Mehran Mozaffari Kermani

Kasra Ahmadi, Saeed Aghapour, Mehran Mozaffari Kermani et al.

The inference phase of deep neural networks (DNNs) in embedded systems is increasingly vulnerable to fault attacks and failures, which can result in incorrect predictions. These vulnerabilities can potentially lead to catastrophic consequences, making the development of effective mitigation techniques essential. In this paper, we introduce MAED (Mathematical Activation Error Detection), an algorithm-level error detection framework that exploits mathematical identities to continuously validate the correctness of non-linear activation function computations at runtime. To the best of our knowledge, this work is the first to integrate algorithm-level error detection techniques to defend against both malicious fault injection attacks and naturally occurring faults in critical DNN components in embedded systems. The evaluation is conducted on three widely adopted activation functions, namely ReLu, sigmoid, and tanh which serve as fundamental building blocks for introducing non-linearity in DNNs and can lead to mispredictions when subjected to natural faults or fault attacks. We assessed the proposed error detection scheme via fault model simulation, achieving close to 100% error detection while mitigating existing fault attacks on DNN inference. Additionally, the overhead introduced by integrating the proposed scheme with the baseline implementation (i.e., without error detection) is validated through implementations on an AMD/Xilinx Artix-7 FPGA and an ATmega328P microcontroller, as well as through integration with TensorFlow. On the microcontroller, the proposed error detection incurs less than 1% clock cycle overhead, while on the FPGA it requires nearly zero additional area, at the cost of approximately a 20% increase in latency for sigmoid and tanh.

Kasra Ahmadi, Rouzbeh Behnia, Reza Ebrahimi et al.

Federated learning (FL) enhances privacy by keeping user data on local devices. However, emerging attacks have demonstrated that the updates shared by users during training can reveal significant information about their data. This has greatly thwart the adoption of FL methods for training robust AI models in sensitive applications. Differential Privacy (DP) is considered the gold standard for safeguarding user data. However, DP guarantees are highly conservative, providing worst-case privacy guarantees. This can result in overestimating privacy needs, which may compromise the model's accuracy. Additionally, interpretations of these privacy guarantees have proven to be challenging in different contexts. This is further exacerbated when other factors, such as the number of training iterations, data distribution, and specific application requirements, can add further complexity to this problem. In this work, we proposed a framework that integrates a human entity as a privacy practitioner to determine an optimal trade-off between the model's privacy and utility. Our framework is the first to address the variable memory requirement of existing DP methods in FL settings, where resource-limited devices (e.g., cell phones) can participate. To support such settings, we adopt a recent DP method with fixed memory usage to ensure scalable private FL. We evaluated our proposed framework by fine-tuning a BERT-based LLM model using the GLUE dataset (a common approach in literature), leveraging the new accountant, and employing diverse data partitioning strategies to mimic real-world conditions. As a result, we achieved stable memory usage, with an average accuracy reduction of 1.33% for $ε= 10$ and 1.9% for $ε= 6$, when compared to the state-of-the-art DP accountant which does not support fixed memory usage.

Mehran Mozaffari Kermani, Reza Azarderakhsh, Siavash Bayat-Sarmadi

In cryptographic engineering, extensive attention has been devoted to ameliorating the performance and security of the algorithms within. Nonetheless, in the state-of-the-art, the approaches for increasing the reliability of the efficient hash functions ECHO and Fugue have not been presented to date. We propose efficient fault detection schemes by presenting closed formulations for the predicted signatures of different transformations in these algorithms. These signatures are derived to achieve low overhead for the specific transformations and can be tailored to include byte/word-wide predicted signatures. Through simulations, we show that the proposed fault detection schemes are highly-capable of detecting natural hardware failures and are capable of deteriorating the effectiveness of malicious fault attacks. The proposed reliable hardware architectures are implemented on the application-specific integrated circuit (ASIC) platform using a 65-nm standard technology to benchmark their hardware and timing characteristics. The results of our simulations and implementations show very high error coverage with acceptable overhead for the proposed schemes.

Anita Aghaie, Mehran Mozaffari Kermani, Reza Azarderakhsh

In this paper, through considering lightweight cryptography, we present a comparative realization of MDS matrices used in the VLSI implementations of lightweight cryptography. We verify the MixColumn/MixNibble transformation using MDS matrices and propose reliability approaches for thwarting natural and malicious faults. We note that one other contribution of this work is to consider not only linear error detecting codes but also recomputation mechanisms as well as fault space transformation (FST) adoption for lightweight cryptographic algorithms. Our intention in this paper is to propose reliability and error detection mechanisms (through linear codes, recomputations, and FST adopted for lightweight cryptography) to consider the error detection schemes in designing beforehand taking into account such algorithmic security. We also posit that the MDS matrices applied in the MixColumn (or MixNibble) transformation of ciphers to protect ciphers against linear and differential attacks should be incorporated in the cipher design in order to reduce the overhead of the applied error detection schemes. Finally, we present a comparative implementation framework on ASIC to benchmark the VLSI hardware implementation presented in this paper.

Fatemeh Tehranipoor, Nima Karimian, Mehran Mozaffari Kermani et al.

This is the first work augmenting hardware attacks mounted on obfuscated circuits by incorporating deep recurrent neural network (D-RNN). Logic encryption obfuscation has been used for thwarting counterfeiting, overproduction, and reverse engineering but vulnerable to attacks. There have been efficient schemes, e.g., satisfiability-checking (SAT) based attack, which can potentially compromise hardware obfuscation circuits. Nevertheless, not only there exist countermeasures against such attacks in the state-of-the-art (including the recent delay+logic locking (DLL) scheme in DAC'17), but the sheer amount of time/resources to mount the attack could hinder its efficacy. In this paper, we propose a deep RNN-oriented approach, called BOCANet, to (i) compromise the obfuscated hardware at least an order-of magnitude more efficiently (>20X faster with relatively high success rate) compared to existing attacks; (ii) attack such locked hardware even when the resources to the attacker are only limited to insignificant number of I/O pairs (< 0.5\%) to reconstruct the secret key; and (iii) break a number of experimented benchmarks (ISCAS-85 c423, c1355, c1908, and c7552) successfully.