A Strong PUF-Based Security Protocol to Protect AI Model Parameters Against Privacy Information Leakage
Ziyu Zhou, Gang Li, Yuejun Zhang, Ziyang Zheng, Tengfei Yuan, Pengjun Wang
Abstract
In the era of intelligent computing, with the aid of Internet of Things (IoT) technology, artificial intelligence (AI) chips can be embedded at the terminal, object, edge, and cloud levels, ultimately achieving the vision where there is computation, there is AI intelligence. This not only enhances the efficiency of production and daily life but also exponentially increases the risk of privacy information leakage within AI models. This article leverages the characteristics of strong physical unclonable functions (PUFs), in which the inherent feature information is hidden in physical variations and difficult to steal, to design a security protocol based on strong PUFs that provides effective protection for AI model parameters in the IoT environment. The protocol treats AI model parameters as responses and selects challenges capable of generating these responses. Since the responses generated by the challenges can be considered as randomly generated, transmitting the challenges does not disclose the response information, thus avoiding the risk of parameter hacking. Additionally, the protocol utilizes machine-learning modeling techniques and lightweight encryption technologies to reduce the storage costs for identity information and the computational overhead of encryption operations. Through a security analysis of the protocol, it demonstrates that even under ideal attack conditions, the proposed protocol can resist various attacks. By using formal verification with the ProVerif tool, it confirms the security of the protocol flow and the effective protection of private information.