Fei Dai,Guozhi Liu,Bi Huang,Xiaolong Xu,Chaochao Chen,Zhangbing Zhou,Xiaokang Zhou

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics55523.2022.00070

2022-01-01

Abstract:Industrial Internet of Things (IIoT) systems can leverage deep learning (DL) models to provide intelligent applications. However, the training process of such DL models tends to leak privacy when the training data contain sensitive operational and management information. Most studies about privacy-preserving DL require a trusted data collector and thus are not suitable in an untrusted environment. In this paper, we propose a distributed privacy-preserving framework for DL with edge-cloud computing, where direct privacy leakage and indirect privacy leakage of training data are both considered. First, a pre-trained convolutional neural network (CNN) is partitioned into two parts for limiting direct privacy leakage of raw data, namely the feature module and the classification module. The feature module consisting of the lower layers of the CNN is deployed on an edge server, which is used to attract the feature of raw data. The feature data is fed to the classification module consisting of the higher layers of the CNN, which is deployed on the cloud server to compute image classification tasks. Second, a perturbation module between the feature module and the classification module is designed for limiting indirect privacy leakage during feature data transmission. The perturbation module uses local differential privacy (LDP) to produce noise in the feature data. Third, to further improve the accuracy, we retrain the classification module with the randomized feature data from edge servers. Experimental results show that the proposed framework achieves high accuracy under low privacy budgets.

Qipeng Xie,Hao Yang,Linshan Jiang,Zhihe Zhao,Siyang Jiang,Shiyu Shen,Salabat Khan,Zhe Liu,Kaishun Wu

DOI: https://doi.org/10.1145/3625687.3628394

2024-01-01

Abstract:The rapid development of AI applications powered by deep learning in edge devices boosts the opportunity for real-time health monitoring. To address the potential privacy concern in the inference phase, homomorphic encryption (HE) is an alternative solution that encrypts inference data without exposing raw data and has several distinct advantages, (i.e., single-round communication, lightweight bandwidth consumption, and non-interactive computation). However, the computational overhead on the current HE-based privacy-preserving inference necessitates a substantial amount of time, which is not feasible for some real-time applications on edge devices. To address this issue, we propose CNN-guardian, a unified and compact neural network structure for real-time inference in HE-based inference on edge GPU. CNN-guardian designs a HE-friendly neural network and GPU engine that optimizes HE operations to accelerate the inference in the HE domain.

Qipeng Xie,Hao Yang,Linshan Jiang,Zhihe Zhao,Siyang Jiang,Shiyu Shen,Salabat Khan,Zhe Liu,Kaishun Wu

DOI: https://doi.org/10.1145/3625687.3628394

2023-01-01

Abstract:The rapid development of AI applications powered by deep learning in edge devices boosts the opportunity for real-time health monitoring. To address the potential privacy concern in the inference phase, homomorphic encryption (HE) is an alternative solution that encrypts inference data without exposing raw data and has several distinct advantages, (i.e., single-round communication, lightweight bandwidth consumption, and non-interactive computation). However, the computational overhead on the current HE-based privacy-preserving inference necessitates a substantial amount of time, which is not feasible for some real-time applications on edge devices. To address this issue, we propose CNN-guardian, a unified and compact neural network structure for real-time inference in HE-based inference on edge GPU. CNN-guardian designs a HE-friendly neural network and GPU engine that optimizes HE operations to accelerate the inference in the HE domain.

Weizhong Qiang,Renwan Liu,Hai Jin

DOI: https://doi.org/10.1016/j.future.2021.06.037

IF: 7.307

2021-01-01

Future Generation Computer Systems

Abstract:As the IoT has developed, edge computing has played an increasingly important role in the IoT ecosystem. The edge computing paradigm offers low latency and high computing performance, which is conducive to machine learning tasks such as object detection in autonomous driving. However, data privacy risks in edge computing still exist and the existing privacy-preserving methods are not satisfactory due to the large computational overhead and unbearable accuracy loss. We have designed a privacy-preserving machine learning framework for both user and cloud data. Users and the cloud provide data for inference and training respectively, and the privacy protection of these two aspects is both considered in this paper. Users provide test data and want to access the data-processing models in cloud for inference, and the cloud provides the training data used for training an eligible model. For user data, in order to maintain the overall performance of the machine learning framework while using homomorphic encryption, instead of providing encrypted data to all machine learning tasks, we divide the neural network into two parts, with one part kept on the trusted edge and provided with plaintext, and the other deployed on the untrusted cloud and provided with encrypted input. For cloud data, we apply the binary neural network, a network with the binarized value of weights. This method is practical for narrowing the confidence score gap (between the training and test sets) predicted by the model, which accounts most for a successful exploratory attack on training data. Experiments demonstrate that the results of the adversary's membership inference attack are close to random guessing, and the accuracy is only slightly affected. Compared with the unencrypted network on VGG19, when the network is split from conv4_1 to fc8, the efficiency of using HE is only 100 to 30 times slower. (C) 2021 Elsevier B.V. All rights reserved.

