Hello, everyone. My name is Prashant. And I've been working for more than a decade as a logic design engineer. It's an honor to be here today to talk about a topic that is becoming increasingly important in our connected world. The intersection of hardware security and artificial intelligence. I would like to guide you through some of the core ideas behind dual state hardware security models. Why they are critical in the rapidly evolving AI era and how these models can help protect sensitive data and critical systems from the multitude of emerging threats. We are at a crossroads where AI's power to transform industries and everyday life intersects with the some. Sometimes overlooked vulnerabilities and hardware can introduce. Let's dive in. The first point I would like to emphasize is that AI isn't just another software application. AI is fundamentally different from traditional systems because it involves high speed data processing, specialized hardware accelerators, and complex algorithms. These advanced components open up new possibilities for innovation. But they also increase the attack surface for malicious actors. When we scale up our capacity to process data, we are also scaling up potential entry points for attacks. Hardware level exploits are no longer the realm of science fiction. They are real, tangible threats that can undermine even the most sophisticated AI solutions. We often focus on the software vulnerabilities in AI pipelines, misconfigurations of libraries, inadequate encryption, or insecure APIs. But hardware vulnerabilities can be much more, much harder to detect and remedy. Once compromised, a piece of hardware can be extremely difficult to fully repair because it forms the foundation on which all software security measures rest. If your hardware is compromised, every layer above it, your operating system, your applications, and even your AI models could be at risk. In other words, hardware is the bedrock. That's why strong hardware security protocols are absolutely non negotiable in this new era of AI driven innovation. To illustrate, Consider high profile vulnerabilities like Spectre and Meltdown. These exploits took advantage of speculative execution features in modern processors. Something previously thought to be a purely performance focused aspect of CPU design. They showed that even innovations meant to speed up computation can become an avenue for data leaks if not carefully secured. As AI continue to demand greater performance from processors and GPUs, we must stay vigilant about how performance enhancing features might inadvertently introduce security gaps. Address space partitioning, a foundation of trust. One of the most fundamental aspects of secure hardware platform is robust hard address space partitioning. When we talk about address space partitioning, we are referring to the division of memory into distinct regions, secure versus non secure. This concept ensures that cryptographic operations, sensitive key storage, and mission critical codes execute exclusively in protected memory zones. While user level applications and other non critical processes run in separate, lower privileged areas. Why does that matter? Okay, imagine you have two rooms in a building. One is a vault and the other is a regular office space. You want to ensure that only authorized personnel can enter the vault. If you design the building so that the vault can be reached. only through multiple locked doors, each requiring a unique key or code. You are effectively creating a layered security model. In hardware design, specialized components like memory management units or security controllers serve as these locked doors. They ensure strict separation between what's trusted and what's not, blocking unauthorized access attempts as the silicon level. Not only does this approach prevent direct data theft, it also mitigates the spread of malicious code or ransomware by containing threats. If malicious software compromises one area of the system, address based partitioning can stop that threat from splitting into the rest of the environment. In the context of AI, where large datasets and complex models are often in use, this segregation is crucial for safeguarding both the data itself and the proprietary algorithm that organizations rely on their competitive edge. Secure boot, establishing a trusted, Next, let's talk about secure boot. Secure boot ensures that every component in the boot chain from the moment you power on your device to the point at which the operating system loads has been cryptographically verified. This process typically involves digital signature cryptographic hashing and Authenticated code checks. Why is this so essential? Because once the system boots, software based security measures take over. If the foundation is already compromised, the entire security structure is built on shaky ground. In practice, secure boot might work like this. Upon. power up. A small piece of firmware anchored into hardware checks the digital signature of the next stage of the bootloader. Only if that signature is valid does it allow the bootloader to run. The bootloader in turn verifies the OS kernel or other critical system components using the same principle. It's a cascading chain of trust. If one link is