scholarly journals Is Homomorphic Encryption-Based Deep Learning Secure Enough?

Sensors ◽  
2021 ◽  
Vol 21 (23) ◽  
pp. 7806
Author(s):  
Jinmyeong Shin ◽  
Seok-Hwan Choi ◽  
Yoon-Ho Choi
Keyword(s):  
Deep Learning ◽  
Data Privacy ◽  
Homomorphic Encryption ◽  
Communication Link ◽  
Sensitive Information ◽  
Learning Technology ◽  
User Privacy ◽  
Security Vulnerabilities ◽  
Adversarial Attack ◽  
Privacy Problem

As the amount of data collected and analyzed by machine learning technology increases, data that can identify individuals is also being collected in large quantities. In particular, as deep learning technology—which requires a large amount of analysis data—is activated in various service fields, the possibility of exposing sensitive information of users increases, and the user privacy problem is growing more than ever. As a solution to this user’s data privacy problem, homomorphic encryption technology, which is an encryption technology that supports arithmetic operations using encrypted data, has been applied to various field including finance and health care in recent years. If so, is it possible to use the deep learning service while preserving the data privacy of users by using the data to which homomorphic encryption is applied? In this paper, we propose three attack methods to infringe user’s data privacy by exploiting possible security vulnerabilities in the process of using homomorphic encryption-based deep learning services for the first time. To specify and verify the feasibility of exploiting possible security vulnerabilities, we propose three attacks: (1) an adversarial attack exploiting communication link between client and trusted party; (2) a reconstruction attack using the paired input and output data; and (3) a membership inference attack by malicious insider. In addition, we describe real-world exploit scenarios for financial and medical services. From the experimental evaluation results, we show that the adversarial example and reconstruction attacks are a practical threat to homomorphic encryption-based deep learning models. The adversarial attack decreased average classification accuracy from 0.927 to 0.043, and the reconstruction attack showed average reclassification accuracy of 0.888, respectively.

scholarly journals Study on the Technical Evaluation of De-Identification Procedures for Personal Data in the Automotive Sector

2021 ◽  
Author(s):  
Kai Rannenberg ◽  
Sebastian Pape ◽  
Frédéric Tronnier ◽  
Sascha Löbner
Keyword(s):  
Data Privacy ◽  
Differential Privacy ◽  
Homomorphic Encryption ◽  
Personal Data ◽  
Legal Aspects ◽  
Use Cases ◽  
Use Case ◽  
User Privacy ◽  
External Data ◽  
Identification Techniques

The aim of this study was to identify and evaluate different de-identification techniques that may be used in several mobility-related use cases. To do so, four use cases have been defined in accordance with a project partner that focused on the legal aspects of this project, as well as with the VDA/FAT working group. Each use case aims to create different legal and technical issues with regards to the data and information that are to be gathered, used and transferred in the specific scenario. Use cases should therefore differ in the type and frequency of data that is gathered as well as the level of privacy and the speed of computation that is needed for the data. Upon identifying use cases, a systematic literature review has been performed to identify suitable de-identification techniques to provide data privacy. Additionally, external databases have been considered as data that is expected to be anonymous might be reidentified through the combination of existing data with such external data. For each case, requirements and possible attack scenarios were created to illustrate where exactly privacy-related issues could occur and how exactly such issues could impact data subjects, data processors or data controllers. Suitable de-identification techniques should be able to withstand these attack scenarios. Based on a series of additional criteria, de-identification techniques are then analyzed for each use case. Possible solutions are then discussed individually in chapters 6.1 - 6.2. It is evident that no one-size-fits-all approach to protect privacy in the mobility domain exists. While all techniques that are analyzed in detail in this report, e.g., homomorphic encryption, differential privacy, secure multiparty computation and federated learning, are able to successfully protect user privacy in certain instances, their overall effectiveness differs depending on the specifics of each use case.

scholarly journals Deep Learning Data Privacy Protection Based on Homomorphic Encryption in AIoT

