top of page

Secure Machine Learning in the Cloud Using One Way Scrambling by Deconvolution

Student: Yiftach Savransky

Supervisor: Dr. Gilad Katz; Advisors: Roni Mateless

Faculty of Engineering Science
Department of Software and Information Systems Engineering

logo_2x.png
A Framework for Privacy Preserving Cloud-based ML
Image Classification

We propose One Way Encryption by Deconvolution (OWED), a deconvolution-based encryption framework that offers the advantages of Homomorphic encryption at a fraction of the computational overhead.
Cloud-based machine learning services (CMLS) enable organizations to take advantage of advanced models that are pre-trained on large quantities of data. The main shortcoming of using these services, however, is the difficulty of keeping the transmitted data private and secure. Asymmetric encryption requires the data to be decrypted in the cloud, while Homomorphic encryption is often too slow and difficult to implement. Extensive evaluation of multiple image datasets demonstrates OWED’s ability to achieve near-perfect classification performance when the output vector of the CMLS is sufficiently large. Additionally, we provide a comprehensive analysis of the robustness of our approach.

short presentation 720p - A Framework for Privacy Preserving Cloud-based ML
Play Video

Hypothesis Insight

  • very difficult to translate back

  • consistently classified

ML algorithms respond to latent patterns in data

Consistent transformations can create representations that are:

Motivation

Use cloud-based ML services while preserving confidentiality

  • Utilize large and complex algorithms

  • Improve performance

  • Significantly reduced costs

Existing Approaches

While many solutions exist, they all have their own limitations

Screenshot 2022-09-14 125846.png
Picture112.png
gray-background-vector-with-hexagons_53876-136769.jpg
Our Method

Steps:

  1. The organization’s confidential data is encoded.

  2. A generative model generates transformed images using the encoding and a secret key.

  3. The cloud-based ML model generates predictions on the transformed images.

Confidential Data Encoding

Transformed images generation

  • Generative model

Cloud-based ML model predictions

Picture1112_edited.png

An organizational Neural Network (NN) Model is then trained to predict the original image classifications. 

Inputs:

  • Original data embeddings

  • Transformed data classification

Output:

  • Prediction of the original data real labels

Picture311.png

Inferring Labels for New Images

Project_layout - no dimensions-Page-1_ed
Confidentiality Analysis

Comparing Original and Scrambled Images

Picture6.png

Analyzing the Cloud-based Model Output

Picture9.png

Cryptographic Proof & Privacy Verification

Robustness Strength Empirical Proof
Reconstruction of Scrambled Images Analysis

Picture10_edited.jpg
Experiments

֍Use-Case 1: Same Labels in Confidential Data and Cloud

֍Use-Case 4: Ensemble of Encoders

֍Use-Case 3: Different Labels for Confidential Data and Cloud

֍Use-Case 2: Subset of Confidential Data Labels

Picture13.png
Picture15.png
Picture12.png
Picture14.png

֍Use-Case 5: IIN’s Training Size

֍Ablation Study

Conclusions

  • Significantly different from source

  • Difficult to reconstruct

  • Loose Lower bound for images per key

  • Quick and inexpensive key change

  • Increasing security and performance using multiple keys

Future Work

  • Collaborative training of ML models

  • Adapting our approach:

      ֍Textual data

      ֍Tabular data

bottom of page