Skip to main content
SpringerLink
Log in

A Survey on Secure Outsourced Deep Learning

  • Chapter
  • First Online:
Cyber Security Meets Machine Learning

Abstract

As the cloud computing advances in recent years, clients would prefer to outsource large amount of data and heavy computation to the cloud servers, rather than purchasing their own storage and computing resources. On the other hand, the superior performance of deep learning is based on large volume of data and high-performance processors. It is a desirable approach to outsource deep learning tasks to the cloud server, especially for a resource limited client. However, serious privacy issues also emerged from outsourced, since highly sensitive information is often included in the outsourced data, such as financial data or electrical healthcare records. Therefore, privacy protection is a key security requirement for outsourced deep learning. In this paper, we present a comprehensive survey of the crossovers between outsourced computation and deep learning. We first introduce the essential background and the state-of-the-art in deep learning and outsourced computation. We then provide an encyclopedic review of deep learning based on outsourced computation, which we categorize by different domains. Subsequently, we present a comparison of them with respect to the key principles of privacy, security, and efficiency. We complete this survey by pinpointing the future directions for research.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 16.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 159.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abadi, M., Chu, A., Goodfellow, I., McMahan, H.B., Mironov, I., Talwar, K., Zhang, L.: Deep learning with differential privacy. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 308–318 (2016)

    Google Scholar 

  2. Agrawal, N., Shahin Shamsabadi, A., Kusner, M.J., Gascón, A.: Quotient: two-party secure neural network training and prediction. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1231–1247 (2019)

    Google Scholar 

  3. Alpaydin, E.: Introduction to Machine Learning. MIT Press, Cambridge, MA (2014)

    MATH  Google Scholar 

  4. Aono, Y., Hayashi, T., Wang, L., Moriai, S.: Privacy-preserving deep learning via additively homomorphic encryption. IEEE Trans. Inf. Forensics Secur. 13(5), 1333–1345 (2018)

    Article  Google Scholar 

  5. Arulkumaran, K., Deisenroth, M.P., Brundage, M., Bharath, A.A.: Deep reinforcement learning: a brief survey. IEEE Signal Process. Mag. 34(6), 26–38 (2017)

    Article  Google Scholar 

  6. Avriel, M.: Nonlinear Programming: Analysis and Methods. Courier Corporation, North Chelmsford (2003)

    MATH  Google Scholar 

  7. Backes, M., Fiore, D., Reischuk, R.M.: Verifiable delegation of computation on outsourced data. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 863–874 (2013)

    Google Scholar 

  8. Barbosa, M., Farshim, P.: Delegatable homomorphic encryption with applications to secure outsourcing of computation. In: Cryptographers’ Track at the RSA Conference, pp. 296–312. Springer, New York (2012)

    Google Scholar 

  9. Barni, M., Orlandi, C., Piva, A.: A privacy-preserving protocol for neural-network-based computation. In: Proceedings of the 8th workshop on Multimedia & Security, MM&Sec 2006, Geneva, September 26–27, 2006, pp. 146–151 (2006)

    Google Scholar 

  10. Bellare, M., Goldwasser, S., Lund, C., Russell, A.: Efficient probabilistically checkable proofs and applications to approximations. In: Proceedings of the Twenty-Fifth Annual ACM Symposium on Theory of Computing, pp. 294–304 (1993)

    Google Scholar 

  11. Benabbas, S., Gennaro, R., Vahlis, Y.: Verifiable delegation of computation over large datasets. In: Annual Cryptology Conference, pp. 111–131. Springer, New York (2011)

    Google Scholar 

  12. Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, pp. 127–144. Springer, New York (1998)

    Google Scholar 

  13. Bonawitz, K., Ivanov, V., Kreuter, B., Marcedone, A., McMahan, H.B., Patel, S., Ramage, D., Segal, A., Seth, K.: Practical secure aggregation for privacy-preserving machine learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1175–1191 (2017)

