English

Exploiting Logic Locking for a Neural Trojan Attack on Machine Learning Accelerators

Cryptography and Security 2023-04-18 v2 Artificial Intelligence Hardware Architecture

Abstract

Logic locking has been proposed to safeguard intellectual property (IP) during chip fabrication. Logic locking techniques protect hardware IP by making a subset of combinational modules in a design dependent on a secret key that is withheld from untrusted parties. If an incorrect secret key is used, a set of deterministic errors is produced in locked modules, restricting unauthorized use. A common target for logic locking is neural accelerators, especially as machine-learning-as-a-service becomes more prevalent. In this work, we explore how logic locking can be used to compromise the security of a neural accelerator it protects. Specifically, we show how the deterministic errors caused by incorrect keys can be harnessed to produce neural-trojan-style backdoors. To do so, we first outline a motivational attack scenario where a carefully chosen incorrect key, which we call a trojan key, produces misclassifications for an attacker-specified input class in a locked accelerator. We then develop a theoretically-robust attack methodology to automatically identify trojan keys. To evaluate this attack, we launch it on several locked accelerators. In our largest benchmark accelerator, our attack identified a trojan key that caused a 74\% decrease in classification accuracy for attacker-specified trigger inputs, while degrading accuracy by only 1.7\% for other inputs on average.

Keywords

Cite

@article{arxiv.2304.06017,
  title  = {Exploiting Logic Locking for a Neural Trojan Attack on Machine Learning Accelerators},
  author = {Hongye Xu and Dongfang Liu and Cory Merkel and Michael Zuzak},
  journal= {arXiv preprint arXiv:2304.06017},
  year   = {2023}
}

Comments

Accepted in GLSVLSI 2023

R2 v1 2026-06-28T10:02:43.444Z