Le Nam Hieu NGUYEN

Abstract: With the rapid development of systems with functions based on Artificial Intelligence, a growing number of applications require the implementation of safe and secure neural networks (NNs); examples include the automotive, avionics, healthcare, and industrial control sectors. These applications require implementations that are efficient in computing power but optimized in cost and consumption, hence the need for dedicated digital circuits. These circuits must also be robust against faults due to either natural disturbances or malicious actions. They must also resist other types of attacks that threaten system security, including side-channel attacks (SCAs) analyzing consumption or electromagnetic emission profiles.
* Research Problem:
Fault protections have significant costs in hardware complexity, consumption, and/or computing power. Part of the challenge is to exploit the intrinsic characteristics of RNs to achieve better tradeoffs between costs and robustness. Another aspect of the challenge is to ensure that fault protections do not increase leaks that can be exploited by SCA attacks.
* Thesis Objectives:
Conventional fault protection approaches will be revisited and improved to take into account the dual constraints of safety and security. New approaches will be proposed to take into account the full range of threats more comprehensively. These approaches will be evaluated on significant examples of neural networks.
Furthermore, one of the advantages of RNs is their intrinsic tolerance of a certain level of imprecision, favorable to the use of optimization techniques by approximate computing (AxC). As part of the thesis, AxC will be integrated into the overall methodology to increase robustness while proposing less expensive approaches than traditional approaches. One of the work directions will therefore be the exploitation of this new computing paradigm in the context of defining a holistic approach towards increased security, combining protection against faults and reduced sensitivity to SCA.
The proposed approaches will be evaluated both on a physical platform based on FPGAs, and by simulation for specific circuit implementations (ASICs). For FPGAs, a compact platform, reducing the need for measuring instruments, is currently available. It will be extended and improved to automate consumption measurements on prototypes and carry out different types of attacks (DPA, CPA ...).