Zhang Qiao,Wang Cong,Xin Chunsheng,Wu Hongyi

2019-01-01

Abstract: Machine Learning as a Service (MLaaS) is enabling a wide range of smart applications on end devices. However, such convenience comes with a cost of privacy because users have to upload their private data to the cloud. This research aims to provide effective and efficient MLaaS such that the cloud server learns nothing about user data and the users cannot infer the proprietary model parameters owned by the server. This work makes the following contributions. First, it unveils the fundamental performance bottleneck of existing schemes due to the heavy permutations in computing linear transformation and the use of communication intensive Garbled Circuits for nonlinear transformation. Second, it introduces an ultra-fast secure MLaaS framework, CHEETAH, which features a carefully crafted secret sharing scheme that runs significantly faster than existing schemes without accuracy loss. Third, CHEETAH is evaluated on the benchmark of well-known, practical deep networks such as AlexNet and VGG-16 on the MNIST and ImageNet datasets. The results demonstrate more than 100x speedup over the fastest GAZELLE (Usenix Security'18), 2000x speedup over MiniONN (ACM CCS'17) and five orders of magnitude speedup over CryptoNets (ICML'16). This significant speedup enables a wide range of practical applications based on privacy-preserved deep neural networks.

Fei Dai,Guozhi Liu,Bi Huang,Xiaolong Xu,Chaochao Chen,Zhangbing Zhou,Xiaokang Zhou

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics55523.2022.00070

2022-01-01

Abstract:Industrial Internet of Things (IIoT) systems can leverage deep learning (DL) models to provide intelligent applications. However, the training process of such DL models tends to leak privacy when the training data contain sensitive operational and management information. Most studies about privacy-preserving DL require a trusted data collector and thus are not suitable in an untrusted environment. In this paper, we propose a distributed privacy-preserving framework for DL with edge-cloud computing, where direct privacy leakage and indirect privacy leakage of training data are both considered. First, a pre-trained convolutional neural network (CNN) is partitioned into two parts for limiting direct privacy leakage of raw data, namely the feature module and the classification module. The feature module consisting of the lower layers of the CNN is deployed on an edge server, which is used to attract the feature of raw data. The feature data is fed to the classification module consisting of the higher layers of the CNN, which is deployed on the cloud server to compute image classification tasks. Second, a perturbation module between the feature module and the classification module is designed for limiting indirect privacy leakage during feature data transmission. The perturbation module uses local differential privacy (LDP) to produce noise in the feature data. Third, to further improve the accuracy, we retrain the classification module with the randomized feature data from edge servers. Experimental results show that the proposed framework achieves high accuracy under low privacy budgets.

Mengda Yang,Wenzhe Yi,Juan Wang,Hongxin Hu,Xiaoyang Xu,Ziang Li

DOI: https://doi.org/10.1016/j.future.2024.03.008

IF: 7.307

2024-03-03

Future Generation Computer Systems

Abstract:The proliferation of artificial intelligence and edge computing has led to an increase in the deployment of proprietary deep learning models on third-party edge servers or devices to power mission-critical applications. However, this trend raises concerns about model privacy, particularly on untrusted edge platforms. Protecting model privacy in such scenarios requires addressing challenges such as untrustworthy model deployment environments, resource-constrained Trusted Execution Environments (TEE), and vulnerability to privacy inference attacks. To address these challenges, this paper proposes Penetralium , a system-algorithm jointly optimized model inference system on edge computing platforms. Penetralium runs models in the TEE by building an underlying computational engine. We propose an adaptive decomposition algorithm that builds a computing pipeline for models, which adapts to the underlying trusted components. Additionally, Penetralium uses a lightweight confidence score perturbation policy to protect against advanced privacy inference attacks on deep learning models. Experimental results demonstrate that Penetralium provides strong security guarantees with reasonable performance. The system not only reduces inference latency and memory consumption overhead but also improves the overall robustness of the system against advanced attacks.