2021 ◽  
Vol 2021 ◽  
pp. 1-11
Author(s):  
Yichuan Wang ◽  
Xiaolong Liang ◽  
Xinhong Hei ◽  
Wenjiang Ji ◽  
Lei Zhu
Keyword(s):  
Deep Learning ◽  
Classification Accuracy ◽  
Privacy Protection ◽  
Data Privacy ◽  
Homomorphic Encryption ◽  
Accuracy Rate ◽  
Learning Network ◽  
Shared Data ◽  
Data Privacy Protection ◽  
Deep Learning Network

With the rapid development of 5G technology, its high bandwidth, high reliability, low delay, and large connection characteristics have opened up a broader application field of IoT. Moreover, AIoT (Artificial Intelligence Internet of Things) has become the new development direction of IoT. Through deep learning of real-time data provided by the Internet of Things, AI can judge user habits more accurately, make devices behave in line with user expectations, and become more intelligent, thus improving product user experience. However, in the process, there is a lot of data interaction between the edge and the cloud. Given that the shared data contain a large amount of private information, preserving information security on the shared data is an important issue that cannot be neglected. In this paper, we combine deep learning with homomorphic encryption algorithm and design a deep learning network model based on secure multiparty computing (MPC). In the whole process, we realize that the cloud only owns the encryption samples of users, and users do not own any parameters or structural information related to the model. In the experimental part, we input the encrypted Mnist and Cifar-10 datasets into the model for testing, and the results show that the classification accuracy rate of the encrypted Mnist can reach 99.21%, which is very close to the result under plaintext. The classification accuracy rate of encrypted Cifar-10 can reach 91.35%, slightly lower than the test result in plaintext and better than the existing deep learning network model that can realize data privacy protection.

scholarly journals An Efficient Approach Based on Privacy-Preserving Deep Learning for Satellite Image Classification

2021 ◽  
Vol 13 (11) ◽  
pp. 2221
Author(s):  
Munirah Alkhelaiwi ◽  
Wadii Boulila ◽  
Jawad Ahmad ◽  
Anis Koubaa ◽  
Maha Driss
Keyword(s):  
Deep Learning ◽  
Data Privacy ◽  
Satellite Images ◽  
Homomorphic Encryption ◽  
Satellite Image ◽  
Privacy Preserving ◽  
Cloud Services ◽  
Encryption Scheme ◽  
Privacy Concerns ◽  
Efficient Approach

Satellite images have drawn increasing interest from a wide variety of users, including business and government, ever since their increased usage in important fields ranging from weather, forestry and agriculture to surface changes and biodiversity monitoring. Recent updates in the field have also introduced various deep learning (DL) architectures to satellite imagery as a means of extracting useful information. However, this new approach comes with its own issues, including the fact that many users utilize ready-made cloud services (both public and private) in order to take advantage of built-in DL algorithms and thus avoid the complexity of developing their own DL architectures. However, this presents new challenges to protecting data against unauthorized access, mining and usage of sensitive information extracted from that data. Therefore, new privacy concerns regarding sensitive data in satellite images have arisen. This research proposes an efficient approach that takes advantage of privacy-preserving deep learning (PPDL)-based techniques to address privacy concerns regarding data from satellite images when applying public DL models. In this paper, we proposed a partially homomorphic encryption scheme (a Paillier scheme), which enables processing of confidential information without exposure of the underlying data. Our method achieves robust results when applied to a custom convolutional neural network (CNN) as well as to existing transfer learning methods. The proposed encryption scheme also allows for training CNN models on encrypted data directly, which requires lower computational overhead. Our experiments have been performed on a real-world dataset covering several regions across Saudi Arabia. The results demonstrate that our CNN-based models were able to retain data utility while maintaining data privacy. Security parameters such as correlation coefficient (−0.004), entropy (7.95), energy (0.01), contrast (10.57), number of pixel change rate (4.86), unified average change intensity (33.66), and more are in favor of our proposed encryption scheme. To the best of our knowledge, this research is also one of the first studies that applies PPDL-based techniques to satellite image data in any capacity.

