Christine van Vredendaal (NXP)

Fooling smart machines: security challenges for machine learning

In the Internet of Things era machine learning has the capability to transform how we interact with machines. Examples include autonomous driving, ordering products with simple voice commands and authentication using your face. However, when the ML and IoT combination grows mature, so do the attacks against ML systems: an attacker can try to steal the machine learning models, circumvent the authentication mechanisms or do physical harm to the user. In this talk I will show that it is trivial to mount attacks against ML models. I will outline the consequences and present some of the techniques that can harden against such attacks. With the deployment of machine learning into our everyday life we need to be aware of the security and privacy implications and start to apply the security-by-design paradigm to make these smart machines more robust against practical attacks.

Christine van Vredendaal works in the Innovation Center for Crypto & Security at NXP Semiconductors in Eindhoven, the Netherlands. Her background is in mathematics and cryptography. In 2018 she completed her PhD thesis ‘Exploiting mathematical structures in cryptography’ with distinction at Eindhoven University of Technology. At NXP she now works on several topics concerning innovation in the area of cryptography or security. Her current focus lies on security for machine learning and how to make the smart machines of the future less vulnerable to attacks.