Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Towards Secure and Efficient DNN Accelerators via Hardware-Software Co-Design

Wei Xuan, Zihao Xuan, Rongliang Fu, Ning Lin, Kwunhang Wong, Zikang Yuan, Lang Feng, Zhongrui Wang, Tsung-Yi Ho, Yuzhong Jiao, Luhong Liang

TL;DR

This paper proposes a bandwidth-aware cryptographic scheme that adapts encryption granularity based on memory traffic patterns, striking a balance between security and resource efficiency and introduces a multi-level authentication mechanism that effectively eliminates unnecessary off-chip memory accesses, enhancing performance and energy efficiency.

Abstract

The rapid deployment of deep neural network (DNN) accelerators in safety-critical domains such as autonomous vehicles, healthcare systems, and financial infrastructure necessitates robust mechanisms to safeguard data confidentiality and computational integrity. Existing security solutions for DNN accelerators, however, suffer from excessive hardware resource demands and frequent off-chip memory access overheads, which degrade performance and scalability. To address these challenges, this paper presents a secure and efficient memory protection framework for DNN accelerators with minimal overhead. First, we propose a bandwidth-aware cryptographic scheme that adapts encryption granularity based on memory traffic patterns, striking a balance between security and resource efficiency. Second, we observe that both the overlapping regions in the intra-layer tiling's sliding window pattern and those resulting from inter-layer tiling strategy discrepancies introduce substantial redundant memory accesses and repeated computational overhead in cryptography. Third, we introduce a multi-level authentication mechanism that effectively eliminates unnecessary off-chip memory accesses, enhancing performance and energy efficiency. Experimental results show that this work decreases performance overhead by over 12% and achieves 87% energy efficiency improvement for both server and edge neural processing units (NPUs), while ensuring robust scalability.

Towards Secure and Efficient DNN Accelerators via Hardware-Software Co-Design

TL;DR

This paper proposes a bandwidth-aware cryptographic scheme that adapts encryption granularity based on memory traffic patterns, striking a balance between security and resource efficiency and introduces a multi-level authentication mechanism that effectively eliminates unnecessary off-chip memory accesses, enhancing performance and energy efficiency.

Abstract

The rapid deployment of deep neural network (DNN) accelerators in safety-critical domains such as autonomous vehicles, healthcare systems, and financial infrastructure necessitates robust mechanisms to safeguard data confidentiality and computational integrity. Existing security solutions for DNN accelerators, however, suffer from excessive hardware resource demands and frequent off-chip memory access overheads, which degrade performance and scalability. To address these challenges, this paper presents a secure and efficient memory protection framework for DNN accelerators with minimal overhead. First, we propose a bandwidth-aware cryptographic scheme that adapts encryption granularity based on memory traffic patterns, striking a balance between security and resource efficiency. Second, we observe that both the overlapping regions in the intra-layer tiling's sliding window pattern and those resulting from inter-layer tiling strategy discrepancies introduce substantial redundant memory accesses and repeated computational overhead in cryptography. Third, we introduce a multi-level authentication mechanism that effectively eliminates unnecessary off-chip memory accesses, enhancing performance and energy efficiency. Experimental results show that this work decreases performance overhead by over 12% and achieves 87% energy efficiency improvement for both server and edge neural processing units (NPUs), while ensuring robust scalability.
Paper Structure (36 sections, 1 equation, 16 figures, 5 tables, 5 algorithms)

This paper contains 36 sections, 1 equation, 16 figures, 5 tables, 5 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Convolutional Computation
  4. Confidentiality Protection
  5. Integrity Verification
  6. Prior Secure DNN Accelerators
  7. Threat Model and Motivation
  8. Threat Model
  9. Motivation
  10. Memory Access Overhead Challenge for Integrity Verification
  11. Encryption Bandwidth Challenge for Confidentiality Protection
  12. Secure Framework
  13. Overview of Secure DNN Accelerator Framework
  14. Bandwidth-Aware Cryptographic Scheme
  15. Exploration of the Trade-off Between Hardware Resource Consumption and Encryption/Decryption Bandwidth
  16. ...and 21 more sections

Figures (16)

  • Figure 1: Overview of conventional and secure DNN accelerators. (a) Conventional DNN accelerators rely on untrusted off-chip memory and communication buses, rendering them vulnerable to model theft and malicious tampering. (b) Secure DNN accelerators protect data confidentiality and integrity through memory protection schemes employing authenticated encryption.
  • Figure 2: CNN convolution operation (CONV).
  • Figure 3: Example of 7-dimensional nested loop for CONV.
  • Figure 4: Comparison of AES encryption modes: (a) AES-ECB mode uses only a global encryption key; (b) AES-CTR mode uses a unique value (nonce $||$ counter) and a global key.
  • Figure 5: Summary of AES-CTR mode. (a) Reusing the AES engine for encryption and decryption in AES-CTR mode. (b) Diagram of the AES engine, featuring the AddRoundKey, SubBytes, ShiftRows, MixColumns, and KeyExpansion modules. (c) Utilization of multiple AES engines for parallel encryption to boost high-bandwidth capabilities.
  • ...and 11 more figures