SEALing Neural Network Models in Secure Deep Learning Accelerators

by   Pengfei Zuo, et al.

Deep learning (DL) accelerators are increasingly deployed on edge devices to support fast local inferences. However, they suffer from a new security problem, i.e., being vulnerable to physical access based attacks. An adversary can easily obtain the entire neural network (NN) model by physically snooping the GDDR memory bus that connects the accelerator chip with DRAM memory. Therefore, memory encryption becomes important for DL accelerators on edge devices to improve the security of NN models. Nevertheless, we observe that traditional memory encryption solutions that have been efficiently used in CPU systems cause significant performance degradation when directly used in DL accelerators. The main reason comes from the big bandwidth gap between the GDDR memory bus and the encryption engine. To address this problem, our paper proposes SEAL, a Secure and Efficient Accelerator scheme for deep Learning. SEAL enhances the performance of the encrypted DL accelerator from two aspects, i.e., improving the data access bandwidth and the efficiency of memory encryption. Specifically, to improve the data access bandwidth, SEAL leverages a criticality-aware smart encryption scheme which identifies partial data that have no impact on the security of NN models and allows them to bypass the encryption engine, thus reducing the amount of data to be encrypted. To improve the efficiency of memory encryption, SEAL leverages a colocation mode encryption scheme to eliminate memory accesses from counters used for encryption by co-locating data and their counters. Our experimental results demonstrate that, compared with traditional memory encryption solutions, SEAL achieves 1.4   1.6 times IPC improvement and reduces the inference latency by 39 compromises only 5


page 7

page 10

page 11


Optimizing Memory-Access Patterns for Deep Learning Accelerators

Deep learning (DL) workloads are moving towards accelerators for faster ...

Bandwidth Utilization Side-Channel on ML Inference Accelerators

Accelerators used for machine learning (ML) inference provide great perf...

System and Design Technology Co-optimization of SOT-MRAM for High-Performance AI Accelerator Memory System

SoCs are now designed with their own AI accelerator segment to accommoda...

Sealer: In-SRAM AES for High-Performance and Low-Overhead Memory Encryption

To provide data and code confidentiality and reduce the risk of informat...

HiMA: A Fast and Scalable History-based Memory Access Engine for Differentiable Neural Computer

Memory-augmented neural networks (MANNs) provide better inference perfor...

Cheetah: Optimizations and Methods for PrivacyPreserving Inference via Homomorphic Encryption

As the application of deep learning continues to grow, so does the amoun...

From Deep to Physics-Informed Learning of Turbulence: Diagnostics

We describe physical tests validating progress made toward acceleration ...

Please sign up or login with your details

Forgot password? Click here to reset