{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T01:19:59Z","timestamp":1760145599441,"version":"build-2065373602"},"reference-count":27,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2024,8,4]],"date-time":"2024-08-04T00:00:00Z","timestamp":1722729600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62176206"],"award-info":[{"award-number":["62176206"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>With the boom in artificial intelligence (AI), numerous reconfigurable convolution neural network (CNN) accelerators have emerged within both industry and academia, aiming to enhance AI computing capabilities. However, this rapid landscape has also witnessed a rise in hardware Trojan attacks targeted at CNN accelerators, thereby posing substantial threats to the reliability and security of these reconfigurable systems. Despite this escalating concern, there exists a scarcity of security protection schemes explicitly tailored to counteract hardware Trojans embedded in reconfigurable CNN accelerators, and those that do exist exhibit notable deficiencies. Addressing these gaps, this paper introduces a dedicated security scheme designed to mitigate the vulnerabilities associated with hardware Trojans implanted in reconfigurable CNN accelerators. The proposed security protection scheme operates at two distinct levels: the first level is geared towards preventing the triggering of the hardware Trojan, while the second level focuses on detecting the presence of a hardware Trojan post-triggering and subsequently neutralizing its potential harm. Through experimental evaluation, our results demonstrate that this two-level protection scheme is capable of mitigating at least 99.88% of the harm cause by three different types of hardware Trojan (i.e., Trojan within RI, MAC and ReLU) within reconfigurable CNN accelerators. Furthermore, this scheme can prevent hardware Trojans from triggering whose trigger signal is derived from a processing element (PE). Notably, the proposed scheme is implemented and validated on a Xilinx Zynq XC7Z100 platform.<\/jats:p>","DOI":"10.3390\/cryptography8030034","type":"journal-article","created":{"date-parts":[[2024,8,5]],"date-time":"2024-08-05T11:28:54Z","timestamp":1722857334000},"page":"34","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Novel Two-Level Protection Scheme against Hardware Trojans on a Reconfigurable CNN Accelerator"],"prefix":"10.3390","volume":"8","author":[{"given":"Zichu","family":"Liu","sequence":"first","affiliation":[{"name":"School of Microelectronics, Xi\u2019an Jiaotong University, Xi\u2019an 710049, China"}]},{"given":"Jia","family":"Hou","sequence":"additional","affiliation":[{"name":"School of Microelectronics, Xi\u2019an Jiaotong University, Xi\u2019an 710049, China"}]},{"given":"Jianfei","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Microelectronics, Xi\u2019an Jiaotong University, Xi\u2019an 710049, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8221-7670","authenticated-orcid":false,"given":"Chen","family":"Yang","sequence":"additional","affiliation":[{"name":"School of Microelectronics, Xi\u2019an Jiaotong University, Xi\u2019an 710049, China"}]}],"member":"1968","published-online":{"date-parts":[[2024,8,4]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"84","DOI":"10.1145\/3065386","article-title":"ImageNet classification with deep convolutional neural networks","volume":"60","author":"Krizhevsky","year":"2017","journal-title":"Commun. ACM"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"He, K., Zhang, X., Ren, S., and Sun, J. (2016, January 27\u201330). Deep residual learning for image recognition. Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, Las Vegas, NV, USA.","DOI":"10.1109\/CVPR.2016.90"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"1761","DOI":"10.1109\/TPAMI.2018.2842770","article-title":"Wasserstein CNN: Learning invariant features for NIR-VIS face recognition","volume":"41","author":"He","year":"2018","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Miao, G. (2021, January 10\u201312). Application of CNN-based Face Recognition Technology in Smart Logistics System. Proceedings of the 2021 20th International Symposium on Distributed Computing and Applications for Business Engineering and Science (DCABES), Nanning, China.","DOI":"10.1109\/DCABES52998.2021.00032"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1146\/annurev-bioeng-071516-044442","article-title":"Deep learning in medical image analysis","volume":"19","author":"Shen","year":"2017","journal-title":"Annu. Rev. Biomed. Eng."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1167\/tvst.8.6.4","article-title":"Automatic detection of diabetic retinopathy in retinal fundus photographs based on deep learning algorithm","volume":"8","author":"Li","year":"2019","journal-title":"Transl. Vis. Sci. Technol."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3357375","article-title":"A survey of coarse-grained reconfigurable architecture and design: Taxonomy, challenges, and applications","volume":"52","author":"Liu","year":"2019","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1109\/JSSC.2016.2616357","article-title":"Eyeriss: An energy-efficient reconfigurable accelerator for deep convolutional neural networks","volume":"52","author":"Chen","year":"2016","journal-title":"IEEE J.-Solid-State Circuits"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"968","DOI":"10.1109\/JSSC.2017.2778281","article-title":"A high energy efficient reconfigurable hybrid neural network processor for deep learning applications","volume":"53","author":"Yin","year":"2017","journal-title":"IEEE J. -Solid-State Circuits"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"2250289","DOI":"10.1142\/S0218126622502899","article-title":"RNA: A Flexible and Efficient Accelerator Based on Dynamically Reconfigurable Computing for Multiple Convolutional Neural Networks","volume":"31","author":"Yang","year":"2022","journal-title":"J. Circuits Syst. Comput."