Research Bits: June 21

Security: Side-channel protection for edge AI; silk PUF; skyrmion random numbers.


Side-channel protection for edge AI

Researchers from the Massachusetts Institute of Technology built a chip that can defend against power side-channel attacks targeting machine learning computations in smartwatches, smartphones, and tablets. Side-channel attacks involve observing a facet of the device’s operation, in this case power, to deduce secrets.

“The goal of this project is to build an integrated circuit that does machine learning on the edge, so that it is still low-power but can protect against these side channel attacks so we don’t lose the privacy of these models,” said Anantha Chandrakasan, the dean of the MIT School of Engineering and professor of Electrical Engineering and Computer Science at MIT. “People have not paid much attention to security of these machine-learning algorithms, and this proposed hardware is effectively addressing this space.”

The chip is based on threshold computing. Instead of having a neural network operate on actual data, the data is first split into random components. The network operates on those random components individually, in a random order, before accumulating the final result. This way, information leakage from the device is random every time.

However, the approach is more computationally expensive and requires more memory. To address this, the researchers optimized the process by using a function that reduces the amount of multiplication the neural network needs to process data. They also protect the neutral network itself by encrypting the model’s parameters. By grouping the parameters in chunks before encrypting them, they provide more security while reducing the amount of memory needed on the chip.

“By using this special function, we can perform this operation while skipping some steps with lesser impacts, which allows us to reduce the overhead. We can reduce the cost, but it comes with other costs in terms of neural network accuracy. So, we have to make a judicious choice of the algorithm and architectures that we choose,” said Saurav Maji, a graduate student in MIT’s Department of Electrical Engineering and Computer Science.

The researchers compared their chip with a baseline implementation with no security hardware. In the baseline, they were able to recover hidden information after collecting about 1,000 power waveforms from the device. With the new hardware, even after collecting 2 million waveforms, they still could not recover the data. The new chip also required 5.5 times more power and 1.6 times more silicon area than the baseline.

“We’re at the point where security matters. We have to be willing to trade off some amount of energy consumption to make a more secure computation. This is not a free lunch. Future research could focus on how to reduce the amount of overhead in order to make this computation more secure,” Chandrakasan said.

They also tested the chip with biomedical signal data to ensure it would work in a real-world implementation. Next, they plan to apply the approach to electromagnetic side-channel attacks.

Silk PUF

Researchers from the Gwangju Institute of Science and Technology, Purdue University, and Yonsei University designed natural physical unclonable function (PUF) tags using silk. These tags were used to create a lens-free, optical (light-based), and portable PUF (LOP-PUF) module.

“When a beam of light hits the disordered silk fibers of an optimal density, it causes light diffraction. The nanostructures in individual microfibers enhance the contrast of light intensity with respect to the background. The diffracted light is then captured by an image sensor. Since the pattern of the microholes is naturally-made, it is unique, giving rise to a unique pattern of light,” said Young Min Song, a professor at the Gwangju Institute of Science and Technology.

The researchers optimized the distance between the silk-based PUF and the image sensor to achieve the desired intensity and contrast. The assembly also included a light-reflecting mirror and three tricolor light-emitting diodes among other components. A cooling fan was also used to reduce thermal noise. The team processed the captured patterns of light and converted them into a digital format.

“To our knowledge, this is the first PUF module designed using silk, a naturally abundant biomaterial. It means that we don’t need to invest time in developing complicated security keys, nature has already done this for us,” said Song.

According to the team, the average time required to “fake” the authentication was approximately 5*1041 years, making the LOP-PUF module a practically unbreachable device. It also permitted digital encryption to prevent unauthorized access.

“The digital security device we designed is low-cost, portable, eco-friendly, and free of pre- or post-processing. It also does not require a coherent source of light or a bulky lens system. The advantages of this system are manifold,” said Song.

Random numbers from skyrmions

Researchers from Brown University propose way to harness skyrmions to generate true random numbers. Skyrmions are tiny magnetic anomalies that arise from the spin of electrons in certain two-dimensional materials.

“There has been a lot of research into the global dynamics of skyrmions, using their movements as a basis for performing computations,” said Gang Xiao, chair of the Department of Physics at Brown. “But in this work, we show that purely random fluctuations in the size of skyrmions can be useful as well. In this case, we show that we can use those fluctuations to generate random numbers, potentially as many as 10 million digits per second.”

The team fabricated magnetic thin films using a technique that produced subtle defects in the material’s atomic lattice. When skyrmions form in the material, these defects, which the researchers call pinning centers, hold the skyrmions firmly in place rather than allowing them to move as they normally would.

When a skyrmion is held in place, its size fluctuates randomly. “Each skyrmion jumps back and forth between a large diameter and a small diameter,” said Kang Wang, a postdoctoral fellow at Brown. “We can measure that fluctuation, which occurs randomly, and use it to generate random numbers.”

The researchers said that the change in skyrmion size is measured through the anomalous Hall effect, which is a voltage that propagates across the material. This voltage is sensitive to the perpendicular component of electron spins. When the skyrmion size changes, the voltage changes to an extent that is easily measured. Those random voltage changes can be used to produce a string of random digits.

By optimizing the defect spacing in the device, the researchers estimate they can produce as many as 10 million random digits per second. “This gives us a new way of generating true random numbers, which could be useful for many applications,” Xiao said. “This work also gives us a new way of harnessing the power of skyrmions, by looking at their local dynamics as well as their global movements.”

Leave a Reply

(Note: This name will be displayed publicly)