GPU Fingerprinting for Location Verification

TL;DR

This paper proposes using hardware fingerprints instead of cryptographic keys for GPU location verification, enhancing security against physical attacks, and demonstrates a proof-of-concept achieving high re-identification accuracy.

Contribution

It introduces a novel GPU fingerprinting method for location verification that improves security by replacing vulnerable cryptographic keys.

Findings

Achieved up to 100% re-identification accuracy in small-scale tests.

Proposed hardware fingerprinting enhances robustness against physical key extraction.

Addresses vulnerabilities in current ping-based GPU location protocols.

Abstract

Robust governance of GPU chips is important for mitigating risks from unauthorized development of advanced AI models. Current methods for monitoring chip location rely on ping-based protocols backed by cryptographic keys stored on-chip. However, these keys can potentially be extracted by adversaries with physical access, compromising the location verification protocol. We address this vulnerability by proposing the use of hardware fingerprints rather than keys to identify GPUs during location verification. In addition, we develop a proof-of-concept GPU fingerprinting methodology that achieves up to 100% re-identification accuracy in small-scale tests.