Artificial intelligence is progressing ever faster with new applications and results that would not be possible only a few years ago. At the same time, hardware security is becoming increasingly important for embedded systems applications where the number of such applications keeps on growing. The connection between AI and hardware security is becoming more prominent. Today, there are numerous applications where AI has either an offensive or defensive role for HW security. AIHWS aims to position itself in the intersection of these topics and provide a space where ideas converge into exciting new approaches for HW security. This workshop will provide an environment for researchers from academic and industrial domains to discuss findings and on-going work on all aspects of hardware security and artificial intelligence including design, attacks, manufacturing, testing, validation, utilization.
We encourage researchers working on all aspects of AI and HW security to take the opportunity and use AIHWS to share their work and participate in discussions.
The authors are invited to submit the papers using EasyChair submission system. The link for submission will be posted later.
Every accepted paper must have at least one author registered for the workshop. All submissions must follow the original LNCS format with a page limit of 18 pages, including references and possible appendices. Papers should be submitted electronically in PDF format. The post-proceedings will be published by Springer in the LNCS series.
The best workshop paper award is selected from all workshops. Each workshop nominates a candidate paper, and the winning paper is selected among them.
Workshop paper submission deadline: Apr 16, 2021
previously Mar 27, 2021
Workshop paper notification: May 8, 2021
previously Apr 27, 2021
Camera-ready papers for pre-proceedings: May 15, 2021
previously May 10, 2021
Workshop date: June 21, 2021
Indian Institute of Technology, Kharagpur1
ES&S - imec-COSIC, ESAT, KU Leuven, Belgium1, EAVISE - PSI, ESAT, KU Leuven, Belgium2, LIACS, Leiden University, The Netherlands3
Ritsumeikan University, Shiga, Japan1
Radboud University, Nijmegen, The Netherlands1, Delft University of Technology, The Netherlands2, Riscure BV, The Netherlands3
Delft University of Technology, The Netherlands1
Mitsubishi Electric Corporation, Japan1, Ritsumeikan University, Japan2
IoT devices are increasingly deployed in daily life. Many of these devices are, however, vulnerable to attacks due to insecure designs, implementation, and configuration and many networks already contain vulnerable IoT devices that can be compromised. An entirely new category of malware has emerged, specifically targeting IoT devices. Existing intrusion detection techniques are not effective in the IoT settings, due to the inherent massive heterogeneity of IoT devices originating from hundreds if not thousands of different IoT device vendors with very different approaches and solutions regarding IoT device security.
To resolve these deficiencies, new solutions need to be developed. In this talk we will present our recent work on Intrusion Detection in IoT networks based on Federated Learning. An important goal has been the ability to operate the system in an autonomous and self-learning way, while allowing to effectively detect compromised IoT devices. We see the benefit and potential of this approach in establishing a more effective way to cope with emerging new and unknown attacks. Finally, we briefly discuss the threat of poisoning attacks on federated learning and countermeasures.
Ahmad-Reza Sadeghi is a professor of Computer Science at the TU Darmstadt, Germany. He is the head of the Systems Security Lab at the Cybersecurity Research Center of TU Darmstadt. Since 2012 he has also been leading three several Intel Collaborative Research Centers on Secure Mobile and Embedded Computing, Trustworthy Autonomous Systems, and since 2020 on Private AI. Prof. Sadeghi holds a Ph.D. in Computer Science and MScs in Electrical Engineering as well as Industrial Engineering. Prior to academia, he has been working in R&D of Telecommunications enterprises, amongst others Ericsson.
He has been continuously contributing to security and privacy as well as systems research community. He was Editor-In-Chief of IEEE Security and Privacy Magazine, served on the editorial board of the ACM Transactions on Information and System Security (TISSEC), and ACM Books, ACM TODAES, ACM TIOT and ACM DTRAP. For his influential research on Trusted and Trustworthy Computing he received the renowned German “Karl Heinz Beckurts” award. This award honors excellent scientific achievements with high impact on industrial innovations in Germany.
In 2018, Prof. Sadeghi received the ACM SIGSAC Outstanding Contributions Award for dedicated research, education, and management leadership in the security community and for pioneering contributions in content protection, mobile security and hardware-assisted security. SIGSAC is ACM’s Special Interest Group on Security, Audit and Control.
