Short Course 3

* If you encounter menus do not work upon clicking, delete your browser's cache.

Monday, June 10, 2019 (Suzaku II)

Opportunities and Challenges at the Intersection of Security and AI

Organizers: 
Masanori Hashimoto, Osaka Univ.
Xin Zhang, IBM
Keiichi Maekawa, Renesas Electronics Corp.
Nirmal Ramaswamy, Micron Technology Inc.

As AI enjoys rapid progress in recent years, its security implications are also attracting increased attention. This short course surveys the technology, architecture, and circuit foundations behind AI and security, and provides an outlook on their interactions.

8:25 Introduction
8:30 Introduction to Artificial Intelligence and Security, Rob Aitken, Arm Research

Abstract:
Although artificial intelligence (AI) has been a goal of computing for over fifty years, it is only in the last decade that AI systems, and especially those based on machine learning, have been able to beat human beings at complex tasks such as image recognition and playing Go. Applications for AI continue to be developed, and while their success is impressive, they also highlight the need for more computational power, with challenges such as autonomous driving and context-sensitive speech recognition proving more difficult than originally anticipated. These challenges in turn show the need for new circuits and new technologies to enable even more powerful AI. AI systems also highlight the need for more secure computation. With more confidential information than ever online, it is more vital than ever to protect it, and to understand what is being done with it. Information can leak from hardware via side channels and from software via hacking. AI can help, by identifying security flaws, but is also subject to manipulation and hidden biases. This talk provides an introduction to the challenges of AI and security, setting the stage for the remainder of the short course.

9:20 Deep Learning Processors: Turning Challenges into Opportunities, Hoi-Jun Yoo, KAIST

Abstract:
Recently, Deep Learning is changing not only the technology paradigm in electronics but also the society itself with Artificial Intelligence technologies.
In this lecture, firstly, the status of AI and DNN SoCs will be reviewed from two perspectives; the data-center oriented and the mobile and embedded AIs. This dichotomy shows clearly the possible application areas for the emerging future AIs. Especially, mobile and embedded deep learning hardware, CNPU, DNPU and UNPU will be introduced together with CNN (Convolutional Neural Network) and RNN (Recurrent Neural Network). In addition, their high efficiency and flexibility with “Dynamically Reconfigurable Processor” architecture will be explained in detail with the real chip measurement results.
Secondly, KAIST’s approach integrating both sides of brain, right-brain for “approximation and adaptation hardware” and left-brain for “precise and programmable Von Neumann architecture”, will be explained with novel design methodology. The deep neural networks and the specialized intelligent hardware (mimicking right brain) capable of statistical processing or learning and the multi-core processors (mimicking left brain) performing the precise computations including software AI are integrated on the same SoC.

10:10 Break
10:40 AI Computing Architectures and Hardware, Jeffrey L. Burns, IBM Research

Abstract:
AI capabilities have been increasing rapidly, driven by deep learning. As AI functionality has improved, the demand for even greater capabilities has grown. Significant improvements in performance and efficiency are required to enable this growth to continue. Further improvements require architectures and hardware designed expressly for AI; reliance on conventional architectures and scaling is insufficient. AI-optimized accelerators will increasingly be needed to improve system capabilities and power/performance. To enable practical accelerator integration, systems must be architected to easily incorporate heterogeneous components. The networking and memory aspect of these systems must evolve to insure high utilization and efficiency. In this presentation, I will describe these trends, some exemplary innovations that address them, and areas of future research towards architectures and hardware for the AI era.

11:30 Nonvolatile Circuit for AI Edge Applications, Meng-Fan Chang, National Tsing-Hua Univ.

Abstract:
Memory has proven a major bottleneck in the development of energy-efficient chips for artificial intelligence (AI) edge devices. Recent nonvolatile memory devices not only serve as memory macros, but also enable the development of nonvolatile logics (nvLogics) and computing-in-memory (CIM) for AI edge chips. In this talk, we will review recent trend of nonvolatile memory. Then, we will examine some of the challenges, circuits-devices-interaction, and recent progress involved in the further development of nonvolatile memory based nvLogics and CIMs for AI Edge chips.