broken, everything that follows is flagged or prevented from executing. This mechanism is incredibly effective at blocking rootkits and other low level attacks that Attempt to hide from security tools by loading before the OS is fully operational. In AI systems, ensuring that every layer is authenticated before it runs is doubly important because tampering at the boot stage might enable an attacker to manipulate AI processes. undetected or even compromise the data your AI models rely on. Even with a secure boot process, the job isn't done. Systems need continuous runtime integrity checks. Throughout a device's operation, advanced algorithms monitor from, for anomalies in memory access, execution flaws. and stack behaviors. If something deviates from the established baseline, the system can take immediate action, whether that's alerting an administrator, blocking certain processes, or even shutting down to prevent a larger breach. One of the execute exciting development here is the use of machine learning in anomaly detection. Instead of relying on static rule sets that might not catch new type of attacks, AI based monitoring solutions can learn from historical data about what constitutes normal system behavior. Then they quickly flag events that deviate from that baseline. Picture a constant real time audit of everything happening at the hardware level. When an irregularity shows up, like a process attempting to read or write to a secure region of memory. that triggers a deeper analysis or a direct counter measure. This continuous vigilance approach is particularly important for AI workloads that run 24 7, handle large quantities of data. and require stable system performance. Building on the concept of address space partitioning, address level boundary markers provide an extra layer of separation between secure and non secure processes. You might have heard of ARM Trust Zone or Intel's SGX. These are specialized technologies that create physically or logically isolated enclaves on the chip. itself by running critical security operations in a separate hardware isolated zone. The system maintains a high level protection even if the main operating environment is compromised. These boundary markers enforce what's known as the principle of least privilege. Only the processes that genuinely need access to critical data or operations can gain entry and even then only through rigorously controlled interface. If attackers try to escalate privileges or perform side channel attacks, these enclaves and security monitors serve as an additional barrier. Raising the cost and complexity for any malicious actor with AI. These enclaves can securely store and process private data, such as encryption keys or unique model parameters, ensuring that sensitive assets remain protected at the hardware level. We have already touched briefly on how machine learning can bolster security, but let's explore that a bit more deeply. AI driven anomaly detection has become a powerful tool in security operations. It's particularly relevant in hardware security for a few reasons. First, hardware level events can generate a tremendous amount of telemetry, performance counters. memory accesses logs, cache uses patterns, and more. These data points can be analyzed by machine learning models to spot subtle patterns that might elude traditional signature based approaches. Second, because AI systems often have predictable workflows like training, inference, or data Pre processing. An AI driven security module can develop a clear sense of normal behavior for each workload type. The moment something useful, unusual happens, such as privilege change, privilege level change, without authorization or an abnormal frequency of memory reads in a secure region, the anomaly detection system can flag it for further investigation. This level of precision can stop attacks before they escalate. Finally, AI's ability to evolve alongside new and emerging threats makes it ideal for hardware security environments. Attackers continually adapt their tactics. Static rules can become obsolete. With an AI based monitoring solution that learns from new data in real time. System can adapt at the same pace. This arms race of AI versus AI might be inevitable, but a sophisticated hardware level defense provides defenders a robust starting advantage in addition to real time monitoring. Periodic validation routines are crucial. Self tests at regular intervals verify that memory boundaries remain intact. Cryptographic keys haven't been tampered with, and no unauthorized or corrupted code is running. These validations act like a system wide refresh, reaffirming the hardware's trustworthiness even if the system has been operating continuously for days or weeks. For AI driven systems that might be training on new data sets performing batch inferences, these checks ensure that the environment hasn't been quietly subverted over time. By regularly recalculating cryptographic hashes or verifying digital signatures, we reinforce the chain of trust initially established by Secure Boot. This layered approach Secure At startup, continuous runtime checks and periodic validations goes a long way toward creating a resilient hardware security posture. If we step back and look at these individual components, address