Abstract

In recent years, neural networks have been applied to various applications. To speed up the evaluation, a method using binarized network weights has been introduced, facilitating extremely efficient hardware implementation. Using electromagnetic (EM) side-channel analysis techniques, this study presents a framework of model extraction from practical binarized neural network (BNN) hardware. The target BNN hardware is generated and synthesized using open-source and commercial high-level synthesis tools GUINNESS and Xilinx SDSoC, respectively. With the hardware implemented on an up-to-date FPGA chip, we demonstrate how the layers can be identified from a single EM trace measured during the network evaluation, and we also demonstrate how an attacker may use side-channel attacks to recover secret weights used in the network.