Home Blog Security Trends The State of AI in Device Security

The State of AI in Device Security

Author: Valeria Vatolina

A study by PwC showed that 72% of executives believe artificial intelligence will create a competitive advantage for their organizations. While the rapid growth in popularity of large language models (e.g. ChatGPT) has demonstrated the powerful capabilities of AI technology, even more impressive results can be achieved when it is applied in a targeted, guided way. We asked our experts to share their view on AI in device security and how this technology is currently being utilized at Keysight.

In machine learning (ML), there is typically a set of inputs, a model like a neural network, and a set of outputs. The model is trained to provide the correct answers given an input and learns to give the answer (e.g. yes/no, object category, or outlier detection). By applying algorithms and statistical models, ML is used to identify patterns and make predictions from data. ML can then analyze new, previously unnoticed patterns based on this training. The structure of these models has been well understood and has evolved significantly.

In device security, artificial intelligence offers unprecedented capabilities to support analysis and testing efforts. The ability to analyse large and complex data sets to identify patterns and make accurate predictions makes AI an attractive tool in the field of device security, which often involves handling numerous (combinations of) parameters.

“We have inputs (such as traces or glitching parameters) and can generate training data to feed into a model. By training the model with these inputs and predictions, we can leverage AI to find patterns that the human eye might fail to notice. While humans are adept at identifying patterns, our ability to perceive them is limited to only a few dimensions. AI models, on the other hand, can identify complex patterns across many dimensions.” – commented Kees Jongenburg, Senior Security Innovator at Keysight.

At Keysight, AI has become instrumental in enhancing the efficiency of fault injection attacks. Traditionally, fault injection required significant human intervention, with analysts meticulously adjusting multiple parameters to identify vulnerabilities. However, Keysight’s device security research lab, Riscure Security Solutions, has revolutionized this process by employing a generative adversarial network-based model. This advanced AI system automates fault injection while minimizing manual effort and often surpassing the precision and effectiveness of experienced analysts. The result is a more efficient and accurate evaluation of device security, enabling quicker identification and mitigation of potential threats.

“Our generative adversarial network-based model has transformed how we approach fault injection. It not only reduces the manual effort but also outperforms our best analysts in terms of precision,” says Troya Koylu, Security Analyst at Keysight.

Despite the substantial benefits, Troya highlights several challenges in applying AI models in the field of device security. A common issue is the tendency to blindly follow popular trends without considering the unique requirements of specific tasks. For instance, the use of convolutional neural networks (CNNs) for side-channel analysis—a field requiring the processing of voltage signals rather than images—demonstrated the pitfalls of misapplied AI techniques. Instead of achieving breakthroughs, these misapplications often led to underwhelming results.

“A major trend is the tendency to jump on the AI bandwagon without fully understanding the specific needs of your field. We saw this with the application of CNNs in side-channel analysis, which didn’t yield the expected results. It is crucial to tailor AI methods to the unique requirements,” says Troya.

According to a recent survey by Stack Overflow, 76% of respondents are using or planning to use AI tools in their development process this year. AI holds great promise for the device security field. At Keysight, we’ve leveraged AI to transform fault injection processes, making them more precise and less reliant on manual effort. We continue to research and develop new ways to leverage AI to both challenge and improve security measures.

Share This