Hands-On Teaching of Hardware Security for Machine Learning

Abstract

Hardware security for machine learning (ML) and artificial intelligence (AI) circuits is becoming a major topic within the cybersecurity framework. Although much research is ongoing on this front, the community omits the educational components. In this paper, we present a training module comprised of a set of hands-on experiments that allow teaching hardware security concepts to newcomers. Specifically, we propose 5 experiments and related training material that teach side-channel attacks and defenses on the hardware implementations of neural networks. We report the organization and the findings after testing these experiments with sophomore undergraduate students at North Carolina State University. The students first study the basics of neural networks and then build a neural network inference circuit on a breadboard. They then conduct a differential power analysis attack on the hardware to steal trained weights and a circuit-balancing (hiding) style defense to mitigate the attack. The students develop all related hardware and software codes to perform attacks and build defenses. The results show that such complex notions of digital circuits design, neural networks, and side-channel analysis can be instructed at the sophomore level with a well-thought set of experiments. Future extensions could include establishing an online infrastructure for remote teaching and efficient scaling to a broader audience.