A team of researchers from the Massachusetts Institute of Technology (MIT) and the MIT-IBM Watson AI Lab have developed a machine-learning accelerator that is resistant to the most common types of cyber attacks. This development could help secure sensitive health records, financial information and other private data while still allowing complicated artificial intelligence (AI) models to operate efficiently on devices.
Aside from providing security, the machine-learning accelerator can ensure the accuracy of computations. Applications demanding AI, such as augmented and virtual reality and self-driving cars, would benefit greatly from this technology. However, it should be noted that the implementation of this technology could increase device costs and reduce energy efficiency. Yet, for the sake of security, these trade-offs are seen as necessary.
The challenge for the researchers centered on the type of machine-learning accelerator known as the digital in-memory compute (IMC) chips. These chips perform millions of operations simultaneously, speeding up computation yet complicating the prevention of cyber attacks. The main security issues with these chips are “side-channel attacks,” where hackers monitor power consumption, and “bus-probing attacks,” where the data traveling between the accelerator and off-chip memory is stolen.
The team used three strategies to block these attacks. Firstly, they split the data in the IMC into random pieces, effectively preventing a full picture of the data. Secondly, they prevented bus-probing attacks by using a lightweight cipher that encrypts the model stored in off-chip memory. Finally, they generated a unique decryption key directly on the chip itself to improve security. This reduces the chances of interception and adds another layer of security to the system.
The research team tested the security of their technology by trying to infiltrate the system themselves and found it to be secure against the attacks typical in this context. The introduction of security lowers the energy efficiency of the accelerator and requires more chip area, hence increasing the costs. However, the team plans to research ways to reduce energy consumption and size in the future.
