Researchers from MIT and the MIT-IBM Watson AI Lab have developed a machine-learning accelerator that can resist the two most common types of cyberattacks while maintaining the functionality of large Artificial Intelligence (AI) models, according to senior author Anantha Chandrakasan, MIT’s chief innovation and strategy officer, dean of the School of Engineering, and the Vannevar Bush Professor of Electrical Engineering and Computer Science (EECS). The paper will be presented at the IEEE Custom Integrated Circuits Conference.
The research focused on securing a type of machine-learning accelerator known as digital in-memory compute (IMC), which performs computations inside a device’s memory. However, these chips are susceptible to side-channel attacks, where a hacker monitors the chip’s power consumption and uses statistical techniques to decipher the information, and bus-probing attacks, where bits of the model and dataset can be stolen.
To counter these attacks, the researchers took a three-pronged approach. Firstly, they split the IMC data into seemingly random bits that, when combined logically, represented a single original bit. However, to overcome the computational challenge of splitting the data into such small parts, the researchers simplified the process, doing away with the need for generating random bits.
Secondly, to prevent bus-probing attacks, the researchers encrypted the model stored in off-chip memory using a lightweight cipher. They also only decrypted parts of the model stored on the chip when needed.
Lastly, the researchers improved security by generating a unique decryption key on the chip instead of moving it between the model. They created this key using random variations in the chip that occur during manufacturing, known as a physically unclonable function.
Despite successfully protecting the AI models from millions of hacking attempts during testing, the increased security measures somewhat reduced the energy efficiency of the chip and required more chip area, making it more costly. The team is set to explore methods to address these issues in future research.
As edge device security becomes critical, more designs will need to focus on secure operation, according to Chandrakasan.
