Saeed Adelipour,Mohammad Haeri

DOI: https://doi.org/10.1016/j.compeleceng.2024.109208

2024-05-01

Abstract:Protecting data privacy is essential in developing practical cloud-based control systems to benefit from remote and distributed computation while avoiding the risks of disclosing sensitive information to potentially untrusted parties. This paper proposes a privacy-preserving framework to outsource the computation of model predictive control law to several untrusted cloud-based servers. A secret sharing scheme is employed to maintain the privacy of the system’s data in all the stages of the control loop in a secure multi-party computation environment. In this regard, a privacy-preserving algorithm is derived to securely implement a projected gradient method to solve the underlying optimization problem, without revealing private data to external eavesdroppers and curious cloud-based servers. The proposed method is solely based on secret sharing, and all computations can be performed securely by cloud servers without the need to designate target nodes or engage the system’s actuator in computing the intermediate steps. Therefore, the proposed method is less computationally demanding than the existing results based on homomorphic encryption and is applicable to systems with limited computing resources. Information-theoretic privacy assessments based on mutual information measures are provided. The efficacy of the proposed method is investigated on the cruise control problem of a freight train system.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Payman Mohassel,Yupeng Zhang

DOI: https://doi.org/10.1109/sp.2017.12

2017-05-01

Abstract:Machine learning is widely used in practice to produce predictive models for applications such as image processing, speech and text recognition. These models are more accurate when trained on large amount of data collected from different sources. However, the massive data collection raises privacy concerns. In this paper, we present new and efficient protocols for privacy preserving machine learning for linear regression, logistic regression and neural network training using the stochastic gradient descent method. Our protocols fall in the two-server model where data owners distribute their private data among two non-colluding servers who train various models on the joint data using secure two-party computation (2PC). We develop new techniques to support secure arithmetic operations on shared decimal numbers, and propose MPC-friendly alternatives to nonlinear functions such as sigmoid and softmax that are superior to prior work. We implement our system in C++. Our experiments validate that our protocols are several orders of magnitude faster than the state of the art implementations for privacy preserving linear and logistic regressions, and scale to millions of data samples with thousands of features. We also implement the first privacy preserving system for training neural networks.

Minghui Li,Yuejing Yan,Qian Wang,Minxin Du,Zhan Qin,Cong Wang

DOI: https://doi.org/10.1109/mnet.011.2000293

IF: 10.294

2021-01-01

IEEE Network

Abstract:Neural networks have attracted much attention due to their excellent performance in providing insightful predictions. The trained neural network models usually have millions of parameters requiring massive storage resources, which motivates the model owner to deploy their models to cloud servers for relieving the storage burden. The client can also directly enjoy the prediction service provided by the cloud server. Albeit convenient, untrusted cloud servers may violate the privacy of the model owners and the clients, which hinders the wide applications of such a prediction service. This survey reviews various privacy-preserving neural network prediction services, which protect the privacy of the model and the query. Many protocols are in the basic secure two-party computation (S2C) setting, which protects the secret of the querier and the model owner against the counterparty. Secure outsourcing further protects the privacy of the model against the cloud hosting it for the prediction service. We compare the existing approaches in terms of security, accuracy, and efficiency. We then propose an optimized neural network prediction scheme in the outsourcing setting, which simultaneously achieves high accuracy, model privacy, and low overheads, and conduct an experimental evaluation for computation time and communication costs. Finally, we highlight several future research directions and provide new insights into open problems in strengthening security and improving efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Maohua Sun,Ruidi Yang,Lei Hu

DOI: https://doi.org/10.1016/j.asoc.2021.107095

IF: 8.7

2021-04-01

Applied Soft Computing

Abstract:<p>Machine learning has been successfully applied to various fields over the last few years. However, it still faces two critical challenges. On one hand, the concern for the security issue in machine learning is increased. On the other hand, data exists in the form of isolated islands across different organizations. In this work, we focus on the privacy-preserving issue on a non-parametric machine learning algorithmize, i.e., the <em>k</em> Nearest Neighbor Classification (<em>k</em> NNC) in which, training data are split vertically among multiple servers. We propose a novel protocol that is secure against static semi-honest adversaries. In specific, the clients can obtain the label of his/her query without disclosing the servers' data, the client's query, and the client's output to others. We use the state-of-the-art lattice-based fully homomorphic encryption to realize the privacy-preserving distance computation. In order to protect data access patterns, permutation technique and Oblivious Transfer are used in the top-<em>k</em> selection phase. We proved the security via the simulation paradigm. Meanwhile, we implemented our protocol and performed extensive experiments. Results show that our protocol performs well, especially in a large-width environment. Compared to the existing solution, our protocol leaks no information about the participants' private input and output in both centralized and distributed architectures. Meanwhile, our protocol runs faster than existing solutions.</p>

