Security for Distributed Machine Learning Based Software

  • Laurent GomezEmail author
  • Alberto Ibarrondo
  • Marcus Wilhelm
  • José Márquez
  • Patrick Duverger
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1118)


Current developments in Enterprise Systems observe a paradigm shift, moving the needle from the backend to the edge sectors of those; by distributing data, decentralizing applications and integrating novel components seamlessly to the central systems. Distributively deployed AI capabilities will thrust this transition.

Several non-functional requirements arise along with these developments, security being at the center of the discussions. Bearing those requirements in mind, hereby we propose an approach to holistically protect distributed Deep Neural Network (DNN) based/enhanced software assets, i.e. confidentiality of their input & output data streams as well as safeguarding their Intellectual Property.

Making use of Fully Homomorphic Encryption (FHE), our approach enables the protection of Distributed Neural Networks, while processing encrypted data. On that respect we evaluate the feasibility of this solution on a Convolutional Neuronal Network (CNN) for image classification deployed on distributed infrastructures.


Intellectual property protection Fully homomorphic encryption neural networks Distributed landscapes Smart cities 


  1. 1.
    Badawi, A.A., et al.: The AlexNet moment for homomorphic encryption: HCNN, the first homomorphic CNN on encrypted data with GPUs. CoRR abs/1811.00778 (2018)Google Scholar
  2. 2.
    Boemer, F., Ratner, E., Lendasse, A.: Parameter-free image segmentation with SLIC. Neurocomputing 277, 228–236 (2018). Scholar
  3. 3.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: Fully homomorphic encryption without bootstrapping. Cryptology ePrint Archive, Report 2011/277 (2011).
  4. 4.
    Chabanne, H., de Wargny, A., Milgram, J., Morel, C., Prouff, E.: Privacy-preserving classification on deep neural network. IACR Cryptology ePrint Archive 2017, 35 (2017)Google Scholar
  5. 5.
    Cheon, J.H., Han, K., Kim, A., Kim, M., Song, Y.: Bootstrapping for approximate homomorphic encryption. IACR Cryptology ePrint Archive 2018, 153 (2018).
  6. 6.
    Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: TFHE: fast fully homomorphic encryption over the torus. Cryptology ePrint Archive, Report 2018/421 (2018).
  7. 7.
    Clevert, D.A., Unterthiner, T., Hochreiter, S.: Fast and accurate deep network learning by exponential linear units (ELUs). arXiv preprint arXiv:1511.07289 (2015)
  8. 8.
    Cramer, R., Damgård, I.B., et al.: Secure Multiparty Computation. Cambridge University Press, Cambridge (2015)CrossRefGoogle Scholar
  9. 9.
    Dai, W., Sunar, B.: cuHE: a homomorphic encryption accelerator library. In: Pasalic, E., Knudsen, L.R. (eds.) BalkanCryptSec 2015. LNCS, vol. 9540, pp. 169–186. Springer, Cham (2016). Scholar
  10. 10.
    Ducas, L., Micciancio, D.: FHEW: bootstrapping homomorphic encryption in less than a second. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 617–640. Springer, Heidelberg (2015). Scholar
  11. 11.
    Fan, J., Vercauteren, F.: Somewhat practical fully homomorphic encryption. Cryptology ePrint Archive, Report 2012/144 (2012).
  12. 12.
    Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University, Stanford, CA, USA (2009). aAI3382729Google Scholar
  13. 13.
    Gilad-Bachrach, R., Dowlin, N., Laine, K., Lauter, K., Naehrig, M., Wernsing, J.: Cryptonets: applying neural networks to encrypted data with high throughput and accuracy, pp. 201–210 (2016)Google Scholar
  14. 14.