    Google Scholar 

  14. Boneh, D., Gentry, C., Lynn, B., Shacham, H.: Aggregate and verifiably encrypted signatures from bilinear maps. In: Advances in Cryptology - EUROCRYPT, pp. 416–432 (2003)

    Google Scholar 

  15. Boneh, D., Goh, E.-J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Theory of Cryptography Conference, pp. 325–341. Springer, New York (2005)

    Google Scholar 

  16. Boura, C., Gama, N., Georgieva, M., Jetchev, D.: CHIMERA: combining Ring-LWE-based fully homomorphic encryption schemes. Technical report, Cryptology ePrint Archive, Report 2018/758 (2018). https://eprint.iacr.org/2018/758

  17. Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theor. 6(3), 1–36 (2014)

    Google Scholar 

  18. Brickell, J., Porter, D.E., Shmatikov, V., Witchel, E.: Privacy-preserving remote diagnostics. In: Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, VA, October 28–31, 2007, pp. 498–507 (2007)

    Google Scholar 

  19. Catalano, D., Fiore, D.: Practical homomorphic macs for arithmetic circuits. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 336–352. Springer, New York (2013)

    Google Scholar 

  20. Chase, M., Gilad-Bachrach, R., Laine, K., Lauter, K.E., Rindal, P.: Private collaborative neural network learning. IACR Cryptol. ePrint Archive 2017, 762 (2017)

    Google Scholar 

  21. Chen, X.: Introduction to secure outsourcing computation. Synth. Lect. Inf. Secur. Priv. Trust 8(2), 1–93 (2016)

    Google Scholar 

  22. Chen, H., Dai, W., Kim, M., Song, Y.: Efficient multi-key homomorphic encryption with packed ciphertexts with application to oblivious neural network inference. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 395–412 (2019)

    Google Scholar 

  23. Chillotti, I., Gama, N., Georgieva, M., Izabachène, M.: TFHE: fast fully homomorphic encryption over the torus. J. Cryptol. 33(1), 34–91 (2020)

    Article  MathSciNet  Google Scholar 

  24. Damgård, I., Geisler, M., Krøigaard, M.: Homomorphic encryption and secure comparison. IJACT 1(1), 22–31 (2008)

    Article  MathSciNet  Google Scholar 

  25. Deng, L.: A tutorial survey of architectures, algorithms, and applications for deep learning. In APSIPA Transactions on Signal and Information Processing, vol. 3 (2014)

    Google Scholar 

  26. Dwork, C.: Differential privacy: a survey of results. In: International Conference on Theory and Applications of Models of Computation, pp. 1–19. Springer, New York (2008)

    Google Scholar 

  27. Dwork, C., Kenthapadi, K., McSherry, F., Mironov, I., Naor, M.: Our data, ourselves: privacy via distributed noise generation. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 486–503. Springer, New York (2006)

    Google Scholar 

  28. Elgamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (2003)

    Article  MathSciNet  Google Scholar 

  29. Fahlman, S.E.: Faster-learning variations on back-propagation: an empirical study. Proceedings of the Connectionist Models Summer School Morgan Kaufmann (1988)

    Google Scholar 

  30. Fredrikson, M., Lantz, E., Jha, S., Lin, S., Page, D., Ristenpart, T.: Privacy in pharmacogenetics: an end-to-end case study of personalized warfarin dosing. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 17–32 (2014)

    Google Scholar 

  31. Fredrikson, M., Jha, S., Ristenpart, T.: Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1322–1333. ACM, New York (2015)

    Google Scholar 

  32. Gao, J., Fan, W., Jiang, J., Han, J.: Knowledge transfer via multiple model local structure mapping. In: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 283–291 (2008)

    Google Scholar 

  33. Gennaro, R., Wichs, D.: Fully homomorphic message authenticators. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 301–320. Springer, New York (2013)

    Google Scholar 

  34. Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: outsourcing computation to untrusted workers. In: Annual Cryptology Conference, pp. 465–482. Springer, New York (2010)