computer science, artificial intelligence, interdisciplinary applications

Yunlong Mao,Wenbo Hong,Heng Wang,Qun Li,Sheng Zhong

DOI: https://doi.org/10.1109/TPDS.2020.3040734

IF: 5.3

2021-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Deep neural networks (DNNs) have brought significant performance improvements to various real-life applications. However, a DNN training task commonly requires intensive computing resources and a huge data collection, which makes it hard for personal devices to carry out the entire training, especially for mobile devices. The federated learning concept has eased this situation. However, it is still an open problem for individuals to train their own DNN models at an affordable price. In this article, we propose an alternative DNN training strategy for resource-limited users. With the help of an untrusted server, end users can offload their DNN training tasks to the server in a privacy-preserving manner. To this end, we study the possibility of the separation of a DNN. Then we design a differentially private activation algorithm for end users to ensure the privacy of the offloading after model separation. Furthermore, to meet the rising demand for federated learning, we extend the offloading solution to parallel DNN models training with a secure model weights aggregation scheme for the privacy concern. Experimental results prove the feasibility of computation offloading solutions for DNN models in both solo and parallel modes.

Li Minghui,Chow Sherman S. M.,Hu Shengshan,Yan Yuejing,Du Minxin,Wang Zhibo

2020-01-01

Abstract: Neural networks provide better prediction performance than previous techniques. Prediction-as-a-service thus becomes popular, especially in the outsourced setting since it involves extensive computation. Recent researches focus on the privacy of the query and results, but they do not provide model privacy against the model-hosting server and may leak partial information about the results. Some of them further require frequent interactions with the querier or heavy computation overheads. This paper proposes a new scheme for privacy-preserving neural network prediction in the outsourced setting, i.e., the server cannot learn the query, (intermediate) results, and the model. Similar to SecureML (S\&P'17), a representative work which provides model privacy, we leverage two non-colluding servers with secret sharing and triplet generation to minimize the usage of heavyweight cryptography. Further, we adopt asynchronous computation to improve the throughput, and design garbled circuits for the non-polynomial activation function to keep the same accuracy as the underlying network (instead of approximating it). Our experiments on four neural network architectures show that our scheme achieves an average of 282 times improvements in reducing latency compared to SecureML. Compared to MiniONN (CCS'17) and EzPC (EuroS\&P'19), both without model privacy, our scheme also has 18 times and 10 times lower latency, respectively. For the communication costs, our scheme outperforms SecureML by 122 times, MiniONN by 49 times, and EzPC by 38 times.

Wen Huang,Ganglin Zhang,Yongjian Liao,Jian Peng,Feihu Huang,Jvlong Yang

DOI: https://doi.org/10.1109/tsc.2023.3332744

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:With the popularity of artificial intelligence and cloud computing, many neural network models can be placed on the cloud server as an open service, such as Google Goggles and the online face recognition system of Baidu. The data owner sends his data to the cloud server to get the prediction result of data. Obviously, the cloud service provider can access model parameters and private data if there is no additional protection mechanism. On the one hand, if the adversary can access private data, they can freely use the artificial intelligence model and Big Data technologies to analyze the data owner. On the other hand, when the adversary can access model parameters, the interest of model owner would be harmed. Thus, preserving model parameters (model privacy) and private data (data privacy) becomes the key for applying neural network models as open cloud services. In this paper, to protect the model privacy and data privacy in neural network prediction even when a cloud service provider colludes with the data owner or the model owner, we first propose a new system model with two no-colluding cloud servers and a corresponding security model. Then, we propose a new non-interactive outsourcing scheme, which can protect model privacy together with data privacy. Our scheme is able to resist collusive attacks of one server and the data owner as well as collusive attacks of one server and the model owner. At last, the security analyses indicate that our scheme just needs no collusion between cloud servers. The performance analyses indicate that our scheme is very lightweight for the data owner, and it is about tens of milliseconds for a neural network model with 1000 parameters.

