Security of Approximate Neural Networks against Power Side-channel Attacks
Emerging low-energy computing technologies, in particular approximate computing, are becoming increasingly relevant in key applications. A significant use case for these technologies is reduced energy consumption in Artificial Neural Networks (ANNs), an increasingly pressing concern with the rapid g...
Uloženo v:
| Vydáno v: | 2025 62nd ACM/IEEE Design Automation Conference (DAC) s. 1 - 7 |
|---|---|
| Hlavní autoři: | , , , |
| Médium: | Konferenční příspěvek |
| Jazyk: | angličtina |
| Vydáno: |
IEEE
22.06.2025
|
| Témata: | |
| On-line přístup: | Získat plný text |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
| Abstract | Emerging low-energy computing technologies, in particular approximate computing, are becoming increasingly relevant in key applications. A significant use case for these technologies is reduced energy consumption in Artificial Neural Networks (ANNs), an increasingly pressing concern with the rapid growth of AI deployments. It is essential we understand the security implications of approximate computing in an ANN context before this practice becomes commonplace. In this work, we examine the test case of approximate ANN processing elements (PE) in terms of information leakage via the power side channel. We perform a weight extraction correlation Power Analysis (CPA) attack under three approximation scenarios: overclocking, voltage scaling, and circuit level bitwise approximation. We demonstrate that as the degree of approximation increases the Signal to Noise Ratio (SNR) of power traces rapidly degrades. We show that the Measurement to Disclosure (MTD) increases for all approximate techniques. An MTD of 48 under precise computing is increased to at minimum 200 (bitwise approximate circuit at \mathbf{2 5 \%} approximation), and under some approximation scenarios \gt1024. i.e. an increase in attack difficulty of at least x4 and potentially over x20. A relative Security-Power-Delay (SPD) analysis reveals that, in addition to the across the board improvement vs precise computing, voltage and clock scaling both significantly outperform approximate circuits with voltage scaling as the highest performing technique. |
|---|---|
| AbstractList | Emerging low-energy computing technologies, in particular approximate computing, are becoming increasingly relevant in key applications. A significant use case for these technologies is reduced energy consumption in Artificial Neural Networks (ANNs), an increasingly pressing concern with the rapid growth of AI deployments. It is essential we understand the security implications of approximate computing in an ANN context before this practice becomes commonplace. In this work, we examine the test case of approximate ANN processing elements (PE) in terms of information leakage via the power side channel. We perform a weight extraction correlation Power Analysis (CPA) attack under three approximation scenarios: overclocking, voltage scaling, and circuit level bitwise approximation. We demonstrate that as the degree of approximation increases the Signal to Noise Ratio (SNR) of power traces rapidly degrades. We show that the Measurement to Disclosure (MTD) increases for all approximate techniques. An MTD of 48 under precise computing is increased to at minimum 200 (bitwise approximate circuit at \mathbf{2 5 \%} approximation), and under some approximation scenarios \gt1024. i.e. an increase in attack difficulty of at least x4 and potentially over x20. A relative Security-Power-Delay (SPD) analysis reveals that, in addition to the across the board improvement vs precise computing, voltage and clock scaling both significantly outperform approximate circuits with voltage scaling as the highest performing technique. |
| Author | Miskelly, Jack Gu, Chongyan Japa, Aditya O'Neill, Maire |
