Full Program »
Practical Attestation for Edge Devices Running Compute Heavy Machine Learning Applications
Machine Learning (EdgeML) algorithms on edge devices facilitate safety-critical applications like building security management and smart city interventions. However, their wired/wireless connections with the Internet make such platforms vulnerable to attacks compromising the embedded software. We find that in the prior art, the regular runtime integrity assessment of the deployed software with negligible EdgeML performance degradation, is unresolved. In this paper, we present {\em PracAttest}, a practical runtime attestation framework for embedded devices running compute heavy EdgeML applications. Unlike the conventional remote attestation schemes that check the entire software in each attestation event, PracAttest segments the software and randomizes the integrity check of these segments over short attestation intervals. The segmentation coupled with the randomization leads to a novel performance-vs-security trade-off which can be tuned as per the EdgeML application's performance requirements. Additionally, we implement three realistic EdgeML benchmarks for pollution measurement, traffic intersection control and face identification, using state-of-the art neural network and computer vision algorithms. We specify and verify security properties for these benchmarks, and evaluate the efficacy of PracAttest in attesting the verified software. PracAttest provides 50x-80x speedup over the state-of-the-art baselines in mean attestation time, with negligible impact on application performance. We believe that the novel performance-vs-security trade-off facilitated by PracAttest will expedite the adoption of the runtime attestation on edge platforms.