computer science, theory & methods

Xidi Qu,Qin Hu,Shengling Wang

DOI: https://doi.org/10.1016/j.comcom.2020.07.045

IF: 5.047

2020-01-01

Computer Communications

Abstract:With the rapid development of artificial intelligence and increasing data generated by end devices, the traditional cloud-centric data processing is gradually replaced by intelligent edge computing to achieve faster and nearer service via breaking the limit of network bandwidth and communication delay. However, training machine learning (ML) models on end devices is severely resource-constrained; besides, the privacy protection and continuous improvement of ML models are challenging. To address these problems, we propose an ML model training architecture to achieve intelligent edge computing in a novel cloud-edge-device cooperative manner, which is consisted of two phases: (1) the cooperative federated pre-training phase between the cloud and edge server is inspired by federated learning, coming with an incentive mechanism for fair reward allocation according to the contribution of edge servers for pre-training the model; (2) the privacy-preserving model segmentation training phase between the edge server and device leverages homomorphic encryption to realize model improvement and protection on end devices while transferring a large amount of computation to edge servers. Extensive simulations based on synthetic and real-world data demonstrate the effectiveness and feasibility of our proposed framework.

Jianxin Zhao,Richard Mortier,Jon Crowcroft,Liang Wang

DOI: https://doi.org/10.1145/3278721.3278778

2018-12-27

Abstract:Emerging Machine Learning (ML) techniques, such as Deep Neural Network, are widely used in today's applications and services. However, with social awareness of privacy and personal data rapidly rising, it becomes a pressing and challenging societal issue to both keep personal data private and benefit from the data analytics power of ML techniques at the same time. In this paper, we argue that to avoid those costs, reduce latency in data processing, and minimise the raw data revealed to service providers, many future AI and ML services could be deployed on users' devices at the Internet edge rather than putting everything on the cloud. Moving ML-based data analytics from cloud to edge devices brings a series of challenges. We make three contributions in this paper. First, besides the widely discussed resource limitation on edge devices, we further identify two other challenges that are not yet recognised in existing literature: lack of suitable models for users, and difficulties in deploying services for users. Second, we present preliminary work of the first systematic solution, i.e. Zoo, to fully support the construction, composing, and deployment of ML models on edge and local devices. Third, in the deployment example, ML service are proved to be easy to compose and deploy with Zoo. Evaluation shows its superior performance compared with state-of-art deep learning platforms and Google ML services.

Wenbo Yang,Hao Wang,Zhi Li,Ziyu Niu,Lei Wu,Xiaochao Wei,Ye Su,Willy Susilo

DOI: https://doi.org/10.1109/jiot.2024.3461410

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:We propose a privacy-preserving machine learning scheme based on the cloud-edge-end architecture to address issues like weak computing power of Internet of Things (IoT) terminals, poor communication quality, and heavy cloud server burdens in traditional frameworks. Edge servers aggregate and forward terminal data, relieving terminals of heavy communication tasks and undertaking part of the computing tasks, which reduces the burden on cloud servers and improves system response speed. For privacy protection, we flexibly use homomorphic encryption and secret sharing techniques, and dynamically add differential privacy noise to resist member inference attacks. Task allocation is coordinated between different layers to optimize computing overhead. Shallow model training is performed on edge servers using homomorphic encryption, while deep model training is conducted on cloud servers using secret sharing. To achieve the conversion from homomorphic ciphertext to secret sharing shares, we design a distributed decryption protocol. Experimental results show our scheme reduces computation overhead by 20%-30% compared to existing privacy-preserving machine learning schemes based on the cloud-edge-end framework, while maintaining privacy protection throughout all stages.

Taegyeong Lee,Zhiqi Lin,Saumay Pushp,Caihua Li,Yunxin Liu,Youngki Lee,Fengyuan Xu,Chenren Xu,Lintao Zhang,Junehwa Song

DOI: https://doi.org/10.1145/3300061.3345447

2019-01-01

Abstract:Deep-learning (DL) is receiving huge attention as enabling techniques for emerging mobile and IoT applications. It is a common practice to conduct DNN model-based inference using cloud services due to their high computation and memory cost. However, such a cloud-offloaded inference raises serious privacy concerns. Malicious external attackers or untrustworthy internal administrators of clouds may leak highly sensitive and private data such as image, voice and textual data. In this paper, we propose Occlumency, a novel cloud-driven solution designed to protect user privacy without compromising the benefit of using powerful cloud resources. Occlumency leverages secure SGX enclave to preserve the confidentiality and the integrity of user data throughout the entire DL inference process. DL inference in SGX enclave, however, impose a severe performance degradation due to limited physical memory space and inefficient page swapping. We designed a suite of novel techniques to accelerate DL inference inside the enclave with a limited memory size and implemented Occlumency based on Caffe. Our experiment with various DNN models shows that Occlumency improves inference speed by 3.6x compared to the baseline DL inference in SGX and achieves a secure DL inference within 72% of latency overhead compared to inference in the native environment.

