“Securing Execution of Neural Network Models on Edge Devices”
Thursday, Feb. 18 at 1:00pm
Email Communications@ece.ufl.edu for Zoom info
|Made Possible with the Generous Support of Texas Instruments|
Neural network model deployment in the cloud may not be feasible or effective in many cases. When the application cannot tolerate the round-trip latency associated with calls to a remote cloud server, edge computation is often the only viable solution. The models are often trained using private datasets that are very expensive to collect, or highly sensitive. They are commonly exposed either through online APIs, or used in hardware devices deployed in the field and available to the end users. Such access provides malicious parties with opportunities to steal these ML models as a proxy for gathering the underlying datasets. While API-based model exfiltration has been studied before, the theft and protection of machine learning models on hardware devices have not been examined. In this work, we develop a hardware module named Trusted Inference Engine (TIE), an anonymous authentication model distribution protocol that allows designers to securely distribute their models without the risk of exfiltration, and an algorithm for fast inference with both data and model privacy guarantees. The engine protects non-volatile memory against probing attacks and prevents API-based extraction by ensuring rate-limiting operations. With its associated anonymous authentication protocol, it fulfills the desired functionality for authentication and privacy while providing strong security guarantees for edge deployments.
Dr. Michel A. Kinsy is an associate professor in the Department of Electrical and Computer Engineering Texas A&M University (TAMU), where he directs the Adaptive and Secure Computing Systems (ASCS) Laboratory. Dr. Kinsy is also the Associate Director of TAMU Cybersecurity Center. He focuses his research on computer architecture, hardware-level security, and efficient hardware design and implementation of post-quantum cryptography systems. Dr. Kinsy is an MIT Presidential Fellow and an Inaugural Skip Ellis Career Award recipient. He earned his PhD in Electrical Engineering and Computer Science in 2013 from the Massachusetts Institute of Technology (MIT). Before joining the TAMU faculty, Dr. Kinsy was an assistant professor in the Department of Electrical and Computer Engineering at Boston University (BU). Prior to BU, he was an assistant professor in the Department of Computer and Information Systems at the University of Oregon. From 2013 to 2014, he was a Member of the Technical Staff at the MIT Lincoln Laboratory, where he led the Advanced Computer Architecture Concepts sub-group tasked with exploring future secure computing architectures in critical DoD systems.