tinyML Asia 2022 Yuvaraj Govindarajulu: Attacks on Tiny Intelligence

Attacks on Tiny Intelligence
Yuvaraj GOVINDARAJULU, Senior Research Engineer, Bosch AI Shield

The field of TinyML has seen fast growth in the last few years in the areas of algorithms, hardware, and software, especially enabling several applications and use-cases. The applications include human-machine interface, health care, smart factories, monitoring and surveillance which are often safety critical. The availability of hardware, datasets and more importantly frameworks has enabled the so called “democratization” of TinyML. Recent works in Neuromorphic computing and On-device learning are significant in enhancing the capabilities.

Traditional AI systems are vulnerable to threats such as Model Theft, Model Evasion, Data poisoning and Membership inference. Several works related to the adversarial threats on traditional-AI systems have explored the vulnerabilities and made way to research on defenses on these systems. However, the threats on TinyML devices are not largely addressed. Especially since TinyML devices differ in various aspects compared to traditional-AI systems, the existing approaches from classical ML cannot be used for TinyML. Special security considerations become especially important since the tinyML devices are typically deployed in open (unmonitored) environments. Due to the use of similar tiny-devices in applications such as edge-computing, traditional Embedded Security has partly addressed the security of tiny-embedded devices. However, the security of AI on Tiny Embedded devices is a relatively unexplored area.

In this presentation, we talk about the need for security of tiny intelligence in addition to the classical embedded security. we present the results from our Embedded-AI Security research related to attacks on tiny intelligence. We provide an overview of the possible kill-chain for such attacks. Using relevant use-cases, we demonstrate how the AI models can be vulnerable and provide direction on prevention of such attacks through defense mechanisms.

source