Cryptography and Security (cs.CR)

Abstract: We study how ambient energy harvesting may be used as an attack vector in the battery-less Internet of Things (IoT). Battery-less IoT devices are employed in a multitude of application scenarios, including safety-critical ones such as biomedical implants and space systems, while relying on ambient energy harvesting to power their operation. Due to extreme scarcity of energy intakes and limited energy buffers, their executions become intermittent, alternating periods of active operation with periods of recharging their energy buffer while the device is off. We demonstrate that by exerting a limited control on the ambient supply of energy to the system, one can create situations of livelock, denial of service, and priority inversion, without requiring physical access to a device. Using machine learning and concepts of approximate computing, we design a technique that can detect energy attacks with 92%+ accuracy, corresponding to a 73+% improvement in accuracy over the baselines we consider, and run on extremely resource-constrained devices by imposing a limited overhead.

Abstract: Backdoors pose a serious threat to machine learning, as they can compromise the integrity of security-critical systems, such as self-driving cars. While different defenses have been proposed to address this threat, they all rely on the assumption that the hardware on which the learning models are executed during inference is trusted. In this paper, we challenge this assumption and introduce a backdoor attack that completely resides within a common hardware accelerator for machine learning. Outside of the accelerator, neither the learning model nor the software is manipulated, so that current defenses fail. To make this attack practical, we overcome two challenges: First, as memory on a hardware accelerator is severely limited, we introduce the concept of a minimal backdoor that deviates as little as possible from the original model and is activated by replacing a few model parameters only. Second, we develop a configurable hardware trojan that can be provisioned with the backdoor and performs a replacement only when the specific target model is processed. We demonstrate the practical feasibility of our attack by implanting our hardware trojan into the Xilinx Vitis AI DPU, a commercial machine-learning accelerator. We configure the trojan with a minimal backdoor for a traffic-sign recognition system. The backdoor replaces only 30 (0.069%) model parameters, yet it reliably manipulates the recognition once the input contains a backdoor trigger. Our attack expands the hardware circuit of the accelerator by 0.24% and induces no run-time overhead, rendering a detection hardly possible. Given the complex and highly distributed manufacturing process of current hardware, our work points to a new threat in machine learning that is inaccessible to current security mechanisms and calls for hardware to be manufactured only in fully trusted environments.

Abstract: In recent times, the research works relating to smart traffic infrastructure have gained serious attention. As a result, research has been carried out in multiple directions to ensure that such infrastructure can improve upon our existing (mostly) human-controlled traffic infrastructure, without violating the safety margins. For this reason, cyber security issues of such infrastructure are of paramount interest. Keeping this in mind, we conduct a review of existing models, their vulnerabilities and how such vulnerabilities can be handled. Our work covers a vast area from the domain of security, starting from the theoretical notions of cryptography to the real-life adaptation of them. At the same time, we also consider the security issues that may arise due to the usage of artificial intelligence/machine learning in the infrastructure. We believe that our work will help future researchers to gain a comprehensive yet concise look at cyber security for smart traffic infrastructure.