computer science, information systems, software engineering

Lin Liu,Jinshu Su,Ximeng Liu,Rongmao Chen,Kai Huang,Robert H. Deng,Xiaofeng Wang

DOI: https://doi.org/10.1109/jiot.2019.2932444

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:Nowadays, outsourcing data and machine learning tasks, e.g., k-nearest neighbor (KNN) classification, to clouds has become a scalable and cost-effective way for large scale data storage, management, and processing. However, data security and privacy issue have been a serious concern in outsourcing data to clouds. In this article, we propose a privacy-preserving KNN classification scheme on cloud data in a twin-cloud model based on an additively homomorphic cryptosystem and secret sharing. Compared with existing works, we redesign a set of lightweight building blocks, such as secure square Euclidean distance, secure comparison, secure sorting, secure minimum, and maximum number finding, and secure frequency calculating, which achieve the same security level but with higher efficiency. In our scheme, data owners stay offline, which is different from secure-multiparty computation-based solutions which require data owners' stay online during computation. In addition, query users do not interact with the cloud except sending query data and receiving the query results. Our security analysis shows that the scheme protects outsourced data security and query privacy, and hides access patterns. The experiments on real-world dataset indicate that our scheme is significantly more efficient than existing schemes.

Ping Li,Tong Li,Heng Ye,Jin Li,Xiaofeng Chen,Yang Xiang

DOI: https://doi.org/10.1016/j.future.2018.04.076

IF: 7.307

2018-10-01

Future Generation Computer Systems

Abstract:With the fast development of cloud computing, more and more data storage and computation are moved from the local to the cloud, especially the applications of machine learning and data analytics. However, the cloud servers are run by a third party and cannot be fully trusted by users. As a result, how to perform privacy-preserving machine learning over cloud data from different data providers becomes a challenge. Therefore, in this paper, we propose a novel scheme that protects the data sets of different providers and the data sets of cloud. To protect the privacy requirement of different providers, we use public-key encryption with a double decryption algorithm (DD-PKE) to encrypt their data sets with different public keys. To protect the privacy of data sets on the cloud, we use ϵ -differential privacy. Furthermore, the noises for the ϵ -differential privacy are added by the cloud server, instead of data providers, for different data analytics. Our scheme is proven to be secure in the security model. The experiments also demonstrate the efficiency of our protocol with different classical machine learning algorithms.

Lingchen Zhao,Qian Wang,Qin Zou,Yan Zhang,Yanjiao Chen

DOI: https://doi.org/10.1109/tifs.2019.2939713

2018-01-01

Abstract:With powerful parallel computing GPUs and massive user data, neural-network-based deep learning can well exert its strong power in problem modeling and solving, and has archived great success in many applications such as image classification, speech recognition and machine translation etc. While deep learning has been increasingly popular, the problem of privacy leakage becomes more and more urgent. Given the fact that the training data may contain highly sensitive information, e.g., personal medical records, directly sharing them among the users (i.e., participants) or centrally storing them in one single location may pose a considerable threat to user privacy. In this paper, we present a practical privacy-preserving collaborative deep learning system that allows users to cooperatively build a collective deep learning model with data of all participants, without direct data sharing and central data storage. In our system, each participant trains a local model with their own data and only shares model parameters with the others. To further avoid potential privacy leakage from sharing model parameters, we use functional mechanism to perturb the objective function of the neural network in the training process to achieve $\epsilon $ -differential privacy. In particular, for the first time, we consider the existence of unreliable participants , i.e., the participants with low-quality data, and propose a solution to reduce the impact of these participants while protecting their privacy. We evaluate the performance of our system on two well-known real-world datasets for regression and classification tasks. The results demonstrate that the proposed system is robust against unreliable participants, and achieves high accuracy close to the model trained in a traditional centralized manner while ensuring rigorous privacy protection.

Ke Lin,Yasir Glani,Ping Luo

2024-07-24

Abstract:Secure multi-party computation (MPC) facilitates privacy-preserving computation between multiple parties without leaking private information. While most secure deep learning techniques utilize MPC operations to achieve feasible privacy-preserving machine learning on downstream tasks, the overhead of the computation and communication still hampers their practical application. This work proposes a low-latency secret-sharing-based MPC design that reduces unnecessary communication rounds during the execution of MPC protocols. We also present a method for improving the computation of commonly used nonlinear functions in deep learning by integrating multivariate multiplication and coalescing different packets into one to maximize network utilization. Our experimental results indicate that our method is effective in a variety of settings, with a speedup in communication latency of $10\sim20\%$.

