Edge AI – A New Battlefield for Hardware Security Research
Prof. CHANG Chip Hong
Nanyang Technological University (NTU) of Singapore
The flourishing of Internet of Things (IoT) has rekindled on-premise computing to allow data to be analyzed closer to the source. To support edge Artificial Intelligence (AI), hardware accelerators, open-source AI model compilers and commercially available toolkits have evolved to facilitate the development and deployment of applications that use AI at its core. This “model once, run optimized anywhere” paradigm shift in deep learning computations introduces new attack surfaces and threat models that are methodologically different from existing software-based attack and defense mechanisms. Existing adversarial examples modify the input samples presented to an AI application either digitally or physically to cause a misclassification. Nevertheless, these input-based perturbations are not robust or stealthy on multi-view target. To generate a good adversarial example for misclassifying a real-world target of variational viewing angle, lighting and distance, a decent number of pristine samples of the target object are required. The feasible perturbations are substantial and visually perceptible. Edge AI also poses a difficult catchup for existing adversarial example detectors that are designed based on sophisticated offline analyses with the assumption that the deep learning model is implemented on a general purpose 32-bit floating-point CPU or GPU cluster. This talk will first present a new glitch injection attack on edge DNN accelerator capable of misclassifying a target under variational viewpoints. The attack pattern for each target of interest consists of sparse instantaneous glitches, which can be derived from just one sample of the target. The second part of this talk will present a new hardware-oriented approach for in-situ detection of adversarial inputs feeding through a spatial DNN accelerator architecture or a third-party DNN Intellectual Property (IP) implemented on the edge. With negligibly small hardware overhead, the glitch injection circuit and the trained shallow binary tree detector can be easily implemented alongside with a deep learning model on an edge AI accelerator hardware.
Prof. Chip Hong Chang is an Associate Professor at the Nanyang Technological University (NTU) of Singapore. He held concurrent appointments at NTU as Assistant Chair of Alumni of the School of EEE from 2008 to 2014, Deputy Director of the Center for High Performance Embedded Systems from 2000 to 2011, and Program Director of the Center for Integrated Circuits and Systems from 2003 to 2009. He has coedited five books, and have published 13 book chapters, more than 100 international journal papers (>70 are in IEEE), more than 180 refereed international conference papers (mostly in IEEE), and have delivered over 40 colloquia and invited seminars. His current research interests include hardware security and trustable computing, low-power and fault-tolerant computing, residue number systems, and application-specific digital signal processing algorithms and architectures. Dr. Chang currently serves as the Senior Area Editor of IEEE Transactions on Information Forensic and Security (TIFS), and Associate Editor of the IEEE Transactions on Circuits and Systems-I (TCAS-I) and IEEE Transactions on Very Large Scale Integration (TVLSI) Systems. He was the Associate Editor of the IEEE TIFS and IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD) from 2016 to 2019, IEEE Access from 2013 to 2019, IEEE TCAS-I from 2010 to 2013, Integration, the VLSI Journal from 2013 to 2015, Springer Journal of Hardware and System Security from 2016 to 2020 and Microelectronics Journal from 2014 to 2020. He also guest edited eight journal special issues including IEEE TCAS-I, IEEE Transactions on Dependable and Secure Computing (TDSC), IEEE TCAD and IEEE Journal on Emerging and Selected Topics in Circuits and Systems (JETCAS). He has held key appointments in the organizing and technical program committees of more than 60 international conferences (mostly IEEE), including the General Co-Chair of 2018 IEEE Asia-Pacific Conference on Circuits and Systems and the inaugural Workshop Chair and Steering Committee of the ACM CCS satellite workshop on Attacks and Solutions in Hardware Security. He is the 2018-2019 IEEE CASS Distinguished Lecturer, a Fellow of the IEEE and the IET.
Join Zoom Meeting:
Meeting ID: 937 9795 7554
Enquiries: Miss Caroline TAI at Tel. 3943 8440
For more information, please refer to http://www.cse.cuhk.edu.hk/seminar-archive/