Security Evaluation of AI-Based Hardware Accelerator Units

Université de Rennes - IETR, France

Updated: 2 months ago

Location: Rennes, BRETAGNE

Job Type: FullTime

Deadline: 31 Mar 2024

21 Feb 2024
Job Information

Organisation/Company: Université de Rennes - IETR
Research Field: Engineering » Electronic engineering
Computer science » Digital systems
Computer science » Database management
Researcher Profile: Recognised Researcher (R2)
Leading Researcher (R4)
First Stage Researcher (R1)
Established Researcher (R3)
Country: France
Application Deadline: 31 Mar 2024 - 22:00 (UTC)
Type of Contract: Temporary
Job Status: Full-time
Offer Starting Date: 1 Oct 2024
Is the job funded through the EU Research Framework Programme?: Not funded by an EU programme
Is the Job related to staff position within a Research Infrastructure?: No

Offer Description

Thanks to the advance of emerging technologies, it is now possible to deploy machine-learning and other AI-based applications directly to hardware-software devices, by using edge computing frameworks. In particular, these devices are able to perform very fast neural network inferences with limited costs, allowing latency and energy reduction as well as a better privacy in comparison to cloud-based architectures [1]. For example, Google's Edge TPU Coral Dev Board [2] is capable of achieving 4 TOPS using only 0.5 watts per TOPs. Their programmability is also made easier and accessible to everyone through well-adopted frameworks e.g TensorFlow lite.

Considering a deployment of these devices for many applications at the edge, including smart cities, quality control in manufacturing, automotive, agriculture or healthcare, they could be the target of malicious attacks [3], compromising either a single device or the full system.

In this thesis, we will investigate a new attack model for Deep-neural network hardware accelerator. More particularly, we explore the communication interfaces of the core to develop new attacks in order to modify the model’s output without damaging the device or being detected. By this way, we hope to be able to modify the computational model by poisoning data, stealing models or metaparameters, and then study the robustness of the model and countermeasures.

In particular, PCIe is one of the current technologies for interfacing Google's Edge TPU and it was already demonstrated that this communication interface could be attacked [4,5]. However, from the best of our knowledge, there is no similar work targeting the communication interface of such devices.

[1] K. Guo, W. Li, K. Zhong, Z. Zhu, S. Zeng, S. Han, Y. Xie, P. Debacker, M. Verhelst, Y. Wang. "Neural Network Accelerator Comparison" [Online]. Available: https://nicsefc.ee.tsinghua.edu.cn/project.html
[2]Coral AI, https://coral.ai/products/#production-products
[3]M. Isakov, V. Gadepally, K. M. Gettings and M. A. Kinsy, "Survey of Attacks and Defenses on Edge-Deployed Neural Networks," 2019 IEEE High Performance Extreme Computing Conference (HPEC), Waltham, MA, USA, 2019, pp. 1-8, doi: 10.1109/HPEC.2019.8916519.

[4]M. A. Khelif, J. Lorandel, O. Romain, M. Regnery, D. Baheux, Guillaume Barbu, Toward a hardware man-in-the-middle attack on PCIe bus, Microprocessors and Microsystems, Volume 77, 2020, 103198, ISSN 0141-9331, https://doi.org/10.1016/j.micpro.2020.103198 .
[5]M. A. Khelif, J. Lorandel, O. Romain, M. Regnery, and D. Baheux. 2019. A Versatile Emulator of MitM for the identification of vulnerabilities of IoT devices, a case of study: smartphones. In Proceedings of the 3rd International Conference on Future Networks and Distributed Systems (ICFNDS '19). Association for Computing Machinery, New York, NY, USA, Article 28, 1–6. https://doi.org/10.1145/3341325.3342019

Supervisors:
Pr. Christophe MOY, Director, Université de Rennes - IETR
Dr. Jordane LORANDEL, Supervisor, Université de Rennes - IETR
Pr. Olivier ROMAIN, Co-director, ETIS-CY Cergy Paris Université

Laboratory and location: IETR - Institut d’Electronique et des Technologies du numéRiques (IETR) – batiment 11C/D, Campus de Beaulieu, Rennes -
The Phd will be supervised by researchers from Rennes (IETR) and Cergy-Pontoise (ETIS), benefiting from both expertises acquired during previous studies on related subjects as well as PCIe MITM demonstrator. The PhD Student will be a member of the ASIC team at IETR.

Funding category: Sans financement dédié
Financement
PHD Country: France

Requirements
Specific Requirements

-MsC degree or equivalent in Electrical Engineering, Electronics, Embedded systems

-Fluent in English and French

-Performing an internship in a laboratory is a plus

Additional Information
Work Location(s)

Number of offers available: 1
Company/Institute: Université de Rennes - IETR
Country: France
City: Rennes
Geofield

Where to apply

Website: https://www.abg.asso.fr/fr/candidatOffres/show/id_offre/120503

Contact

Website: https://www.ietr.fr/

STATUS: EXPIRED

View or Apply