Chugui Xu,Ju Ren,Liang She,Yaoxue Zhang,Zhan Qin,Kui Ren

DOI: https://doi.org/10.1109/jiot.2019.2897005

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:Deep neural networks have been widely applied in various machine learning applications for mobile data analytics in cloud. However, this approach introduces significant data challenges, because the cloud operator can perform deep inferences on the available data. Recent advances in edge computing have paved the way to more efficient and private data processing at the edge of the network for simple tasks and lightweight models, but challenges still remain in building efficient complex models (e.g., deep learning) for edge computing. To tackle these issues, we propose EdgeSanitizer, a deep inference framework-based edge computing with local differential privacy for mobile data analytics. EdgeSanitizer leverages deep learning model to conduct data minimization and obfuscates the learned features by adaptively injecting noise, thereby forming a new protection layer against sensitive inference. We evaluate its performance in terms of data privacy and utility through theoretical analysis and experimental evaluation. The theoretical analysis proves that EdgeSanitizer can provide provable privacy guarantees with a large improvement in utility. And the experimental results demonstrate the robustness of our approach against sensitive inference, as well as its applicability on resource-constrained edge devices.

Zhichuang Sun,Ruimin Sun,Changming Liu,Amrita Roy Chowdhury,Long Lu,Somesh Jha

DOI: https://doi.org/10.48550/arXiv.2011.05905

2020-11-11

Cryptography and Security

Abstract:With the increased usage of AI accelerators on mobile and edge devices, on-device machine learning (ML) is gaining popularity. Thousands of proprietary ML models are being deployed today on billions of untrusted devices. This raises serious security concerns about model privacy. However, protecting model privacy without losing access to the untrusted AI accelerators is a challenging problem. In this paper, we present a novel on-device model inference system, ShadowNet. ShadowNet protects the model privacy with Trusted Execution Environment (TEE) while securely outsourcing the heavy linear layers of the model to the untrusted hardware accelerators. ShadowNet achieves this by transforming the weights of the linear layers before outsourcing them and restoring the results inside the TEE. The non-linear layers are also kept secure inside the TEE. ShadowNet's design ensures efficient transformation of the weights and the subsequent restoration of the results. We build a ShadowNet prototype based on TensorFlow Lite and evaluate it on five popular CNNs, namely, MobileNet, ResNet-44, MiniVGG, ResNet-404, and YOLOv4-tiny. Our evaluation shows that ShadowNet achieves strong security guarantees with reasonable performance, offering a practical solution for secure on-device model inference.

Kishore Rajasekar,Randolph Loh,Kar Wai Fok,Vrizlynn L. L. Thing

2024-04-11

Abstract:MLaaS (Machine Learning as a Service) has become popular in the cloud computing domain, allowing users to leverage cloud resources for running private inference of ML models on their data. However, ensuring user input privacy and secure inference execution is essential. One of the approaches to protect data privacy and integrity is to use Trusted Execution Environments (TEEs) by enabling execution of programs in secure hardware enclave. Using TEEs can introduce significant performance overhead due to the additional layers of encryption, decryption, security and integrity checks. This can lead to slower inference times compared to running on unprotected hardware. In our work, we enhance the runtime performance of ML models by introducing layer partitioning technique and offloading computations to GPU. The technique comprises two distinct partitions: one executed within the TEE, and the other carried out using a GPU accelerator. Layer partitioning exposes intermediate feature maps in the clear which can lead to reconstruction attacks to recover the input. We conduct experiments to demonstrate the effectiveness of our approach in protecting against input reconstruction attacks developed using trained conditional Generative Adversarial Network(c-GAN). The evaluation is performed on widely used models such as VGG-16, ResNet-50, and EfficientNetB0, using two datasets: ImageNet for Image classification and TON IoT dataset for cybersecurity attack detection.

