Researchers from MIT and the MIT-IBM Watson AI Lab have developed a machine-learning accelerator that is resistant to the two most common types of cyber attacks. This development is a major leap forward in data and information security within devices using machine-learning applications. The chip can protect sensitive user information such as health records and financial transactions while still performing large-scale AI computations efficiently.
The research team devised several optimizations to strengthen security with only minimal slowdown of the device. Furthermore, these security measures do not affect the accuracy of the computations. Applications such as augmented and virtual reality or autonomous driving, which demand significant AI input, could greatly benefit from this machine-learning accelerator.
While the incorporation of the chip into a device would increase its cost and slightly reduce its energy-efficiency, Maitreyi Ashok, the study’s lead author, argues that these are worthy trade-offs for superior security. Moreover, the researchers aim to mitigate these drawbacks in future iterations of the chip.
The chip was designed to counter common attack strategies such as side-channel and bus-probing attacks. To combat side-channel attacks, the researchers segmented data into random pieces, reducing the chances of reverse-engineering data by monitoring power consumption. For bus-probing attacks, they used a lightweight cipher to encrypt stored models, decrypting only necessary pieces when required.
Key to the system’s security is the generation of a unique decryption key directly on the chip, rather than moving it back and forth, thereby reducing vulnerability. The key is produced from inherent random variations in the chip, introduced during manufacturing. As these variations are unique and consistent, they can reliably generate a unique key for each chip.
In testing, the researchers attempted to infiltrate their own system using side-channel and bus-probing strategies. With millions of attempts, they were unable to extract any real data or break the cipher, indicating that their security system was highly effective.
Despite the enhancement in security, the chip’s size and the reduction in energy efficiency could add to the cost of devices, which the team plans to address in future research. The researchers hope to balance security needs, cost, and ease of implementation to make the technology widespread in next-generation devices. This breakthrough is funded, in part, by the MIT-IBM Watson AI Lab, the National Science Foundation, and a Mathworks Engineering Fellowship.