1 Introduction
2 Related works
2.1 Secure data history with trusted hardware
2.2 Attestation scheme
2.3 Explainability of embedded artificial intelligence
3 Use case
3.1 Context
3.2 Digit recognition
4 Embedded AI
4.1 Formalism
4.2 Neural network
4.3 Learning
5 Attestations to ledger
5.1 Provisioning
5.1.1 Provisioning of the secret keys
5.1.2 Provisioning of the trusted apps
-
industrial app: This application is the “business” application as it realizes the task required. It produces digital data that may be a huge value.
-
attestation app: This application builds the cryptographic elements included in the transactions sent to the Ethereum blockchain to attest the data produced.
5.2 Attestation of the data produced
5.3 Verification
-
involved stakeholder: any actor is able to access the information present in the shared ledger. The registered attestations enable to authenticate the acting devices and their owner in a given time interval.
-
independent auditor: an independent auditor, such as an insurance expert or a bailiff, may be accredited to request the raw data, to the authenticated device’s owner, from the information registered in the shared ledger.
6 Embedded design
6.1 The IoT device: a system-on-module
6.2 Secure boot and measurement
6.3 Integration
6.4 Deployment
6.5 Performances
7 Security analysis
7.1 The security model
7.2 The asset
-
R1: AI explainability: The behavior of the embedded AI should be explainable.
-
R2: forward integrity: The data attestation history must be immutable and transparent to the stakeholders. The raw data must be persistent and of integrity.
-
R3: public authentication: Any stakeholder should be able to authenticate the devices issuing data in a given time interval through the attestations history.
-
R4: power failure: No raw data or attestations should be lost in the event of a power failure.
-
R5: privacy-preserving data: The raw data shall not be exposed to the other devices.
-
R6: verifiability: An accredited auditor must be able to verify the data attestations.
-
R7: multiple stakeholders: The scheme shall support multiple stakeholders owning multiple devices issuing data concurrently.
7.3 The threat
-
Negligence: this threat arises from unintentional human error, but causing a failure,
-
Ransacking: this threat corresponds to a malicious action with the intention to destroy, tamper, spoof, modify value data,
-
Concurrence: this threat may seek to destroy data like the ransacker, but also to steal valuable data for analysis.
-
the provider of the smart robot, by default he is the owner of the logged raw data produced by its devices,
-
the expert who trains the embedded AI,
-
the manufacturer of the product (e.g., the car) for which the robot performs tasks,
-
the operator of the smart robot during production,
-
the maintenance agent who intervenes on the smart robot,
-
the accredited and independent auditor mandated in case of litigation.
stakeholder | negligent | ransaker | concurrent |
---|---|---|---|
provider | \(\checkmark \) | \(\checkmark \) | \(\checkmark \) |
expert | \(\checkmark \) | ||
manufacturer | \(\checkmark \) | \(\checkmark \) | \(\checkmark \) |
operator | \(\checkmark \) | \(\checkmark \) | |
maintenance agent | \(\checkmark \) | \(\checkmark \) | |
auditor |