Review of security techniques for memristor computing systems

Affiliation
Viterbi Faculty of Electrical and Computer Engineering ,Technion – Israel Institute of Technology ,Haifa ,Israel
Zou, Minhui;
GND
1104395037
Affiliation
Institute for Solid State Physics ,Friedrich Schiller University Jena ,Jena ,Germany
Du, Nan;
Affiliation
Viterbi Faculty of Electrical and Computer Engineering ,Technion – Israel Institute of Technology ,Haifa ,Israel
Kvatinsky, Shahar

Neural network (NN) algorithms have become the dominant tool in visual object recognition, natural language processing, and robotics. To enhance the computational efficiency of these algorithms, in comparison to the traditional von Neuman computing architectures, researchers have been focusing on memristor computing systems. A major drawback when using memristor computing systems today is that, in the artificial intelligence (AI) era, well-trained NN models are intellectual property and, when loaded in the memristor computing systems, face theft threats, especially when running in edge devices. An adversary may steal the well-trained NN models through advanced attacks such as learning attacks and side-channel analysis. In this paper, we review different security techniques for protecting memristor computing systems. Two threat models are described based on their assumptions regarding the adversary’s capabilities: a black-box (BB) model and a white-box (WB) model. We categorize the existing security techniques into five classes in the context of these threat models: thwarting learning attacks (BB), thwarting side-channel attacks (BB), NN model encryption (WB), NN weight transformation (WB), and fingerprint embedding (WB). We also present a cross-comparison of the limitations of the security techniques. This paper could serve as an aid when designing secure memristor computing systems.

Cite

Citation style:
Could not load citation form.

Rights

License Holder: Copyright © 2022 Zou, Du and Kvatinsky.

Use and reproduction: