Health-monitoring apps can help individuals manage chronic diseases and keep up with their fitness goals. However, these apps can often be slow and energy-inefficient due to the machine-learning models they use, which need a significant amount of data shuffling between the smartphone and a central memory server. Engineers typically use hardware (machine-learning accelerators) to streamline this process, although these accelerators can be vulnerable to hackers who could potentially steal sensitive information.
To counter this issue, researchers from MIT and the MIT-IBM Watson AI Lab have created a machine-learning accelerator that is more secure, protecting against the most common types of attacks. This chip offers strong data protection without significantly inhibiting the device’s speed, while enabling major AI models to run on devices efficiently. It would be particularly beneficial for demanding AI applications like augmented reality, virtual reality or autonomous driving.
However, integrating this chip would likely make the device a bit more expensive and less energy-efficient, but that could sometimes be a worthwhile tradeoff for enhanced security. The barriers to adding security to an existing system are so high that it’s preferable to consider security from the outset. The researchers have thus applied a three-pronged approach to prevent attacks: splitting data into random pieces in the in-memory compute (IMC), using a lightweight cipher to prevent bus-probing attacks, and generating the decryption key directly on the chip, using a physically unclonable function.
The team tested their chip’s security by impersonating hackers trying to steal data using side-channel and bus-probing attacks. Despite millions of attempts, they couldn’t reconstruct any real information or parts of the model or dataset, demonstrating the robustness of their security measures. But providing this extra protection does lower the accelerator’s energy efficiency, require a larger chip (thus rendering fabrication more costly), and affects energy consumption. The team plans to explore ways to reduce energy use and decrease the chip size in the future. Ultimately, striking a balance between secure but cost-effective and easily implemented solutions will be key.