    Gomez, L., Ibarrondo, A., Márquez, J., Duverger, P.: Intellectual property protection for distributed neural networks - towards confidentiality of data, model, and inference. In: Samarati, P., Obaidat, M.S. (eds.) Proceedings of the 15th International Joint Conference on e-Business and Telecommunications, ICETE 2018. SECRYPT, Porto, Portugal, 26–28 July 2018, vol. 2, pp. 313–320. SciTePress (2018).
  15. 15.
    Goodfellow, I.: Security and privacy of machine learning. RSA Conference (2018).
  16. 16.
    Graepel, T., Lauter, K., Naehrig, M.: ML confidential: machine learning on encrypted data. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 1–21. Springer, Heidelberg (2013). Scholar
  17. 17.
    Halevi, S., Shoup, V.: Algorithms in HElib. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 554–571. Springer, Heidelberg (2014). Scholar
  18. 18.
    Hesamifard, E., Takabi, H., Ghasemi, M.: CryptoDL: deep neural networks over encrypted data. CoRR (2017)Google Scholar
  19. 19.
    Ioffe, S., Szegedy, C.: Batch normalization: accelerating deep network training by reducing internal covariate shift. In: International Conference on Machine Learning, pp. 448–456 (2015)Google Scholar
  20. 20.
    Krizhevsky, A., Sutskever, I., Hinton, G.E.: Imagenet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems, pp. 1097–1105 (2012)Google Scholar
  21. 21.
    Liu, J., Juuti, M., Lu, Y., Asokan, N.: Oblivious neural network predictions via minionn transformations. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 619–631. ACM (2017)Google Scholar
  22. 22.
    Livni, R., Shalev-Shwartz, S., Shamir, O.: On the computational efficiency of training neural networks. In: Ghahramani, Z., Welling, M., Cortes, C., Lawrence, N.D., Weinberger, K.Q. (eds.) Advances in Neural Information Processing Systems, vol. 27, pp. 855–863. Curran Associates, Inc. (2014).
  23. 23.
    Maas, A.L., Hannun, A.Y., Ng, A.Y.: Rectifier nonlinearities improve neural network acoustic models. In: Proceedings of the ICML, vol. 30, p. 3 (2013)Google Scholar
  24. 24.
    Mohassel, P., Zhang, Y.: SecureML: a system for scalable privacy-preserving machine learning. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 19–38. IEEE (2017)Google Scholar
  25. 25.
    PALISADE: The palisade lattice cryptography library (2018).
  26. 26.
    European Parliament and of the Council: General data protection regulation (2016).
  27. 27.
    Ren, J.S., Xu, L.: On vectorization of deep convolutional neural networks for vision tasks. In: AAAI, pp. 1840–1846 (2015)Google Scholar
  28. 28.
    Schatsky, D., Kumar, N., Bumb, S.: Intelligent IoT. Bringing the power of AI to the Internet of Things, Deloitte Insights (2017).
  29. 29.
    Simple Encrypted Arithmetic Library (release 3.1.0), Microsoft Research, Redmond, WA, December 2018.
  30. 30.
    Shokri, R., Shmatikov, V.: Privacy-preserving deep learning. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1310–1321. ACM (2015)Google Scholar
  31. 31.
    Uchida, Y., Nagai, Y., Sakazawa, S., Satoh, S.: Embedding watermarks into deep neural networks. In: Proceedings of the 2017 ACM on International Conference on Multimedia Retrieval, pp. 269–277. ACM (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Laurent Gomez
    • 1
    Email author
  • Alberto Ibarrondo
    • 2
  • Marcus Wilhelm
    • 3
  • José Márquez
    • 4
  • Patrick Duverger
    • 5
  1. 1.SAP Global Security, SAP Security ResearchMouginsFrance
  2. 2.EurecomSophia AntipolisFrance
  3. 3.Hasso Plattner InstituteUniversity PotsdamPotsdamGermany
  4. 4.Portfolio Strategy and Technology AdoptionSAP SEWalldorfGermany
  5. 5.City of Antibes - Juan les PinsFrance

Personalised recommendations