TY - GEN
T1 - FriendlyFoe
T2 - 33rd International Conference on Parallel Architectures and Compilation Techniques, PACT 2024
AU - Nam, Hyoungwook
AU - Pothukuchi, Raghavendra Pradyumna
AU - Li, Bo
AU - Kim, Nam Sung
AU - Torrellas, Josep
N1 - This work was supported in part by NSF under grants CNS 1956007and CCF 2107470, by a Computing Innovation Fellowship from theCRA for Raghavendra Pradyumna Pothukuchi (under NSF grant2127309); by ACE, one of the seven centers in JUMP 2.0, a Semiconductor Research Corporation (SRC) program sponsored by DARPA;and by a gift from Intel.
PY - 2024
Y1 - 2024
N2 - Machine learning (ML)-based side channel attacks have become prominent threats to computer security. These attacks are often powerful, as ML models easily find patterns in signals. To address this problem, this paper proposes dynamically applying Adversarial Machine Learning (AML) to obfuscate side channels. The rationale is that it has been shown that intelligently injecting an adversarial perturbation can confuse ML classifiers. We call this approach FriendlyFoe and the neural network we introduce to perturb signals FriendlyFoe Defender. FriendlyFoe is a practical, effective, and general architectural technique to obfuscate signals. We show a workflow to design Defenders with low overhead and information leakage, and to customize them for different environments. Defenders are transferable, i.e., they thwart attacker classifiers that are different from those used to train the Defenders. They also resist adaptive attacks, where attackers train using the obfuscated signals collected while the Defender is active. Finally, the approach is general enough to be applicable to different environments. We demonstrate FriendlyFoe against two side channel attacks: one based on memory contention and one on system power. The first example uses a hardware Defender with ns-level response time that, for the same level of security as a Pad-to-Constant scheme, has 27% and 64% lower performance overhead for single- and multi-threaded workloads, respectively. The second example uses a software Defender with ms-level response time that reduces leakage by 3.7 × over a state-of-the-art scheme while reducing the energy overhead by 22.5%.
AB - Machine learning (ML)-based side channel attacks have become prominent threats to computer security. These attacks are often powerful, as ML models easily find patterns in signals. To address this problem, this paper proposes dynamically applying Adversarial Machine Learning (AML) to obfuscate side channels. The rationale is that it has been shown that intelligently injecting an adversarial perturbation can confuse ML classifiers. We call this approach FriendlyFoe and the neural network we introduce to perturb signals FriendlyFoe Defender. FriendlyFoe is a practical, effective, and general architectural technique to obfuscate signals. We show a workflow to design Defenders with low overhead and information leakage, and to customize them for different environments. Defenders are transferable, i.e., they thwart attacker classifiers that are different from those used to train the Defenders. They also resist adaptive attacks, where attackers train using the obfuscated signals collected while the Defender is active. Finally, the approach is general enough to be applicable to different environments. We demonstrate FriendlyFoe against two side channel attacks: one based on memory contention and one on system power. The first example uses a hardware Defender with ns-level response time that, for the same level of security as a Pad-to-Constant scheme, has 27% and 64% lower performance overhead for single- and multi-threaded workloads, respectively. The second example uses a software Defender with ms-level response time that reduces leakage by 3.7 × over a state-of-the-art scheme while reducing the energy overhead by 22.5%.
KW - Hardware security
KW - Machine learning
KW - Side-channel analysis
UR - http://www.scopus.com/inward/record.url?scp=85215512180&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85215512180&partnerID=8YFLogxK
U2 - 10.1145/3656019.3676952
DO - 10.1145/3656019.3676952
M3 - Conference contribution
AN - SCOPUS:85215512180
T3 - Parallel Architectures and Compilation Techniques - Conference Proceedings, PACT
SP - 338
EP - 350
BT - PACT 2024 - Proceedings of the 2024 International Conference on Parallel Architectures and Compilation Techniques
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 13 October 2024 through 16 October 2024
ER -