Internships on Hardware - Microarchitectural Security Of Deep - Machine Learning Implementations H/F - 35

A propos d'Inria

Inria est l'institut national de recherche dédié aux sciences et technologies du numérique. Il emploie 2600 personnes. Ses 215 équipes-projets agiles, en général communes avec des partenaires académiques, impliquent plus de 3900 scientifiques pour relever les défis du numérique, souvent à l'interface d'autres disciplines. L'institut fait appel à de nombreux talents dans plus d'une quarantaine de métiers différents. 900 personnels d'appui à la recherche et à l'innovation contribuent à faire émerger et grandir des projets scientifiques ou entrepreneuriaux qui impactent le monde. Inria travaille avec de nombreuses entreprises et a accompagné la création de plus de 200 start-up. L'institut s'eorce ainsi de répondre aux enjeux de la transformation numérique de la science, de la société et de l'économie.Internships on hardware/microarchitectural security of deep/machine learning implementations
Le descriptif de l'offre ci-dessous est en Anglais
Type de contrat : Stage

Niveau de diplôme exigé : Bac +4 ou équivalent

Autre diplôme apprécié : M1/M2 students (4thor /5th year Eng.) in Computer/Electrical Engineering, Computer Science, Embedded Systems, Electronics/Microelectronics

Fonction : Stagiaire de la recherche

Niveau d'expérience souhaité : Jeune diplômé

A propos du centre ou de la direction fonctionnelle

The Inria center at the University of Rennes is one of eight Inria centers and has more than thirty research teams. The Inria center is a major and recognized player in the field of digital sciences. It is at the heart of a rich ecosystem of R&D and innovation, including highly innovative SMEs, large industrial groups, competitiveness clusters, research and higher education institutions, centers of excellence, and technological research institutes.

Contexte et atouts du poste

The internships are expected to start around February/March and extend for up to 6 months

Scientific context

After more than 20 years of research, Side-Channel Attacks (SCA) are still one of the most critical vulnerabilities in embedded systems. SCAs exploit correlations between processed data and physical, observable side effects of computing - power consumption, electromagnetic (EM) emanations, or timing, to name a few - to extract sensitive information. Traditionally directed to retrieve the cryptographic key of mathematically secure cryptographic implementations, the increasing adoption of Machine Learning (ML) and Deep Learning (DL) is making Artificial Intelligence (AI) a new target. As these systems increasingly deal with sensitive data and control critical infrastructure, and as new vulnerabilities are reported, the hardware/software security of ML/DL systems is emerging asa key cybersecurity concern to build trustworthy AI-based systems [1, 2].

Side-channel attacks on DL implementations pave the way to attacks aiming at stealing the intellectual property of DL-based products/services [3, 4], violating the privacy of the end-user, andfacilitating attacks on DL-based systems.

References

[1]S. Mittal, H. Gupta, and S. Srivastava. A Survey on Hardware Security of DNN Models and Accelerators. J.
Syst. Archit. 117 2021, p. 102163. doi: 10.1016/j.sysarc.2021.102163.
[2]V. Meyers, D. Gnad, and M. Tahoori. Active and Passive Physical Attacks on Neural Network Accelerators.
IEEE Design & Test 2023, pp. 1-1. doi: 10.1109/MDAT.2023.3253603.
[3]M. Méndez Real and R. Salvador. Physical Side-Channel Attacks on Embedded Neural Networks: A Survey.
Appl. Sci. 11 15, 2021, p. 6790. doi: 10.3390/app11156790.
[4]P. Horváth, D. Lauret, Z. Liu, and L. Batina. SoK: Neural Network Extraction Through Physical Side Channels.
33rd USENIX Security Symposium (USENIX Security 24). 2024, pp. 3403-3422.
[5]M. Isakov, V. Gadepally, K. M. Gettings, and M. A. Kinsy. Survey of Attacks and Defenses on Edge-Deployed
Neural Networks. IEEE HPEC. 2019, pp. 1-8. doi: 10.1109/HPEC.2019.8916519.
[6]L. Batina, S. Bhasin, D. Jap, and S. Picek. CSI NN: Reverse Engineering of Neural Network Architectures
Through Electromagnetic Side Channel. USENIX Security Symp. 2019, pp. 515-532.
[7]R. Joud, P.-A. Moëllic, S. Pontié, and J.-B. Rigaud. A Practical Introduction to Side-Channel Extraction of Deep
Neural Network Parameters. Smart Card Research and Advanced Applications. Ed. by I. Buhan and T. Schneider.
Cham: Springer International Publishing, 2023, pp. 45-65. doi: 10.1007/978-3-031-25319-5\_3.
[8]R. Joud, P.-A. Moëllic, S. Pontié, and J.-B. Rigaud. Like an Open Book? Read Neural Network Architecture
with Simple Power Analysis on 32-Bit Microcontrollers. Smart Card Research and Advanced Applications. Ed. by
S. Bhasin and T. Roche. Cham: Springer Nature Switzerland, 2024, pp. 256-276. doi: 10.1007/978- 3- 031-
54409-5\_13.
[9] Y. Zhang, R. Yasaei, H. Chen, Z. Li, and M. A. A. Faruque. Stealing Neural Network Structure Through Remote
FPGA Side-Channel Analysis. IEEE Trans. Inf. Forensics Secur. 16 2021, pp. 4377-4388. doi: 10.1109/TIFS.
2021.3106169.
[10] S. Moini, S. Tian, D. Holcomb, J. Szefer, and R. Tessier. Power Side-Channel Attacks on BNN Accelerators in
Remote FPGAs. IEEE J. Emerg. Sel. Top. Circuits Syst. 11.2 2021, pp. 357-370. doi: 10.1109/JETCAS.2021.
3074608.

Mission confiée

These internships are framed in the ANR JCJC project ATTILA1 (young investigators' grant from the French national research agency). The objectives are to investigate the susceptibility of DL-based systems to side-channel attacks and to design SCA-secure DL implementations. In these internships, we are interested in both local SCA attacks on edge devices, highly exposed to attackers [5-8], and remote SCA attacks on cloud-based DL implementations [9, 10]. The internships cover both software implementations (e.g., in microcontrollers) and hardware implementations (e.g.,accelerators in FPGA) of DL algorithms.

Although the main focus is on physical side-channel vulnerabilities (e.g., power consumption or EM emanations), we are open to exploring microarchitectural timing side channels exposing, e.g., cache, DRAM, or other processor microarchitecture vulnerabilities.

This position offers a good opportunity to discover an emerging topic and gain skills to help you complete a PhD in the field of (AI) hardware/microarchitecture security.

Principales activités

Depending on the background of the candidates, the internships can take different directions, such as DNN implementations in FPGA or microcontrollers using AxC techniques, evaluation of DNN side-channel security, and implementation and evaluation of countermeasures.

Compétences

You should have a strong background in (at least) one of the following topics:

- Side-channel attacks and evaluation methodologies of secure implementations, cryptanalysis;
- HW or SW implementations of DNNs (FPGAs, microcontrollers, other accelerators/systems);
- Other HW/SW security background (e.g., hardware-secure implementation of cryptographic
algorithms);
- Design for FPGAs and hands-on experience in prototyping and implementations.

Other interesting technical skills include:

- Programming in C/C++/Python
- Use of Linux/Git as a development environment
- Good use of laboratory instruments (oscilloscopes, power supplies, etc.)
- ML/AI frameworks (TinyML, PyTorch, TensorFlow, TFLite...)

Languages: You can speak, write, and read English at a professional level (french language is not required).

Avantages

- Subsidized meals
- Social, cultural and sports events and activities