Guarding Machine Learning Hardware Against Physical Side-channel Attacks

Machine learning (ML) models can be trade secrets due to their development cost. Hence, they need protection against malicious forms of reverse engineering (e.g., in IP piracy). With a growing shift ML the edge devices, part for performance and privacy benefits, have become susceptible so-called physical side-channel attacks. being relatively new target compared cryptography poses problem analysis context that lacks published literature. The gap between burgeoning edge-based devices research on adequate defenses provide security them thus motivates our study. Our work develops combines different flavors hardware blocks. We propose optimize first defense based Boolean masking . implement all masked then present an adder optimization reduce area latency overheads. Finally, we couple it with shuffle-based defense. quantify area-delay overhead ranges from 5.4× 4.7× depending topology used demonstrate first-order millions power traces. Additionally, shuffle countermeasure impedes straightforward second-order attack implementation.