Hardware Attack Surface & AI

Original article was published on Artificial Intelligence on Medium

Hardware Attack Surface & AI

Artificial intelligence and security in hardware

An article from Semiconductor Engineering argues It is becoming harder to secure systems due to the ‘expanding attack surface’.

This is partly due to the need to gather data from more places and to process it with AI/ML/DL.

Paradoxically there has been an improvement in security.

According to Robert van Spyk, senior offensive hardware security research at Nvidia “The attack surface per device is actually shrinking.”

So per device it is increasing, but the full ecosystem is getting bigger. The problem is that there are a large number of devices that are not symmetrical.

Security needs to be addressed in a methodical manner.

There are gaps and changing frameworks.

Particularly with AI and machine learning.

More security holes are identified and closed up.

Yet, over the past year, that isn’t keeping pace with the number of new threats.

AI can be used to find weaknesses in both software and hardware, as well as to help defend against attacks in real time.

However optimising for system behaviours can open for new attacks.

There are signals that AI thinks it sees that are not real.

Similarly companies making claims about what their AI can do.

AI agains AI can be unpredictable.

AI is attempting to throw out some abnormal traffic.

Adversaries are trying to make the traffic escape whatever detectors are there.

One could make AI look at aggregated issues, yet that can have its own issues.

What are the acceptable parameters?

AI can be attacked from the training data all the way through to the inferencing process.

One can monitor hardware, but that may require new hardware such as other sensing mechanisms to detect changes and shut down possibly.

A circuit can also be ageing over time while it may need to remain accurate.

There are certain exploits that can be baked into read-only memory (ROM), and is hard to detect.

Attacks can be discounted, because they are complicated.

What is the cost of attacking particular devices? If it is low enough…

Well, you might get more of a certain kind of attack.

These are complex problems, but there are companies working very hard to solve them.

With more devices and more complexity within those devices it affects the overall security paradigm.