About

Miodrag Potkonjak is a professor in the Department of Computer Science at UCLA Samueli School of Engineering. His research interests include complex distributed systems, embedded systems, communication designs, computer-aided design, ad hoc sensor networks, computational security, and electronic commerce with a focus on IP protection. He earned his PhD from the University of California, Berkeley in 1991. His work involves developing innovative solutions in these areas, contributing to the advancement of secure and efficient computing systems.

Research topics

• Machine Learning
• Computer Science
• Computer network
• Algorithm
• Embedded system
• Mathematics

Selected publications

• Evolution-Strategies-Driven Optimization on Secure and Reconfigurable Interconnection PUF Networks

  Electronics · 2021 · 4 citations

  Senior authorCorresponding
  • Computer Science
  • Computer Science
  • Embedded system

  Physical Unclonable Functions (PUFs) are known for their unclonability and light-weight design. However, several known issues with state-of-the-art PUF designs exist including vulnerability against machine learning attacks, low output randomness, and low reliability. To address these problems, we present a reconfigurable interconnected PUF network (IPN) design that significantly strengthens the security and unclonability of strong PUFs. While the IPN structure itself significantly increases the system complexity and nonlinearity, the reconfiguration mechanism remaps the input–output mapping before an attacker could collect sufficient challenge-response pairs (CRPs). We also propose using an evolution strategies (ES) algorithm to efficiently search for a network configuration that is capable of producing random and stable responses. The experimental results show that applying state-of-the-art machine learning attacks result in less than 53.19% accuracy for single-bit output prediction on a reconfigurable IPN with random configurations. We also show that, when applying configurations explored by our proposed ES method instead of random configurations, the output randomness is significantly improved by 220.8% and output stability by at least 22.62% in different variations of IPN.

  PublisherOA PDFDOI

• Evolutionary Trigger Set Generation for DNN Black-Box Watermarking

  arXiv (Cornell University) · 2019-06-11 · 8 citations

  preprintOpen accessSenior author

  The commercialization of deep learning creates a compelling need for intellectual property (IP) protection. Deep neural network (DNN) watermarking has been proposed as a promising tool to help model owners prove ownership and fight piracy. A popular approach of watermarking is to train a DNN to recognize images with certain \textit{trigger} patterns. In this paper, we propose a novel evolutionary algorithm-based method to generate and optimize trigger patterns. Our method brings a siginificant reduction in false positive rates, leading to compelling proof of ownership. At the same time, it maintains the robustness of the watermark against attacks. We compare our method with the prior art and demonstrate its effectiveness on popular models and datasets.

  PublisherOA PDFDOI

• Efficient Image Sensor Subsampling for DNN-Based Image Classification

  Proceedings of the International Symposium on Low Power Electronics and Design · 2018-07-23 · 10 citations

  articleSenior author

  Today's mobile devices are equipped with cameras capable of taking very high-resolution pictures. For computer vision tasks which require relatively low resolution, such as image classification, sub-sampling is desired to reduce the unnecessary power consumption of the image sensor. In this paper, we study the relationship between subsampling and the performance degradation of image classifiers that are based on deep neural networks (DNNs). We empirically show that subsampling with the same step size leads to very similar accuracy changes for different classifiers. In particular, we could achieve over 15x energy savings just by subsampling while suffering almost no accuracy lost. For even better energy accuracy trade-offs, we propose AdaSkip, where the row sampling resolution is adaptively changed based on the image gradient. We implement AdaSkip on an FPGA and report its energy consumption.

  PublisherDOI

• Watermarking deep neural networks for embedded systems

  2018-11-05 · 162 citations

  articleSenior author

  Deep neural networks (DNNs) have become an important tool for bringing intelligence to mobile and embedded devices. The increasingly wide deployment, sharing and potential commercialization of DNN models create a compelling need for intellectual property (IP) protection. Recently, DNN watermarking emerges as a plausible IP protection method. Enabling DNN watermarking on embedded devices in a practical setting requires a black-box approach. Existing DNN watermarking frameworks either fail to meet the black-box requirement or are susceptible to several forms of attacks. We propose a watermarking framework by incorporating the author's signature in the process of training DNNs. While functioning normally in regular cases, the resulting watermarked DNN behaves in a different, predefined pattern when given any signed inputs, thus proving the authorship. We demonstrate an example implementation of the framework on popular image classification datasets and show that strong watermarks can be embedded in the models.

  PublisherDOI

• Efficient and Secure Group Key Management in IoT using Multistage Interconnected PUF

  Proceedings of the International Symposium on Low Power Electronics and Design · 2018-07-23 · 24 citations

  articleOpen accessSenior author

  Secure group-oriented communication is crucial to a wide range of applications in Internet of Things (IoT). Security problems related to group-oriented communications in IoT-based applications placed in a privacy-sensitive environment have become a major concern along with the development of the technology. Unfortunately, many IoT devices are designed to be portable and light-weight; thus, their functionalities, including security modules, are heavily constrained by the limited energy resources (e.g., battery capacity). To address these problems, we propose a group key management scheme based on a novel physically unclonable function (PUF) design: multistage interconnected PUF (MIPUF) to secure group communications in an energy-constrained environment. Our design is capable of performing key management tasks such as key distribution, key storage and rekeying securely and efficiently. We show that our design is secure against multiple attack methods and our experimental results show that our design saves 47.33% of energy globally comparing to state-of-the-art Elliptic-curve cryptography (ECC)-based key management scheme on average.

