Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

TinyML Security: Exploring Vulnerabilities in Resource-Constrained Machine Learning Systems

Jacob Huckelberry, Yuke Zhang, Allison Sansone, James Mickens, Peter A. Beerel, Vijay Janapa Reddi

TL;DR

A device taxonomy is presented that differentiates between IoT, EdgeML, and TinyML, highlighting vulnerabilities unique to TinyML, and identifies where traditional security measures are adequate and where solutions tailored to TinyML are essential.

Abstract

Tiny Machine Learning (TinyML) systems, which enable machine learning inference on highly resource-constrained devices, are transforming edge computing but encounter unique security challenges. These devices, restricted by RAM and CPU capabilities two to three orders of magnitude smaller than conventional systems, make traditional software and hardware security solutions impractical. The physical accessibility of these devices exacerbates their susceptibility to side-channel attacks and information leakage. Additionally, TinyML models pose security risks, with weights potentially encoding sensitive data and query interfaces that can be exploited. This paper offers the first thorough survey of TinyML security threats. We present a device taxonomy that differentiates between IoT, EdgeML, and TinyML, highlighting vulnerabilities unique to TinyML. We list various attack vectors, assess their threat levels using the Common Vulnerability Scoring System, and evaluate both existing and possible defenses. Our analysis identifies where traditional security measures are adequate and where solutions tailored to TinyML are essential. Our results underscore the pressing need for specialized security solutions in TinyML to ensure robust and secure edge computing applications. We aim to inform the research community and inspire innovative approaches to protecting this rapidly evolving and critical field.

TinyML Security: Exploring Vulnerabilities in Resource-Constrained Machine Learning Systems

TL;DR

A device taxonomy is presented that differentiates between IoT, EdgeML, and TinyML, highlighting vulnerabilities unique to TinyML, and identifies where traditional security measures are adequate and where solutions tailored to TinyML are essential.

Abstract

Tiny Machine Learning (TinyML) systems, which enable machine learning inference on highly resource-constrained devices, are transforming edge computing but encounter unique security challenges. These devices, restricted by RAM and CPU capabilities two to three orders of magnitude smaller than conventional systems, make traditional software and hardware security solutions impractical. The physical accessibility of these devices exacerbates their susceptibility to side-channel attacks and information leakage. Additionally, TinyML models pose security risks, with weights potentially encoding sensitive data and query interfaces that can be exploited. This paper offers the first thorough survey of TinyML security threats. We present a device taxonomy that differentiates between IoT, EdgeML, and TinyML, highlighting vulnerabilities unique to TinyML. We list various attack vectors, assess their threat levels using the Common Vulnerability Scoring System, and evaluate both existing and possible defenses. Our analysis identifies where traditional security measures are adequate and where solutions tailored to TinyML are essential. Our results underscore the pressing need for specialized security solutions in TinyML to ensure robust and secure edge computing applications. We aim to inform the research community and inspire innovative approaches to protecting this rapidly evolving and critical field.

Paper Structure

This paper contains 27 sections, 6 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background & Related Work
  3. Comparison of Edge Devices
  4. Research Gaps in Related Work
  5. TinyML Threat Overview
  6. TinyML Hardware Security Challenges
  7. Side-Channel Attacks
  8. Leaky Interface Attacks
  9. Memory Extraction Attacks
  10. Memory Flashing Attacks
  11. Fault Injection Attacks
  12. Hardware Countermeasure Viability for TinyML
  13. TinyML Software Security Challenges
  14. TinyML Communication Channel Attacks
  15. Model Update Attacks
  16. ...and 12 more sections

Figures (6)

  • Figure 1: Venn diagram illustrating the interrelationships between IoT, Edge Computing, EdgeML, and TinyML. It illustrates how TinyML overlaps with both IoT and EdgeML within the broader scope of Edge Computing.
  • Figure 2: TinyML publication trends from 2015 to 2024. Alarmingly, few papers focus on TinyML security despite its pervasiveness. Many security-focused papers are more concerned with utilizing TinyML to enhance security rather than addressing the security of TinyML devices themselves.
  • Figure 3: Taxonomy of attacks and countermeasures covered in this paper. In each section, we cover several attacks associated with the hardware, software, and model components of TinyML devices. For each of these attacks, we critically examine the feasibility of relevant countermeasures for TinyML class devices.
  • Figure 4: Low-Level TinyML Threat Model: Colors indicate the correspondence between attacks and their respective attack surfaces. Threats are categorized into hardware threats, software threats, and ML threats.
  • Figure 5: TinyML Hardware Attack Vectors. The primary attacks of interest are SCA, Leaky Interface Attacks, and FIAs. In this figure, very high level descriptions of how these attacks are carried out are shown.
  • ...and 1 more figures