The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

Miti-CAT: mitigating power side-channel vulnerabilities in FPGA-based CNN accelerators through distributed convolution computation

Miti-CAT: mitigating power side-channel vulnerabilities in FPGA-based CNN accelerators through distributed convolution computation
Miti-CAT: mitigating power side-channel vulnerabilities in FPGA-based CNN accelerators through distributed convolution computation

The integration of Field Programmable Gate Arrays (FPGAs) within heterogeneous systems, particularly in data centres, has significantly enhanced performance and adaptability at the system level, especially for complex tasks like image recognition. However, this advancement comes with security concerns, particularly when FPGAs are used to accelerate computations involving sensitive data, as inputs can be leaked through side-channel attacks. The study demonstrates the potential of such attacks using a Time-to-Digital Converter (TDC)-based inband control side-channel attack. In this paper, we present a novel countermeasure called Mini-CAT to protect FPGA-CNN accelerators against power-based side-channel attacks by splitting the computations in the first CNN layer. This method obscures power consumption, significantly reducing the likelihood of input data leakage. Experimental results show that the attack success rate is reduced from 71% to 37%, achieving a 34% improvement in security, while maintaining a classification accuracy above 97%. Furthermore, our experiments show a latency reduction of approximately 16.7%. The increased hardware overhead is acceptable, with LUT usage rising by only 1.01% due to the defence logic. Our work confirms that the proposed defence effectively mitigates these risks without compromising FPGA accelerator performance and without introducing any more redundant hardware.

CNN Accelerator, Defence Mechanism, FPGA, Side Channel Attack
1002-1007
IEEE
He, Jing
7cd1d9ff-ac06-4704-8d0b-bba6ad6f6253
Zwolinski, Mark
adfcb8e7-877f-4bd7-9b55-7553b6cb3ea0
He, Jing
7cd1d9ff-ac06-4704-8d0b-bba6ad6f6253
Zwolinski, Mark
adfcb8e7-877f-4bd7-9b55-7553b6cb3ea0

He, Jing and Zwolinski, Mark (2025) Miti-CAT: mitigating power side-channel vulnerabilities in FPGA-based CNN accelerators through distributed convolution computation. In 2025 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE. pp. 1002-1007 . (doi:10.1109/CSR64739.2025.11129992).

Record type: Conference or Workshop Item (Paper)

Abstract

The integration of Field Programmable Gate Arrays (FPGAs) within heterogeneous systems, particularly in data centres, has significantly enhanced performance and adaptability at the system level, especially for complex tasks like image recognition. However, this advancement comes with security concerns, particularly when FPGAs are used to accelerate computations involving sensitive data, as inputs can be leaked through side-channel attacks. The study demonstrates the potential of such attacks using a Time-to-Digital Converter (TDC)-based inband control side-channel attack. In this paper, we present a novel countermeasure called Mini-CAT to protect FPGA-CNN accelerators against power-based side-channel attacks by splitting the computations in the first CNN layer. This method obscures power consumption, significantly reducing the likelihood of input data leakage. Experimental results show that the attack success rate is reduced from 71% to 37%, achieving a 34% improvement in security, while maintaining a classification accuracy above 97%. Furthermore, our experiments show a latency reduction of approximately 16.7%. The increased hardware overhead is acceptable, with LUT usage rising by only 1.01% due to the defence logic. Our work confirms that the proposed defence effectively mitigates these risks without compromising FPGA accelerator performance and without introducing any more redundant hardware.

This record has no associated files available for download.

More information

Published date: 26 August 2025
Venue - Dates: 2025 IEEE International Conference on Cyber Security and Resilience (CSR), , Chania, Greece, 2025-08-04 - 2025-08-06
Keywords: CNN Accelerator, Defence Mechanism, FPGA, Side Channel Attack
Learn more about the School of Electronics and Computer Science Learn more about the Sustainable Electronic Technologies

Identifiers

Local EPrints ID: 507367
URI: http://eprints.soton.ac.uk/id/eprint/507367
DOI: doi:10.1109/CSR64739.2025.11129992
PURE UUID: 2be71756-552a-48fa-afe8-84ccbf3009ea
ORCID for Jing He: ORCID iD orcid.org/0000-0002-9174-0527
ORCID for Mark Zwolinski: ORCID iD orcid.org/0000-0002-2230-625X

Catalogue record

Date deposited: 05 Dec 2025 17:49
Last modified: 13 Mar 2026 03:05

Export record

Altmetrics

Contributors

Author: Jing He ORCID iD
Author: Mark Zwolinski ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×