The search functionality is under construction.
The search functionality is under construction.

Open Access
Fault Injection Attacks Utilizing Waveform Pattern Matching against Neural Networks Processing on Microcontroller

Yuta FUKUDA, Kota YOSHIDA, Takeshi FUJINO

  • Full Text Views

    151

  • Cite this
  • Free PDF (6.3MB)

Summary :

Deep learning applications have often been processed in the cloud or on servers. Still, for applications that require privacy protection and real-time processing, the execution environment is moved to edge devices. Edge devices that implement a neural network (NN) are physically accessible to an attacker. Therefore, physical attacks are a risk. Fault attacks on these devices are capable of misleading classification results and can lead to serious accidents. Therefore, we focus on the softmax function and evaluate a fault attack using a clock glitch against NN implemented in an 8-bit microcontroller. The clock glitch is used for fault injection, and the injection timing is controlled by monitoring the power waveform. The specific waveform is enrolled in advance, and the glitch timing pulse is generated by the sum of absolute difference (SAD) matching algorithm. Misclassification can be achieved by appropriately injecting glitches triggered by pattern detection. We propose a countermeasure against fault injection attacks that utilizes the randomization of power waveforms. The SAD matching is disabled by random number initialization on the summation register of the softmax function.

Publication
IEICE TRANSACTIONS on Fundamentals Vol.E105-A No.3 pp.300-310
Publication Date
2022/03/01
Publicized
2021/09/22
Online ISSN
1745-1337
DOI
10.1587/transfun.2021CIP0015
Type of Manuscript
Special Section PAPER (Special Section on Cryptography and Information Security)
Category

Authors

Yuta FUKUDA
  Ritsumeikan University
Kota YOSHIDA
  Ritsumeikan University
Takeshi FUJINO
  Ritsumeikan University

Keyword