|
Recent News
|
|
Education |
|
Publications
|
 |
It’s all in your head(set): Side-channel attacks on augmented reality systems
Yicheng Zhang,
Jiasi Chen,
Nael Abu-Ghazaleh
Under review in USENIX Security '23, August, 2023.
We demonstrate that today's AR systems are vulnerable to side-channel attacks that can be launched from software; a malicious application without any special permissions can infer private information about other concurrent applications, or even the surrounding world. We first present a taxonomy of potential attacks targeting user interaction models, concurrent applications, and real-world environments. We developed four end-to-end attacks from these three categories. We believe the threats presented by our attacks are pressing, and a new multi-application AR platform should be developed against this threat.
|
 |
Stealing Neural Network Structure through Remote FPGA Side-channel Analysis
Yicheng Zhang,
Rozhin Yasaei,
Hao Chen,
Zhou Li,
Mohammad Abdullah Al Faruque
Accepted by IEEE Transactions on Information Forensics and Security (TIFS), August, 2021.
PDF
/
Poster
/
BibTex
We explore whether the structural secret (layers and hyper-parameters) of a victim DNN model can be inferred by a remote attacker who shares the same FPGA board.
We show by implementing on-chip RO-based power monitors, the power consumption of the victim DNN can be sampled at high resolution, which guarantees all layers and hyper-parameters can be reconstructed at high accuracy.
|
 |
Leaky DNN: Stealing Deep-Learning Model Secret with GPU Context-Switching Side-Channel
Junyi Wei*,
Yicheng Zhang*,
Zhe Zhou,
Zhou Li,
Mohammad Abdullah Al Faruque
*Junyi Wei and Yicheng Zhang are both first author.
Accepted by Proceedings of the 50th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Valencia, Spain, June, 2020.
(48/291=16.5% acceptance rate)
PDF
/
Video
/
Code
/
BibTex
We exploit the GPU side-channel based on context-switching penalties.
This side-channel allows us to extract the fine-grained structural secret of a DNN model, including its layer composition and hyper-parameters.
Leveraging this side-channel, we developed an attack prototype named MosConS, which applies LSTM-based inference models to identify the structural secret.
|
|
Honors and Awards
|
Student Travel Grant | 30th USENIX Security Symposium
|
2021
|
Student Travel Grant | 42nd IEEE Symposium on Security and Privacy
|
2021
|
Dean's Distinguished Fellowship Award | UC Riverside
|
2021
|
Sichuan University Scholarship | Sichuan University
|
2014-2018
|
Outstanding Students Leader | Sichuan University
|
2016
|
|
Teaching
|
|
Professional Service
|
|
About me
|
 |
In my free time, I love to ride road bikes. In the summer of 2018, I cycled around Taiwan Province with my friends.
I was a member of University of California Irvine Cycling Club and was the leader of Sichuan University Cycling Club.
Also, I like to capture the beautiful moments of our life stories with my wife, Jinrun.
Subscribe our channel and watch our Vlog! (๑•̀ㅂ•́)و✧
|
|