Call for papers

Artificial intelligence is progressing ever faster with new applications and results that would not be possible only a few years ago. At the same time, hardware security is becoming increasingly important for embedded systems applications where the number of such applications keeps on growing. The connection between AI and hardware security is becoming more prominent. Today, there are numerous applications where AI has either an offensive or defensive role for HW security. AIHWS aims to position itself in the intersection of these topics and provide a space where ideas converge into exciting new approaches for HW security. This workshop will provide an environment for researchers from academic and industrial domains to discuss findings and on-going work on all aspects of hardware security and artificial intelligence including design, attacks, manufacturing, testing, validation, utilization.

Topics of the workshop

  • Side-channel attacks and countermeasures

  • Trustworthy manufacturing and testing of secure devices

  • Validation and evaluation methodologies for physical security

  • Reconfigurable devices for security

  • Hardware Trojans

  • Fault injection attacks

  • Physical Unclonable Function (PUFs)

  • Security of Artificial Intelligence (AI)

  • AI-assisted design cycle

Submission

We encourage researchers working on all aspects of AI and HW security to take the opportunity and use AIHWS to share their work and participate in discussions. The authors are invited to submit the papers using EasyChair submission system. The link for submission will be posted later.
Every accepted paper must have at least one author registered for the workshop. All submissions must follow the original LNCS format with a page limit of 18 pages, including references and possible appendices. Papers should be submitted electronically in PDF format. The post-proceedings will be published by Springer in the LNCS series.
The best workshop paper award is selected from all workshops. Each workshop nominates a candidate paper, and the winning paper is selected among them.

Important dates (AoE)

Extended deadlines

Workshop paper submission deadline: Apr 16, 2021

previously Mar 27, 2021

Workshop paper notification: May 8, 2021

previously Apr 27, 2021

Camera-ready papers for pre-proceedings: May 15, 2021

previously May 10, 2021

Workshop date: June 21, 2021

ACNS Springer LNCS

Accepted papers

A Good Anvil Fears No Hammer: Automated Rowhammer Detection using Unsupervised Deep Learning

Anirban Chakraborty1, Manaar Alam1, and Debdeep Mukhopadhyay1

Indian Institute of Technology, Kharagpur1


Towards Real-Time Deep Learning-based Network Intrusion Detection on FPGA

Laurens Le Jeune1,2, Toon Goedemé2, and Nele Mentens1,3

ES&S - imec-COSIC, ESAT, KU Leuven, Belgium1, EAVISE - PSI, ESAT, KU Leuven, Belgium2, LIACS, Leiden University, The Netherlands3


Model Evasion Attacks Against Partially Encrypted Deep Neural Networks in Isolated Execution Environment

Kota Yoshida1 and Takeshi Fujino1

Ritsumeikan University, Shiga, Japan1


On Reverse Engineering Neural Network Implementation on GPU

Lukasz Chmielewski1,3 and Leo Weissbart1,2

Radboud University, Nijmegen, The Netherlands1, Delft University of Technology, The Netherlands2, Riscure BV, The Netherlands3


On the Importance of Pooling Layer Tuning for Profiling Side-channel Analysis

Lichao Wu1 and Guilherme Perin1

Delft University of Technology, The Netherlands1


Towards Trained Model Confidentiality and Integrity using Trusted Execution Environments

Tsunato Nakai1,2, Daisuke Suzuki1, and Takeshi Fujino2

Mitsubishi Electric Corporation, Japan1, Ritsumeikan University, Japan2

Keynotes

Internet of Threats: Federated Anomaly Detection in IoT and Challenges

Ahmad-Reza Sadeghi, TU Darmstadt, Germany

IoT devices are increasingly deployed in daily life. Many of these devices are, however, vulnerable to attacks due to insecure designs, implementation, and configuration and many networks already contain vulnerable IoT devices that can be compromised. An entirely new category of malware has emerged, specifically targeting IoT devices. Existing intrusion detection techniques are not effective in the IoT settings, due to the inherent massive heterogeneity of IoT devices originating from hundreds if not thousands of different IoT device vendors with very different approaches and solutions regarding IoT device security.
To resolve these deficiencies, new solutions need to be developed. In this talk we will present our recent work on Intrusion Detection in IoT networks based on Federated Learning. An important goal has been the ability to operate the system in an autonomous and self-learning way, while allowing to effectively detect compromised IoT devices. We see the benefit and potential of this approach in establishing a more effective way to cope with emerging new and unknown attacks. Finally, we briefly discuss the threat of poisoning attacks on federated learning and countermeasures.

