Les commentaires sont clos.

Master/Engineering Internship and/or Fully Funded PhD follow-up

19 December 2022

Catégorie : Stagiaire

Hardware Trojan Benchmark and Machine Learning-based Security Model for Deep Neural Network Accelerators (BlueFALCON)

Supervising: Low Power and Secure Silicon Research Group International (LPSS Research)


1-Yehya NASSER, Associate Professor, IMT Atlantique, Lab-STICC, 2AI Team, LPSS Research, France.

2-Mohamad NASSAR, Associate Professor, New Haven University, Cyber-Crime Center, LPSS Research, USA.

3-Amer Baghdadi, Professor, IMT Atlantique, Lab-STICC, 2AI Team, LPSS Research, France.


Industrial partners: Interface Concept& SAFRAN Data Systems.

Starting date: February 2023 (for the Internship); September 2023 (for the PhD).

Location: IMT Atlantique/Lab-STICC, Brest, France

Skills: FPGA; VHDL/SystemVerilog/Verilog/Python/C++/Scala; Machine Learning; Security.

Keywords: Hardware Trojan, FPGA, DNN, Benchmark, Security, Side Channel, Power.


Application deadline: 2023-01-23


Study context: Study ContextNowadays, Artificial Intelligence (AI) algorithms are used in the majority of applications such as autonomous cars, mobile communications, military, internet of things, control systems, healthcare, and in many industrial sectors. In practice, these applications are implemented on complex hardware embedded systems (SoC-FPGAs) that represent their backbone infrastructure. The proliferation of AI applications and its inference on hardware platforms such as FPGAs, opens new important challenges, in particular related to their security. In order to secure an artificial intelligence system, it is very important to secure their hardware infrastructure. For this reason, the interplay between machine learning and security is becoming more prominent [2]. Hardware-oriented attack techniques such as fault injection, hardware trojans insertion, and side-channel attacks have exposed critical vulnerabilities in deep learning hardware platforms [1]. Moreover, we think that the security problems in AI inference in FPGAs require more attention from the hardware and the cybersecurity research community. For this purpose, we are willing to develop a benchmark for hardware trojans that targets the implementation (inference) of Deep Neural Networks (DNN) accelerators on FPGAs. The developed benchmark will help to deliver a comprehensive security model to countermeasure the hardware trojan in AI FPGA, in particular, we will focus on Machine Learning-based (ML) security models.

Scientific content and objectives: Scientific content and objectivesRecently, most of companies use the business model of decentralized production flow [7]. This is done by using third-party Intellectual Property (IP) vendors, other trusted and untrusted entities (it could be untrusted employees in a trusted entity). This opens the door to many security issues, and especially hardware trojans. The aim of Hardware Trojan (HT) is to change function/specifications, leak data, or denial of service. For this purpose, the researchers are always trying to develop more efficient detection models. Nowadays, they tried to utilize machine learning to develop detection models [3, 4, 5]. It is true that machine learning is a potential candidate to deliver reliable HT model detection. However, the efficiency and the accuracy of the machine learning-based security models are highly correlated to the training data produced from HT benchmarks. Most of the work is conducted and verified on existing benchmarks that do not reflect the real application in the field [6]. To this end, our project proposes a set of Hardware Trojans (HTs) benchmarks designed for Deep Neural Networks Inference Implementation on FPGAs. In addition, we propose to deliver a machine-learning-based hardware trojan detection model utilizing application specific dataset extracted from our suggested benchmarks. To develop the ML-based security models, we will investigate the side channel data like the power and the electromagnetic fields.

The originality of this proposal involves the methodology of hardware trojan benchmarks developments dedicated to DNN implementation on FPGAs, and the development of application specific machine-learning-based model for hardware trojan detection for DNN accelerators. To this end, we can summarize our approach to achieve the goals of the project as follows:


  • Benchmark Preparation: To develop DNN hardware trojans for FPGA architectures based on the following constraints (change DNN function, leak data during DNN inference time and denial of service of the implemented DNN).

  • Benchmark Side Channel Analysis: To Implement the DNN HT and HT-free on FPGA, and to characterize the side channel data such as power and electromagnetic data.

  • Model Construction: To Model the relationship between the specifications of HT and HT-free and the side channel data. This could be achieved using the state of art of supervised/self supervised machine learning model.

  • Model Detection: To validate our proposed model with unseen HT for DNN inference implementation on FPGA.




[1] Q. Xu, M. Tanvir Arafin and G. Qu, "Security of Neural Networks from Hardware Perspective: A Survey and Beyond," 2021 26th Asia and South Pacific Design Automation Conference (ASP-DAC), 2021, pp. 449-454.

[2] Lejla Batina, Shivam Bhasin, Dirmanto Jap, and Stjepan Picek. CSI NN: Reverse engineering of neural network architectures through electromagnetic side channel. In 28th USENIX Security Symposium, pages 515–532, 2019.

[3] Ning Shang, An Wang, Yaoling Ding, Keke Gai, Liehuang Zhu, Guoshuang Zhang, A machine learning based golden-free detection method for command-activated hardware Trojan, Information Sciences, Volume 540, 2020, Pages 292-307, ISSN 0020-0255,

[4] K. Hasegawa, Y. Shi and N. Togawa, "Hardware Trojan Detection Utilizing Machine Learning Approaches," 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018, pp. 1891-1896, doi: 10.1109/TrustCom/BigDataSE.2018.00287.

[5] Dong C, Chen J, Guo W, Zou J. “A machine-learning-based hardware-Trojan detection approach for chips in the Internet of Things. International Journal of Distributed Sensor Networks”, 2019, 15, 12, doi: 10.1177/1550147719888098

[6] A. Damljanovic, A. Ruospo, E. Sanchez and G. Squillero, "A Benchmark Suite of RT-level Hardware Trojans for Pipelined Microprocessor Cores," 2021 24th International Symposium on Design and Diagnostics of Electronic Circuits & Systems (DDECS), 2021, pp. 51-56, doi: 10.1109/DDECS52668.2021.9417061.

[7] X. Zhang and M. Tehranipoor, "Case study: Detecting hardware Trojans in third-party digital IP cores," 2011 IEEE International Symposium on Hardware-Oriented Security and Trust, 2011, pp. 67-70, doi: 10.1109/HST.2011.5954998.