PermuteV: A Performant Side-channel-Resistant RISC-V Core Securing Edge AI Inference

• URL: http://arxiv.org/abs/2512.18132v1
• Date: Fri, 19 Dec 2025 23:31:16 GMT
• Title: PermuteV: A Performant Side-channel-Resistant RISC-V Core Securing Edge AI Inference
• Authors: Nuntipat Narkthong, Xiaolin Xu,
• Abstract summary: We propose PermuteV, a performant side-channel resistant RISC-V core designed to secure neural network inference.<n>PermuteV employs a hardware-accelerated defense mechanism that randomly permutes the execution order of loop iterations.<n>We implement PermuteV on FPGA and perform evaluations in terms of side-channel security, hardware area, and runtime overhead.
• Score: 8.089262335514297
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Edge AI inference is becoming prevalent thanks to the emergence of small yet high-performance microprocessors. This shift from cloud to edge processing brings several benefits in terms of energy savings, improved latency, and increased privacy. On the downside, bringing computation to the edge makes them more vulnerable to physical side-channel attacks (SCA), which aim to extract the confidentiality of neural network models, e.g., architecture and weight. To address this growing threat, we propose PermuteV, a performant side-channel resistant RISC-V core designed to secure neural network inference. PermuteV employs a hardware-accelerated defense mechanism that randomly permutes the execution order of loop iterations, thereby obfuscating the electromagnetic (EM) signature associated with sensitive operations. We implement PermuteV on FPGA and perform evaluations in terms of side-channel security, hardware area, and runtime overhead. The experimental results demonstrate that PermuteV can effectively defend against EM SCA with minimal area and runtime overhead.

