STAR-eAI: Secure and Tamper-Resistant Embedded AI
| Reference number | |
| Coordinator | Kungliga Tekniska Högskolan - DIVISION OF ELECTRONICS AND EMBEDDED SYSTEMS |
| Funding from Vinnova | SEK 4 554 000 |
| Project duration | June 2023 - May 2026 |
| Status | Ongoing |
| Venture | Advanced digitalization - Enabling technologies |
| Call | Advanced and innovative digitalization 2023 - call one |
Purpose and goal
The goal of this project is to secure implementations of Deep Neural Networks (DNNs) in embedded devices from physical attacks. To achieve this goal, we plan to: (1) develop advanced DNN security analysis techniques, (2) design countermeasures against physical attacks on DNN implementations, and (3) validate the results on prototypes.
Expected effects and result
The project is expected to deliver new methods to analyze information leakage from DNN model implementations and design defense mechanisms for mitigating this leakage. The challenge is to create countermeasures which resist attacks even as the attackers´ capabilities grow. This is only possible if the security is incorporated into a DNN at the design stage rather than patched into it later, when a vulnerability is discovered. Our results are expected to provide guidance on how DNN model design, optimization and implementation methods should be changed to tamper-resistance.
Planned approach and implementation
The project is planned to be completed in 3 years. The partners are KTH and Ericsson. The team has all the necessary knowledge, equipment and infrastructure for implementing the project. Our strong preliminary results show that the project has a high chance to succeed. VINNOVA’s funding will enable our team to accelerate the work.