Embedded AI Security

Abstract

As Artificial Intelligence (AI) systems become more widely used in different applications, there is growing concern about their vulnerability to adversarial attacks. Adversarial attacks refer to intentional efforts aimed at manipulating AI models by introducing specially designed input data. These attacks are intended to make the models generate incorrect or unintended outputs. While most studies have concentrated on attacking AI models deployed in cloud or server-based setups, the deployment of AI on embedded hardware poses distinctive challenges and possibilities for adversarial attacks. This thesis explores the landscape of adversarial attacks on AI and their deployment on embedded hardware. We provide an overview of different types of adversarial attacks, including evasion attacks and model extraction attacks, and discuss their implications for embedded systems. Evasion attacks aim to deceive AI models during inference, while model extraction attacks are focused on compromising the performance and integrity of the original AI model by extracting its valuable features. In these attacks, adversaries attempt to obtain a surrogate or clone of the target model by leveraging various techniques. By extracting essential information such as weights, architecture, or decision boundaries, attackers can replicate the model's functionality or gain valuable insights into its inner workings. This compromised surrogate model can then be used for malicious purposes, such as intellectual property theft, unauthorized use, or launching further attacks. We examine the specific challenges posed by deploying AI on resource-constrained embedded devices, such as limited computational power, memory constraints, and real-time processing requirements. Furthermore, we investigate the potential ramifications of adversarial attacks on several widely used publicly available datasets, including MNIST handwritten digits, CIFAR 10, Gesture Recognition, and others. We emphasize the possible outcomes that can arise from successful attacks, such as extracting important model features and circumventing accurate predictions. Overall, this thesis aims to raise awareness about the vulnerability of AI deployed on embedded hardware to adversarial attacks and provides insights into the challenges, potential impacts, and mitigation strategies. By understanding these issues, stakeholders can make informed decisions to enhance the security and reliability of embedded AI systems in the face of evolving adversarial threats.