Yixin Jie,Yixuan Ren,Qingtao Wang,Yankai Xie,Chi Zhang,Lingbo Wei,Jianqing Liu

DOI: https://doi.org/10.1109/ICC45855.2022.9839282

2022-01-01

Abstract:The current privacy-preserving Graph Neural Networks (GNNs) cannot provide security and privacy guarantees against malicious adversaries without sacrificing accuracy and efficiency. For example, the Secure Multi-party Computation (MPC) can resist malicious adversaries while adding severe overhead. Trusted Execution Environment (TEE), such as Intel Software Guard Extension (SGX), can guarantee privacy and faithful execution without compromising efficiency. However, existing attacks can compromise the confidentiality of SGXs. Besides, the CPU-based structure of SGX restricts its extensibility that cannot perform collaborative computation with GPUs. To address the above issues, we propose a novel GNN training and inference framework to support data holders outsourcing their computation tasks to servers. First, we combine the advantage of MPC and the code integrity protection provided by SGXs to resist malicious adversaries without sacrificing efficiency. Second, we adopt a strategy that allows the servers to transfer the parallelizable computation task to the untrusted yet high-performance GPUs, further improving efficiency without hindering privacy. To the best of our knowledge, our proposal is the first privacy-preserving GNN framework against malicious adversaries without sacrificing accuracy and efficiency. Experiments on real-world citation datasets have demonstrated the performance of our framework regarding security, privacy, accuracy, and efficiency.

Ruoli Zhao,Yong Xie,Debiao He,Kim-Kwang Raymond Choo,Zoe L. Jiang

DOI: https://doi.org/10.1109/tnse.2024.3434643

IF: 6.6

2024-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Using Convolutional Neural Network (CNN) model to analyze monitoring data in Body Area Network (BAN) has become an important way to solve health related issues in the current large sub-health population and aging population. However, the inference and analysis process of BAN data needs to ensure efficiency and security. At present, ensuring a balance of efficiency and security in the inference of CCN models is challenging. Therefore, an efficient and secure CNN inference scheme is proposed based on two Edge-Cloud-Servers (CS$_{0}$ and CS$_{1}$). By analyzing the CNN model and combining two secret sharing semantics, we optimize the communication overhead of inference. Specifically, a new non-interactive secure convolutional layer computation protocol is designed to significantly reduce the number of interactions between CS$_{0}$ and CS$_{1}$. For non-linear layers, we propose a simpler secure comparison computation functionality to reduce the communication overhead. Moreover, we also design some lightweight secure building blocks based on secret sharing to improve computing efficiency. We implement our proposed scheme on two standard datasets. Through the theoretical analysis and experimental comparison, our scheme improves the computational efficiency.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Hao Yang,Shiyu Shen,Siyang Jiang,Lu Zhou,Wangchen Dai,Yunlei Zhao

2023-01-01

Abstract:. Homomorphic Encryption (HE) presents a promising solu-tion to securing neural networks for Machine Learning as a Service (MLaaS). Despite its potential, the real-time applicability of current HE-based solutions remains a challenge, and the diversity in network structures often results in ine ffi cient implementations and maintenance. To address these issues, we introduce a unified and compact network structure for real-time inference in convolutional neural networks based on HE. We further propose several optimization strategies, including an innovative compression and encoding technique and rearrangement in the pixel encoding sequence, enabling a highly e ffi cient batched computation and reducing the demand for time-consuming HE operations. To further expedite computation, we propose a GPU acceleration engine to leverage the massive thread-level parallelism to speed up computations. We test our framework with the MNIST, Fashion-MNIST, and CIFAR-10 datasets, demonstrating accuracies of 99.14%, 90.8%, and 61.09%, respectively. Furthermore, our framework maintains a steady processing speed of 0.46 seconds on a single-thread CPU, and a brisk 31.862 millisec-onds on an A100 GPU for all datasets. This represents an enhancement in speed more than 3000 times compared to pervious work, paving the way for future explorations in the realm of secure and real-time machine learning applications.

