Recently discharged from the hospital after a heart attack, he is now using a smartwatch for monitoring his electrocardiogram signals. Although the smartwatch appears secure, the neural network that processes his health information uses private data that malicious agents could have still stolen through a side-channel attack.
Side-channel attacks indirectly exploit the hardware or system to gain secret information. One type of side channel attack is where a skilled hacker can monitor the device’s power consumption fluctuations while the neural net operates to extract protected information.
“When people open safes locked in their homes, they listen to the clicks as they turn the lock. This indicates that they will probably be able to move further if the lock is turned in this direction. This is what side-channel attacks are. It’s just using unintended information and using that to predict what is happening inside the device,” Saurav Maji (a graduate student at MIT’s Department of Electrical Engineering and Computer Science, EECS), who is also the lead author of a paper on this topic.
The current methods for preventing side-channel attacks are known to be power-intensive. They are often not feasible for the internet of things (IoT), devices such as smartwatches that rely on lower-power computation.
Maji and his colleagues have now created an integrated circuit chip that can protect against power side-channel attacks using less energy than common security techniques. This chip is smaller than a thumbnail and can be integrated into smartwatches, smartphones, tablets, and other devices to provide secure machine learning computations based on sensor values.
Anantha Chandrakasan is the senior author of the paper and the dean of MIT School of Engineering. She is also Vannevar Bush Professor of Electrical Engineering. This hardware addresses the security issues of machine-learning algorithms that many people have neglected.
Utsav Banerjee, a former EECS student, is now an assistant professor at the Indian Institute of Science’s Department of Electronic Systems Engineering. Samuel Fuller, MIT visiting scientist and distinguished researcher at Analog Devices, are co-authors. This research will be presented at the International Solid-States Circuit Conference.
Random computing
The team created a chip based on threshold computing, a special type of computation. Instead of having the neural network work on actual data, the data is first divided into unique, random parts. Before accumulating the final result, the network works on each of these random components in its random order.
Maji states that this method ensures that the information leakage is random and does not reveal any side-channel information. This approach is computationally more expensive because the neural network must perform more operations and requires more memory to store the messy data.
The researchers then optimized the process by using an algorithm that decreases the number of multiplications required for the neural network to process data. This reduces the computing power needed. The parameters of the model are encrypted to protect the neutral network. They provide greater security and reduce the amount of chip memory required by grouping parameters into chunks.
“Using this function, we can operate while skipping certain steps with less impact. This allows us to lower overhead. While we can reduce costs, it also comes with additional costs in terms of the accuracy of the neural network. Maji states that it is important to choose the right algorithm and architecture.
Although homomorphic encryption offers strong security guarantees, they have large overheads in area and power, limiting its use in many applications. The researchers’ method was three orders of magnitude more efficient energy consumption than the existing methods. The researchers simplified the chip architecture and used less silicon chip space than other security hardware. This is an important factor in implementing a chip onto small devices.
Security is important
Although the chip provides significant security against power-side-channel attacks, it requires 5.5x more power and 1.6x more silicon area than a baseline implementation.
“We are at the point where security is important. To make more secure calculations, we must be willing to sacrifice some energy consumption. This isn’t a free lunch. Chandrakasan suggests that future research should focus on reducing overhead to make the computations more secure.
They compared the chip to a default implementation that had no security hardware. They recovered hidden information in the default implementation after collecting approximately 1,000 power waveforms, which are representations of power usage over time. Even after collecting over 2 million waveforms, the new hardware did not allow them to recover the data.
They tested the chip with biomedical signals data to ensure that it would work in real-world situations. Maji says that the chip can be programmed to analyze any signal.

