Researchers from MIT and the MIT-IBM Watson AI Lab have developed a machine-learning accelerator that strengthens the security of health-monitoring apps and other AI-powered devices. These apps and devices, which can help manage chronic diseases or track fitness progress, run on complex machine-learning models. This requires substantial data transfer between a central memory server and a user’s device, which can open them up to cyber-attacks.
The new machine-learning accelerator developed by the researchers is designed to mitigate the two most common types of attacks, keeping sensitive information like health records and financial data private. This is achieved without affecting the accuracy or efficiency of the computations performed by the AI models running on the devices. Despite the technology becoming slightly more expensive and somewhat less energy-efficient, the balance of these factors was carefully considered during the design phase to optimize the security.
A primary concern for the researchers was the susceptibility of digital in-memory compute (IMC) chips to attacks, as they are responsible for computations within a device’s memory. This type of chip can reduce the amount of data that needs to be transferred, but it can still be vulnerable to hackers. Side-channel attacks, for instance, allows hackers to monitor the chip’s power consumption and reverse-engineer data as it’s being processed. Similarly, bus-probing attacks can steal bits of a model and use the data to infiltrate the communication between the accelerator and the off-chip memory.
To defeat these possible attacks, the researchers implemented three main strategies. First, they split data in the IMC into random components that, even under an attack, could not disclose any real information. Second, to tackle bus-probing threats, they used a lightweight cipher to encrypt the model stored in the off-chip memory, only decrypting the data stored on the chip when necessary. Lastly, a unique key, used to decrypt the cipher, was generated directly on the chip. This key was produced from the slight, random variations in the chip’s structure that are naturally introduced during manufacture.
The researchers were unable to extract any secure information or break the cipher in safety tests, even after multiple attempts. Future plans for the technology include minimizing energy consumption, refining device size for scalability, and investigating cost-effective, secure options.
This innovative research could be crucial in advancing secure architecture in future mobile devices, as security continues to be a priority in edge device design. The project is financially supported by the MIT-IBM Watson AI Lab, the National Science Foundation, and a Mathworks Engineering Fellowship.