Device-Bind Key-Storageless Hardware AI Model IP Protection: A PUF and Permute-Diffusion Encryption-Enabled Approach

Machine learning as a service (MLaaS) framework provides intelligent services or well-trained artificial intelligence (AI) models for local devices. However, in the process of model transmission and deployment, there are security issues, i.e. AI model leakage due to the unreliable transmission environments and illegal abuse at local devices without permission. Although existing works study the intellectual property (IP) protection of AI models, they mainly focus on the watermark-based and encryption-based methods and have the following problems: (i) The watermark-based methods only provide passive verification afterward rather than active protection. (ii) Encryption-based methods are low efficiency in computation and low security in key storage. (iii) The existing methods are not device-bind without the ability to avoid illegal abuse of AI models. To deal with these problems, we propose a device-bind and key-storageless hardware AI model IP protection mechanism. First, a physical unclonable function (PUF) and permute-diffusion encryption-based AI model protection framework is proposed, including the PUF-based secret key generation and the geometric-value transformation-based weights encryption. Second, we design a PUF-based key generation protocol, where delay-based Anderson PUF is adopted to generate the derive-bind secret key. Besides, convolutional coding and convolutional interleaving technologies are combined to improve the stability of PUF-based key generation and reconstruction. Third, a permute and diffusion-based intelligent model weights encryption/decryption method is proposed to achieve effective IP protection, where chaos theory is utilized to convert the PUF-based secret key to encryption/decryption keys. Finally, experimental evaluation demonstrates the effectiveness of the proposed intelligent model IP protection mechanism.