Hardware Trojan Attacks on Neural Networks

With the rising popularity of machine learning and the ever increasing demand for computational power, there is a growing need for hardware optimized implementations of neural networks and other machine learning models. As the technology evolves, it is also plausible that machine learning or artificial intelligence will soon become consumer electronic products and military equipment, in the form of well-trained models. Unfortunately, the modern fabless business model of manufacturing hardware, while economic, leads to deficiencies in security through the supply chain. In this paper, we illuminate these security issues by introducing hardware Trojan attacks on neural networks, expanding the current taxonomy of neural network security to incorporate attacks of this nature. To aid in this, we develop a novel framework for inserting malicious hardware Trojans in the implementation of a neural network classifier. We evaluate the capabilities of the adversary in this setting by implementing the attack algorithm on convolutional neural networks while controlling a variety of parameters available to the adversary. Our experimental results show that the proposed algorithm could effectively classify a selected input trigger as a specified class on the MNIST dataset by injecting hardware Trojans into 0.03%, on average, of neurons in the 5th hidden layer of arbitrary 7-layer convolutional neural networks, while undetectable under the test data. Finally, we discuss the potential defenses to protect neural networks against hardware Trojan attacks.



Cloud Security Alliance: firmware integrity white paper (registration required to view)

Cloud Security Alliance: make your documents available without having to register!





Disclaimer: I don’t know anything about the Cloud Security Alliance. Except that their whitepaper download registration policy sucks.


SCALE: Side-Channel Attack Lab. Exercises (and: QSCAT, Qt Side Channel Analysis Tool)

Alongside the implementation of cryptography in hardware and software, attacks on those implementations (plus associated countermeasures) form a central challenge in cryptographic engineering. This topic is sometimes termed physical security, but, either way, it contrasts sharply with traditional cryptanalysis by targeting the concrete implementation (vs. the abstract design, i.e., the underlying theory) via techniques such as side-channel attack. Beyond the obvious motivation, there are many position statements, e.g., see [1,2,3], that outline why this challenge is important. Thus, from an educational perspective, the question is how to equip students with an appropriate, associated skill set? On one hand, it seems obvious a hands-on approach is preferable: this is an applied topic so actually doing it (assuming a background in the underlying or related theory), e.g., via Problem-Based Learning (PBL), would be most effective. Indeed, other initiatives have already used a similar approach, e.g., see [4]. However, on the other hand, our experience is that some practical and/or logistical challenges remain.[…]


PS: From twitter thread, see-also:


Qt Side Channel Analysis Tool to handle signal traces and more


CIRCLean: USB Sanitizer


Malware regularly uses USB sticks to infect victims, and the abuse of USB sticks is a common vector of infection (as an example Lost USB keys have 66% chance of malware). CIRCLean is an independent hardware solution to clean documents from untrusted (obtained) USB keys / USB sticks. The device automatically converts untrusted documents into a readable but disarmed format and stores these clean files on a trusted (user owned) USB key/stick. The focus of CIRCLean is to establish document exchange even if the used transport layer (the USB stick) cannot be trusted or if there is a suspicion about whether the contained documents are free of malware or not. In the worst case, only the CIRCLean would be compromised, but not the computer reading the target (trusted) USB key/stick. The code runs on a Raspberry Pi (a small hardware device), which also means it is not required to plug the original USB key into a computer. CIRCLean can be seen as a kind of air gap between the untrusted USB key and your operational computer. CIRCLean does not require any technical prerequisites of any kind and can be used by anyone. CIRCLean is free software which can be audited and analyzed by third-parties. We also invite all organizations to actively reuse CIRCLean in their own products or contribute to the project.[…]

CIRCLean logo


Crowdsupply: NeTV2 second and third stretch goal update

Re: https://firmwaresecurity.com/2018/05/13/bunnie-launches-netv2-open-source-video-dev-board-on-crowdsupply/



more on WebUSB and recent YubiCo vuln

Re: https://firmwaresecurity.com/2018/06/14/yubico-vs-security-researchers/

here’s a bit more on WebUSB and recent YubiKey vuln, latter blog post has great background on WebUSB tech.




From intro paragraph of Google’s intro to WebUSB (emphasis theirs):

“[…]But most importantly this will make USB safer and easier to use by bringing it to the Web.”


PS: Anyone here a Wikipedia editor? This page needs an entry for WebUSB:


and perhaps a dedicated page for WebUSB not just:


Besides WebUSB and Wireless USB, what other scary OOB interfaces to USB exist?! I really need to spend more time learning USB properly…