scholarly journals SoK: Privacy-Preserving Computation Techniques for Deep Learning

2021 ◽  
Vol 2021 (4) ◽  
pp. 139-162
Author(s):  
José Cabrero-Holgueras ◽  
Sergio Pastrana
Keyword(s):  
Deep Learning ◽  
Data Science ◽  
Homomorphic Encryption ◽  
Computational Cost ◽  
Privacy Preserving ◽  
Third Party ◽  
Sensitive Information ◽  
Computation Techniques ◽  
Practical Applications ◽  
Advantages And Disadvantages

Abstract Deep Learning (DL) is a powerful solution for complex problems in many disciplines such as finance, medical research, or social sciences. Due to the high computational cost of DL algorithms, data scientists often rely upon Machine Learning as a Service (MLaaS) to outsource the computation onto third-party servers. However, outsourcing the computation raises privacy concerns when dealing with sensitive information, e.g., health or financial records. Also, privacy regulations like the European GDPR limit the collection, distribution, and use of such sensitive data. Recent advances in privacy-preserving computation techniques (i.e., Homomorphic Encryption and Secure Multiparty Computation) have enabled DL training and inference over protected data. However, these techniques are still immature and difficult to deploy in practical scenarios. In this work, we review the evolution of the adaptation of privacy-preserving computation techniques onto DL, to understand the gap between research proposals and practical applications. We highlight the relative advantages and disadvantages, considering aspects such as efficiency shortcomings, reproducibility issues due to the lack of standard tools and programming interfaces, or lack of integration with DL frameworks commonly used by the data science community.

scholarly journals A homomorphic-encryption-based vertical federated learning scheme for rick management

2020 ◽  
Vol 17 (3) ◽  
pp. 819-834
Author(s):  
Wei Ou ◽  
Jianhuan Zeng ◽  
Zijun Guo ◽  
Wanqin Yan ◽  
Dingwan Liu ◽  
...  
Keyword(s):  
Artificial Intelligence ◽  
Data Privacy ◽  
Homomorphic Encryption ◽  
Rapid Development ◽  
Financial Education ◽  
Learning System ◽  
User Privacy ◽  
Massive Growth ◽  
User Data ◽  
User Data Privacy

With continuous improvements of computing power, great progresses in algorithms and massive growth of data, artificial intelligence technologies have entered the third rapid development era. However, With the great improvements in artificial intelligence and the arrival of the era of big data, contradictions between data sharing and user data privacy have become increasingly prominent. Federated learning is a technology that can ensure the user privacy and train a better model from different data providers. In this paper, we design a vertical federated learning system for the for Bayesian machine learning with the homomorphic encryption. During the training progress, raw data are leaving locally, and encrypted model information is exchanged. The model trained by this system is comparable (up to 90%) to those models trained by a single union server under the consideration of privacy. This system can be widely used in risk control, medical, financial, education and other fields. It is of great significance to solve data islands problem and protect users? privacy.

scholarly journals Fully Homomorphically Encrypted Deep Learning as a Service

2021 ◽  
Vol 3 (4) ◽  
pp. 819-834
Author(s):  
George Onoufriou ◽  
Paul Mayfield ◽  
Georgios Leontidis
Keyword(s):  
Deep Learning ◽  
Data Privacy ◽  
Homomorphic Encryption ◽  
Percentage Error ◽  
Polynomial Equations ◽  
Fully Homomorphic Encryption ◽  
Sequence Prediction ◽  
Recent Advancement ◽  
Complexity Cost ◽  
Made In

Fully Homomorphic Encryption (FHE) is a relatively recent advancement in the field of privacy-preserving technologies. FHE allows for the arbitrary depth computation of both addition and multiplication, and thus the application of abelian/polynomial equations, like those found in deep learning algorithms. This project investigates how FHE with deep learning can be used at scale toward accurate sequence prediction, with a relatively low time complexity, the problems that such a system incurs, and mitigations/solutions for such problems. In addition, we discuss how this could have an impact on the future of data privacy and how it can enable data sharing across various actors in the agri-food supply chain, hence allowing the development of machine learning-based systems. Finally, we find that although FHE incurs a high spatial complexity cost, the run time is within expected reasonable bounds, while allowing for absolutely private predictions to be made, in our case for milk yield prediction with a Mean Absolute Percentage Error (MAPE) of 12.4% and an accuracy of 87.6% on average.