12:20 Lunch
13:10 RRAM Fabric for Neuromorphic and Reconfigurable Compute-In-Memory Systems, Wei Lu, Univ. of Michigan

Abstract:
Resistive random-access memory (RRAM) devices are two-terminal elements with an inherent memory effect, driven by internal ion distributions within a solid-state switching medium. As a memory device, RRAM is currently being commercialized for embedded memory and stand-alone data storage applications. RRAM arrays are also extensively studied for future in-memory computing and neuromorphic computing applications due to their ability to simultaneously store weights and process information at the same physical locations. In this talk, we will discuss recent progresses in RRAM devices and RRAM-based in-memory and neuromorphic computing systems, from material and device-level understandings to system-level implementations. Prototype circuits based on RRAM networks can already perform tasks such as feature extraction, data clustering and image analysis. Hybrid RRAM/CMOS integration efforts and approaches towards a general in-memory computing system will also be discussed.

14:00 Circuit Design Resistant to Side Channel Attacks, Naofumi Homma, Tohoku Univ.

Abstract:
Hardware security in mobile and embedded systems is drawing much attention in the context of the rapid growth of Internet-of-Things. Due to the easier accessibility, security threats and vulnerabilities for “things” located everywhere are more critical in comparison with PCs and servers in a room. In particular, the threats of side-channel attacks are non-trivial because they can be done by relatively low-cost equipment in a non-destructive manner. In the last few decades, a variety of side-channel attacks have been reported and defeated. Recently, they can be applied to general-purpose embedded systems including AI systems. This talk will start with an overview of researches on side-channel attacks, and then introduce the-state-of-the-art side-channel attacks and countermeasures including a novel reactive countermeasure that makes it possible to prevent all the microprobe-based side-channel attacks.

14:50 Break
15:10 Energy-efficient Circuits for Cryptography and Entropy Generation, Sanu Mathew, Intel Corp.

Abstract:
Symmetric key block ciphers and high-entropy key/ID generation constitute critical components of content protection and data authentication. While AES has emerged as the de-facto block cipher in secure systems, equivalent geo-specific ciphers like SMS4 (China) and Camellia (Japan) are increasingly being used in IPsec, WAPI and TLS. With products servicing global markets, there is a need to support multiple ciphers, while meeting tight area/energy constraints. In this presentation, we will describe a unified design that leverages polynomial iso-morphism to accelerate AES/SMS4/Camellia using a shared GF(24)2 datapath enabling 29% area savings over separate implementations. Physically Unclonable Functions (PUF) and True Random Number Generators (TRNG) are foundational security primitives underpinning the root of trust across a wide range of computing platforms. Contradictory design strategies to harvest static and dynamic entropies typically necessitate independent PUF and TRNG circuits, adding to design cost and time-to-market. The second part of this presentation will describe a unified static and dynamic entropy generator leveraging a common entropy source for simultaneous PUF and TRNG operation. We will describe a variety of self-calibration techniques used for run-time segregation of array bitcells into PUF and TRNG candidates, along with entropy extraction techniques to maximize TRNG entropy while stabilizing PUF bits to minimize bit-errors across a wide-range of operating conditions.

16:00 Introduction to Electromagnetic Information Security, Yuichi Hayashi, Nara Institute of Science and Technology

Abstract:
With the importance of information security increasing daily, the importance of physical layer security is increasing along with upper layer security. In recent years, owing to technological advancements such as higher accuracy and lower cost of measuring instruments, higher processing speed of computers, and increasing storage capacity of digital devices, advanced attacks that were previously difficult to implement have been realized. Furthermore, such threats have now extended to general commercial products as well as military applications and diplomatic domains. Hence, in this talk, I would like to introduce the issue of information security degradation through electromagnetic fields, which is a physical security attack that cannot be easily detected. I would also like to introduce the associated mechanism of security degradation by electromagnetic fields, corresponding countermeasures, and standardization trends.