Ahmad-Reza Sadeghi is a professor of Computer Science at the TU Darmstadt, Germany. He is the head of the Systems Security Lab at the Cybersecurity Research Center of TU Darmstadt. Since 2012 he has also been leading three several Intel Collaborative Research Centers on Secure Mobile and Embedded Computing, Trustworthy Autonomous Systems, and since 2020 on Private AI. Prof. Sadeghi holds a Ph.D. in Computer Science and MScs in Electrical Engineering as well as Industrial Engineering. Prior to academia, he has been working in R&D of Telecommunications enterprises, amongst others Ericsson.
He has been continuously contributing to security and privacy as well as systems research community. He was Editor-In-Chief of IEEE Security and Privacy Magazine, served on the editorial board of the ACM Transactions on Information and System Security (TISSEC), and ACM Books, ACM TODAES, ACM TIOT and ACM DTRAP. For his influential research on Trusted and Trustworthy Computing he received the renowned German “Karl Heinz Beckurts” award. This award honors excellent scientific achievements with high impact on industrial innovations in Germany.
In 2018, Prof. Sadeghi received the ACM SIGSAC Outstanding Contributions Award for dedicated research, education, and management leadership in the security community and for pioneering contributions in content protection, mobile security and hardware-assisted security. SIGSAC is ACM’s Special Interest Group on Security, Audit and Control.

Machine Learning for Hardware Security: Standing on the Shoulders of Giants

Fatemeh Ganji, Worcester Polytechnic Institute, USA

In an era characterized by increasing cybersecurity threats, we have witnessed the ever-continuing competition between system designers/manufacturers and adversaries that maliciously break the security of systems. This is partially due to the lack of systematic and provable methods, which can assess the security of a system. This lack of methods is present despite the existence of well-known and acknowledged frameworks developed in cryptography and its “sister field”, i.e., machine learning. This talk aims to explore the close relationship between machine learning and cryptography and provide examples of physical systems, whose security can be assessed from the point of view of machine learning.

Fatemeh Ganji is an assistant professor at the ECE and Cybersecurity departments of Worcester Polytechnic Institute (WPI). Before joining WPI, Fatemeh was a Post Doctoral Associate at the University of Florida (from 2018-2020) and at the Telecom Innovation Laboratories/Technical University of Berlin (from 2017-2018). For her dissertation with the title “On the Learnability of Physically Unclonable Functions”, she was awarded the BIMoS Ph.D. Award 2018 and nominated by the Technical University of Berlin for ACM Dissertation Award. Fatemeh’s research focuses on interdisciplinary approaches covering two main angles of hardware security, namely machine learning and cryptography.

Program

The program starts at 11:45 pm, CEST time (UTC + 2).

TIME
CEST (UTC+2)
SESSION/TITLE
11:45 - 12:00 Welcome note from the organizers
Session 1: Security of AI
12:00 - 14:15
12:00 - 13:00 Keynote talk 1: Internet of Threats: Federated Anomaly Detection in IoT and Challenges
Ahmad-Reza Sadeghi, TU Darmstadt, Germany
13:00 - 13:25 Towards Trained Model Confidentiality and Integrity using Trusted Execution Environments
Tsunato Nakai, Daisuke Suzuki and Takeshi Fujino
13:25 - 13:50 Model Evasion Attacks Against Partially Encrypted Deep Neural Networks in Isolated Execution Environment
Kota Yoshida and Takeshi Fujino
13:50 - 14:15 On Reverse Engineering Neural Network Implementation on GPU
Łukasz Chmielewski and Léo Weissbart
14:15 - 15:00 Break
Session 2: AI for Security
15:00 - 17:15
15:00 - 16:00 Keynote talk 2: Machine Learning for Hardware Security: Standing on the Shoulders of Giants
Fatemeh Ganji, Worcester Polytechnic Institute, USA
16:00 - 16:25 A Good Anvil Fears No Hammer: Automated Rowhammer Detection using Unsupervised Deep Learning
Anirban Chakraborty, Manaar Alam and Debdeep Mukhopadhyay
16:25 - 16:50 On the Importance of Pooling Layer Tuning for Profiling Side-channel Analysis
Lichao Wu and Guilherme Perin
16:50 - 17:15 Towards Real-Time Deep Learning-based Network Intrusion Detection on FPGA
Laurens Le Jeune, Toon Goedemé and Nele Mentens
17:15 - 17:30 Farewell and discussion for future editions of AIHWS

Organizing Committee

Technical Program Committee

Shivam Bhasin, Nanyang Technological University, Singapore

Ileana Buhan, Radboud University, The Netherlands

Lukasz Chmielewski, Radboud University, and Riscure, The Netherlands

Chitchanok Chuengsatiansup, The University of Adelaide, Australia

Elena Dubrova, KTH Royal Institute of Technology, Sweden

Fatemeh Ganji, Worcester Polytechnic Institute, United States

Julio Hernandez-Castro, University of Kent, United Kingdom

Naofumi Homma, Tohoku University, Japan

Dirmanto Jap, Nanyang Technological University, Singapore

Alan Jović, University of Zagreb, Croatia

Liran Lerman, Thales, Belgium

Eleonora Losiouk, University of Padova, Italy

Luca Mariot, TU Delft, The Netherlands

Nele Mentens, Leiden University, The Netherlands, and KU Leuven, Belgium

Debdeep Mukhopadhyay, IIT Kharagpur, India

Kostas Papagiannopoulos, Radboud University, The Netherlands

Kazuo Sakiyama, The University of Electro-Communications, Japan

Shahin Tajik, Worcester Polytechnic Institute, United States

Vincent Verneuil, NXP Semiconductors, Germany

Nikita Veshchikov, QualSec at Université Libre de Bruxelles, Belgium

Web Chair

Marina Krček, TU Delft, The Netherlands

Questions about the workshop?
Contact Us