Search papers, labs, and topics across Lattice.
This paper introduces a method for binding neural network models to specific hardware using Physically Unclonable Functions (PUFs). The approach links the NN model's weights to unique hardware properties derived from PUFs, ensuring that the model's accuracy degrades significantly when executed on cloned hardware. Experiments on various NN models demonstrate the effectiveness of this PUF-based binding in protecting the IP embedded within the models.
Stop neural network model theft: bind your models to specific hardware using PUFs, rendering them useless on clones.
More and more companies' Intellectual Property (IP) is being integrated into Neural Network (NN) models. This IP has considerable value for companies and, therefore, requires adequate protection. For example, an attacker might replicate a production machines' hardware and subsequently simply copy associated software and NN models onto the cloned hardware. To make copying NN models onto cloned hardware infeasible, we present an approach to bind NN models - and thus also the IP contained within them - to their underlying hardware. For this purpose, we link an NN model's weights, which are crucial for its operation, to unique and unclonable hardware properties by leveraging Physically Unclonable Functions (PUFs). By doing so, sufficient accuracy can only be achieved using the target hardware to restore the original weights, rendering proper execution of the NN model on cloned hardware impossible. We demonstrate that our approach accomplishes the desired degradation of accuracy on various NN models and outline possible future improvements.