Related papers

• Blockchain-Enabled Routing for Zero-Trust Low-Altitude Intelligent Networks [77.17664010626726]
  We focus on the routing with multiple UAV clusters in low-altitude intelligent networks (LAINs)<n>To minimize the damage caused by potential threats, we present the zero-trust architecture with the software-defined perimeter and blockchain techniques.<n>We show that the proposed framework reduces the average E2E delay by 59% and improves the TSR by 29% on average compared to benchmarks.
  arXiv  Detail & Related papers  (2026-02-27T04:30:35Z)
• AmbShield: Enhancing Physical Layer Security with Ambient Backscatter Devices against Eavesdroppers [69.56534335936534]
  AmbShield is an AmBD-assisted PLS scheme that leverages naturally distributed AmBDs to simultaneously strengthen the legitimate channel and degrade eavesdroppers'<n>In AmbShield, AmBDs are exploited as friendly jammers that randomly backscatter to create interference at eavesdroppers, and as passive relays that backscatter the desired signal to enhance the capacity of legitimate devices.
  arXiv  Detail & Related papers  (2026-01-14T20:56:50Z)
• When UAV Swarm Meets IRS: Collaborative Secure Communications in Low-altitude Wireless Networks [68.45202147860537]
  Low-altitude wireless networks (LAWNs) provide enhanced coverage, reliability, and throughput for diverse applications.<n>These networks face significant security vulnerabilities from both known and potential unknown eavesdroppers.<n>We propose a novel secure communication framework for LAWNs where the selected UAVs within a swarm function as a virtual antenna array.
  arXiv  Detail & Related papers  (2025-10-25T02:02:14Z)
• SecureInfer: Heterogeneous TEE-GPU Architecture for Privacy-Critical Tensors for Large Language Model Deployment [9.666696979829359]
  SecureInfer is a framework that offloads compute-intensive operations to untrusted accelerators.<n>We implement a prototype of SecureInfer using the LLaMA-2 model and evaluate it across performance and security metrics.
  arXiv  Detail & Related papers  (2025-10-22T19:17:31Z)
• ShuffleV: A Microarchitectural Defense Strategy against Electromagnetic Side-Channel Attacks in Microprocessors [10.917124131700312]
  This paper proposes ShuffleV, a microarchitecture defense strategy against EM Side-Channel Attacks (SCAs)<n>We build ShuffleV on the open-source RISC-V core and provide six design options to suit different application scenarios.<n>We implement ShuffleV on a Xilinx PYNQ-Z2 FPGA and validate its performance with two representative victim applications.
  arXiv  Detail & Related papers  (2025-10-15T03:09:42Z)
• Intra-DP: A High Performance Collaborative Inference System for Mobile Edge Computing [67.98609858326951]
  Intra-DP is a high-performance collaborative inference system optimized for deep neural networks (DNNs) on mobile devices.<n>It reduces per-inference latency by up to 50% and energy consumption by up to 75% compared to state-of-the-art baselines.<n>The evaluation demonstrates that Intra-DP reduces per-inference latency by up to 50% and energy consumption by up to 75% compared to state-of-the-art baselines.
  arXiv  Detail & Related papers  (2025-07-08T09:50:57Z)
• Stochastic Training for Side-Channel Resilient AI [5.430531937341217]
  Side-channel attacks exploiting power and electromagnetic emissions threaten trained AI models on edge devices.<n>This paper proposes a novel training methodology to enhance resilience against such threats.<n> Experimental results on Google Coral Edge TPU show a reduction in side-channel leakage and a slower increase in t-scores over 20,000 traces.
  arXiv  Detail & Related papers  (2025-06-07T00:10:03Z)
• The Inherent Adversarial Robustness of Analog In-Memory Computing [2.435021773579434]
  A key challenge for Deep Neural Network (DNN) algorithms is their vulnerability to adversarial attacks. In this paper, we experimentally validate a conjecture for the first time on an AIMC chip based on Phase Change Memory (PCM) devices. Additional robustness is also observed when performing hardware-in-theloop attacks.
  arXiv  Detail & Related papers  (2024-11-11T14:29:59Z)
• Sparser is Faster and Less is More: Efficient Sparse Attention for Long-Range Transformers [58.5711048151424]
  We introduce SPARSEK Attention, a novel sparse attention mechanism designed to overcome computational and memory obstacles. Our approach integrates a scoring network and a differentiable top-k mask operator, SPARSEK, to select a constant number of KV pairs for each query. Experimental results reveal that SPARSEK Attention outperforms previous sparse attention methods.
  arXiv  Detail & Related papers  (2024-06-24T15:55:59Z)
• SpecFormer: Guarding Vision Transformer Robustness via Maximum Singular Value Penalization [39.09638432514626]
  Vision Transformers (ViTs) are increasingly used in computer vision due to their high performance, but their vulnerability to adversarial attacks is a concern. This study introduces SpecFormer, tailored to fortify ViTs against adversarial attacks, with theoretical underpinnings.
  arXiv  Detail & Related papers  (2024-01-02T14:27:24Z)
• Defense against ML-based Power Side-channel Attacks on DNN Accelerators with Adversarial Attacks [21.611341074006162]
  We present AIAShield, a novel defense methodology to safeguard FPGA-based AI accelerators. We leverage the prominent adversarial attack technique from the machine learning community to craft delicate noise. AIAShield outperforms existing solutions with excellent transferability.
  arXiv  Detail & Related papers  (2023-12-07T04:38:01Z)
• Secure Deep Learning-based Distributed Intelligence on Pocket-sized Drones [75.80952211739185]
  Palm-sized nano-drones are an appealing class of edge nodes, but their limited computational resources prevent running large deep-learning models onboard. Adopting an edge-fog computational paradigm, we can offload part of the computation to the fog; however, this poses security concerns if the fog node, or the communication link, can not be trusted. We propose a novel distributed edge-fog execution scheme that validates fog computation by redundantly executing a random subnetwork aboard our nano-drone.
  arXiv  Detail & Related papers  (2023-07-04T08:29:41Z)
• Over-the-Air Federated Learning with Privacy Protection via Correlated Additive Perturbations [57.20885629270732]
  We consider privacy aspects of wireless federated learning with Over-the-Air (OtA) transmission of gradient updates from multiple users/agents to an edge server. Traditional perturbation-based methods provide privacy protection while sacrificing the training accuracy. In this work, we aim at minimizing privacy leakage to the adversary and the degradation of model accuracy at the edge server.
  arXiv  Detail & Related papers  (2022-10-05T13:13:35Z)
• An Adaptive Device-Edge Co-Inference Framework Based on Soft Actor-Critic [72.35307086274912]
  High-dimension parameter model and large-scale mathematical calculation restrict execution efficiency, especially for Internet of Things (IoT) devices. We propose a new Deep Reinforcement Learning (DRL)-Soft Actor Critic for discrete (SAC-d), which generates the emphexit point, emphexit point, and emphcompressing bits by soft policy iterations. Based on the latency and accuracy aware reward design, such an computation can well adapt to the complex environment like dynamic wireless channel and arbitrary processing, and is capable of supporting the 5G URL
  arXiv  Detail & Related papers  (2022-01-09T09:31:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.