| Author_xml | – sequence: 1 givenname: Aditya surname: Japa fullname: Japa, Aditya email: a.japa@ulster.ac.uk organization: Ulster University,School of Computing, Engineering and Intelligent Systems,Derry,U.K – sequence: 2 givenname: Jack surname: Miskelly fullname: Miskelly, Jack email: c.gu@qub.ac.uk organization: Queen's University Belfast,Centre for Secure Information Technologies,Belfast,U.K – sequence: 3 givenname: Maire surname: O'Neill fullname: O'Neill, Maire organization: Queen's University Belfast,Centre for Secure Information Technologies,Belfast,U.K – sequence: 4 givenname: Chongyan surname: Gu fullname: Gu, Chongyan organization: Queen's University Belfast,Centre for Secure Information Technologies,Belfast,U.K |
| BookMark | eNo1j8tOwzAURI0ECyj9A4T8Ayl-xEm8jMJbVYtUWFfX9jVEDU7kuCr9e4KA2RxpFkczF-Q09AEJueZswTnTN7d1U8gq1wvBhJoqLn9yQua61JWUXDHJ8uqcPG_Q7mObjrT3tB6G2H-1n5CQrnAfoZuQDn3cjRTeoQ1joi_9ASPdtA4z-wEhYEfrlMDuxkty5qEbcf7HGXm7v3ttHrPl-uGpqZcZ8FKnDFBwywtt0VTOgXA5SOsYU2hLBKaUycFxk4tSamW9AWY9SlYIXyojjJYzcvXrbRFxO8Rpbzxu_y_Kb92ZTII |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/DAC63849.2025.11133333 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9798331503048 |
| EndPage | 7 |
| ExternalDocumentID | 11133333 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IH CBEJK RIE RIO |
| ID | FETCH-LOGICAL-a179t-ae21c169ceb8dda2d4a3cd005ec7ea055b4ad1b427395cfba0cfe3062f75b2b93 |
| IEDL.DBID | RIE |
| IngestDate | Wed Oct 01 07:05:15 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a179t-ae21c169ceb8dda2d4a3cd005ec7ea055b4ad1b427395cfba0cfe3062f75b2b93 |
| PageCount | 7 |
| ParticipantIDs | ieee_primary_11133333 |
| PublicationCentury | 2000 |
| PublicationDate | 2025-June-22 |
| PublicationDateYYYYMMDD | 2025-06-22 |
| PublicationDate_xml | – month: 06 year: 2025 text: 2025-June-22 day: 22 |
| PublicationDecade | 2020 |
| PublicationTitle | 2025 62nd ACM/IEEE Design Automation Conference (DAC) |
| PublicationTitleAbbrev | DAC |
| PublicationYear | 2025 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 2.2953122 |
| Snippet | Emerging low-energy computing technologies, in particular approximate computing, are becoming increasingly relevant in key applications. A significant use case... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Approximate computing Artificial intelligence Artificial neural networks Clocks Information leakage Neural network hardware Power Side-channel attacks Pressing Security Side-channel attacks Signal to noise ratio Timing |
| Title | Security of Approximate Neural Networks against Power Side-channel Attacks |
| URI | https://ieeexplore.ieee.org/document/11133333 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1NSwMxEA22ePCkYsVvcvC6bTabbXaPpVpEpBSq0luZJLNSKFvpbsWfbybdKh48mEMSQiAwSUheMm8eY7cqgUwUDv3NzUKkVOIiEDFl2sOJzPZt0Dp8fdLjcTab5ZOGrB64MIgYnM-wS9Xwl-9WdkNPZT2SRafUYi2t-1uyVsP6jUXeuxsM_WpSRD-RaXfX-ZdsSjg1Rof_HO-IdX74d3zyfbIcsz0sT9jjtJGa46uCDygU-OfCXzeRU3wNWPoiOHRXHN482q9qPiEBND5deBMRvbfEJR_UNXHqO-xldP88fIgaJYQI_IapI0AZ27ifWzSZcyCdgsQ6v4HQagSRpkaBi42S9O1mCwPCFujBgCx0aqTJk1PWLlclnjFemNTmTqQCLXpojACYCyycTbSHXoDnrEOGmL9vg13Mdza4-KP9kh2Qucl7Ssor1q7XG7xm-_ajXlTrmzBFXzQ8leU |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PS8MwFA46BT2pOPG3OXjtlqbp2h7HdEydY7Apu43X5EUGo5WtE_9887pO8eDBHJIQAoGXhORL3vc-xm5VALGwBt3NTYOnVGA8ED5lkYMTsW7pUuvwtR8NBvFkkgwrsnrJhUHE0vkMG1Qt__JNrlf0VNYkWXRK22wnVEqKNV2r4v36ImnetTtuPSkioMiwsen-SzilPDe6B_8c8ZDVfxh4fPh9thyxLcyO2eOoEpvjueVtCgb-OXMXTuQUYQPmrihdupcc3hzeXxZ8SBJofDRzRiKCb4Zz3i4KYtXX2Uv3ftzpeZUWggduyxQeoPS130o0prExII2CQBu3hVBHCCIMUwXGT5WkjzdtUxDaooMD0kZhKtMkOGG1LM_wlHGbhjoxIhSo0YFjBMBEoDU6iBz4AjxjdTLE9H0d7mK6scH5H-03bK83fu5P-w-Dpwu2T6YnXyopL1mtWKzwiu3qj2K2XFyX0_UFLcuZLA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2025+62nd+ACM%2FIEEE+Design+Automation+Conference+%28DAC%29&rft.atitle=Security+of+Approximate+Neural+Networks+against+Power+Side-channel+Attacks&rft.au=Japa%2C+Aditya&rft.au=Miskelly%2C+Jack&rft.au=O%27Neill%2C+Maire&rft.au=Gu%2C+Chongyan&rft.date=2025-06-22&rft.pub=IEEE&rft.spage=1&rft.epage=7&rft_id=info:doi/10.1109%2FDAC63849.2025.11133333&rft.externalDocID=11133333 |