Abstract
The popularity and widespread usage of machine learning (ML) hardware have created challenges for its intellectual property (IP) protection. Logic locking is a widely used technique for IP protection but has received little attention in error-resilient applications such as ML hardware modules. This work investigates the effectiveness of logic locking when applied to tree-based ML circuits and reveals a critical vulnerability that undermines its effectiveness for single-label ML classifiers. We propose a logic locking scheme to eliminate the vulnerabilities in decision trees (DTs) and random forests (RFs) circuits. In our extensive simulation involving 16 DTs and 16 RFs, our solution consistently thwarts the vulnerability. We further evaluated the security of our approach by considering different obfuscation percentages and launching state-of-the-art oracle-less attacks on logic locking. Our method proves resilient, indicating that by fixing the identified vulnerability, we did not introduce new attack vectors. Further, our investigation indicates that DT/RF accelerators are significantly less vulnerable to oracle-less attacks compared to exact circuits. Overall, our work lays the foundation for future investigations into the effectiveness of logic locking for ML circuits.
Original language | English (US) |
---|---|
Pages (from-to) | 180-191 |
Number of pages | 12 |
Journal | IEEE Transactions on Circuits and Systems I: Regular Papers |
Volume | 72 |
Issue number | 1 |
DOIs | |
State | Published - 2025 |
Keywords
- Logic locking
- decision trees
- hardware security
- machine learning
- random forest
ASJC Scopus subject areas
- Hardware and Architecture
- Electrical and Electronic Engineering