Privacy-preserving Machine Learning as a Service

Authors: Ehsan Hesamifard (Department of Computer Science and Engineering, University of North Texas, Denton, TX, USA), Hassan Takabi (Department of Computer Science and Engineering, University of North Texas, Denton, TX, USA), Mehdi Ghasemi (Department of Mathematics and Statistics, University of Saskatchewan, Saskatoon, Canada), Rebecca N. Wright (Department of Computer Science, Rutgers University, Piscataway, NJ, USA)

Volume: 2018
Issue: 3
Pages: 123–142
DOI: https://doi.org/10.1515/popets-2018-0024

Download PDF

Abstract: Machine learning algorithms based on deep Neural Networks (NN) have achieved remarkable results and are being extensively used in different domains. On the other hand, with increasing growth of cloud services, several Machine Learning as a Service (MLaaS) are offered where training and deploying machine learning models are performed on cloud providers’ infrastructure. However, machine learning algorithms require access to the raw data which is often privacy sensitive and can create potential security and privacy risks. To address this issue, we present CryptoDL, a framework that develops new techniques to provide solutions for applying deep neural network algorithms to encrypted data. In this paper, we provide the theoretical foundation for implementing deep neural network algorithms in encrypted domain and develop techniques to adopt neural networks within practical limitations of current homomorphic encryption schemes. We show that it is feasible and practical to train neural networks using encrypted data and to make encrypted predictions, and also return the predictions in an encrypted form. We demonstrate applicability of the proposed CryptoDL using a large number of datasets and evaluate its performance. The empirical results show that it provides accurate privacy-preserving training and classification.

Keywords: Privacy, Machine Learning as a Service, Homomorphic Encryption, Deep Learning

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.