Chen Song,Ruwei Huang

DOI: https://doi.org/10.3390/app13106117

2023-05-16

Applied Sciences

Abstract:Today, the rapid development of deep learning has spread across all walks of life, and it can be seen in various fields such as image classification, automatic driving, and medical imaging diagnosis. Convolution Neural Networks (CNNs) are also widely used by the public as tools for deep learning. In real life, if local customers implement large-scale model inference first, they need to upload local data to the cloud, which will cause problems such as data leakage and privacy disclosure. To solve this problem, we propose a framework using homomorphic encryption technology. Our framework has made improvements to the batch operation and reduced the complexity of layer connection. In addition, we provide a new perspective to deal with the impact of the noise caused by the homomorphic encryption scheme on the accuracy during the inference. In our scheme, users preprocess the images locally and then send them to the cloud for encrypted inference without worrying about privacy leakage during the inference process. Experiments show that our proposed scheme is safe and efficient, which provides a safe solution for users who cannot process data locally.

materials science, multidisciplinary,engineering,chemistry,physics, applied

Qifan Wang,Lei Zhou,Jianli Bai,Yun Sing Koh,Shujie Cui,Giovanni Russello

DOI: https://doi.org/10.1016/j.cose.2023.103509

IF: 5.105

2023-09-28

Computers & Security

Abstract:Outsourcing Machine Learning (ML) tasks to cloud servers is a cost-effective solution when dealing with distributed data. However, outsourcing these tasks to cloud servers could lead to data breaches. Secure computing methods, such as Homomorphic Encryption (HE) and Trusted Execution Environments (TEE), have been used to protect outsourced data. Nevertheless, HE remains inefficient in processing complicated functions (e.g., non-linear functions) and TEE (e.g., Intel SGX) is not ideal for directly processing ML tasks due to side-channel attacks and parallel-unfriendly computation. In this paper, we propose a hybrid framework integrating SGX and HE, called HT2ML , to protect user's data and models. In HT2ML , HE-friendly functions are protected with HE and performed outside the enclave, while the remaining operations are performed inside the enclave obliviously. HT2ML leverages optimised HE matrix multiplications to accelerate HE computations outside the enclave while using oblivious blocks inside the enclave to prevent access-pattern-based attacks. We evaluate HT2ML using Linear Regression (LR) training and Convolutional Neural Network (CNN) inference as two instantiations. The performance results show that HT2ML is up to ∼11× faster than HE only baseline with 6-dimensional data in LR training. For CNN inference, HT2ML is ∼196× faster than the most recent approach (Xiao et al., ICDCS'21).

computer science, information systems

Yuepeng Li,Deze Zeng,Lin Gu,Song Guo,Albert Y. Zomaya

DOI: https://doi.org/10.1109/icdcs60910.2024.00065

2024-01-01

Abstract:Distributed Deep Neural Network (DNN) inference is a promising technology to explore the distributed resources in edge cloud to realize edge intelligence. Meanwhile the inherent resource sharing nature of edge cloud infrastructure also raises serious concerns on security and privacy. Software Guard Ex-tensions (SGX) emerges as a potential hardware-level solution but its limited secure memory (i.e., enclave page cache) imposes new challenges, especially in contrast to memory-hungry DNN models. A task's performance will be severely affected when its memory footprint is beyond the enclave page cache size, due to expensive secure page swapping. In this case, how to appropriately partition a DNN model and assign the partitions to distributed edge servers to efficiently utilize edge resources for fast secure inference becomes a challenging problem. In this paper, we first show that this problem is NP-hard. We further propose a MEmory -aware Distributed Inference Acceleration (MEDIA) algorithm, whose guaranteed approximation ratio is also formally analyzed. We have implemented a prototype system and applied some well-known representative DNN models to evaluate MEDIA's performance. Through extensive experiments, we verify the efficiency of MEDIA by the fact that it reduces the inference time by 19.5%-38.1 % in comparison with state-of-the-art approaches.