    Google Scholar 

  35. Gentry, C., Boneh, D.: A Fully Homomorphic Encryption Scheme, vol. 20. Stanford University, Stanford (2009)

    Google Scholar 

  36. Gilboa, N.: Two party RSA key generation. In: Advances in Cryptology - CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, CA, August 15–19, 1999, Proceedings, pp. 116–129 (1999)

    Google Scholar 

  37. Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press, Cambridge, MA (2016)

    MATH  Google Scholar 

  38. Graves, A., Mohamed, A.-R., Hinton, G.: Speech recognition with deep recurrent neural networks. In: Proceedings of IEEE International Conference on Acoustics, Speech and Signal Processing, pp. 6645–6649 (2013)

    Google Scholar 

  39. Gu, S., Holly, E., Lillicrap, T., Levine, S.: Deep reinforcement learning for robotic manipulation with asynchronous off-policy updates. In: 2017 IEEE International Conference on Robotics and Automation (ICRA), pp. 3389–3396. IEEE, New York (2017)

    Google Scholar 

  40. Hamm, J., Cao, Y., Belkin, M.: Learning privately from multiparty data. In: Proceedings of the 33nd International Conference on Machine Learning, pp. 555–563 (2016)

    Google Scholar 

  41. Hao, M., Li, H., Xu, G., Liu, S., Yang, H.: Towards efficient and privacy-preserving federated deep learning. In: ICC 2019-2019 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE, New York (2019)

    Google Scholar 

  42. Hinton, G., Deng, L., Yu, D., Dahl, G.E., Mohamed, A.-R., Jaitly, N., Senior, A., Vanhoucke, V., Nguyen, P., Sainath, T.N., et al.: Deep neural networks for acoustic modeling in speech recognition: the shared views of four research groups. IEEE Signal Process. Mag. 29(6), 82–97 (2012)

    Article  Google Scholar 

  43. Jiang, X., Kim, M., Lauter, K., Song, Y.: Secure outsourced matrix computation and application to neural networks. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1209–1222 (2018)

    Google Scholar 

  44. Juvekar, C., Vaikuntanathan, V., Chandrakasan, A.: GAZELLE: a low latency framework for secure neural network inference. In: Enck, W., Felt, A.P. (eds.) 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, August 15–17, 2018, pp. 1651–1669. USENIX Association, Baltimore (2018)

    Google Scholar 

  45. Kilian, J.: Improved efficient arguments. In: Annual International Cryptology Conference, pp. 311–324. Springer, New York (1995)

    Google Scholar 

  46. Konečnỳ, J., McMahan, H.B., Yu, F.X., Richtárik, P., Suresh, A.T., Bacon, D.: Federated Learning: Strategies for Improving Communication Efficiency (2016). Preprint. arXiv:1610.05492

    Google Scholar 

  47. Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems, pp. 1097–1105 (2012)

    Google Scholar 

  48. LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436–444 (2015)

    Article  Google Scholar 

  49. Li, P., Li, J., Huang, Z., Li, T., Gao, C.-Z., Yiu, S.-M., Chen, K.: Multi-key privacy-preserving deep learning in cloud computing. Fut. Gener. Comput. Syst. 74, 76–85 (2017)

    Article  Google Scholar 

  50. Litjens, G., Kooi, T., Bejnordi, B.E., Setio, A.A.A., Ciompi, F., Ghafoorian, M., Van Der Laak, J.A., Van Ginneken, B., Sánchez, C.I.: A survey on deep learning in medical image analysis. Med. Image Anal. 42, 60–88 (2017)

    Article  Google Scholar 

  51. Liu, J., Juuti, M., Lu, Y., Asokan, N.: Oblivious neural network predictions via miniONN transformations. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, October 30–November 03, 2017, pp. 619–631 (2017)

    Google Scholar 

  52. Liu, W., Wang, Z., Liu, X., Zeng, N., Liu, Y., Alsaadi, F.E.: A survey of deep neural network architectures and their applications. Neurocomputing 234, 11–26 (2017)

