Jetson Nano神经网络物理电磁泄漏安全研究  被引量：1

作　　者：吴晨曦 张洪欣[1] 崔晓彤 WU Chenxi;ZHANG Hongxin;CUI Xiaotong(School of Electronic Engineering,Beijing University of Posts and Telecommunications,Beijing 100876,China)

机构地区：[1]北京邮电大学电子工程学院,北京100876

出　　处：《太赫兹科学与电子信息学报》2023年第9期1144-1149,共6页Journal of Terahertz Science and Electronic Information Technology

基　　金：国家自然科学基金资助项目(62071057);中央高校基本科研业务费专项资金资助项目(2019XD17)。

摘　　要：如果采用旁路攻击方法对神经网络结构、框架进行攻击,恢复出结构、权重等信息,会产生敏感信息的泄漏,因此,需要警惕神经网络计算设备在旁路攻击领域产生敏感信息泄露的潜在风险。本文基于Jetson Nano平台,针对神经网络及神经网络框架推理时产生的旁路电磁泄漏信号进行采集,设计了基于深度学习方法的旁路攻击算法,对旁路进行分析研究,并对两个维度的安全进行评估。研究表明,良好的网络转换策略能够提升网络分类识别准确率5%~12%。两种评估任务中,针对同一框架下不同结构的典型神经网络推理时,电磁泄漏的分类准确率达到97.21%;针对不同神经网络框架下同一种网络推理时,电磁泄漏的分类准确率达到100%。说明旁路电磁攻击方法对此类嵌入式图像处理器(GPU)计算平台中的深度学习算法隐私产生了威胁。If a side-channel attack can attack the structure and framework of the neural network to recover information such as structure and weight,sensitive information leakage will occur.Therefore,it is important to guard the neural network computing devices against disclosure of sensitive information in the field of side-channel attack.Based on the Jetson Nano platform,a method is designed for the side-channel electromagnetic leakage signal acquisition during the inference of the neural network.The side-channel analysis is conducted by using the deep learning method,and two aspects of security are assessed.Research shows that a good network conversion strategy can improve the classification and recognition accuracy of the network by 5%~12%.In the two evaluation tasks,the classification accuracy of electromagnetic leakage is 97.21%for typical neural network inferences with different structures under the same framework;it reaches 100%for the same kind of network reasoning under different frameworks of neural network.It indicates that the side-channel electromagnetic attack method poses a threat to the privacy of deep learning algorithms in such embedded Graphics Processing Unit(GPU)computing platforms.

关 键 词：旁路攻击 电磁泄漏 深度学习 一维卷积神经网络 Jetson Nano平台 

分 类 号：O441.4[理学—电磁学]