Search

KR-20260065601-A - AI computing apparatus for side-channel attack defense based on random sampling and dummy bursts

KR20260065601AKR 20260065601 AKR20260065601 AKR 20260065601AKR-20260065601-A

Abstract

The present invention relates to an artificial intelligence computing device that conceals side-channel signals generated during weight calculation of an artificial intelligence model using random sampling-based dummy burst signals, comprising a security scheduler (110) that monitors the actual weight calculation sequence of the artificial intelligence model and determines a point for injecting a disturbance signal, a noise generator (120) that generates a dummy burst signal with characteristics similar to the actual calculation waveform at irregular and random times, and a signal synthesis unit (130) that superimposes the dummy burst signal onto the actual calculation signal to distort the statistical significance of an electromagnetic wave signal measured from the outside, wherein the dummy burst signal is generated intermittently only in a part of a sampled section of the entire calculation sequence, thereby maintaining the calculation overhead at less than 5% while providing the effect of fundamentally blocking statistical analysis based on averaging by external attackers.

Inventors

  • 안범주

Assignees

  • 안범주

Dates

Publication Date
20260508
Application Date
20260421

Claims (1)

  1. In a secure computing device that conceals side-channel signals generated during the weight computation process of an artificial intelligence model, A security scheduler that monitors the sequence in which actual weight operations of an artificial intelligence model are performed and determines the point within the sequence to inject a disturbance signal; A noise generator that generates a short-duration dummy burst signal having characteristics similar to the electromagnetic wave waveform of the actual operation at irregular and random times determined by the above security scheduler; and It includes a signal synthesis unit that superimposes the dummy burst signal during the actual weighting operation to forcibly distort the statistical significance of the entire electromagnetic wave signal measured externally, and An artificial intelligence computing device characterized by the fact that the above dummy burst signal occurs intermittently only in a sampled section of the entire computation sequence, thereby minimizing additional computational overhead due to security application.

Description

AI computing apparatus for side-channel attack defense based on random sampling and dummy bursts The present invention relates to a security technology for an artificial intelligence computing device, and more specifically, to an artificial intelligence computing device that neutralizes statistical signal analysis performed by an external attacker by synthesizing side-channel signals, such as electromagnetic waves and power consumption patterns emitted by hardware during the weight calculation process of an artificial intelligence model, with dummy burst signals generated at the time of random sampling. Artificial intelligence models, particularly large-scale deep learning models, possess billions of weight parameters, and these weights are the core of intellectual property learned through long-term, large-scale computations and massive costs. However, when these weights are actually computed on hardware, processor cores consume different currents depending on the content of the computation, and these changes in current are radiated into external space in the form of electromagnetic waves. An attack technique that utilizes this phenomenon, where physical signals change depending on the content of the computation, is called a Side-Channel Attack (SCA). Among side-channel attacks, Power Analysis Attacks and Electromagnetic Analysis Attacks (EMA) are known to be particularly powerful threats. Attackers collect signals emitted around computing units using electromagnetic measurement equipment and gather measured signals by repeating the same computation thousands to tens of thousands of times. Subsequently, when the collected signals are horizontally averaged, random noise components unrelated to the computation cancel each other out and disappear, while only the signal components dependent on weighting computation are statistically highlighted and converge. This is called Differential Power Analysis (DPA) or Correlation Electromagnetic Analysis (CEMA), and through these statistical signal analysis techniques, attackers can inversely calculate the weight values processed within the processor. Conventional side-channel attack defense techniques mainly include masking, shuffling, and dummy operation insertion. The masking technique applies a random mask to actual weight values at the computational level; however, it suffers from high algorithmic implementation complexity and structural vulnerabilities where the mask values themselves become targets of side-channel attacks. The shuffling technique randomly mixes the order of operations, but the applicable range of shuffling is severely limited in deep learning inference processes that have strong computational dependencies. The dummy operation insertion technique disrupts signals by performing fake operations using the same hardware resources as the actual operations; however, since the amount of dummy operations increases proportionally to the amount of actual operations, it leads to serious overhead issues where power consumption and computational delay increase by at least twofold. Furthermore, if the entire dummy operation is inserted in a regular pattern, there was a limitation in that this regularity itself functions as new side-channel information, allowing an attacker to statistically separate it. Therefore, a new paradigm of side-channel defense technology is required that can fundamentally block the convergence of statistical signals from external attackers while minimizing computational overhead. FIG. 1 is an overall block diagram of a random sampling-based security computation device (100) according to one embodiment of the present invention. Figure 2 is an example of an actual weight operation sequence along the time axis and an irregular insertion waveform of a dummy burst signal. Figure 3 is a comparison graph illustrating the principle by which an external attacker's average-based statistical analysis is distorted by dummy bursts. FIG. 4 is a detailed block diagram showing a pseudo-waveform generation mechanism that simulates an actual computational waveform in a noise generation unit (120). FIG. 5 is a graph showing the adaptive sampling rate control operation of the security scheduler (110). Figure 6 is a time-axis waveform showing the dual defense effect of random micro-delay and dummy burst. FIG. 7 is a hardware layout diagram of a dummy load circuit (124) separated from the operation unit of the main processor (140). Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the attached drawings. Unless otherwise specifically defined, terms used in this specification shall be interpreted according to their commonly understood meanings in the relevant technical field. In the process of describing the present invention, if it is determined that a description of related known functions or configurations may unnecessarily obscure the essence of the present invention, such detailed description will be