This work addresses the vulnerability of neural network models to unauthorized replication onto cloned hardware, a challenge inadequately mitigated by existing protection mechanisms. To this end, it introduces physical unclonable functions (PUFs) into neural network intellectual property protection—a first in the field—and proposes a hardware-unique weight binding and recovery mechanism that tightly couples the model to its designated device. By co-designing hardware and model security, the approach ensures that model weights can be correctly restored and the network operated only on the original hardware. Experimental results across multiple neural network architectures demonstrate a significant drop in model accuracy when deployed on cloned hardware, thereby effectively preventing illicit copying and usage.

More and more companies' Intellectual Property (IP) is being integrated into Neural Network (NN) models. This IP has considerable value for companies and, therefore, requires adequate protection. For example, an attacker might replicate a production machines' hardware and subsequently simply copy associated software and NN models onto the cloned hardware. To make copying NN models onto cloned hardware infeasible, we present an approach to bind NN models - and thus also the IP contained within them - to their underlying hardware. For this purpose, we link an NN model's weights, which are crucial for its operation, to unique and unclonable hardware properties by leveraging Physically Unclonable Functions (PUFs). By doing so, sufficient accuracy can only be achieved using the target hardware to restore the original weights, rendering proper execution of the NN model on cloned hardware impossible. We demonstrate that our approach accomplishes the desired degradation of accuracy on various NN models and outline possible future improvements.