skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


This content will become publicly available on January 16, 2026

Title: Secure artificial intelligence at the edge
Sensors for the perception of multimodal stimuli—ranging from the five senses humans possess and beyond—have reached an unprecedented level of sophistication and miniaturization, raising the prospect of making man-made large-scale complex systems that can rival nature a reality. Artificial intelligence (AI) at the edge aims to integrate such sensors with real-time cognitive abilities enabled by recent advances in AI. Such AI progress has only been achieved by using massive computing power which, however, would not be available in most distributed systems of interest. Nature has solved this problem by integrating computing, memory and sensing functionalities in the same hardware so that each part can learn its environment in real time and take local actions that lead to stable global functionalities. While this is a challenging task by itself, it would raise a new set of security challenges when implemented. As in nature, malicious agents can attack and commandeer the system to perform their own tasks. This article aims to define the types of systemic attacks that would emerge, and introduces a multiscale framework for combatting them. A primary thesis is that edge AI systems have to deal with unknown attack strategies that can only be countered in real time using low-touch adaptive learning systems. This article is part of the theme issue ‘Emerging technologies for future secure computing platforms’.  more » « less
Award ID(s):
2303115
PAR ID:
10611974
Author(s) / Creator(s):
; ; ;
Publisher / Repository:
Royal Society
Date Published:
Journal Name:
Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences
Volume:
383
Issue:
2288
ISSN:
1364-503X
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; (, IEEE Consumer Electronics Magazine)
    Sensor-powered devices offer safe global connections; cloud scalability and flexibility, and new business value driven by data. The constraints that have historically obstructed major innovations in technology can be addressed by advancements in Artificial Intelligence (AI) and Machine Learning (ML), cloud, quantum computing, and the ubiquitous availability of data. Edge AI (Edge Artificial Intelligence) refers to the deployment of AI applications on the edge device near the data source rather than in a cloud computing environment. Although edge data has been utilized to make inferences in real-time through predictive models, real-time machine learning has not yet been fully adopted. Real-time machine learning utilizes real-time data to learn on the go, which helps in faster and more accurate real-time predictions and eliminates the need to store data eradicating privacy issues. In this article, we present the practical prospect of developing a physical threat detection system using real-time edge data from security cameras/sensors to improve the accuracy, efficiency, reliability, security, and privacy of the real-time inference model. 
    more » « less
  2. ; ; ; (, Ad hoc networks)
    Edge computing has emerged as the dominant communication technology connecting IoT and cloud, offering reduced latency and harnessing the potential of edge devices. However, its widespread adoption has also introduced various security vulnerabilities, similar to any nascent technology. One notable threat is the denial of service (DoS) attack, including its distributed form, the distributed denial of service (DDoS) attack, which is the primary focus of this research. This paper aims to explore the impact of different types of DoS and DDoS attacks on edge computing layers by examining the vulnerabilities associated with various edge peripherals. Addition ally, existing detection and prevention mechanisms are investigated to address these weaknesses. Furthermore, a theoretical architecture is proposed to mitigate distributed denial of service attacks targeting edge systems. By comprehensively analyzing and addressing the security concerns related to DoS and DDoS attacks in edge computing, this research aims to contribute to the development of robust and secure edge computing systems. 
    more » « less
  3. ; ; ; ; ; (, in Proc. 4th IEEE Workshop on Pervasive and Resource-constrained Artificial Intelligence (PeRConAI), 2025.)
    Vision Language models (VLMs) have transformed Generative AI by enabling systems to interpret and respond to multi-modal data in real-time. While advancements in edge computing have made it possible to deploy smaller Large Language Models (LLMs) on smartphones and laptops, deploying competent VLMs on edge devices remains challenging due to their high computational demands. Furthermore, cloud-only deployments fail to utilize the evolving processing capabilities at the edge and limit responsiveness. This paper introduces a distributed architecture for VLMs that addresses these limitations by partitioning model components between edge devices and central servers. In this setup, vision components run on edge devices for immediate processing, while language generation of the VLM is handled by a centralized server, resulting in up to 33% improvement in throughput over traditional cloud-only solutions. Moreover, our approach enhances the computational efficiency of off-the-shelf VLM models without the need for model compression techniques. This work demonstrates the scalability and efficiency of a hybrid architecture for VLM deployment and contributes to the discussion on how distributed approaches can improve VLM performance. Index Terms—vision-language models (VLMs), edge computing, distributed computing, inference optimization, edge-cloud collaboration. 
    more » « less
  4. ; ; ; (, Cluster Computing)
    Public transit is a critical component of a smart and connected community. As such, citizens expect and require accurate information about real-time arrival/departures of transportation assets. As transit agencies enable large-scale integration of real-time sensors and support back-end data-driven decision support systems, the dynamic data-driven applications systems (DDDAS) paradigm becomes a promising approach to make the system smarter by providing online model learning and multi-time scale analytics as part of the decision support system that is used in the DDDAS feedback loop. In this paper, we describe a system in use in Nashville and illustrate the analytic methods developed by our team. These methods use both historical as well as real-time streaming data for online bus arrival prediction. The historical data is used to build classifiers that enable us to create expected performance models as well as identify anomalies. These classifiers can be used to provide schedule adjustment feedback to the metro transit authority. We also show how these analytics services can be packaged into modular, distributed and resilient micro-services that can be deployed on both cloud back ends as well as edge computing resources. 
    more » « less
  5. ; (, IACR Transactions on Cryptographic Hardware and Embedded Systems)
    Spoofing a passive Hall sensor with fake magnetic fields can inject false data into the downstream of connected systems. Several works have tried to provide a defense against the intentional spoofing to different sensors over the last six years. However, they either only work on active sensors or against externally injected unwanted weak signals (e.g., EMIs, acoustics, ultrasound, etc.), which can only spoof sensor output in its linear region. However, they do not work against a strong magnetic spoofing attack that can drive the passive Hall sensor output in its saturation region. We name this as the saturation attack. In the saturation region, the output gets flattened, and no information can be retrieved, resulting in a denial-of-service attack on the sensor.Our work begins to fill this gap by providing a defense named PreMSat against the saturation attack on passive Hall sensors. The core idea behind PreMSat is that it cangenerate an internal magnetic field having the same strength but in opposite polarity to external magnetic fields injected by an attacker. Therefore, the generated internal magnetic field by PreMSat can nullify the injected external field while preventing: (i) intentional spoofing in the sensor’s linear region, and (ii) saturation attack in the saturation region. PreMSat integrates a low-resistance magnetic path to collect the injected external magnetic fields and utilizes a finely tuned PID controller to nullify the external fields in real-time. PreMSat can prevent the magnetic saturation attack having a strength up to ∼4200 A-t within a frequency range of 0 Hz–30 kHz with low cost (∼$14), whereas the existing works cannot prevent saturation attacks with any strength. Moreover, it works against saturation attacks originating from any type, such as constant, sinusoidal, and pulsating magnetic fields. We did over 300 experiments on ten different industry-used Hall sensors from four different manufacturers to prove the efficacy of PreMSat and found that the correlation coefficient between the signals before the attack and after the attack is greater than 0.94 in every test case. Moreover, we create a prototype of PreMSat and evaluate its performance in a practical system — a grid-tied solar inverter. We find that PreMSat can satisfactorily prevent the saturation attack on passive Hall sensors in real-time. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email