SafeTPU: A Verifiably Secure Hardware Accelerator for Deep Neural Networks

Maria I. Mera Collantes; Zahra Ghodsi; Siddharth Garg

doi:10.1109/VTS48691.2020.9107564

SafeTPU: A Verifiably Secure Hardware Accelerator for Deep Neural Networks

Maria I. Mera Collantes, Zahra Ghodsi, Siddharth Garg

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We present Safe-TPU, a framework for secure computations of Deep Neural Networks (DNNs) in untrusted hardware corrupted by Trojans or fault injection attacks. This work leverages previous advances on interactive proof (IP) systems for verifying, at run-time, the correctness of a neural network's computations, and makes three new contributions: (1) We present a Trojan resilient DNN hardware accelerator based on interactive proofs; (2) We introduce new protocol enhancements that significantly reduce the space and time required to generate proofs; and (3) we propose an implementation of Safe-TPU with high parallelism and reuse of existing resources already deployed in the baseline DNN accelerator. We prototype Safe-TPU on an FPGA and analyze its security guarantees. Experimentally, we show that Safe-TPU's area overhead is small (28%) over the baseline DNN accelerator and is 3.15× faster than state-of-the-art, while at the same time, Safe-TPU guarantees to catch, with high probability, any incorrect computations.

Original language	English (US)
Title of host publication	Proceedings - 2020 IEEE 38th VLSI Test Symposium, VTS 2020
Publisher	IEEE Computer Society
ISBN (Electronic)	9781728153599
DOIs	https://doi.org/10.1109/VTS48691.2020.9107564
State	Published - Apr 2020
Event	38th IEEE VLSI Test Symposium, VTS 2020 - San Diego, United States Duration: Apr 5 2020 → Apr 8 2020

Publication series

Name	Proceedings of the IEEE VLSI Test Symposium
Volume	2020-April

Conference

Conference	38th IEEE VLSI Test Symposium, VTS 2020
Country/Territory	United States
City	San Diego
Period	4/5/20 → 4/8/20

ASJC Scopus subject areas

Computer Science Applications
Electrical and Electronic Engineering

Access to Document

10.1109/VTS48691.2020.9107564

Cite this

SafeTPU: A Verifiably Secure Hardware Accelerator for Deep Neural Networks. / Mera Collantes, Maria I.; Ghodsi, Zahra; Garg, Siddharth.
Proceedings - 2020 IEEE 38th VLSI Test Symposium, VTS 2020. IEEE Computer Society, 2020. 9107564 (Proceedings of the IEEE VLSI Test Symposium; Vol. 2020-April).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Mera Collantes, MI, Ghodsi, Z & Garg, S 2020, SafeTPU: A Verifiably Secure Hardware Accelerator for Deep Neural Networks. in Proceedings - 2020 IEEE 38th VLSI Test Symposium, VTS 2020., 9107564, Proceedings of the IEEE VLSI Test Symposium, vol. 2020-April, IEEE Computer Society, 38th IEEE VLSI Test Symposium, VTS 2020, San Diego, United States, 4/5/20. https://doi.org/10.1109/VTS48691.2020.9107564

@inproceedings{0267e6b12dc14c7aa03fc4fc909edd89,

title = "SafeTPU: A Verifiably Secure Hardware Accelerator for Deep Neural Networks",

abstract = "We present Safe-TPU, a framework for secure computations of Deep Neural Networks (DNNs) in untrusted hardware corrupted by Trojans or fault injection attacks. This work leverages previous advances on interactive proof (IP) systems for verifying, at run-time, the correctness of a neural network's computations, and makes three new contributions: (1) We present a Trojan resilient DNN hardware accelerator based on interactive proofs; (2) We introduce new protocol enhancements that significantly reduce the space and time required to generate proofs; and (3) we propose an implementation of Safe-TPU with high parallelism and reuse of existing resources already deployed in the baseline DNN accelerator. We prototype Safe-TPU on an FPGA and analyze its security guarantees. Experimentally, we show that Safe-TPU's area overhead is small (28%) over the baseline DNN accelerator and is 3.15× faster than state-of-the-art, while at the same time, Safe-TPU guarantees to catch, with high probability, any incorrect computations.",

author = "{Mera Collantes}, {Maria I.} and Zahra Ghodsi and Siddharth Garg",

note = "Funding Information: This work was funded in part by NSF Award #1553419 and #1646671. Publisher Copyright: {\textcopyright} 2020 IEEE.; 38th IEEE VLSI Test Symposium, VTS 2020 ; Conference date: 05-04-2020 Through 08-04-2020",

year = "2020",

month = apr,

doi = "10.1109/VTS48691.2020.9107564",

language = "English (US)",

series = "Proceedings of the IEEE VLSI Test Symposium",

publisher = "IEEE Computer Society",

booktitle = "Proceedings - 2020 IEEE 38th VLSI Test Symposium, VTS 2020",

}

TY - GEN

T1 - SafeTPU

T2 - 38th IEEE VLSI Test Symposium, VTS 2020

AU - Mera Collantes, Maria I.

AU - Ghodsi, Zahra

AU - Garg, Siddharth

PY - 2020/4

Y1 - 2020/4

N2 - We present Safe-TPU, a framework for secure computations of Deep Neural Networks (DNNs) in untrusted hardware corrupted by Trojans or fault injection attacks. This work leverages previous advances on interactive proof (IP) systems for verifying, at run-time, the correctness of a neural network's computations, and makes three new contributions: (1) We present a Trojan resilient DNN hardware accelerator based on interactive proofs; (2) We introduce new protocol enhancements that significantly reduce the space and time required to generate proofs; and (3) we propose an implementation of Safe-TPU with high parallelism and reuse of existing resources already deployed in the baseline DNN accelerator. We prototype Safe-TPU on an FPGA and analyze its security guarantees. Experimentally, we show that Safe-TPU's area overhead is small (28%) over the baseline DNN accelerator and is 3.15× faster than state-of-the-art, while at the same time, Safe-TPU guarantees to catch, with high probability, any incorrect computations.

AB - We present Safe-TPU, a framework for secure computations of Deep Neural Networks (DNNs) in untrusted hardware corrupted by Trojans or fault injection attacks. This work leverages previous advances on interactive proof (IP) systems for verifying, at run-time, the correctness of a neural network's computations, and makes three new contributions: (1) We present a Trojan resilient DNN hardware accelerator based on interactive proofs; (2) We introduce new protocol enhancements that significantly reduce the space and time required to generate proofs; and (3) we propose an implementation of Safe-TPU with high parallelism and reuse of existing resources already deployed in the baseline DNN accelerator. We prototype Safe-TPU on an FPGA and analyze its security guarantees. Experimentally, we show that Safe-TPU's area overhead is small (28%) over the baseline DNN accelerator and is 3.15× faster than state-of-the-art, while at the same time, Safe-TPU guarantees to catch, with high probability, any incorrect computations.

UR - http://www.scopus.com/inward/record.url?scp=85086500279&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85086500279&partnerID=8YFLogxK

U2 - 10.1109/VTS48691.2020.9107564

DO - 10.1109/VTS48691.2020.9107564

M3 - Conference contribution

AN - SCOPUS:85086500279

T3 - Proceedings of the IEEE VLSI Test Symposium

BT - Proceedings - 2020 IEEE 38th VLSI Test Symposium, VTS 2020

PB - IEEE Computer Society

Y2 - 5 April 2020 through 8 April 2020

ER -

SafeTPU: A Verifiably Secure Hardware Accelerator for Deep Neural Networks

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this