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"3480","DOI":"10.1109\/TCSI.2019.2928682","article-title":"WRA: A 2.2-to-6.3 TOPS highly unified dynamically reconfigurable accelerator using a novel Winograd decomposition algorithm for convolutional neural networks","volume":"66","author":"Yang","year":"2019","journal-title":"IEEE Trans. Circuits Syst. Regul. Pap."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Fujii, T., Toi, T., Tanaka, T., Togawa, K., Kitaoka, T., Nishino, K., Nakamura, N., Nakahara, H., and Motomura, M. (2018, January 18\u201322). New generation dynamically reconfigurable processor technology for accelerating embedded AI applications. Proceedings of the 2018 IEEE Symposium on VLSI Circuits, Honolulu, HI, USA.","DOI":"10.1109\/VLSIC.2018.8502438"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"381","DOI":"10.1109\/TCSII.2017.2728814","article-title":"HReA: An energy-efficient embedded dynamically reconfigurable fabric for 13-dwarfs processing","volume":"65","author":"Liu","year":"2017","journal-title":"IEEE Trans. Circuits Syst. Express Briefs"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Halak, B. (2021). Cist: A threat modelling approach for hardware supply chain security. Hardware Supply Chain Security: Threat Modelling, Emerging Attacks and Countermeasures, Springer.","DOI":"10.1007\/978-3-030-62707-2"},{"key":"ref_15","unstructured":"Odetola, T.A., Mohammed, H.R., and Hasan, S.R. (2019). A stealthy hardware trojan exploiting the architectural vulnerability of deep learning architectures: Input interception attack (iia). arXiv."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Li, W., Yu, J., Ning, X., Wang, P., Wei, Q., Wang, Y., and Yang, H. (2018, January 8\u201311). Hu-fu: Hardware and software collaborative attack framework against neural networks. Proceedings of the 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), Hong Kong, China.","DOI":"10.1109\/ISVLSI.2018.00093"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Clements, J., and Lao, Y. (2019, January 26\u201329). Hardware trojan design on neural networks. Proceedings of the 2019 IEEE International Symposium on Circuits and Systems (ISCAS), Sapporo, Japan.","DOI":"10.1109\/ISCAS.2019.8702493"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Yang, C., Hou, J., Wu, M., Mei, K., and Geng, L. (2020, January 3\u20136). Hardware trojan attacks on the reconfigurable interconnections of convolutional neural networks accelerators. Proceedings of the 2020 IEEE 15th International Conference on Solid-State & Integrated Circuit Technology (ICSICT), Kunming, China.","DOI":"10.1109\/ICSICT49897.2020.9278162"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Ye, J., Hu, Y., and Li, X. (2018, January 15\u201318). Hardware trojan in fpga cnn accelerator. Proceedings of the 2018 IEEE 27th Asian Test Symposium (ATS), Hefei, China.","DOI":"10.1109\/ATS.2018.00024"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Liu, Z., Ye, J., Hu, X., Li, H., Li, X., and Hu, Y. (2020, January 5\u20138). Sequence triggered hardware trojan in neural network accelerator. Proceedings of the 2020 IEEE 38th VLSI Test Symposium (VTS), San Diego, CA, USA.","DOI":"10.1109\/VTS48691.2020.9107582"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Odetola, T.A., and Hasan, S.R. (2021, January 22\u201328). Sowaf: Shuffling of weights and feature maps: A novel hardware intrinsic attack (hia) on convolutional neural network (cnn). Proceedings of the 2021 IEEE International Symposium on Circuits and Systems (ISCAS), Daegu, Republic of Korea.","DOI":"10.1109\/ISCAS51556.2021.9401166"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"115370","DOI":"10.1109\/ACCESS.2021.3104520","article-title":"Feshi: Feature map-based stealthy hardware intrinsic attack","volume":"9","author":"Odetola","year":"2021","journal-title":"IEEE Access"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"782","DOI":"10.1109\/TCAD.2017.2729340","article-title":"DRMaSV: Enhanced capability against hardware trojans in coarse grained reconfigurable architectures","volume":"37","author":"Liu","year":"2017","journal-title":"IEEE Trans.-Comput.-Aided Des. Integr. Circuits Syst."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"485","DOI":"10.1109\/TVLSI.2020.3048829","article-title":"Toward functional safety of systolic array-based deep learning hardware accelerators","volume":"29","author":"Kundu","year":"2021","journal-title":"IEEE Trans. Very Large Scale Integr. (Vlsi) Syst."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Sun, P., Halak, B., and Kazmierski, T. (2022, January 5\u20138). Towards Hardware Trojan Resilient Design of Convolutional Neural Networks. Proceedings of the 2022 IEEE 35th International System-on-Chip Conference (SOCC), Belfast, UK.","DOI":"10.1109\/SOCC56010.2022.9908104"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1109\/TVLSI.2022.3140250","article-title":"Golden-free hardware trojan detection using self-referencing","volume":"30","author":"Yang","year":"2022","journal-title":"IEEE Trans. Very Large Scale Integr. (Vlsi) Syst."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Xu, Q., Arafin, M.T., and Qu, G. (2021, January 18\u201321). Security of neural networks from hardware perspective: A survey and beyond. Proceedings of the 26th Asia and South Pacific Design Automation Conference, Tokyo, Japan.","DOI":"10.1145\/3394885.3431639"}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/8\/3\/34\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T15:29:57Z","timestamp":1760110197000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/8\/3\/34"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,8,4]]},"references-count":27,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2024,9]]}},"alternative-id":["cryptography8030034"],"URL":"https:\/\/doi.org\/10.3390\/cryptography8030034","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2024,8,4]]}}}