A Secure Digital In-Memory Compute (IMC) Macro with Protections for Side-Channel and Bus Probing Attacks

Abstract

Machine learning (ML) accelerators provide energy efficient neural network (NN) implementations for applications such as speech recognition and image processing. Recently, digital IMC has been proposed to reduce data transfer energy, while still allowing for higher bitwidths and accuracies necessary for many workloads, especially with technology scaling [1], [2]. Privacy of ML workloads can be exploited with physical side-channel attacks (SCAs) or bus probing attacks (BPAs) [3] (Fig. 1). While SCAs correlate IC power consumption or EM emissions to data or operations, BPAs directly tap traces between the IC and off-chip memory. The inputs reflect private data collected on loT devices, such as images of faces. The weights, typically stored off-chip, reveal information about proprietary private training datasets. This work presents the first IMC macro protected against SCAs and BPAs to mitigate these risks.