top of page
Writer's pictureLatitude Design Systems

Hardware Security Attacks on Integrated Photonic AI Accelerators: A Review of Detection Techniques

Abstract

Integrated photonic AI accelerators (SPAAs) use silicon photonics to enable fast, energy-efficient optical computation. However, SPAAs are vulnerable to different types of hardware security attacks that target the opto-electrical interfaces and introduce interference into the optical signals, such as black hole, sinkhole, rerouting, IP hijacking, and flooding attacks. This paper explores different types of hardware security attacks targeting SPAAs, and proposes a non-intrusive technique based on side-channel analysis to detect interference in SPAAs without needing to modify internal hardware modules or transfer data to external hosts. This paper shows how these attacks can affect system performance by altering the power and phase distributions of optical signals, and proposes possible solutions. This paper also describes a two-step technique involving establishing baseline scenarios during initialization and comparing output values during execution. This paper demonstrates that this technique can successfully detect different attacks using SPAA simulation models.

Introduction

The integration of silicon photonics with AI accelerators enables fast, energy-efficient optical computation. However, integrated photonic AI accelerators (SPAAs) are vulnerable to hardware security attacks targeting the opto-electrical interfaces and introducing interference into the optical signals. This paper reviews hardware security attacks on SPAAs, and proposes a non-intrusive technique based on side-channel analysis to detect interference in SPAAs [1].

Background

This paper summarizes the work on silicon photonics design, optical computation, and hardware security, identifying the research gap that this paper aims to fill, which is to explore hardware security attacks on SPAAs [1]. With the integration of silicon photonics and AI hardware accelerators, silicon photonic AI accelerators (SPAAs) have been extensively studied. SPAAs use silicon photonics to enable fast, energy-efficient optical computation, showing great application potential in AI systems. However, while SPAAs have made breakthrough progresses in performance, their security issues have also gradually received attention. Unlike pure electronic systems, SPAAs are more vulnerable to hardware security attacks exploiting the opto-electrical interfaces. Therefore, studying the types of hardware security attacks on SPAAs and detection techniques is very important to ensure the secure operation of SPAAs. This paper comprehensively reviews existing research and identifies issues that have not been fully explored, in order to propose effective techniques for detecting security attacks on SPAAs and ensuring the security and reliability of SPAA systems.

Hardware Security Attacks on SPAAs:

This paper analyzes attacks such as black hole, sinkhole, rerouting, IP hijacking, and flooding attacks [1]. These attacks exploit the opto-electrical interfaces and introduce interference into the optical signals, impacting the inference accuracy of SPAAs. For example, black hole attacks can cause packet loss; flooding attacks deprive the ability to properly use the transmission path by injecting large amounts of noise signals. Literature shows that silicon photonic devices are very sensitive to temperature and process variations, which can generate phase noise in SPAAs, reducing inference accuracy. Attackers can also interfere with SPAAs by increasing temperature or attacking phase settings using HTs. Although there are security solutions for electronic systems, most are not applicable to SPAAs. Therefore, studying attacks specific to SPAAs is very necessary to find effective detection and defense means. By analyzing the specific manifestations of various known attacks in SPAAs, this paper identifies that the opto-electrical interfaces and phase noise are the main attacked surfaces, providing basis for subsequent proposal of detection techniques.


Overview of a controller integration with a SPAA
Figure 1. Overview of a controller integration with a SPAA. The electrical controller interfaces with the SPAA to configure it (e.g., set optical phases) [1]
Detection Techniques:

This paper proposes a non-intrusive technique based on side-channel analysis to detect interference in SPAAs without modifying internal hardware or transmitting data. This technique involves two steps of establishing baseline scenarios during initialization and comparing output values during execution. Hardware modules interact with the SPAA to collect transmission signal information. Attacks interfere with signal transmission and insert noise, which can be detected by analyzing noise differences. This avoids the need to modify hardware modules or offline computations. We introduce a two-step technique: first, establish baseline scenarios and store reference outputs during initialization; second, repeat baseline scenarios during execution and compare new and old output values. Trigger alarm if exceeding configured threshold. This method can detect runtime interference without modifying internal hardware. This paper proves by SPAA simulation that this technique can successfully detect different attacks. This technique provides an effective security measure and can significantly improve the anti-interference capability of SPAAs.

