Due to this constant communication process, such apps slow and drain a device’s battery. Therefore, engineers often use machine-learning accelerators, specialized hardware that speeds up the process. 

However, these accelerators leave devices open to crack, making these apps vulnerable to data theft as hackers can steal sensitive health and financial data.

Safe design to maintain privacy

The new machine-learning accelerator is designed to resist the most common types of attacks per MIT. It involves several clever optimizations to maximize security while minimizing the impact on speed and accuracy. 

It aims to maintain the privacy of sensitive user data while allowing large AI models to run seamlessly on devices. 

“It is important to design with security in mind from the ground up. If you are trying to add even a minimal amount of security after a system has been designed, it is prohibitively expensive,” said Maitreyi Ashok, an electrical engineering and computer science (EECS) graduate student at MIT.

However, implementing these chips would make a device more expensive and less energy-efficient, Ashok added. 

“We were able to effectively balance a lot of these tradeoffs during the design phase.”

‘Critical in future mobile devices’

The key to enhanced security through these new machine-learning accelerators lies in a three-part approach. At first, the chip splits data into random fragments. This prevents hackers from reconstructing meaningful information through what are known as “side-channel attacks.” 

Thereafter, it employs a lightweight cipher to encrypt the AI model stored in off-chip memory, making “bus-probing attacks” ineffective. Finally, a unique decryption key is generated directly on the chip based on tiny manufacturing variations, making it nearly impossible for hackers to duplicate it.

“As security has become a critical issue in the design of edge devices, there is a need to develop a complete system stack focusing on secure operation,” said Anantha Chandrakasan, MIT’s Chief Innovation Officer.

“This work focuses on security for machine-learning workloads and describes a digital processor that uses cross-cutting optimization, added Chandrakasan.

He further added that the device generates “unique codes” through randomization and variability and secures data access between the processor and memory to prevent side-channel attacks.

“Such designs are going to be critical in future mobile devices,” concluded Chandrakasan, who also serves as the dean of the School of Engineering and Vannevar Bush Professor of Electrical Engineering and Computer Science.

Rigorous tests result in effective outcome

The researchers subjected this new chip to intensive testing, simulating real-world hacking attempts, and the results were impressive.  

Even after millions of attempts, they were unable to recover any private information. In contrast, stealing data from an unprotected chip took only a few thousand samples.

This advancement has far-reaching implications. While the immediate focus is on health apps, secure machine-learning accelerators could power demanding AI applications like augmented and virtual reality or autonomous driving, all while prioritizing the secure handling of user data.

Moving forward, the researchers plan to explore ways to minimize the energy and size impact of their chip, making widespread implementation more feasible.