Daniel Takabi,Robert Podschwadt,Jeff Druce,Curt Wu,Kevin Procopio

DOI: https://doi.org/10.48550/arXiv.1911.11377

2019-11-26

Cryptography and Security

Abstract:Machine Learning as a Service (MLaaS) has become a growing trend in recent years and several such services are currently offered. MLaaS is essentially a set of services that provides machine learning tools and capabilities as part of cloud computing services. In these settings, the cloud has pre-trained models that are deployed and large computing capacity whereas the clients can use these models to make predictions without having to worry about maintaining the models and the service. However, the main concern with MLaaS is the privacy of the client's data. Although there have been several proposed approaches in the literature to run machine learning models on encrypted data, the performance is still far from being satisfactory for practical use. In this paper, we aim to accelerate the performance of running machine learning on encrypted data using combination of Fully Homomorphic Encryption (FHE), Convolutional Neural Networks (CNNs) and Graphics Processing Units (GPUs). We use a number of optimization techniques, and efficient GPU-based implementation to achieve high performance. We evaluate a CNN whose architecture is similar to AlexNet to classify homomorphically encrypted samples from the Cars Overhead With Context (COWC) dataset. To the best of our knowledge, it is the first time such a complex network and large dataset is evaluated on encrypted data. Our approach achieved reasonable classification accuracy of 95% for the COWC dataset. In terms of performance, our results show that we could achieve several thousands times speed up when we implement GPU-accelerated FHE operations on encrypted floating point numbers.

Kwok-Yan Lam,Xianhui Lu,Linru Zhang,Xiangning Wang,Huaxiong Wang,Si Qi Goh

DOI: https://doi.org/10.1109/tdsc.2024.3353536

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:AI-as-a-Service has emerged as an important trend for supporting the growth of the digital economy. Digital service providers make use of their vast amount of customer data to train AI models (such as image recognition, financial modelling and pandemic modelling etc) and offer them as a service on the cloud. While there are convincing advantages for using such third-party models, the fact that model users are required to upload their data to the cloud is bound to raise serious privacy concerns, especially in the face of increasingly stringent privacy regulations and legislation. To promote the adoption of AI-as-a-Service while addressing privacy issues, we propose a practical approach for constructing privacy-enhanced neural networks by designing an efficient implementation of fully homomorphic encryption. With this approach, an existing neural network can be converted to process FHE-encrypted data and produce encrypted output which are only accessible by the model users, and more importantly, within an operationally acceptable time (e.g. within 1 second for facial recognition in typical border control systems). Experimental results show that in many practical tasks such as facial recognition, text classification and so on, we obtained the state-of-the-art inference accuracy in less than one second on a 16 cores CPU.

computer science, information systems, software engineering, hardware & architecture

Peng Zhang,Zhiyuan Hu,Yu Wang,Liquan Chen

DOI: https://doi.org/10.1109/WCCCT60665.2024.10541346

2024-04-12

Abstract:The utilization of convolutional neural network (CNN) inference models has gained widespread adoption across various domains; however, it raises concerns regarding user privacy and security due to the requirement of plaintext information during the inference process. Homomorphic encryption has been proposed as a viable solution to address CNN’s security issues. Nevertheless, this encryption algorithm encounters certain limitations such as significant ciphertext expansion, restricted nonlinear computing power, and limited number of multiplications, which hinder its application in CNN inference models. In this paper, we present an inference model framework that leverages the single instruction multiple data and ciphertext rotation functions of homomorphic encryption along with the additive secret sharing (ASS) concept to design and transform each network layer of CNN. Our approach effectively mitigates ciphertext expansion rate while enhancing computational efficiency and reducing communication volume without compromising on inference accuracy.

