Salvato in:
Dettagli Bibliografici
Autori principali: Horvath, Peter, Shumailov, Ilia, Chmielewski, Lukasz, Batina, Lejla, Yarom, Yuval
Natura: Preprint
Pubblicazione: 2026
Soggetti:
Accesso online:https://arxiv.org/abs/2603.02891
Tags: Aggiungi Tag
Nessun Tag, puoi essere il primo ad aggiungerne!!
_version_ 1866915894490300416
author Horvath, Peter
Shumailov, Ilia
Chmielewski, Lukasz
Batina, Lejla
Yarom, Yuval
author_facet Horvath, Peter
Shumailov, Ilia
Chmielewski, Lukasz
Batina, Lejla
Yarom, Yuval
contents The multi-million dollar investment required for modern machine learning (ML) has made large ML models a prime target for theft. In response, the field of model stealing has emerged. Attacks based on physical side-channel information have shown that DNN model extraction is feasible, even on CUDA Cores in a GPU. For the first time, our work demonstrates parameter extraction on the specialized GPU's Tensor Core units, most commonly used GPU units nowadays due to their superior performance, via near-field physical side-channel attacks. Previous work targeted only the general-purpose CUDA Cores in the GPU, the functional units that have been part of the GPU since its inception. Our method is tailored to the GPU architecture to accurately estimate energy consumption and derive efficient attacks via Correlation Power Analysis (CPA). Furthermore, we provide an exploratory analysis of hyperparameter and weight leakage from LLMs in far field and demonstrate that the GPU's electromagnetic radiation leaks even 100 cm away through a glass obstacle.
format Preprint
id arxiv_https___arxiv_org_abs_2603_02891
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Kraken: Higher-order EM Side-Channel Attacks on DNNs in Near and Far Field
Horvath, Peter
Shumailov, Ilia
Chmielewski, Lukasz
Batina, Lejla
Yarom, Yuval
Cryptography and Security
The multi-million dollar investment required for modern machine learning (ML) has made large ML models a prime target for theft. In response, the field of model stealing has emerged. Attacks based on physical side-channel information have shown that DNN model extraction is feasible, even on CUDA Cores in a GPU. For the first time, our work demonstrates parameter extraction on the specialized GPU's Tensor Core units, most commonly used GPU units nowadays due to their superior performance, via near-field physical side-channel attacks. Previous work targeted only the general-purpose CUDA Cores in the GPU, the functional units that have been part of the GPU since its inception. Our method is tailored to the GPU architecture to accurately estimate energy consumption and derive efficient attacks via Correlation Power Analysis (CPA). Furthermore, we provide an exploratory analysis of hyperparameter and weight leakage from LLMs in far field and demonstrate that the GPU's electromagnetic radiation leaks even 100 cm away through a glass obstacle.
title Kraken: Higher-order EM Side-Channel Attacks on DNNs in Near and Far Field
topic Cryptography and Security
url https://arxiv.org/abs/2603.02891