DeepStrike: Remotely-Guided Fault Injection Attacks on DNN Accelerator in Cloud-FPGA
This addresses a critical security problem for cloud providers and users of FPGA-accelerated DNNs, highlighting vulnerabilities in virtualization environments.
The paper tackles the security of DNN FPGA accelerators in cloud environments by proposing DeepStrike, a remotely-guided fault injection attack that disrupts DNN execution, successfully misclassifying target applications.
As Field-programmable gate arrays (FPGAs) are widely adopted in clouds to accelerate Deep Neural Networks (DNN), such virtualization environments have posed many new security issues. This work investigates the integrity of DNN FPGA accelerators in clouds. It proposes DeepStrike, a remotely-guided attack based on power glitching fault injections targeting DNN execution. We characterize the vulnerabilities of different DNN layers against fault injections on FPGAs and leverage time-to-digital converter (TDC) sensors to precisely control the timing of fault injections. Experimental results show that our proposed attack can successfully disrupt the FPGA DSP kernel and misclassify the target victim DNN application.