TY - GEN
T1 - Obfuscation of FSMs for Secure Outsourcing of Neural Network Inference onto FPGAs
AU - Karn, Rupesh Raj
AU - Knechtel, Johann
AU - Sinanoglu, Ozgur
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Finite-state machine (FSM)-based networks are an alternative to implement neural networks (NNs) on hardware-constrained devices, such as field-programmable gate arrays (FPGAs), because this approach helps to synthesize complex multi-input functions needed for NN inference. Such FSM network, implemented according to the NN learning outcome, constitutes intellectual property (IP). Thus, it is necessary to prevent IP theft and its illegal use. This paper presents an obfuscation approach for locking of such FSM networks at the behavioral level of abstraction. The proposed technique is built on the encryption of both the state and the transition encoding, each with its unique key, known only to the IP provider. A steganography approach is used on top, to ensure that the message containing the secret key for unlocking does not capture the attacker's attention as target for inspection. The FSM-based NN works as intended only if the proper key is entered at runtime; otherwise, it will perform erroneous classification. We use Xilinx's Artix-7 FPGA board to demonstrate this locking approach. We also provide a scalability study on the hardware implementation.
AB - Finite-state machine (FSM)-based networks are an alternative to implement neural networks (NNs) on hardware-constrained devices, such as field-programmable gate arrays (FPGAs), because this approach helps to synthesize complex multi-input functions needed for NN inference. Such FSM network, implemented according to the NN learning outcome, constitutes intellectual property (IP). Thus, it is necessary to prevent IP theft and its illegal use. This paper presents an obfuscation approach for locking of such FSM networks at the behavioral level of abstraction. The proposed technique is built on the encryption of both the state and the transition encoding, each with its unique key, known only to the IP provider. A steganography approach is used on top, to ensure that the message containing the secret key for unlocking does not capture the attacker's attention as target for inspection. The FSM-based NN works as intended only if the proper key is entered at runtime; otherwise, it will perform erroneous classification. We use Xilinx's Artix-7 FPGA board to demonstrate this locking approach. We also provide a scalability study on the hardware implementation.
KW - Behavioral Level
KW - FPGAs
KW - Finite State Machine
KW - Logic Locking
KW - Neural Network
KW - Steganography
UR - http://www.scopus.com/inward/record.url?scp=85198546135&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85198546135&partnerID=8YFLogxK
U2 - 10.1109/ISCAS58744.2024.10558279
DO - 10.1109/ISCAS58744.2024.10558279
M3 - Conference contribution
AN - SCOPUS:85198546135
T3 - Proceedings - IEEE International Symposium on Circuits and Systems
BT - ISCAS 2024 - IEEE International Symposium on Circuits and Systems
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2024 IEEE International Symposium on Circuits and Systems, ISCAS 2024
Y2 - 19 May 2024 through 22 May 2024
ER -