Cryptography and Security,Artificial Intelligence,Distributed, Parallel, and Cluster Computing,Machine Learning

Chi Zhang,Sotthiwat Ekanut,Liangli Zhen,Zengxiang Li

DOI: https://doi.org/10.1109/tbdata.2022.3208736

2022-01-01

IEEE Transactions on Big Data

Abstract:Multi-Party Computation (MPC) provides an effective cryptographic solution for distributed computing systems so that local models with sensitive information are encrypted before sending to the centralized servers for aggregation. Though direct local knowledge leakages are eliminated in MPC-based algorithms, we observe the server can still obtain the local information indirectly in many scenarios, or even reveal the groundtruth images through methods like Deep Leakage from Gradients (DLG). To eliminate such possibilities and provide stronger protections, we propose an augmented MPC approach by encrypting local models with two rounds of decomposition before transmitting to the server. The proposed solution allows us to remove the constraint that servers must be honest in the general federated learning settings since the true global model is hidden from the servers. Specifically, the augmented MPC algorithm encodes local models into multiple secret shares in the first round, then each share is furthermore split into a public share and a private share. Consequences of such a two-round decomposition are that the augmented algorithm fully inherits the advantages of standard MPC by providing lossless encryption and decryption while simultaneously rendering the global model invisible to the central server. Both theoretical analysis and experimental verification demonstrate that such an augmented solution can provide stronger protections for the security and privacy of the training data, with minimal extra communication and computation costs incurred.

computer science, information systems, theory & methods

Xiaoyi Pang,Zhibo Wang,Jingxin Li,Ruiting Zhou,Ju Ren,Zhetao Li

DOI: https://doi.org/10.1109/infocom48880.2022.9796748

2022-01-01

Abstract:Mobile Edge Computing (MEC) is a new paradigm where mobile users can offload computation tasks to the nearby MEC server to reduce their resource consumption. Some works have pointed out that the true amount of offloaded tasks may reveal the sensitive information (e.g., device usage pattern and location information) of users, and proposed several privacy-preserving offloading mechanisms. However, to the best of our knowledge, none of them can provide strict and provable privacy guarantee. In this paper, we focus on the privacy leakage issue in computation offloading in MEC with a honest-but-curious server, and propose a novel online privacy-preserving computation offloading mechanism, called OffloadingGuard, to generate efficient offloading strategies for users in real time, which provide strict user privacy guarantee while minimizing the total cost of task computation. To this end, we design a deep reinforcement learning-based offloading model which allows each user to adaptively determine the satisfactory perturbed offloading ratio according to the time-varying channel state at each time slot to achieve trade-off between user privacy and computation cost. In particular, to strictly protect the true amount of offloaded tasks and prevent the untrusted MEC server from revealing mobile users’ privacy, a range-constrained Laplace distribution is designed to obfuscate the original offloading ratio of each user and restrict the perturbed offloading ratio in a rational range. OffloadingGuard is proved to satisfy ϵ-differential privacy, and extensive experiments demonstrate its effectiveness.

Xuanqi Liu,Zhuotao Liu,Qi Li,Ke Xu,Mingwei Xu

2024-03-17

Abstract:The escalating focus on data privacy poses significant challenges for collaborative neural network training, where data ownership and model training/deployment responsibilities reside with distinct entities. Our community has made substantial contributions to addressing this challenge, proposing various approaches such as federated learning (FL) and privacy-preserving machine learning based on cryptographic constructs like homomorphic encryption (HE) and secure multiparty computation (MPC). However, FL completely overlooks model privacy, and HE has limited extensibility (confined to only one data provider). While the state-of-the-art MPC frameworks provide reasonable throughput and simultaneously ensure model/data privacy, they rely on a critical non-colluding assumption on the computing servers, and relaxing this assumption is still an open problem.

Cryptography and Security,Machine Learning

DOI: https://doi.org/10.1186/s13677-023-00394-x

2023-02-10

Journal of Cloud Computing

Abstract:Cloud-edge collaborative learning has received considerable attention recently, which is an emerging distributed machine learning (ML) architecture for improving the performance of model training among cloud center and edge nodes. However, existing cloud-edge collaborative learning schemes cannot efficiently train high-performance models on large-scale sparse samples, and have the potential risk of revealing the privacy of sensitive data. In this paper, adopting homomorphic encryption (HE) cryptographic technique, we present a privacy-preserving cloud-edge collaborative learning over vertically partitioned data, which allows cloud center and edge node to securely train a shared model without a third-party coordinator, and thus greatly reduces the system complexity. Furthermore, the proposed scheme adopts the batching technique and single instruction multiple data (SIMD) to achieve parallel processing. Finally, the evaluation results show that the proposed scheme improves the model performance and reduces the training time compared with the existing methods; the security analysis indicates that our scheme can guarantee the security in semi-honest model.

