PermuteV: A Performant Side-channel-Resistant RISC-V Core Securing Edge AI Inference

Abstract

PermuteV is a performant side-channel resistant RISC-V core designed to secure Edge AI inference models against physical attacks, which frequently expose confidential neural network data. The core employs a novel hardware-accelerated defense mechanism that randomly permutes the execution order of loop iterations to obfuscate sensitive electromagnetic (EM) signatures. Evaluations on FPGA demonstrate that PermuteV effectively defends against EM side-channel attacks while incurring only minimal area and runtime overhead.

Report

Key Highlights

• Security Focus: PermuteV is specifically designed to counteract physical side-channel attacks (SCA), such as Electromagnetic (EM) attacks, aimed at extracting confidential Neural Network (NN) models (architecture and weights) during Edge AI inference.
• Core Architecture: The innovation is implemented as a side-channel-resistant RISC-V core.
• Core Defense Mechanism: It utilizes a hardware-accelerated approach that randomly changes the execution sequence of loop iterations, thereby masking the patterns associated with sensitive operations in the EM signature.
• Performance: The core demonstrates effective side-channel security with minimal resulting overhead in terms of hardware area and execution runtime.
• Validation: The solution was implemented and validated on an FPGA platform.

Technical Details

• Target Vulnerability: Leakage of computation details through physical emissions (power consumption, electromagnetic radiation) during sensitive operations, a significant risk for microprocessors performing edge computation.
• Core Name: PermuteV (Permute-V).
• Underlying Technology: RISC-V instruction set architecture (ISA).
• Mitigation Strategy: Obfuscation of execution flow via randomization.
• Specific Method: Random permutation of loop iteration execution order (hardware-accelerated defense).
• Experimental Metrics: Security effectiveness against EM SCA, hardware utilization (area), and performance degradation (runtime overhead).

Implications

• Trustworthy Edge AI: PermuteV significantly increases the security posture of edge devices, allowing sensitive or proprietary AI models to be deployed closer to the user without fear of trivial physical extraction.
• RISC-V Ecosystem Enhancement: This work positions RISC-V as a strong contender in security-critical domains, demonstrating that high-performance, open-standard cores can integrate specialized hardware defenses necessary for emerging applications like deep learning.
• Performance vs. Security Trade-off: By achieving robust SCA defense with minimal area and runtime overhead, PermuteV addresses the traditional trade-off, making high-security computation practical for resource-constrained edge environments.
• Future Hardware Security: The technique of loop permutation offers a foundational hardware-level defense mechanism that could be adapted or integrated into future secure processor designs, moving beyond purely software-based obfuscation techniques.