Foto von Matthias Probst

M.Sc. Matthias Probst

Raum: N1008ZG

Research Interests

  • Side Channel Analysis
  • Neural Networks
  • Neuromorphic Hardware (Spiking Neural Networks)

Research positions for students

If one of my research topics catches your interest, feel free to contact me for possible Bachelor Thesis, Master Thesis or research internship opportunities.

Master's Theses

SCA of Neural Network HW-Implementations

Keywords:
SCA, Neural Networks, Hardware, FPGA
Short Description:
FPGA Implementations should be analyzed in regard of their Side-Channel Properties

Description

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANNs is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.


A Side-Channel attack can extract the network parameters such as number of type of layers as well as weights and bias values to build up his own copy of the network. Since neural networks are also very integrated in edge devices an attack often has physical access to the network. This means that Side Channel Attacks (SCA) are possible and must be considered as a thread.


Some attacks were already published. In [3] they completely retrieve an ANN executed on an ARM Cortex microcontroller. Since it is more common to execute an ANN on a more parallel HW to increase performance attacking FPGA implementations is also worthwhile. Dubey et al. published an attack on a binary neural network (BNN) implemented on a FPGA and furthermore masked the network in order to counter their network [4,5].

In this work, the Side-Channel properties of different model implementations should be analyzed and compared.

Start of Thesis: Jan 2022 or later


References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Maskednet: A pathway for secure inference against power side-channel attacks,” arXiv preprint arXiv:1910.13063, 2019.
[5] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

Prerequisites

VHDL/Verilog Knowledge, Sichere Implementierung Kryptographischer Verfahren (SIKA), Python Skills

Supervisor:

Matthias Probst, Manuel Brosch

Research Internships (Forschungspraxis)

Parameter Optimitzation for On-Chip Voltage Sensor

Description

In a Multi-tenant FPGA scenario multiple users have their own partial reconfigurable region on a single FPGA. Each of theses regions allows a single user to implement her/his design, without being able to directly interact with the design of another user on the same FPGA. So-called Time to Digital Converters (TDCs) can be used to perform remote side-channel attacks in such multi-tenant FPGAs, to extract secrets from other users.

The TDC is used as remote power measurement unit of the FPGA. The working principle is to use a long path in which timing violations are caused. Since the delay of transistors are proportional to the supply voltage, the amount of timing violations is a measure of the devices power consumption.

Different publications have already shown that cryptographic implementations [1, 2] and neural networks [3] can be attacked with such sensors.

In this work, design parameters of the TDC should be explored, in order to evaluate the influence on measurements of the on-device power consumption.

 

[1] F. Schellenberg, D. R. E. Gnad, A. Moradi, and M. B. Tahoori, “An inside job: Remote power analysis attacks on FPGAs,” in Design, Automation and Test in Europe Conference & Exhibition (DATE), 2018, pp. 1111–1116.

[2] O. Glamo?anin, L. Coulon, F. Regazzoni, and M. Stojilovi?, “Are cloud fpgas really vulnerable to power analysis attacks?” in 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 2020, pp. 1007–1010.

[3] V. Meyers, D. Gnad and M. Tahoori, "Reverse Engineering Neural Network Folding with Remote FPGA Power Analysis," 2022 IEEE 30th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM), 2022, pp. 1-10, doi: 10.1109/FCCM53951.2022.9786107.

Prerequisites

VHDL/Verilog knowledge, Python skills

Contact

manuel.brosch@tum.de
matthias.probst@tum.de

Supervisor:

Manuel Brosch, Matthias Probst

SCA of Neural Network HW-Implementations

Keywords:
SCA, Neural Networks, Hardware, FPGA
Short Description:
FPGA Implementations should be analyzed in regard of their Side-Channel Properties

Description

Neural Networks are inevitable in everyday life. Speech and face recognition as well as driverless cars are just some examples where Artificial Neural Networks (ANN) are used. Training a deep ANNs is very time-consuming and computational expensive. Thus, the intellectual property stored in an ANN is an asset worth to protect. Additionally, implementations on edge devices need to be power-efficient whilst maintaining a high throughput. [1] or [2] are examples for frameworks aiming to fulfill these requirements.