Lie He,Sai Praneeth Karimireddy,Martin Jaggi

DOI: https://doi.org/10.48550/arXiv.2006.04747

2020-10-19

Abstract:Increasingly machine learning systems are being deployed to edge servers and devices (e.g. mobile phones) and trained in a collaborative manner. Such distributed/federated/decentralized training raises a number of concerns about the robustness, privacy, and security of the procedure. While extensive work has been done in tackling with robustness, privacy, or security individually, their combination has rarely been studied. In this paper, we propose a secure two-server protocol that offers both input privacy and Byzantine-robustness. In addition, this protocol is communication-efficient, fault-tolerant and enjoys local differential privacy.

Machine Learning,Cryptography and Security

Meng Hao,Hongwei Li,Guowen Xu,Sen Liu,Haomiao Yang

DOI: https://doi.org/10.1109/icc.2019.8761267

2019-05-01

Abstract:Deep learning has been applied in many areas, such as computer vision, natural language processing and emotion analysis. Differing from the traditional deep learning that collects users’ data centrally, federated deep learning requires participants to train the networks on private datasets and share the training results, and hence has more gratifying efficiency and stronger security. However, it still presents some privacy issues since adversaries can deduce users’ privacy from local outputs, such as gradients. While the problem of private federated deep learning has been an active research issue, the latest research findings are still inadequate in terms of security, accuracy and efficiency. In this paper, we propose an efficient and privacy-preserving federated deep learning protocol based on stochastic gradient descent method by integrating the additively homomorphic encryption with differential privacy. Specifically, users add noises to each local gradients before encrypting them to obtain the optical performance and security. Moreover, our scheme is secure to honest-but-curious server setting even if the cloud server colludes with multiple users. Besides, our scheme supports federated learning for large-scale users scenarios and extensive experiments demonstrate our scheme has high efficiency and high accuracy compared with non-private model.

Kemal Akkaya,Soamar Homsi,Oscar G. Bautista

DOI: https://doi.org/10.1109/LCN52139.2021.9524971

2021-10-04

Abstract:With the increasing interest in Secure Multi-Party Computation protocols (MPC), there have been several works such as the SPDZ1 protocol that tackled this problem under a malicious security with dishonest majority attack model. However, most of these MPC efforts assume that the nodes running the computations are also supplying the inputs, which is not a realistic assumption for many real-life applications. In this paper, we extend the SPDZ protocol to enable clients outsource data and computation to the clouds while ensuring the correctness of the results, in addition to integrity and confidentiality of the input and output. We guarantee that the computation among nodes is done correctly by verifying their output’s Message Authentication Codes (MACs) at the end. Specifically, we delegate this task to an honest server. Our approach strives to minimize the burden on clients while enabling cheating detection even when assuming a malicious attack model with dishonest majority.

Engineering,Computer Science

Shijin Duan,Chenghong Wang,Hongwu Peng,Yukui Luo,Wujie Wen,Caiwen Ding,Xiaolin Xu

2024-06-04

Abstract:As privacy-preserving becomes a pivotal aspect of deep learning (DL) development, multi-party computation (MPC) has gained prominence for its efficiency and strong security. However, the practice of current MPC frameworks is limited, especially when dealing with large neural networks, exemplified by the prolonged execution time of 25.8 seconds for secure inference on ResNet-152. The primary challenge lies in the reliance of current MPC approaches on additive secret sharing, which incurs significant communication overhead with non-linear operations such as comparisons. Furthermore, additive sharing suffers from poor scalability on party size. In contrast, the evolving landscape of MPC necessitates accommodating a larger number of compute parties and ensuring robust performance against malicious activities or computational failures. In light of these challenges, we propose SSNet, which for the first time, employs Shamir's secret sharing (SSS) as the backbone of MPC-based ML framework. We meticulously develop all framework primitives and operations for secure DL models tailored to seamlessly integrate with the SSS scheme. SSNet demonstrates the ability to scale up party numbers straightforwardly and embeds strategies to authenticate the computation correctness without incurring significant performance overhead. Additionally, SSNet introduces masking strategies designed to reduce communication overhead associated with non-linear operations. We conduct comprehensive experimental evaluations on commercial cloud computing infrastructure from Amazon AWS, as well as across diverse prevalent DNN models and datasets. SSNet demonstrates a substantial performance boost, achieving speed-ups ranging from 3x to 14x compared to SOTA MPC frameworks. Moreover, SSNet also represents the first framework that is evaluated on a five-party computation setup, in the context of secure DL inference.

Cryptography and Security,Machine Learning