Cryptography and Security

Fanglue Xia,Ying Chen,Jiwei Huang

DOI: https://doi.org/10.1002/spe.3314

2024-01-25

Software Practice and Experience

Abstract:As machine learning (ML) technologies continue to evolve, there is an increasing demand for data. Mobile crowd sensing (MCS) can motivate more users in the data collection process through reasonable compensation, which can enrich the data scale and coverage. However, nowadays, users are increasingly concerned about their privacy and are unwilling to easily share their personal data. Therefore, protecting privacy has become a crucial issue. In ML, federated learning (FL) is a widely known privacy‐preserving technique where the model training process is performed locally by the data owner, which can protect privacy to a large extent. However, as the model size grows, the weak computing power and battery life of user devices are not sufficient to support training a large number of models locally. With mobile edge computing (MEC), user can offload some of the model training tasks to the edge server for collaborative computation, allowing the edge server to participate in the model training process to improve training efficiency. However, edge servers are not fully trusted, and there is still a risk of privacy leakage if data is directly uploaded to the edge server. To address this issue, we design a local differential privacy (LDP) based data privacy‐preserving algorithm and a deep reinforcement learning (DRL) based task offloading algorithm. We also propose a privacy‐preserving distributed ML framework for MEC and model the cloud‐edge‐mobile collaborative training process. These algorithms not only enable effective utilization of edge computing to accelerate machine learning model training but also significantly enhance user privacy and save device battery power. We have conducted experiments to verify the effectiveness of the framework and algorithms.

computer science, software engineering

Qiao Zhang,Tao Xiang,Yifei Cai,Zhichao Zhao,Ning Wang,Hongyi Wu

DOI: https://doi.org/10.1109/mnet.127.2200342

IF: 10.294

2023-01-01

IEEE Network

Abstract:Privacy-preserving machine learning as a service (PP-MLaaS) can achieve the secure model computation towards the client's private input through a series of privacy-preserving operations. However, existing PP-MLaaS schemes are suffering from low computational efficiency thwarting their application in real-world scenarios. To mitigate this issue, this article seeks to identify the main algorithmic problems biting computation efficiency and present possible enablers to accelerate the process of secure model computation. The investigation consists of four hierarchical parts. In the first part, existing PP-MLaaS frameworks are reviewed, and the problem statement is discussed in the next part, in which the possible issues that lead to inefficient computation are illustrated from computational logic and computational model, respectively. In the third part, we investigate two potential strategies to improve the calculation efficiency of privacy-preserving neural computing, involving the optimization of cost hierarchy in the calculation process and the crypto-friendly pruning in the neural computation model. Research directions and open topics for efficient PP-MLaaS are discussed in the last part, including rotation-free, neural architecture searching, hardware-aware, and nonlinearity-efficient PPMLaaS.

Ruiyuan Gao,Hailong Yang,Shaohan Huang,Ming Dun,Mingzhen Li,Zerong Luan,Zhongzhi Luan,Depei Qian

DOI: https://doi.org/10.1109/ccgrid51090.2021.00043

2021-01-01

Abstract:The huge computation demand for deep learning models and limited computation resources on the edge devices calls for the cooperation between the edge device and cloud service. On a typical edge-cloud system accommodating DNN inference, a deep model is split into two partial models running on the edge device and the cloud service, respectively. The two partial models collaborate closely to satisfy the DNN inference requested by the user. However, user's privacy is vulnerable when transferring the intermediate results generated by the partial model at edge device to cloud service. Existing research works rely on metrics that are either impractical or insufficient to measure the effectiveness of privacy protection methods in the above scenario, especially from a single input aspect. In this paper, we first thoroughly analyze the state-of-the-art methods and drawbacks of existing methods from the aspects of both evaluation metrics and proposed techniques. Then, we propose a new metric system, including privacy accuracy (PA) and privacy index (PI), that can accurately measure the effectiveness of privacy protection methods. Furthermore, we propose PriPro, a privacy protection method that can dynamically inject noise to the intermediate results at various layers regarding the input features through the self-attention mechanism. The experiment results demonstrate our method outperforms existing methods for protecting user privacy on deep models such as AlexNet, VGG, and ResNet.