A Side-Channel attack can extract the network parameters such as number of type of layers as well as weights and bias values to build up his own copy of the network. Since neural networks are also very integrated in edge devices an attack often has physical access to the network. This means that Side Channel Attacks (SCA) are possible and must be considered as a thread.


Some attacks were already published. In [3] they completely retrieve an ANN executed on an ARM Cortex microcontroller. Since it is more common to execute an ANN on a more parallel HW to increase performance attacking FPGA implementations is also worthwhile. Dubey et al. published an attack on a binary neural network (BNN) implemented on a FPGA and furthermore masked the network in order to counter their network [4,5].

In this work, the Side-Channel properties of different model implementations should be analyzed and compared.

Start of Thesis: Jan 2022 or later


References:

[1] M. Blott, T. B. Preußer, N. J. Fraser, G. Gambardella, K. O’brien, Y. Umuroglu, M. Leeser, and K. Vissers, “Finn-r: An end-to-end deep-learning framework for fast exploration of quantized neural networks,” ACM Transactions on Reconfigurable Technology and Systems (TRETS), vol. 11, no. 3, pp. 1–23, 2018.
[2] Y. Umuroglu and M. Jahre, “Streamlined deployment for quantized neural networks,” arXiv preprint arXiv:1709.04060, 2017.
[3] L. Batina, S. Bhasin, D. Jap, and S. Picek, “{CSI}{NN}: Reverse engineering of neural network architectures through electromagnetic side channel,” in 28th {USENIX} Security Symposium ({USENIX} Security 19), pp. 515–532, 2019.
[4] A. Dubey, R. Cammarota, and A. Aysu, “Maskednet: A pathway for secure inference against power side-channel attacks,” arXiv preprint arXiv:1910.13063, 2019.
[5] A. Dubey, R. Cammarota, and A. Aysu, “Bomanet: Boolean masking of an entire neural network," arXiv preprint arXiv:2006.09532, 2020.

Prerequisites

VHDL/Verilog Knowledge, Sichere Implementierung Kryptographischer Verfahren (SIKA), Python Skills

Supervisor:

Matthias Probst, Manuel Brosch

Student Assistant Jobs

Measurement Setup Validation Framework

Keywords:
SCA, Measurements, Microcontroller, FPGA

Description

Our chair has a Side Channel Analysis (SCA) group analysing the side channel properties of mainly cryptographic implementations. Implementations are realized either on a microcontroller or FPGA based target. Since measurements often require similar setups on different lab desktops, ensuring a correctly working measurement setup is crucial. Thus, validation tests to verify the correctness of the newly build up measurement setup are required. Those tests perform SCA on a known target configuration before switching the target to a new crypto-implementation under test.

Within this position, you should implement a test methology for both microcontroller and FPGA. The test crypto-function as well as the framework for both is already present. Also measurements can be taken automatically. Thus, concretely you put all those parts together in a script for easy validation.

Prerequisites

  • Interest in side channel analysis
  • Interest in hands-on development of SCA-tools
  • Microcontroller Programming in C
  • VHDL
  • Python 3 knowledge
  • Fluency in German or English

    The position is not strictly limited to a number of weakly working hours.

Supervisor:

Matthias Probst

Teaching

Embedded Systems and Security in SoSe 20, WiSe 20/21

Publications

2022

  • Brosch, Manuel and Probst, Matthias and Sigl, Georg: Counteract Side-Channel Analysis of Neural Networks by Shuffling. 2022 Design, Automation & Test in Europe Conference & Exhibition (DATE), IEEE, 2022Antwerp, Belgium more…

2021

  • Gruber, Michael and Probst, Matthias and Karl, Patrick and Schamberger, Thomas and Tebelmann, Lars and Tempelmeier, Michael and Sigl, Georg: DOMREP – An Orthogonal Countermeasure for Arbitrary Order Side-Channel and Fault Attack Protection. IEEE Transactions on Information Forensics and Security (16), 2021, 4321-4335 more…

2020

  • Gruber, M.; Probst, M.; Tempelmeier, M.: Statistical Ineffective Fault Analysis of GIMLI. 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2020IEEE International Symposium on Hardware Oriented Security and Trust (HOST) more…

2019

  • Gruber, M. and Probst, M. and Tempelmeier, M.: Persistent Fault Analysis of OCB, DEOXYS and COLM. 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), 2019Atlanta, USA more…