  PublisherOA PDFDOI

• Circuit power optimization using pipelining and dual-supply voltage assignment

  Integration · 2018-01-12

  articleSenior author
  PublisherDOI

• Securing interconnected PUF network with reconfigurability

  2018-04-01 · 7 citations

  articleSenior author

  Physical Unclonable Functions (PUFs) are known for their unclonability and light-weight design. Recent advancement in technology has significantly compromised the security of PUFs. Machine learning-based attacks have been proven to be able to construct numerical models that predict various types of PUFs with high accuracy with a small set of challenge-response pairs (CRPs). To address the problem, we present a reconfigurable interconnected PUF network (IPN) design that significantly strengthens the security and unclonability of strong PUFs. While the IPN structure itself provides high resilience against modeling attacks, the reconfiguration mechanism remaps the input-output mapping before an attacker could collect sufficient CRPs. Experimental results show that all tested state-of-the-art machine learning attack methods have prediction accuracy of around 50% on a single bit output of a reconfigurable IPN.

  PublisherDOI

• Pruning ConvNets Online for Efficient Specialist Models

  2017-07-01 · 12 citations

  articleSenior author

  Convolutional neural networks (CNNs) excel in various computer vision related tasks but are extremely computationally intensive and power hungry to run on mobile and embedded devices. Recent pruning techniques can reduce the computation and memory requirements of CNNs, but a costly retraining step is needed to restore the classification accuracy of the pruned model. In this paper, we present evidence that when only a subset of the classes need to be classified, we could prune a model and achieve reasonable classification accuracy without retraining. The resulting specialist model will require less energy and time to run than the original full model. To compensate for the pruning, we take advantage of the redundancy among filters and class-specific features. We show that even simple methods such as replacing channels with mean or with the most correlated channel can boost the accuracy of the pruned model to reasonable levels.

  PublisherDOI

• Pruning Filters and Classes

  2017-06-19 · 17 citations

  articleOpen accessSenior author

  In recent years, we have witnessed more and more mobile applications based on deep learning. Widely used as they may be, those applications provide little flexibility to cater to the diversified needs of different groups of users. For users facing a classification problem, it is natural that some classes are more important to them, while the rest are not. We thus propose a lightweight method that allows users to prune the unneeded classes together with associated filters from convolutional neural networks (CNNs). Such customization can result in substantial reduction in computational costs at test time. Early results have shown that after pruning the Network-in-Network (NIN) model on CIFAR-10 dataset\cite{lim2013network} down to a 5-class classifier, we can trade a 3\% loss in accuracy for a 1.63$\times$ gain in energy consumption and a 1.24$\times$ improvement in latency when experimenting on an off-the-shelf smartphone, while the procedure incurs with very little overhead. After pruning, the custom-tailored model can still achieve a higher classification accuracy than the unmodified classifier because of a smaller problem space that more accurately reflects users' needs.

  PublisherOA PDFDOI

• 20 Years of research on intellectual property protection

  2017-05-01 · 12 citations

  article1st authorCorresponding

  VLSI intellectual property (IP) reuse based design methodology was adopted by the semiconductor industry in the early 1990's and how to protect design IPs from piracy and misuse has since been a challenging problem. 2017 marks the 20th anniversary of the IP protection development and working group was founded and the first series of IP watermarking papers were published. In this paper, we survey the efforts from industry, government, and academia on securing the design IPs in the past 20 years with focus on development from academia side.

  PublisherDOI

Recent grants

• CI-EN: Trust-Hub: Development of Benchmarks, Metrics, and Validation Platforms for Hardware Security, and a Web-based Dissemination Portal

  NSF · $320k · 2015–2020

• Collaborative Research: CT-T: Manufacturing Variability-based Hardware Protection Techniques

  NSF · $66k · 2007–2009

• Collaborative Research: CI-ADDO-NEW: Trust-Hub: Design of Trust Benchmarks, Hardware Validation Platforms and a Web-Based Dissemination Portal

  NSF · $243k · 2011–2016

• Collaborative Research: CI-ADDO-NEW: TrustHub: Design of Trust Benchmarks, Hardware Validation Platforms and a Web-based Dissemination Portal

  NSF · $36k · 2010–2012

Frequent coauthors

• Farinaz Koushanfar

  71 shared

• Jennifer L. Wong

  University of California, Irvine

  59 shared

• Darko Kirovski

  54 shared

• Gang Qu

  University of Maryland, College Park

  46 shared

• Jan M. Rabaey

  39 shared

• William H. Mangione-Smith

  University of California, Los Angeles

  31 shared

• Seapahn Megerian

  University of Wisconsin–Madison

  26 shared

• James B. Wendt

  26 shared

Education

• Ph.D., Electrical Engineering

  University of California, Los Angeles

  1992

• M.S., Electrical Engineering

  University of Belgrade

  1988

• B.S., Electrical Engineering

  University of Belgrade

  1984