Computer Science

Ran Ran,Nuo Xu,Wei Wang,Gang Quan,Jieming Yin,Wujie Wen

DOI: https://doi.org/10.48550/arXiv.2209.11904

2022-10-26

Abstract:Recently cloud-based graph convolutional network (GCN) has demonstrated great success and potential in many privacy-sensitive applications such as personal healthcare and financial systems. Despite its high inference accuracy and performance on cloud, maintaining data privacy in GCN inference, which is of paramount importance to these practical applications, remains largely unexplored. In this paper, we take an initial attempt towards this and develop $\textit{CryptoGCN}$--a homomorphic encryption (HE) based GCN inference framework. A key to the success of our approach is to reduce the tremendous computational overhead for HE operations, which can be orders of magnitude higher than its counterparts in the plaintext space. To this end, we develop an approach that can effectively take advantage of the sparsity of matrix operations in GCN inference to significantly reduce the computational overhead. Specifically, we propose a novel AMA data formatting method and associated spatial convolution methods, which can exploit the complex graph structure and perform efficient matrix-matrix multiplication in HE computation and thus greatly reduce the HE operations. We also develop a co-optimization framework that can explore the trade offs among the accuracy, security level, and computational overhead by judicious pruning and polynomial approximation of activation module in GCNs. Based on the NTU-XVIEW skeleton joint dataset, i.e., the largest dataset evaluated homomorphically by far as we are aware of, our experimental results demonstrate that $\textit{CryptoGCN}$ outperforms state-of-the-art solutions in terms of the latency and number of homomorphic operations, i.e., achieving as much as a 3.10$\times$ speedup on latency and reduces the total Homomorphic Operation Count by 77.4\% with a small accuracy loss of 1-1.5$\%$.

Cryptography and Security,Artificial Intelligence,Machine Learning

Mathias Fischer,M. Gomez-Barrero,Tatjana Wingarz,C. Busch

DOI: https://doi.org/10.1109/iwbf55382.2022.9794535

2022-04-20

Abstract:Convolutional neural networks (CNNs) are most commonly used for handling complex visual tasks. Due to the significant effort in training accurate machine learning models, training and providing them to clients for inference in the cloud is becoming more popular. However, such models might be trained on sensitive user data, leading to the need for privacy-protecting measures. While traditional cryptographic techniques do not allow operations in the encrypted domain, Homomorphic Encryption (HE) schemes enable us to work on encrypted data directly. Combining the concepts of CNNs and HE, we give a detailed overview of the steps involved in creating privacy-preserving neural networks to give an indication of the real-world applicability and the scalability of such an approach. To this extent, we implemented a homomorphically encrypted network that can be used for face recognition. Our results indicate that while we can achieve the same accuracy as a standard neural network, running CNNs on homomorphically encrypted inputs comes at a significant overhead that grows with the network size.

Engineering,Computer Science

Zhe Yang,Xudong Li,Lingbo Wei,Chi Zhang,Chengjie Gu

DOI: https://doi.org/10.1109/hoticn50779.2020.9350832

2020-01-01

Abstract:As the next-generation network architecture, Information-Centric Networking (ICN) has emerged as a novel paradigm to cope with the increasing demand for content delivery on the Internet. In contrast to the conventional host-centric architectures, ICN focuses on content retrieval based on their name rather than their storage location. However, ICN is vulnerable to various security and privacy attacks due to the inherent attributes of the ICN architectures. For example, a curious ICN node can monitor the network traffic to reveal the sensitive data issued by specific users. Hence, further research on privacy protection for ICN is needed. This paper presents a practical approach to effectively enhancing the security and privacy of ICN by utilizing Intel SGX, a commodity trusted execution environment. The main idea is to leverage secure enclaves residing on ICN nodes to do computations on sensitive data. Performance evaluations on the real-world datasets demonstrate the efficiency of the proposed scheme. Moreover, our scheme outperforms the cryptography based method.

Yixuan Ren,Yixin Jie,Qingtao Wang,Bingbing Zhang,Chi Zhang,Lingbo Wei

DOI: https://doi.org/10.1109/PST52912.2021.9647843

2021-01-01

Abstract:The Multi-party Secure Computation (MPC)-based methods for privacy-preserving Graph Neural Networks (GNNs) are still challenged by high communication overhead. Moreover, the security guarantee of most MPC-based methods can only defend against the semi-honest adversary, while a few methods which can defend against the malicious adversary will cause a further increase in communication overhead. Moreover, Software Guard Extensions (SGX), which can provide the data confidentiality and code integrity, has been considered as a novel solution to privacy-preserving GNN. Unfortunately, previous work has shown that SGX is vulnerable to side-channel attacks that deprive its confidentiality and preserve only its integrity. To solve the above problems, we propose an n-party secure computation framework for GNNs using SGX. This framework can reduce the communication overhead and improve the security guarantee without relying on the confidentiality of SGX. Specifically, both data holders and the server hold SGX. Data holders enrich the data and train the model by MPC efficiently with the assistance of the server. SGX ensures integrity, where data holders and the server must execute according to protocols, so malicious adversaries cannot deviate from the protocol to breach privacy and security. Even if the confidentiality of SGX was breached, the adversary could only access the ciphertext in MPC instead of the plaintext. We conduct experiments on public datasets to demonstrate that our framework has achieved comparable performance with traditional GNNs and perform security analysis to validate that our framework satisfies security and privacy requirements.