    Article  Google Scholar 

  53. López-Alt, A., Tromer, E., Vaikuntanathan, V.: On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Proceedings of the Forty-Fourth Annual ACM Symposium on Theory of Computing, pp. 1219–1234 (2012)

    Google Scholar 

  54. Lou, Q., Feng, B., Fox, G.C., Jiang, L.: Glyph: fast and accurately training deep neural networks on encrypted data (2019). Preprint. arXiv:1911.07101

    Google Scholar 

  55. Ma, X., Zhang, F., Chen, X., Shen, J.: Privacy preserving multi-party computation delegation for deep learning in cloud computing. Inf. Sci. 459, 103–116 (2018)

    Article  Google Scholar 

  56. Ma, X., Chen, X., Zhang, X.: Non-interactive privacy-preserving neural network prediction. Inf. Sci. 481, 507–519 (2019)

    Article  Google Scholar 

  57. Ma, X., Ji, C., Zhang, X., Wang, J., Li, J., Li, K.-C.: Secure multiparty learning from aggregation of locally trained models. In: International Conference on Machine Learning for Cyber Security, pp. 173–182. Springer, New York (2019)

    Google Scholar 

  58. Matsumoto, T., Kato, K., Imai, H.: Speeding up secret computations with insecure auxiliary devices. In: Conference on the Theory and Application of Cryptography, pp. 497–506. Springer, New York (1988)

    Google Scholar 

  59. McKeen, F., Alexandrovich, I., Berenzon, A., Rozas, C.V., Shafi, H., Shanbhogue, V., Savagaonkar, U.R.: Innovative instructions and software model for isolated execution. In: HASP@ ISCA, vol. 10(1) (2013)

    Google Scholar 

  60. Micali, S.: CS proofs. In: Proceedings 35th Annual Symposium on Foundations of Computer Science, pp. 436–453. IEEE, New York (1994)

    Google Scholar 

  61. Mohassel, P., Rindal, P.: ABY3: a mixed protocol framework for machine learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 35–52 (2018)

    Google Scholar 

  62. Mohassel, P., Zhang, Y.: SecureML: a system for scalable privacy-preserving machine learning. In: Proceedings of the 2017 38th IEEE Symposium on Security and Privacy (SP), pp. 19–38. IEEE, New York (2017)

    Google Scholar 

  63. Nandakumar, K., Ratha, N., Pankanti, S., Halevi, S.: Towards deep neural network training on encrypted data. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops (2019)

    Google Scholar 

  64. Ohrimenko, O., Schuster, F., Fournet, C., Mehta, A., Nowozin, S., Vaswani, K., Costa, M.: Oblivious multi-party machine learning on trusted processors. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 619–636 (2016)

    Google Scholar 

  65. Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Advances in Cryptology - EUROCRYPT ’99, International Conference on the Theory and Application of Cryptographic Techniques, Prague, May 2–6, 1999, Proceeding, pp. 223–238 (1999)

    Google Scholar 

  66. Papernot, N., Abadi, M., Erlingsson, U., Goodfellow, I., Talwar, K.: Semi-supervised knowledge transfer for deep learning from private training data (2016). Preprint. arXiv:1610.05755

    Google Scholar 

  67. Parno, B., Raykova, M., Vaikuntanathan, V.: How to delegate and verify in public: verifiable computation from attribute-based encryption. In: Theory of Cryptography Conference, pp. 422–439. Springer, New York (2012)

    Google Scholar 

  68. Rumelhart, D.E., Hinton, G.E., Williams, R.J.: Learning internal representations by error propagation. Technical report, DTIC Document (1985)

    Google Scholar 

  69. Schmidhuber, J.: Deep learning in neural networks: an overview. Neural Netw. 61, 85–117 (2015)

    Article  Google Scholar 

  70. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  Google Scholar 

  71. Shan, Z., Ren, K., Blanton, M., Wang, C.: Practical secure computation outsourcing: a survey. ACM Comput. Surv. 51(2), 1–40 (2018)

