OPENPHASE - OPEN dataset of Physical side-channels for Ai SEcurity research

Side channel attacks are attacks that extract a secret from a device by analyzing a physically observable output (typically power consumption) produced by the device during computation. This class of attack is considered an extremely relevant threat to computer systems, particularly in cryptographic implementations. Research in this domain, both to understand the full capabilities of the attacker and to develop better countermeasures, requires access to measurements collected from a device during computation. Collecting such measurements is a challenging task which requires expertise and equipment, and is often difficult to reproduce. This problem was mitigated when datasets containing power traces needed for attacking cryptographic algorithms, in particular the AES algorithm, were made publicly available to the research community.

With the rapid diffusion of ML, researchers are shifting focus from cryptographic implementations to ML implementations, attempting to use side channels to extract valuable information about machine learning models. These attempts were successful [1, 2], and there is a clear need to better understand how these attacks affect the machine learning domain, and how such attacks can be mitigated or defeated. However, at the moment there are no public datasets for this problem, and research progress is limited because of this. This project aims at addressing this issue and bridging this gap by creating and making available to the community an open dataset for performing side-channel attacks on representative machine learning algorithms.

More specifically, during the project we will collect power and electromagnetic measurements of the execution of machine learning models, and we will make the collected traces available to the community, thereby unlocking the full potential of this research domain. We will target two different computing environments: a) micro-controllers and b) FPGAs. On these platforms we will take measurements of several neural network implementations that are representative of machine learning running on embedded environments. In addition to contributing to the scientific community, this project—by openly placing a long-awaited dataset—will position USI at the forefront of research in machine learning security.