Smart teaching mode based on particle swarm image recognition and human-computer interaction deep learning

2020 ◽  
Vol 39 (4) ◽  
pp. 5699-5711
Author(s):  
Shirong Long ◽  
Xuekong Zhao
Keyword(s):  
Feature Extraction ◽  
Particle Swarm Optimization ◽  
Deep Learning ◽  
Real Time ◽  
Image Recognition ◽  
Particle Swarm ◽  
Learning Technology ◽  
Search Performance ◽  
Swarm Optimization ◽  
Teaching Mode

The smart teaching mode overcomes the shortcomings of traditional teaching online and offline, but there are certain deficiencies in the real-time feature extraction of teachers and students. In view of this, this study uses the particle swarm image recognition and deep learning technology to process the intelligent classroom video teaching image and extracts the classroom task features in real time and sends them to the teacher. In order to overcome the shortcomings of the premature convergence of the standard particle swarm optimization algorithm, an improved strategy for multiple particle swarm optimization algorithms is proposed. In order to improve the premature problem in the search performance algorithm of PSO algorithm, this paper combines the algorithm with the useful attributes of other algorithms to improve the particle diversity in the algorithm, enhance the global search ability of the particle, and achieve effective feature extraction. The research indicates that the method proposed in this paper has certain practical effects and can provide theoretical reference for subsequent related research.

scholarly journals Automatic Detection of Arrhythmia Based on Multi-Resolution Representation of ECG Signal

Sensors ◽  
2020 ◽  
Vol 20 (6) ◽  
pp. 1579
Author(s):  
Dongqi Wang ◽  
Qinghua Meng ◽  
Dongming Chen ◽  
Hupo Zhang ◽  
Lisheng Xu
Keyword(s):  
Neural Networks ◽  
Deep Learning ◽  
Deep Neural Networks ◽  
Channel Model ◽  
Expert Knowledge ◽  
Automatic Detection ◽  
Data Representation ◽  
Learning Technology ◽  
Arrhythmia Detection ◽  
Automatic Feature Extraction

Automatic detection of arrhythmia is of great significance for early prevention and diagnosis of cardiovascular disease. Traditional feature engineering methods based on expert knowledge lack multidimensional and multi-view information abstraction and data representation ability, so the traditional research on pattern recognition of arrhythmia detection cannot achieve satisfactory results. Recently, with the increase of deep learning technology, automatic feature extraction of ECG data based on deep neural networks has been widely discussed. In order to utilize the complementary strength between different schemes, in this paper, we propose an arrhythmia detection method based on the multi-resolution representation (MRR) of ECG signals. This method utilizes four different up to date deep neural networks as four channel models for ECG vector representations learning. The deep learning based representations, together with hand-crafted features of ECG, forms the MRR, which is the input of the downstream classification strategy. The experimental results of big ECG dataset multi-label classification confirm that the F1 score of the proposed method is 0.9238, which is 1.31%, 0.62%, 1.18% and 0.6% higher than that of each channel model. From the perspective of architecture, this proposed method is highly scalable and can be employed as an example for arrhythmia recognition.

scholarly journals Modeling vegetation greenness and its climate sensitivity with deep‐learning technology

2021 ◽  
Author(s):  
Zhiting Chen ◽  
Hongyan Liu ◽  
Chongyang Xu ◽  
Xiuchen Wu ◽  
Boyi Liang ◽  
...  
Keyword(s):  
Deep Learning ◽  
Climate Sensitivity ◽  
Learning Technology ◽  
Vegetation Greenness
Sign in / Sign up

Export Citation Format

Share Document