Qiushi Li,Ju Ren,Xinglin Pan,Yuezhi Zhou,Yaoxue Zhang

DOI: https://doi.org/10.1109/icdcs54860.2022.00051

2022-01-01

Abstract:Time-efficient artificial intelligence (AI) service has recently witnessed increasing interest from academia and industry due to the urgent needs in massive smart applications such as self-driving cars, virtual reality, high-resolution video streaming, etc. Existing solutions to reduce AI latency, like edge computing and heterogeneous neural-network accelerators (NNAs), face high risk of privacy leakage. To achieve both low-latency and privacy-preserving purposes on edge servers (e.g., NNAs), this paper proposes ENIGMA that can exploit the trusted execution environment (TEE) and heterogeneous NNAs of edge servers for edge inference. The low-latency is supported by a new ahead-of-time analysis framework for analyzing the linearity of multilayer neural networks, which automatically slices forward-graph and assigns sub-graphs to TEE or NNA. To avoid privacy leakage issue, we then introduce a pre-forwarded cipher generation (PFCG) scheme for computing linear sub-forward-graphs on NNA. The input data is encrypted to ciphertext that can be computed directly by linear sub-graphs, and the output can be decrypted to obtain the correct output. To enable non-linear computation of sub-graphs on TEE, we use ring-cache and automatic vectorization optimization to address the memory limitation of TEE. Qualitative analysis and quantitative experiments on GPU, NPU and TPU demonstrate that ENIGMA is not only compatible with heterogeneous NNAs, but also can avoid leakages of private features with latency as low as 50-milliseconds.

Yuepeng Li,Deze Zeng,Lin Gu,Quan Chen,Song Guo,Albert Zomaya,Minyi Guo

DOI: https://doi.org/10.1109/tpds.2022.3187772

IF: 5.3

2022-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Edge intelligence has emerged as a prevalent enabling technology to support various intelligent applications. Along with the prosperity, it also raises great concern on the security and privacy since the edge servers are usually shared and untrusted. The security-sensitive code (i.e., the pre-trained model) and data may be easily stolen by malicious tenants, and even untrusted infrastructure providers. To this end, Software Guard Extensions (SGX) is proposed to provide an isolated Trust Execution Environment (TEE) for security and privacy guarantee. However, we find that running tasks in SGX suffer certain performance degradation due to the limited Enclave Page Cache (EPC) size. This further leads to frequent page swapping operations and the high enclave call overhead, which are also influenced by the task (i.e., DNN layer) dispatching and scheduling. To this end, in this paper, we design Lasagna , as an SGX based secure DNN inference acceleration framework, which explores the layered-structure of DNN models to well balance the usage of the scarce EPC resources and the computation resources. Lasagna mainly consists of a global task balancer and a local task scheduler, responding for task dispatching across distributed edge servers and task scheduling in local server, respectively. We evaluate Lasagna over different well-known DNN models, and the results show that Lasagna effectively speeds up the inference performance by $1.11\times -1.51\times$ .

Kai Huang,Ximeng Liu,Shaojing Fu,Deke Guo,Ming Xu

DOI: https://doi.org/10.1109/TDSC.2019.2913362

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The proliferation of various mobile devices equipped with cameras results in an exponential growth of the amount of images. Recent advances in the deep learning with convolutional neural networks (CNN) have made CNN feature extraction become an effective way to process these images. However, it is still a challenging task to deploy the CNN model on the mobile sensors, which are typically resource-constrained in terms of the storage space, the computing capacity, and the battery life. Although cloud computing has become a popular solution, data security and response latency are always the key issues. Therefore, in this paper, we propose a novel lightweight framework for privacy-preserving CNN feature extraction for mobile sensing based on edge computing. To get the most out of the benefits of CNN with limited physical resources on the mobile sensors, we design a series of secure interaction protocols and utilize two edge servers to collaboratively perform the CNN feature extraction. The proposed scheme allows us to significantly reduce the latency and the overhead of the end devices while preserving privacy. Through theoretical analysis and empirical experiments, we demonstrate the security, effectiveness, and efficiency of our scheme.