A heart attack patient who has recently been discharged from the hospital is using a smartwatch to monitor the EKG signal that is being produced. Despite the fact that a wristwatch appears to be safe, the neural network that processes that health information makes use of private data that a malevolent individual, organization, or institution might still obtain by hacking into it through the front channel.

An attack through a side channel aims to collect secret information through abusing the system or its hardware in an indirect manner, rather than directly. Smart hackers might keep an eye on changes in the gadget's power usage as a neural network attempts to extract protected information that "leaks" from the device in one type of attack, according to the FBI.

When people in the movies try to unlock locked safes, they hear the lock click as they turn the key in the lock. That is, twisting the lock in this direction is most likely going to assist them in moving forward. An example of a side channel attack is shown below. According to Saurav Maji, a graduate student at MIT's Department of Electrical and Computer Engineering (EECS) and the principal author of research dealing with the subject, it solely leverages inadvertent information and uses it to forecast what is happening inside the device.

Current solutions for preventing some of these assaults are notoriously energy-intensive, making them infeasible for IoT (Internet of Things) devices such as smart watches, which rely on lower-power computation to function properly.

Maji and his colleagues developed an integrated circuit chip that can fight against such attacks while using far less energy than standard security measures. In order to do safe machine learning computations on sensor values, this incredibly compact chip might be integrated into a smartwatch, smartphone, or tablet device.

Ultimately, the purpose of this research is to develop an integrated circuit that performs machine learning at the edge, allowing it to remain low-power while also providing protection against various assaults through side channels, so maintaining privacy. "People have not paid much attention to the security of these machine learning algorithms," says Anantha Chandrakasan, head of MIT Technical School and a senior author of the study. "This proposed hardware successfully addresses this," he adds.

The findings of the study were presented at the International Conference on Solid Circles in New York City.

The key lies in the use of random computing.

Known as threshold computation, the device built by the researchers is based on a unique sort of computing known as threshold computing. Instead of using actual data to train the neural network, the data is first separated into distinct, random components before being fed into the network. Before collecting the final result, the network works on each of these random components individually and in a random order before collecting the final result.

Since the information leaks from the device at random every time using this way, it does not reveal any meaningful information regarding the side channels, argues Maja, the method is not effective. The downside is that this strategy is more computationally costly because the neural network must now conduct more operations and also requires more memory to store the jumbled information.

Computer engineers have therefore streamlined the process by employing a function that decreases the amount of multiplication that the neural network must perform in order to process data, thereby reducing the amount of processing power required. They also safeguard the neural network itself by encrypting the parameters that make up the neural network. They are able to provide more security while also lowering the amount of memory required on the chip by segmenting parameters before encrypting them.

By utilizing this special feature, we may complete this procedure faster and with less impact by eliminating some steps that would otherwise be necessary, allowing us to save money. We can lower prices, but doing so comes at a cost in terms of accuracy of neural networks. As a result, Maji highlights the need of selecting an acceptable algorithm and design.

Currently available safe computational approaches, such as homomorphic encryption, provide good security assurances at the expense of significant costs in terms of space and strength, which makes them unsuitable for a wide range of applications. The solution offered by MIT scientists, which attempts to give the same level of security, has been found to consume three orders of magnitude less energy than the previous method used to achieve it.

The researchers were also able to use less space on the silicon chip than comparable security technology as a result of streamlining the chip architecture, which is a key consideration when deploying the chip on personal-sized devices.

Saving energy is less vital than maintaining safety.

Despite the fact that it provides significantly greater protection against side channel attacks, the MIT device consumes 5.5 times the power and has 1.6 times the silicone surface area of the standard insecure design, respectively.

We have arrived at a time where safety is critical. In order to make our calculations more secure, we must be willing to sacrifice a certain amount of energy usage in the process. This is not a free lunch, as the saying goes. Future study should look into ways to cut overhead expenses in order to make this calculation more secure, according to Chandrakasan.

A default implementation of the chip, which did not include any security hardware, was used as a comparison. Using the default approach, they were able to obtain concealed information after collecting around 1000 power waveforms from the device (which represented the device's energy use over time). Even after collecting two million waveforms using the new hardware, they were unable to obtain the necessary information.

They also put their gadget through its paces with biomedical signal data to ensure that it would function properly in a real-world setting. According to Maji, the chip is highly adaptable and can be designed to analyze any signal that the user wishes to analyze.

Eventually, researchers intend to extend their approach to side channel electromagnetic attacks, which are currently illegal. Because the hacker does not require a physical gadget to obtain concealed information, these attacks are more difficult to protect against.