Ziqi Zhang,Chen Gong,Yifeng Cai,Yuanyuan Yuan,Bingyan Liu,Ding Li,Yao Guo,Xiangqun Chen

DOI: https://doi.org/10.1109/sp54263.2024.00052

2024-01-01

Abstract:On-device ML introduces new security challenges: DNN models become white-box accessible to device users. Based on white-box information, adversaries can conduct effective model stealing (MS) and membership inference attack (MIA). Using Trusted Execution Environments (TEEs) to shield on-device DNN models aims to downgrade (easy) white-box attacks to (harder) black-box attacks. However, one major shortcoming is the sharply increased latency (up to 50X). To accelerate TEE-shield DNN computation with GPUs, researchers proposed several model partition techniques. These solutions, referred to as TEE-Shielded DNN Partition (TSDP), partition a DNN model into two parts, offloading the privacy-insensitive part to the GPU while shielding the privacy-sensitive part within the TEE. This paper benchmarks existing TSDP solutions using both MS and MIA across a variety of DNN models, datasets, and metrics. We show important findings that existing TSDP solutions are vulnerable to privacy-stealing attacks and are not as safe as commonly believed. We also unveil the inherent difficulty in deciding optimal DNN partition configurations (i.e., the highest security with minimal utility cost) for present TSDP solutions. The experiments show that such “sweet spot” configurations vary across datasets and models. Based on lessons harvested from the experiments, we present TEESlice, a novel TSDP method that defends against MS and MIA during DNN inference. TEESlice follows a partition-before-training strategy, which allows for accurate separation between privacy-related weights from public weights. TEESlice delivers the same security protection as shielding the entire DNN model inside TEE (the “upper-bound” security guarantees) with over 10X less overhead (in both experimental and real-world environments) than prior TSDP solutions and no accuracy loss.

Payman Mohassel,Yupeng Zhang

DOI: https://doi.org/10.1109/sp.2017.12

2017-05-01

Abstract:Machine learning is widely used in practice to produce predictive models for applications such as image processing, speech and text recognition. These models are more accurate when trained on large amount of data collected from different sources. However, the massive data collection raises privacy concerns. In this paper, we present new and efficient protocols for privacy preserving machine learning for linear regression, logistic regression and neural network training using the stochastic gradient descent method. Our protocols fall in the two-server model where data owners distribute their private data among two non-colluding servers who train various models on the joint data using secure two-party computation (2PC). We develop new techniques to support secure arithmetic operations on shared decimal numbers, and propose MPC-friendly alternatives to nonlinear functions such as sigmoid and softmax that are superior to prior work. We implement our system in C++. Our experiments validate that our protocols are several orders of magnitude faster than the state of the art implementations for privacy preserving linear and logistic regressions, and scale to millions of data samples with thousands of features. We also implement the first privacy preserving system for training neural networks.

Yong Yu,Huilin Li,Ruonan Chen,Yanqi Zhao,Haomiao Yang,Xiaojiang Du

DOI: https://doi.org/10.1109/MNET.2019.1800362

IF: 10.294

2019-01-01

IEEE Network

Abstract:Intelligent networks are regarded as existing networks incorporating some intelligent mechanisms such as cognitive and cooperative approaches to improve network performance. Security is highly essential in intelligent networks but has received less attention so far. In this article, we propose a framework that enables a secure intelligent network with the assistance of cloud-assisted privacy-preserving machine learning. In the framework, the cloud server can first generate a model using outsourced machine learning algorithms and then process testing data from the network with the generated model in real time, which reflects to the network and makes it more intelligent. At the same time, the proposal guarantees the security and privacy of both the training data and the testing data in the sense that the proposed framework takes advantage of differential privacy to perform privacy-preserving data analysis and homomorphic encryption to conduct valid operations over encrypted data. The performance evaluations of the core primitives employed in the framework including differential privacy and homomorphic encryption algorithms demonstrate the practicability of our proposal.

Ruiyuan Gao,Ming Dun,Hailong Yang,Zhongzhi Luan,Depei Qian

DOI: https://doi.org/10.48550/arXiv.2001.00493

2019-12-31

Abstract:The huge computation demand of deep learning models and limited computation resources on the edge devices calls for the cooperation between edge device and cloud service by splitting the deep models into two halves. However, transferring the intermediates results from the partial models between edge device and cloud service makes the user privacy vulnerable since the attacker can intercept the intermediate results and extract privacy information from them. Existing research works rely on metrics that are either impractical or insufficient to measure the effectiveness of privacy protection methods in the above scenario, especially from the aspect of a single user. In this paper, we first present a formal definition of the privacy protection problem in the edge-cloud system running DNN models. Then, we analyze the-state-of-the-art methods and point out the drawbacks of their methods, especially the evaluation metrics such as the Mutual Information (MI). In addition, we perform several experiments to demonstrate that although existing methods perform well under MI, they are not effective enough to protect the privacy of a single user. To address the drawbacks of the evaluation metrics, we propose two new metrics that are more accurate to measure the effectiveness of privacy protection methods. Finally, we highlight several potential research directions to encourage future efforts addressing the privacy protection problem.