Photonic Devices and AI Accelerators:

Mach-Zehnder interferometers (MZIs) and microring resonators (MRRs) are widely used in different silicon photonic integrated circuits. An MZI is an interferometer containing two couplers and phase shifters on the arms. Constructive or destructive interference can be realized by introducing phase shifts in the MZI arms. MZIs are used to design coherent SPAAs. An MRR is a resonant wavelength selective device, and input signals can couple into the ring through electro-optic or thermo-optic effects. MRRs are used to design incoherent SPAAs. The configuration of silicon photonic nodes can be static or dynamic. Figure 1 shows an example of an electronic controller integrated with an SPAA. The controller can configure the operation of each silicon photonic node through electro-optic or thermo-optic tuning. For example, the controller can change the optical signal phase in an MZI by applying a voltage to adjust the microheater on the MZI arm. MZIs and MRRs can be used to design powerful photonic computing architectures capable of performing complex operations. Coherent SPAAs based on MZIs can be designed by performing coherent multiplication between the input vector and the weight matrix (defined by adjusting phase settings on different MZIs). The input optical signal multiplies with the phase settings representing weights to obtain the output. Thus, SPAAs can be used to implement neural networks for AI computation.

Hardware Security Attacks on SPAAs:

Optoelectronic systems are more vulnerable to attacks than pure electronic systems because they require multiple opto-electrical conversions. The operation of any photonic device depends on design parameters and temperature. For example, in the SPAA, attackers can increase the temperature, causing phase noise and reducing inference accuracy. The opto-electrical conversion interfaces are also vulnerable to attacks. Although there are solutions for electronic HTs, most do not apply to optoelectronic systems. The targets of optical HTs are the opto-electrical interfaces and the SPAA. Previous work proposed solutions by considering the characteristics of the optical path. This paper discusses attacks on SPAAs and their impacts, as well as defense mechanisms for detecting attacks. Unlike pure electronic systems, SPAAs face unique security threats and require special security handling. Existing work has mainly focused on electronic HTs, with only preliminary research involving SPAA security. By analyzing the specific methods and impacts of various known attacks on SPAAs, this paper clarifies the security risks it faces and how it differs from pure electronic systems, laying the foundation for subsequent research.

Detecting Interference in SPAAs:

This paper explores a non-intrusive method that relies on side-channel analysis. This method detects interference by measuring the output readings of the SPAA during operation. Hardware modules integrate with the electronic layer of the system and interact with the SPAA to collect transmission signal information. For example, black hole attacks interfere with signal transmission and insert noise. Noise differences can be used to detect interference in the SPAA. This method avoids the need to modify hardware modules or perform complex offline computations. We designed a two-step technique: first, establish baseline scenarios and store reference outputs during initialization; second, repeat baseline scenarios during execution and compare new outputs with stored outputs. Trigger alarm if difference exceeds configured threshold. The technique is used to detect runtime interference without modifying internal hardware. The side-channel analysis method can effectively achieve security detection without needing data transmission or module modification. This paper validates this technique through simulation, showing that it can successfully detect various attacks. This technique provides a feasible solution to ensure the secure operation of SPAAs.

Countermeasures

Effective countermeasures against SPAA attacks are crucial. Literature shows that interference in SPAAs can be detected by collecting transmission information and analyzing patterns, but it requires modifying modules or offline computation. The side-channel analysis technique proposed in this paper can avoid these two issues. In addition, carefully designed photonic circuit topologies are also very important to defend against attacks. For example, setting up optical monitoring units at critical nodes; adopting redundant designs to avoid single point failures; setting up optical firewalls to filter interfering optical signals. At the system level, optical virtual local area networks can be established to isolate suspicious nodes. On the other hand, using optical physical unclonable functions to enhance interface security and setting up dynamic optical watermarks to prevent IP hijacking. Finally, improving the overall robustness of the system is also very necessary, for example, using advanced training algorithms to reduce the impact of noise. The detection technique discussed in this paper can work synergistically with these countermeasure methods to comprehensively improve the anti-interference attack capability of SPAAs.

Results and Discussions

We can simulate different SPAAs using pSim simulator from PIC Studio to validate the side-channel analysis technique. We adopted different SPAA architectures, such as the structures and the PCNN structure. Our technique can easily detect attacks and trigger alarms. This technique effectively utilizes the low tolerance of silicon photonic nodes to variations. Simulation results prove that this technique can reliably detect various attacks and safeguard the secure operation of SPAA systems.

Conclusion

SPAAs require different opto-electrical interfaces, which makes them vulnerable to attacks. This paper studied different attacks exploiting these vulnerabilities and their impacts, and proposed possible countermeasures. We validated the detection technique based on side-channel analysis using SPAA simulation circuit models, proving that it can successfully detect different attacks. This paper comprehensively reviews SPAA security attacks and detection techniques, analyzes the mechanisms, impacts and countermeasures of different attacks, and proposes an effective non-intrusive detection technique based on side-channel analysis. This technique can improve the anti-interference capability of SPAAs, enabling their secure and reliable application to AI systems. This research can provide references for SPAA security assurance technologies.

Reference

[1]de Magalhães, F. G., Nikdast, M., & Nicolescu, G. (2023). Integrated Photonic AI Accelerators under Hardware Security Attacks: Impacts and Countermeasures. arXiv preprint arXiv:2309.02543.

Comments


bottom of page