TinyML Security: Exploring Vulnerabilities in Resource-Constrained Machine Learning Systems

TL;DR

TinyML systems, which operate on highly resource-constrained devices, face unique security vulnerabilities that require specialized solutions beyond traditional security measures, as detailed in this comprehensive survey.

Contribution

This paper provides the first detailed survey of security threats in TinyML, including a device taxonomy, attack vectors, threat assessments, and evaluation of defenses.

Findings

TinyML devices are vulnerable to side-channel and information leakage attacks.

Traditional security solutions are often inadequate for TinyML environments.

There is a critical need for tailored security approaches in TinyML applications.

Abstract

Tiny Machine Learning (TinyML) systems, which enable machine learning inference on highly resource-constrained devices, are transforming edge computing but encounter unique security challenges. These devices, restricted by RAM and CPU capabilities two to three orders of magnitude smaller than conventional systems, make traditional software and hardware security solutions impractical. The physical accessibility of these devices exacerbates their susceptibility to side-channel attacks and information leakage. Additionally, TinyML models pose security risks, with weights potentially encoding sensitive data and query interfaces that can be exploited. This paper offers the first thorough survey of TinyML security threats. We present a device taxonomy that differentiates between IoT, EdgeML, and TinyML, highlighting vulnerabilities unique to TinyML. We list various attack vectors, assess their threat levels using the Common Vulnerability Scoring System, and evaluate both existing and possible defenses. Our analysis identifies where traditional security measures are adequate and where solutions tailored to TinyML are essential. Our results underscore the pressing need for specialized security solutions in TinyML to ensure robust and secure edge computing applications. We aim to inform the research community and inspire innovative approaches to protecting this rapidly evolving and critical field.