In the context of cybersecurity, a side-channel attack operates by targeting the implementation of an algorithm or protocol rather than identifying flaws in the algorithm or protocol itself. We explore a family of such attacks, utilizing the electromagnetic (EM) or power channels to perform exfiltration i.e., steal data from a device. Specifically, we study the exfiltration of AI/ML models operating inside a device using a limited number of "probes". Our path to this nefarious goal takes us through the seemingly unrelated problem of how permutations induced by the quotient groups Z/NZ and (Z/NZ)^x act upon the Hamming topology. We arrive at novel results in this direction that allow disturbingly efficient attacks using a small number of probes. These attacks target simple arithmetic operations such as addition or multiplication carried out while an AI/ML model is performing inference. The talk will present a short guided tour of this study and conclude with some fascinating yet open questions thereby surfaced.
Short Bio:
Roop is a member of the IIT Kanpur faculty. He finds the IITK campus so nice that he graduated from it twice. He is fascinated by machine learning and optimization and has thus far managed to convince his employers that he understands these areas decently. Consequently, they let him stick around while he explores ways to use ML to achieve clean-air objectives, assist in teaching comically large class sizes, reveal and mitigate cybersecurity threats, and make rich corporations even richer.
