Search

KR-20260068044-A - Active Disturbance Security Apparatus Based on Computation Cycle Synchronization to Counter Electromagnetic Side-Channel Attacks on AI Computing Processors

KR20260068044AKR 20260068044 AKR20260068044 AKR 20260068044AKR-20260068044-A

Abstract

The present invention discloses an active disturbance security device for responding to electromagnetic side-channel attacks on an artificial intelligence computation processor (10). The device includes: a signal detection unit (100) that monitors the real-time power consumption and computation cycle of the processor (10); a signal generation unit (200) that is synchronized with the computation cycle and generates a disturbance signal in the same frequency band as the electromagnetic waves emitted by the processor (10); and a disturbance antenna unit (300) that is positioned adjacent to the processor (10) and radiates the disturbance signal to the outside to conceal the unique computation waveform of the processor (10). The computation cycle synchronization method fundamentally blocks ensemble average attacks compared to the conventional random noise method and achieves AI processor-specific security effects through automatic determination of inference/learning mode, closed-loop adaptive control, and a multi-layered defense system.

Inventors

  • 안범주

Assignees

  • 안범주

Dates

Publication Date
20260513
Application Date
20260426

Claims (1)

  1. In an external disturbance system for the security of an artificial intelligence computing device, A signal detection unit that monitors real-time power consumption and computation cycles of an artificial intelligence computation processor; A signal generator that generates a disturbance signal in the same frequency band as the electromagnetic waves emitted from the processor, synchronized with the operation cycle transmitted from the signal detection unit; and An artificial intelligence computation security device characterized by including a disturbance antenna section disposed adjacent to the processor and concealing the processor's unique computation waveform by radiating the disturbance signal to the outside.

Description

Active Disturbance Security Apparatus Based on Computation Cycle Synchronization to Counter Electromagnetic Side-Channel Attacks on AI Computing Processors The present invention relates to security for an artificial intelligence (AI) computation processor, and more specifically, to an active disturbance security device that protects computation information from electromagnetic side-channel attacks by monitoring electromagnetic waves emitted from an artificial intelligence computation processor (10) in real time and generating a disturbance signal synchronized with the computation cycle of the processor (10) and radiating it to the outside. Processors specialized for artificial intelligence computation, such as neural network processing units (NPUs), graphics processing units (GPUs), and tensor processing units (TPUs), perform highly repetitive and regular computational patterns, such as matrix operations, convolution operations, and backpropagation algorithms. These regular computational patterns cause periodic electromagnetic wave emissions through fluctuations in the operating current and voltage of the processor (10), which become a primary target for electromagnetic side-channel attacks (ESCA). An electromagnetic side-channel attack is a non-invasive attack technique in which an attacker places a probe antenna near a processor (10) to collect emitted electromagnetic waves, and then traces back sensitive information such as model weights, inference input data, and secret keys being computed through Correlation Electromagnetic Analysis (CEMA), Simple Electromagnetic Analysis (SEMA), or deep learning-based signal analysis. In particular, unlike general cryptographic computing chips, the artificial intelligence processor (10) performs millions of iterative operations, so there is a problem that statistical signal recovery using ensemble averaging techniques is extremely easy. Conventional countermeasures include, first, the application of a Faraday cage for electromagnetic shielding, but this blocks the heat dissipation path, causing the processor (10) to overheat, and is practically impossible to apply, especially in a GPU cluster environment. Second, internal noise injection methods such as ASNI (Attenuated Signature Noise Injection) have been studied, but this is based on application at the chip design stage, so it is impossible to apply it to products released later. Third, a method of masking EMI by combining a random noise generator and an antenna (e.g., US9496981B2) has been disclosed, but this method has a fundamental limitation in that since it generates a random signal, if an attacker performs an ensemble average of multiple measurements, the random component is canceled out and the original computational waveform can be restored. Therefore, a new security device is required that can monitor the real-time operation cycle of the artificial intelligence operation processor (10) and radiate a disturbance signal aligned with it to the outside to effectively conceal the unique operation waveform of the processor (10). The problem to be solved The problem that the present invention aims to solve is to respond to electromagnetic side-channel attacks on an artificial intelligence computation processor (10), and specifically aims to solve the following problems. First, the purpose is to generate a disturbance signal synchronized with the operation cycle of the processor (10) to fundamentally block the attacker's ensemble average attack. Second, the purpose is to maximize security efficiency by operation type by determining the inference mode and learning mode of the artificial intelligence processor (10) in real time and generating an optimized disturbance waveform corresponding to each mode. Third, the purpose is to suppress the residual computation waveform below a threshold value by continuously optimizing the amplitude and phase of the disturbance signal through closed-loop adaptive control. Fourth, the purpose is to provide a multi-layered defense system that detects external probing attempts in real time, automatically switches to emergency reinforcement mode, and generates a security interrupt to the processor (10). means of solving the problem To solve the above problem, the present invention provides an artificial intelligence computation security device comprising a signal detection unit (100), a signal generation unit (200), and a disturbance antenna unit (300). The above signal detection unit (100) monitors the real-time power consumption and computation cycle of the artificial intelligence computation processor (10), and includes a power change rate calculation unit (110) and a cycle detection unit (120) to precisely detect the start and end times of the computation. The signal generation unit (200) is synchronized with the operation cycle transmitted from the signal detection unit (100) to generate a disturbance signal of the same frequency band as the electromagnetic wave emitted from the pr