A PUF-Based Approach for Copy Protection of Intellectual Property in Neural Network Models

More and more companies' Intellectual Property (IP) is being integrated into Neural Network (NN) models. This IP has considerable value for companies and, therefore, requires adequate protection. For example, an attacker might replicate a production machines' hardware and subsequently simply copy associated software and NN models onto the cloned hardware. To make copying NN models onto cloned hardware infeasible, we present an approach to bind NN models - and thus also the IP contained within them - to their underlying hardware. For this purpose, we link an NN model's weights, which are crucial for its operation, to unique and unclonable hardware properties by leveraging Physically Unclonable Functions (PUFs). By doing so, sufficient accuracy can only be achieved using the target hardware to restore the original weights, rendering proper execution of the NN model on cloned hardware impossible. We demonstrate that our approach accomplishes the desired degradation of accuracy on various NN models and outline possible future improvements.

Key Contributions

• PUF-based hardware-software binding technique that links NN model weights to unique, unclonable physical hardware properties
• Copy protection scheme that degrades model accuracy on unauthorized (cloned) hardware while preserving accuracy on target hardware
• Evaluation across multiple NN model architectures demonstrating effectiveness of the accuracy-degradation approach

🛡️ Threat Analysis

Details

Similar Papers