    Article  Google Scholar 

  72. Shokri, R., Shmatikov, V.: Privacy-preserving deep learning. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1310–1321 (2015)

    Google Scholar 

  73. Silver, D., Huang, A., Maddison, C.J., Guez, A., Sifre, L., Van Den Driessche, G., Schrittwieser, J., Antonoglou, I., Panneershelvam, V., Lanctot, M., et al.: Mastering the game of go with deep neural networks and tree search. Nature 529(7587), 484 (2016)

    Article  Google Scholar 

  74. Song, W., Wang, B., Wang, Q., Shi, C., Lou, W., Peng, Z.: Publicly verifiable computation of polynomials over outsourced data with multiple sources. IEEE Trans. Inf. Forensics Secur. 12(10), 2334–2347 (2017)

    Article  Google Scholar 

  75. Taigman, Y., Yang, M., Ranzato, M., Wolf, L.: DeepFace: closing the gap to human-level performance in face verification. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1701–1708 (2014)

    Google Scholar 

  76. Tramèr, F., Zhang, F., Juels, A., Reiter, M.K., Ristenpart, T.: Stealing machine learning models via prediction APIs. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 601–618 (2016)

    Google Scholar 

  77. Yao, A.C.-C.: How to generate and exchange secrets. In: 27th Annual Symposium on Foundations of Computer Science (SFCS 1986), pp. 162–167. IEEE, New York (1986)

    Google Scholar 

  78. Yu, L., Zhang, W., Wang, J., Yu, Y.: SeqGAN: sequence generative adversarial nets with policy gradient. In: Thirty-First AAAI Conference on Artificial Intelligence (2017)

    Google Scholar 

  79. Yu, X., Yan, Z., Vasilakos, A.V.: A survey of verifiable computation. Mob. Netw. Appl. 22(3), 438–453 (2017)

    Article  Google Scholar 

  80. Yuan, J., Yu, S.: Privacy preserving back-propagation neural network learning made practical with cloud computing. IEEE Trans. Parall. Distrib. Syst. 25(1), 212–221 (2013)

    Article  Google Scholar 

  81. Zhang, Y., Yang, Q.: A survey on multi-task learning (2017). Preprint. arXiv:1707.08114

    Google Scholar 

  82. Zhang, Q., Yang, L.T., Chen, Z.: Privacy preserving deep computation model on cloud for big data feature learning. IEEE Trans. Comput. 65(5), 1351–1362 (2015)

    Article  MathSciNet  Google Scholar 

  83. Zhang, X., Jiang, T., Li, K.C., Castiglione, A., Chen, X.: New publicly verifiable computation for batch matrix multiplication. Information Sciences (2017). https://doi.org/10.1016/j.ins.2017.11.063

Download references

Author information

Authors and Affiliations

  1. State Key Laboratory of Integrated Service Networks (ISN), Xidian University, Xi’an, China

    Xu Ma, Changyu Dong & Xiaofeng Chen

  2. School of Software, Qufu Normal University, Qufu, China

    Xu Ma

  3. School of Computing, Newcastle University, Newcastle upon Tyne, UK

    Xiaoyu Zhang

Authors
  1. Xu Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaoyu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Changyu Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiaofeng Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaofeng Chen .

Editor information

Editors and Affiliations

  1. School of Cyber Engineering, Xidian University, Xi’an, Shaanxi, China

    Xiaofeng Chen

  2. School of Computing and Information Technology, University of Wollongong, Wollongong, NSW, Australia

    Willy Susilo

  3. Department of Computer Science, Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Ma, X., Zhang, X., Dong, C., Chen, X. (2021). A Survey on Secure Outsourced Deep Learning. In: Chen, X., Susilo, W., Bertino, E. (eds) Cyber Security Meets Machine Learning. Springer, Singapore. https://doi.org/10.1007/978-981-33-6726-5_6

Download citation

  • DOI: https://doi.org/10.1007/978-981-33-6726-5_6

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-33-6725-8

  • Online ISBN: 978-981-33-6726-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation