GPU Fingerprinting for Location Verification
It addresses a security vulnerability in GPU chip governance for preventing unauthorized AI model development, but the approach is incremental and tested only at small scale.
The paper proposes using hardware fingerprints instead of cryptographic keys for GPU location verification to prevent key extraction by adversaries, achieving up to 100% re-identification accuracy in small-scale tests.
Robust governance of GPU chips is important for mitigating risks from unauthorized development of advanced AI models. Current methods for monitoring chip location rely on ping-based protocols backed by cryptographic keys stored on-chip. However, these keys can potentially be extracted by adversaries with physical access, compromising the location verification protocol. We address this vulnerability by proposing the use of hardware fingerprints rather than keys to identify GPUs during location verification. In addition, we develop a proof-of-concept GPU fingerprinting methodology that achieves up to 100% re-identification accuracy in small-scale tests.