Novel Framework CipherSteal Exposes Critical Vulnerabilities in TEEs

Prof. WANG Shuai and Team Recognized with Distinguished Paper Award at IEEE Symposium on Security and Privacy 2025

[Download Photo]

Prof. WANG Shuai, Associate Professor of the Department of Computer Science and Engineering (CSE), and his research team were honored with the prestigious Distinguished Paper Award at the 46th IEEE Symposium on Security and Privacy (IEEE S&P 2025), a top conference in the field. This recognition highlights their groundbreaking work on CipherSteal, a novel framework that exposes critical vulnerabilities in Trusted Execution Environments (TEEs) used to protect neural networks (NNs).

The award-winning paper, titled “CipherSteal: Stealing Input Data from TEE-Shielded Neural Networks with Ciphertext Side Channels”, was authored by:

  • Dr. YUAN Yuanyuan, 2024 PhD graduate from CSE, currently a postdoc at ETH
  • Dr. LIU Zhibo, postdoc at CSE and 2023 CSE PhD graduate
  • DENG Sen, PhD student at CSE
  • CHEN Yanzuo, PhD student at CSE
  • Prof. WANG Shuai, Associate Professor at CSE
  • Prof. ZHANG Yinqian, Professor at Southern University of Science and Technology (SUSTech)
  • Prof. SU Zhendong, Professor at ETH Zurich


As the reliance on NNs grows, so does the need to safeguard them from untrusted hosts. However, recent research has revealed that the confidentiality of NNs and user data can be compromised by ciphertext side channels within TEEs, which leak memory write patterns to malicious entities. Dr. Wang and his team, collaborating with researchers from SUSTech and ETH Zurich, demonstrated the severe threat posed by these side channels to NN inputs for the first time, showcasing how sophisticated attacks can reconstruct complex data with alarming accuracy.

In their innovative approach, CipherSteal employs a two-step method—information transformation and reconstruction—optimizing the use of partial input information leaked through ciphertext side channels. The framework has been evaluated across various neural network architectures, including Transformers, and has successfully recovered visually identical inputs under different levels of prior knowledge held by attackers.

The findings of this research challenge the long-standing belief that hardware-based protections like TEEs can fully safeguard neural network computations and user data. The team’s work not only highlights critical vulnerabilities but also emphasizes the inherent trade-off between performance optimizations and security, revealing how these optimizations can inadvertently create new attack surfaces.

“Receiving the Distinguished Paper Award at IEEE S&P 2025 is a tremendous honor and validation of our work on CipherSteal. Our research underscores the importance of considering domain-specific constraints in side-channel attacks, enabling us to effectively enlarge the attacking surface with partial information leakage,” they expressed.

The IEEE Symposium on Security and Privacy is a premier forum for presenting developments in computer security and electronic privacy. The 2025 edition was held from May 12 to 15 in San Francisco, US.

Computer Science and Engineering
Cyber​​security
Recognition
Share
Prof. Shuai Wang and his research team received the Distinguished Paper Award at the 46th IEEE Symposium on Security and Privacy (IEEE S&P) 2025.
Computer Science and Engineering
Cyber​​security
Recognition
Share