Nowadays, many electronic systems store valuable Intellectual Property (IP) information inside Non-Volatile Memories (NVMs). Designers widely use encryption mechanisms to enhance the integrity of such IPs and protect them from any unauthorized access or modification. At the same time, often such IPs are critical from a reliability standpoint. Thus, dedicated techniques are employed to detect possible reliability threats (e.g., transient faults affecting the NVM content). The weights of a neural network (NN) model (e.g., integrated into an object detection system for autonomous driving or robotics) are typical examples of precious IP items. Indeed, NN weights often constitute proprietary data, stemming from an extensive and costly training process; moreover, their correctness is key for the NN to work reliably. In this article, we explore the capability of encryption mechanisms to ensure protection from both reliability threats. In particular, we assess, via extensive fault injection campaigns, the capability of different memory encryption schemes - usually used only for security purposes - to detect faults and thus, enhance the reliability of the system. Experimental results show that, by cleverly choosing the proper encryption scheme, it is possible to achieve very high fault detection rates (greater than 99%) with respect to Multiple Bit Upsets. The gathered results pave the way to the integration of reliability and security mechanisms to achieve better results with lower costs.

Towards the Integration of Reliability and Security Mechanisms to Enhance the Fault Resilience of Neural Networks / Deligiannis, Nikolaos; Cantoro, Riccardo; SONZA REORDA, Matteo; Marcello, Traiola; Valea, Emanuele. - In: IEEE ACCESS. - ISSN 2169-3536. - 9:(2021), pp. 155998-156012. [10.1109/ACCESS.2021.3129149]

Towards the Integration of Reliability and Security Mechanisms to Enhance the Fault Resilience of Neural Networks

Deligiannis Nikolaos;Riccardo Cantoro;Matteo Sonza Reorda;Emanuele Valea
2021

Abstract

Nowadays, many electronic systems store valuable Intellectual Property (IP) information inside Non-Volatile Memories (NVMs). Designers widely use encryption mechanisms to enhance the integrity of such IPs and protect them from any unauthorized access or modification. At the same time, often such IPs are critical from a reliability standpoint. Thus, dedicated techniques are employed to detect possible reliability threats (e.g., transient faults affecting the NVM content). The weights of a neural network (NN) model (e.g., integrated into an object detection system for autonomous driving or robotics) are typical examples of precious IP items. Indeed, NN weights often constitute proprietary data, stemming from an extensive and costly training process; moreover, their correctness is key for the NN to work reliably. In this article, we explore the capability of encryption mechanisms to ensure protection from both reliability threats. In particular, we assess, via extensive fault injection campaigns, the capability of different memory encryption schemes - usually used only for security purposes - to detect faults and thus, enhance the reliability of the system. Experimental results show that, by cleverly choosing the proper encryption scheme, it is possible to achieve very high fault detection rates (greater than 99%) with respect to Multiple Bit Upsets. The gathered results pave the way to the integration of reliability and security mechanisms to achieve better results with lower costs.
File in questo prodotto:
File Dimensione Formato  
Towards_the_Integration_of_Reliability_and_Security_Mechanisms_to_Enhance_the_Fault_Resilience_of_Neural_Networks.pdf

accesso aperto

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Creative commons
Dimensione 3.75 MB
Formato Adobe PDF
3.75 MB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2946932