In an era characterized by increasing cybersecurity threats, we have witnessed the ever-continuing competition between system designers/manufacturers and adversaries that maliciously break the security of systems. This is partially due to the lack of systematic and provable methods, which can assess the security of a system. This lack of methods is present despite the existence of well-known and acknowledged frameworks developed in cryptography and its “sister field”, i.e., machine learning. This talk aims to explore the close relationship between machine learning and cryptography and provide examples of physical systems, whose security can be assessed from the point of view of machine learning.
Fatemeh Ganji is an assistant professor at the ECE and Cybersecurity departments of Worcester Polytechnic Institute (WPI). Before joining WPI, Fatemeh was a Post Doctoral Associate at the University of Florida (from 2018-2020) and at the Telecom Innovation Laboratories/Technical University of Berlin (from 2017-2018). For her dissertation with the title “On the Learnability of Physically Unclonable Functions”, she was awarded the BIMoS Ph.D. Award 2018 and nominated by the Technical University of Berlin for ACM Dissertation Award. Fatemeh’s research focuses on interdisciplinary approaches covering two main angles of hardware security, namely machine learning and cryptography.
The program starts at 11:45 pm, CEST time (UTC + 2).
|11:45 - 12:00||Welcome note from the organizers|
|Session 1: Security of AI
12:00 - 14:15
|12:00 - 13:00||Keynote talk 1: Internet of Threats: Federated Anomaly Detection in IoT and Challenges
Ahmad-Reza Sadeghi, TU Darmstadt, Germany
|13:00 - 13:25||Towards Trained Model Confidentiality and Integrity using Trusted Execution Environments
Tsunato Nakai, Daisuke Suzuki and Takeshi Fujino
|13:25 - 13:50||Model Evasion Attacks Against Partially Encrypted Deep Neural Networks in Isolated Execution Environment
Kota Yoshida and Takeshi Fujino
|13:50 - 14:15||On Reverse Engineering Neural Network Implementation on GPU
Łukasz Chmielewski and Léo Weissbart
|14:15 - 15:00||Break|
|Session 2: AI for Security
15:00 - 17:15
|15:00 - 16:00||Keynote talk 2: Machine Learning for Hardware Security: Standing on the Shoulders of Giants
Fatemeh Ganji, Worcester Polytechnic Institute, USA
|16:00 - 16:25||A Good Anvil Fears No Hammer: Automated Rowhammer Detection using Unsupervised Deep Learning
Anirban Chakraborty, Manaar Alam and Debdeep Mukhopadhyay
|16:25 - 16:50||On the Importance of Pooling Layer Tuning for Profiling Side-channel Analysis
Lichao Wu and Guilherme Perin
|16:50 - 17:15||Towards Real-Time Deep Learning-based Network Intrusion Detection on FPGA
Laurens Le Jeune, Toon Goedemé and Nele Mentens
|17:15 - 17:30||Farewell and discussion for future editions of AIHWS|
Shivam Bhasin, Nanyang Technological University, Singapore
Ileana Buhan, Radboud University, The Netherlands
Lukasz Chmielewski, Radboud University, and Riscure, The Netherlands
Chitchanok Chuengsatiansup, The University of Adelaide, Australia
Elena Dubrova, KTH Royal Institute of Technology, Sweden
Fatemeh Ganji, Worcester Polytechnic Institute, United States
Julio Hernandez-Castro, University of Kent, United Kingdom
Naofumi Homma, Tohoku University, Japan
Dirmanto Jap, Nanyang Technological University, Singapore
Alan Jović, University of Zagreb, Croatia
Liran Lerman, Thales, Belgium
Eleonora Losiouk, University of Padova, Italy
Luca Mariot, TU Delft, The Netherlands
Nele Mentens, Leiden University, The Netherlands, and KU Leuven, Belgium
Debdeep Mukhopadhyay, IIT Kharagpur, India
Kostas Papagiannopoulos, Radboud University, The Netherlands
Kazuo Sakiyama, The University of Electro-Communications, Japan
Shahin Tajik, Worcester Polytechnic Institute, United States
Vincent Verneuil, NXP Semiconductors, Germany
Nikita Veshchikov, QualSec at Université Libre de Bruxelles, Belgium
Marina Krček, TU Delft, The Netherlands