Cryptography and Security,Machine Learning

Pengzhi Huang,Thang Hoang,Yueying Li,Elaine Shi,G. Edward Suh

2024-06-18

Abstract:In this paper, we propose a new secure machine learning inference platform assisted by a small dedicated security processor, which will be easier to protect and deploy compared to today's TEEs integrated into high-performance processors. Our platform provides three main advantages over the state-of-the-art: (i) We achieve significant performance improvements compared to state-of-the-art distributed Privacy-Preserving Machine Learning (PPML) protocols, with only a small security processor that is comparable to a discrete security chip such as the Trusted Platform Module (TPM) or on-chip security subsystems in SoCs similar to the Apple enclave processor. In the semi-honest setting with WAN/GPU, our scheme is 4X-63X faster than Falcon (PoPETs'21) and AriaNN (PoPETs'22) and 3.8X-12X more communication efficient. We achieve even higher performance improvements in the malicious setting. (ii) Our platform guarantees security with abort against malicious adversaries under honest majority assumption. (iii) Our technique is not limited by the size of secure memory in a TEE and can support high-capacity modern neural networks like ResNet18 and Transformer. While previous work investigated the use of high-performance TEEs in PPML, this work represents the first to show that even tiny secure hardware with really limited performance can be leveraged to significantly speed-up distributed PPML protocols if the protocol can be carefully designed for lightweight trusted hardware.

Cryptography and Security

Zhi Zhou,Xu Chen

DOI: https://doi.org/10.1007/978-3-030-31919-9_19

2019-01-01

Abstract:With the advancement of Internet-of-Things (IoT), enormous IoT data are generated at the network edge, incurring an urgent need to push the frontiers of artificial intelligence (AI) to network edge so as to fully unleash the potential of the IoT big data. To match this trend, edge intelligence—an emerging paradigm that hosts AI applications at the network edge—is being recognized as a promising solution. While pilot efforts on edge intelligence have mostly focused on facilitating efficient model inference at the network edge, the training of edge intelligence model has been greatly overlooked. To bridge this gap, in this paper, we investigate how to coordinate the edge and the cloud to train edge intelligence model, with the goal of simultaneously optimizing the resource cost and preserving data privacy in an on-demand manner. Leveraging Lyapunov optimization theory, we design and analyze a cost-efficient optimization framework to make online decisions on training data scheduling to balance the tradeoff between cost efficiency and privacy preservation. With rigorous theoretical analysis, we verify the efficacy of the presented framework.

Yulong Wang,Xingshu Chen,Qixu Wang

DOI: https://doi.org/10.48550/arXiv.2212.06428

2022-12-13

Abstract:Cloud-edge collaborative inference approach splits deep neural networks (DNNs) into two parts that run collaboratively on resource-constrained edge devices and cloud servers, aiming at minimizing inference latency and protecting data privacy. However, even if the raw input data from edge devices is not directly exposed to the cloud, state-of-the-art attacks targeting collaborative inference are still able to reconstruct the raw private data from the intermediate outputs of the exposed local models, introducing serious privacy risks. In this paper, a secure privacy inference framework for cloud-edge collaboration is proposed, termed CIS, which supports adaptively partitioning the network according to the dynamically changing network bandwidth and fully releases the computational power of edge devices. To mitigate the influence introduced by private perturbation, CIS provides a way to achieve differential privacy protection by adding refined noise to the intermediate layer feature maps offloaded to the cloud. Meanwhile, with a given total privacy budget, the budget is reasonably allocated by the size of the feature graph rank generated by different convolution filters, which makes the inference in the cloud robust to the perturbed data, thus effectively trade-off the conflicting problem between privacy and availability. Finally, we construct a real cloud-edge collaborative inference computing scenario to verify the effectiveness of inference latency and model partitioning on resource-constrained edge devices. Furthermore, the state-of-the-art cloud-edge collaborative reconstruction attack is used to evaluate the practical availability of the end-to-end privacy protection mechanism provided by CIS.

Cryptography and Security