Profiling ML Side-Channel on CiM for Input Reconstruction
| Title | Profiling ML Side-Channel on CiM for Input Reconstruction |
|---|---|
| Summary | investigate whether supervised models (e.g., U-Net/pix2pix) can reconstruct pri- vate inputs from CiM-generated “power-feature matrices” and how noise/sampling constrain feasibility. |
| Keywords | |
| TimeFrame | Spring 2026 (Jan–Jun) |
| References | Wang, Ziyu, et al. "PowerGAN: a machine learning approach for power side‐channel attack on compute‐in‐memory accelerators." Advanced Intelligent Systems 5.12 (2023): 2300313. |
| Prerequisites | |
| Author | |
| Supervisor | Mahdi Fazeli |
| Level | Master |
| Status | Open |
We study profiling side channels in which an adversary trains a supervised model to map CiM power/timing features to user inputs. The setting is an RRAM crossbar CiM performing vector–matrix multiplication with ADC conversion. The attacker records or simulates peroperation features (e.g., tile start/stop markers, accumulate/ADC phase activity, coarse power samples) on a set of known inputs to learn a feature-input mapping. At attack time, the trained model reconstructs private inputs from features obtained on unknown inputs. Prior work demonstrates that a conditional generative model can recover meaningful images from CiM leakage and retains salient structures while remaining effective under substantial measurement noise, indicating practical privacy risk when profiling data and device characteristics are available.