space partitioning, and secure boot runtime checks, boundary markers, anomaly detection, And periodic validations, they come together to form what we call a dual state models. Essentially, there are two separate states in which processes can operate secure and non secure. This dual state design is particularly valuable. in the AI era for three main reasons. Intellectual property protection. AI models and algorithms can be extremely valuable assets. A dual state model isolates the proprietary model or data in a secure zone. Making it much harder for attackers to steal or reverse engineer. Data security. By encrypting or segregating sensitive data in the secure zone, organizations can better comply with regulations like GDPR, HIPAA, or others, and maintain user trust by preventing unauthorized accesses. Resilient operations. Even if the part of the non secure state becomes compromised, the secure state can detect and contain the threat that reduces downtime and isolates the impact of any breach, allowing critical AI operations to continue safely. From protecting intellectual property, To safeguarding personal health data, a dual state architecture makes it exponentially more difficult for attackers to gain a foothold. While it's not a catch all solution, it raises the cost and complexity of attacks significantly. Let's not forget another critical factor, supply chain security. As AI hardware becomes more specialized, organizations often source components from multiple suppliers around the globe. Each link in the supply chain can introduce vulnerabilities. From counterfeit chips to tempered firmware and a compromise at the supply chain level can defeat even the strongest security measures at run time to tackle this issue, more organizations are pushing for greater transparency in the manufacturing process techniques like secure device identifiers temper evident packaging and formal attestation processes can help verify that hardware hasn't been altered before it arrives in your data center or on your production floor. In the context of dual state security, if we can't trust the underlying hardware from the very beginning, We compromise the entire stack. Therefore, supply chain security is increasingly considered an essential step in creating a truly trustworthy AI environment. We have covered a lot of, okay, we have covered a lot of ground and I would like to close by taking a look. Okay. Yeah. By taking a look at the horizon, AI systems are only becoming more sophisticated and deeply embedded in our daily lives. As their importance grows, so does the creativity and determination of adversaries looking to exploit them. Some areas that demand our ongoing attention include quantum resilient, resistant encryption. As quantum computing becomes more practical, it threatens traditional cryptographic techniques. We need to adopt encryption schemes that can withstand these quantum attacks, particularly for hardware components intended for use over a decade or more. Neuromorphic computing defenses. Neuromorphic chips mimic the neural structures of the human brain and can significantly boost AI performance. Yet, they also introduce new attack vectors. We need specialized security strategies tailored to these emerging architectures. Cross industry collaboration. Collaboration among hardware vendors, academic researchers, and industry consortia can drive the creation of common standards, best practices, and open hardware from firmwares. Sharing threat intelligence across organizations helps us stay one step ahead of adversaries. We should also consider the growing trend of edge AI, where small devices, IoT sensors, smartphones, and other edge computing devices handle critical workloads locally. These devices can be even more vulnerable due to power and resource constraints. As AI increasingly move to the edge, ensuring robust hardware security in those compact environment will be paramount. Okay, in summary, a layered security approach that starts at the hardware is absolutely essential. If we want to build AI solutions that are both innovative and trustworthy, dual state architecture secure both processes. Continuous monitoring and AI enhanced. Anomaly detection all play a critical role in the puzzle. By implementing these measures, along with rigorous supply chain checks and ongoing validation, we can protect intellectual property, guard sensitive data, and ensure the resilience of systems that increasingly control everything from healthcare diagnostics to autonomous vehicles and financial trading algorithms. As we move forward, it will be a collective effort. Security is never the responsibility of just one department or one industry. It's a shared obligation of hardware engineers, AI researchers, data scientists, and policymakers. Our objective should be to make security a fundamental design requirement, not an afterthought. Only then we Can we confidently harness the AI's enormous potential without putting at risk the very data and processes we aim to improve? Thank you so much for your attention. I hope this talk has shed some light on the importance of hardware security in the AI era and how dual state models can help us address the challenges ahead. I'd be, I would be more than happy to take any questions. Thank you.