September 14,2020

PUF based Root of Trust PUFrt for High-Security AI Application

By Evans Yang (VP of eMemory and PUFsecurity)

Artificial intelligence will play a pivotal role in the future of information security. By combining big data, deep learning, and machine learning, AI give machines life; they can imitate human learning, replicate work behaviors, and bring new ways to operate businesses. However, AI assets are very valuable, making them the target of hackers. Once a hacker has an opportunity to discern how the AI model is trained and operated, the model can be easily manipulated. For instance, hackers can destroy the data in the training model, causing major disruption in both the supply and demand side of the entire AI system. Therefore, this article will discuss how to strengthen the security of AI systems from the structure of the AI hardware device, to the security requirements, solutions, and etc. To do this, we will use PUFsecurity’s hardware root of trust module, PUFrt, as an example to help readers understand how combining AI application architecture and physical unclonable function (PUF) can benefit hardware security technology.

Introducing the AI Hardware Device Architecture and Manufacturing Process

The main structure of an AI application device can be roughly divided into three sections: AI application algorithm model and parameters (soft know-how), storage unit (storage), and AI computing unit (AI accelerator). The storage unit usually uses flash memory to store AI application algorithm models and parameters, while the AI operation unit (AI chip) is used to perform operations on the AI algorithm model. From product design, to manufacturing, to implementing market applications, the main process will include:

  1. Preparing AI model and parameters
  2. Encrypting and protecting the AI model and parameters used for implantation and storing it in the storage unit
  3. Writing the key and trust certificate used for the encryption on the AI chip, which will be used as the key and authentication information required for decryption when the program starts.
  4. Once the AI application starts, the encryption algorithm model and parameters stored in the flash memory will be loaded onto the AI chip. After this is completed, the algorithm model and parameters are decrypted by the pre-implanted key and authentication information. Then, the AI chip will execute the decrypted AI algorithm model and parameters to start the AI application function....more