A new chip for machine learning will prevent hacking and change the design of devices.
MIT developed a new type of machine learning accelerator that is resistant to the most common types of attacks. The device allows you to safely process health applications on smartphones, without sacrificing the privacy of user data – medical records or financial information.
The new chip is able to work effectively with LLM models, which is especially important for augmented (AR) and virtual reality (VR) applications or autonomous driving. Optimizations implemented in the accelerator provide a high degree of security with minimal reduction in device speed and without loss of computational accuracy.
The MIT chip
The device uses the digital in-memory compute (IMC) process, which allows you to perform calculations directly in the device's memory, reducing the need for data transfer between the device and a central server, which is a characteristic feature of health monitoring applications. This approach helps to reduce the amount of data transmitted and protect the device from side - channel attacks, such as monitoring power consumption and analyzing data transmission.
In a side-channel attack, the hacker tracks the chip's power consumption and uses statistical methods to reverse engineer data during chip calculations. In a bus-probing attack, a hacker can steal fragments of the model and dataset by checking the connection between the accelerator and external memory.
Scientists used a three-step strategy to protect themselves from attacks:
Experts have used the technique of splitting data into random parts, which makes it more difficult to recover them during an attack.
Protection against attacks on the data bus is achieved by using a lightweight cipher that encrypts the model stored in external memory, and is decrypted only when necessary directly on the chip.
The decryption key is generated directly on the device using a physically unclonable function based on random variations that occur during the chip manufacturing process.
During testing, where the researchers tried to hack their own chip, they failed to extract any real data, which confirms the high degree of protection of the device. Even after millions of attempts, experts were unable to recover real information or extract fragments of the model or data set. The cipher also remained resistant to hacking. In contrast, it only took about 5,000 samples to steal information from an unsecured chip.
It is noted that the addition of security tools really reduced the energy efficiency of the accelerator, and also required a larger chip area, which made its production more expensive. The team plans to explore techniques that could reduce power consumption and chip size, making it easier to implement on a large scale.
The authors note that the development of a chip with security in mind is initially a key aspect in the design of modern devices. Creating such a system requires a balance between security, cost, and power consumption, which is important for the future of mobile technology.
MIT developed a new type of machine learning accelerator that is resistant to the most common types of attacks. The device allows you to safely process health applications on smartphones, without sacrificing the privacy of user data – medical records or financial information.
The new chip is able to work effectively with LLM models, which is especially important for augmented (AR) and virtual reality (VR) applications or autonomous driving. Optimizations implemented in the accelerator provide a high degree of security with minimal reduction in device speed and without loss of computational accuracy.
The MIT chip
The device uses the digital in-memory compute (IMC) process, which allows you to perform calculations directly in the device's memory, reducing the need for data transfer between the device and a central server, which is a characteristic feature of health monitoring applications. This approach helps to reduce the amount of data transmitted and protect the device from side - channel attacks, such as monitoring power consumption and analyzing data transmission.
In a side-channel attack, the hacker tracks the chip's power consumption and uses statistical methods to reverse engineer data during chip calculations. In a bus-probing attack, a hacker can steal fragments of the model and dataset by checking the connection between the accelerator and external memory.
Scientists used a three-step strategy to protect themselves from attacks:
Experts have used the technique of splitting data into random parts, which makes it more difficult to recover them during an attack.
Protection against attacks on the data bus is achieved by using a lightweight cipher that encrypts the model stored in external memory, and is decrypted only when necessary directly on the chip.
The decryption key is generated directly on the device using a physically unclonable function based on random variations that occur during the chip manufacturing process.
During testing, where the researchers tried to hack their own chip, they failed to extract any real data, which confirms the high degree of protection of the device. Even after millions of attempts, experts were unable to recover real information or extract fragments of the model or data set. The cipher also remained resistant to hacking. In contrast, it only took about 5,000 samples to steal information from an unsecured chip.
It is noted that the addition of security tools really reduced the energy efficiency of the accelerator, and also required a larger chip area, which made its production more expensive. The team plans to explore techniques that could reduce power consumption and chip size, making it easier to implement on a large scale.
The authors note that the development of a chip with security in mind is initially a key aspect in the design of modern devices. Creating such a system requires a balance between security, cost, and power consumption, which is important for the future of mobile technology.
