Abstract
Embedded devices with neural network accelerators offer great versatility fortheir users, reducing the need to use cloud-based services. At the same time,they introduce new security challenges in the area of hardware attacks, themost prominent being side-channel analysis (SCA). It was shown that SCA canrecover model parameters with a high accuracy, posing a threat to entities thatwish to keep their models confidential. In this paper, we explore thesusceptibility of quantized models implemented in OpenVINO, an embeddedframework for deploying neural networks on embedded and Edge devices. We showthat it is possible to recover model parameters with high precision, allowingthe recovered model to perform very close to the original one. Our experimentson GoogleNet v1 show only a 1% difference in the Top 1 and a 0.64% differencein the Top 5 accuracies.