This post is also available in: עברית (Hebrew)
Internet-of-things (IoT) devices are vulnerable to various cyber threats. One of them is the side-channel attack. This tactic seeks to gather secret information by indirectly exploiting a system or its hardware. In one type of side-channel attack, a savvy hacker could monitor fluctuations in the device’s power consumption while the neural network is operating to extract protected information that “leaks” out of the device. The risk is evident in cases such as cardiological patients using a smartwatch to help monitor their electrocardiogram signals: the neural network processing that health information is using private data that could be stolen by a malicious agent through a side-channel attack.
Current methods that can prevent some side-channel attacks are notoriously power-intensive, so they often aren’t feasible for IoT devices like smartwatches, which rely on lower-power computation.
Now, a research team from MIT’s Department of Electrical Engineering and Computer Science has built an integrated circuit chip that can defend against power side-channel attacks while using much less energy than a common security technique. The chip, smaller than a thumbnail, could be incorporated into a smartwatch, smartphone, or tablet to perform secure machine learning computations on sensor values.
The chip the team developed is based on a special type of computation known as threshold computing. Rather than having a neural network operate on actual data, the data are first split into unique, random components. The network operates on those random components individually, in a random order, before accumulating the final result, according to mit.edu.
Using this method, the information leakage from the device is random every time, so it does not reveal any actual side-channel information.
But this approach is more computationally expensive since the neural network now must run more operations, and it also requires more memory to store the jumbled information. So, the researchers optimized the process by using a function that reduces the amount of multiplication the neural network needs to process data, which slashes the required computing power. They also protect the neutral network itself by encrypting the model’s parameters.
In the future, the researchers hope to apply their approach to electromagnetic side-channel attacks. These attacks are harder to defend since a hacker does not need the physical device to collect hidden information.