Search

KR-20260065602-A - Apparatus and method for hiding side-channel signals of an AI computing device using resource-efficient low-precision pseudo-weight operations

KR20260065602AKR 20260065602 AKR20260065602 AKR 20260065602AKR-20260065602-A

Abstract

The present invention relates to an apparatus and method for concealing electromagnetic radiation-based side-channel signals generated during the weight calculation process of an artificial intelligence model. It comprises a resource monitoring unit (110) that monitors the resource occupancy and idle state of a processor in real time, a pseudo-data generation unit (120) that generates low-precision pseudo-weight data with low computational complexity that is similar to actual weights and statistical waveform characteristics, and a calculation control unit (130) that dynamically inserts low-precision pseudo-calculations between actual weight calculation sequences within an identified idle resource range. The pseudo-calculations are performed as low-precision or binary operations of 4 bits or less, thereby reducing power consumption by more than 70%, utilizing idle cycles of pipeline bubbles and memory waiting times to avoid inference delays, and saving memory bandwidth by reusing pseudo-weights through a bit exchange method of already loaded actual weights. In a high-load state, the security range is dynamically reduced to a softmax layer or an activation function section, and only the low-power lower-computation unit (142) is selectively activated while the clock of the high-performance computation unit (141) is blocked.

Inventors

  • 안범주

Assignees

  • 안범주

Dates

Publication Date
20260508
Application Date
20260421

Claims (1)

  1. In a security device for concealing side-channel signals generated during the weight calculation process of an artificial intelligence model, A resource monitoring unit that monitors the resource occupancy and idle state of the processor where actual weight calculations are performed in real time; A pseudo-data generation unit that generates low-precision pseudo-weight data having similar actual weights and statistical waveform characteristics, but with a computational complexity lower than that of the actual weights; and It includes an operation control unit that dynamically inserts and executes a pseudo-operation based on the low-precision pseudo-weight between actual weight calculation sequences within the idle resource range identified by the resource monitoring unit, An artificial intelligence computing device characterized by the above pseudo-operation concealing an externally measured electromagnetic wave fingerprint by superimposing it with an actual computation waveform without affecting the actual computation result value, and minimizing additional power consumption and computation delay through the above low-precision computation.

Description

Apparatus and method for hiding side-channel signals of an AI computing device using resource-efficient low-precision pseudo-weight operations The present invention relates to an artificial intelligence (AI) computation security technology, and more specifically, to an apparatus and method for implementing a defense function against side-channel attacks without degrading actual computation performance by generating low-precision pseudo-weights with significantly lower computational complexity than actual weights to conceal side-channel signals, such as electromagnetic radiation and power consumption patterns, generated during the weight computation process of an artificial intelligence model, and dynamically inserting them between actual weight computation sequences within the idle resource range of a processor. Artificial intelligence models, particularly Deep Neural Networks (DNNs), generate inference results through large-scale matrix operations and iterative calculations on weight data. It has been widely demonstrated in academia and industry that during these computational processes, processors exhibit specific power consumption patterns and electromagnetic radiation characteristics, making Side-Channel Attacks (SCAs) possible—which allow for the inference of weight data or inference content by observing these externally. Side-channel attacks are broadly classified into Simple Power Analysis (SPA), Differential Power Analysis (DPA), and Electromagnetic Analysis (EMA). Among these, electromagnetic analysis can be performed without physical contact with the target device, posing a serious security threat, particularly in on-device AI environments. Attackers can detect electromagnetic radiation using high-sensitivity antennas near smartphones, edge devices, or embedded systems equipped with artificial intelligence models, and analyze it using signal processing techniques to back-extract weight data. There are two main approaches to defending against conventional side-channel attacks. The first is hardware shielding, which involves physically shielding processor chips or computing modules with conductive materials to suppress electromagnetic radiation itself. However, this method has limitations, such as significantly increased manufacturing costs, difficulties in heat management, and the fact that it is virtually impossible to apply, especially to small mobile devices or wearable devices. The second conventional technique is a masking method that inserts dummy operations or randomizes the order of operations at the software or firmware level. However, conventional dummy operation insertion methods had a vulnerability in that they performed dummy operations with the same level of computational complexity as actual weight operations or used dummy operations with fixed patterns, allowing an attacker to separate the actual operations from the dummy operations through statistical analysis. Furthermore, the excessive insertion of dummy operations increases the computational load on the processor, causing inference latency, resulting in additional power consumption, and producing side effects such as reduced usage time in battery-based devices. In particular, in on-device AI inference environments, processor resources are limited, making it difficult to allocate resources for separate security operations. Conventional technologies have not been able to overcome structural limitations, such as statically setting whether security functions are enabled or degrading the performance of the entire computation pipeline by a certain percentage when security functions are enabled. Therefore, there is a need for an economical security method that can effectively conceal side-channel signals without computational performance degradation while minimizing additional power consumption and memory bandwidth consumption. FIG. 1 is a block diagram showing the overall configuration of a side-channel signal hiding device of an artificial intelligence computing device according to one embodiment of the present invention. FIG. 2 is a comparison diagram showing power consumption and circuit area comparison between high precision of actual calculation (FP32) and low precision of pseudo-calculation (INT4 or lower) according to one embodiment of the present invention. FIG. 3 is a timing diagram illustrating a pseudo-operation insertion concept utilizing a processor pipeline bubble section and a memory access waiting time section according to an embodiment of the present invention. FIG. 4 is a conceptual diagram showing a pseudo-weight generation mechanism by bit-swapping according to an embodiment of the present invention. FIG. 5 is a flowchart illustrating a processor load-based variable security layer selection control flow according to an embodiment of the present invention. FIG. 6 is a diagram showing a selective activation and clock gating circuit of a low-power sub-arithmetic unit (Sub-ALU) according to one embodiment of the presen