systems, provide a significantly higher error detection rate. In this paper, we focus on an ANN application and we evaluate the detection rate induced by encryption mechanisms for transient faults possibly impacting the ANN weights. We performed experiments on a pre-trained ANN, whose weights represent the sensitive IP of our system. We executed fault injection campaigns to evaluate the ANN resilience when different encryption methods are used. Experimental results showed that the presence of specific encryption mechanisms alone induces high fault detection rates in such applications. This may allow the designer to consider security and safety mechanisms together, achieving the same results with lower costs.

[1]  Wonyong Sung,et al.  Resiliency of Deep Neural Networks under Quantization , 2015, ArXiv.

[2]  Riccardo Cantoro,et al.  Evaluating the Code Encryption Effects on Memory Fault Resilience , 2020, 2020 IEEE Latin-American Test Symposium (LATS).

[3]  Burton S. Kaliski,et al.  PKCS #7: Cryptographic Message Syntax Version 1.5 , 1998, RFC.

[4]  Guigang Zhang,et al.  Deep Learning , 2016, Int. J. Semantic Comput..

[5]  Pedro Reviriego,et al.  A Scheme to Improve the Intrinsic Error Detection of the Instruction Set Architecture , 2017, IEEE Computer Architecture Letters.

[6]  Fan Zhang,et al.  Stealing Machine Learning Models via Prediction APIs , 2016, USENIX Security Symposium.

[7]  Bernard Girau,et al.  Fault and Error Tolerance in Neural Networks: A Review , 2017, IEEE Access.

[8]  Sparsh Mittal,et al.  A survey of FPGA-based accelerators for convolutional neural networks , 2018, Neural Computing and Applications.

[9]  Guanpeng Li,et al.  Understanding Error Propagation in Deep Learning Neural Network (DNN) Accelerators and Applications , 2017, SC17: International Conference for High Performance Computing, Networking, Storage and Analysis.

[10]  Stefan Katzenbeisser,et al.  Security in Autonomous Systems , 2019, 2019 IEEE European Test Symposium (ETS).

[11]  Alberto Bosio,et al.  A Reliability Analysis of a Deep Neural Network , 2019, 2019 IEEE Latin American Test Symposium (LATS).