Floating-Point Multiplication Timing Attack on Deep Neural Network

Deep neural network (DNN) is being adopted in many security-critical and privacy-sensitive smart Internet of Things areas, such as smart city, smart home and intelligent transportation. Therefore, the data privacy of these DNN systems is of great concern. In this paper, we present a new timing side-channel attack, called FPMT attack, to recover the input images of a DNN implemented on microcontrollers. The proposed approach is the first to attack a DNN by exploiting the running time of floating-point multiplications. A passive attacker can obtain the running time from the power consumption trace and then use the time to infer the pixel values without knowing the detailed parameters of the network. Our results show that the FPMT attack can achieve 96.20% recognition accuracy for the MNIST dataset. When the inputs are handwritten digits or letters, attackers can even know what you write with the recovered images. This work puts forward a new direction of attacks on DNN and can be extended to more scenarios.