Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.3.487

TPMP: A Privacy-Preserving Technique for DNN Prediction Using ARM TrustZone  

Song, Suhyeon (Pusan National University)
Park, Seonghwan (Pusan National University)
Kwon, Donghyun (Pusan National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.3, 2022 , pp. 487-499 More about this Journal
Abstract
Machine learning such as deep learning have been widely used in recent years. Recently deep learning is performed in a trusted execution environment such as ARM TrustZone to improve security in edge devices and embedded devices with low computing resource. To mitigate this problem, we propose TPMP that efficiently uses the limited memory of TEE through DNN model partitioning. TPMP achieves high confidentiality of DNN by performing DNN models that could not be run with existing memory scheduling methods in TEE through optimized memory scheduling. TPMP required a similar amount of computational resources to previous methodologies.
Keywords
Arm TrustZone; Deep Learning; model privacy;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Costan V, Devadas S. "Intel SGX explained." Cryptology ePrint Archive, Jan. 2016.
2 Gangal A, Ye M, Wei S. "HybridTEE: Secure mobile DNN execution using hybrid trusted execution environment", pp.1-6,Dec. 2020.
3 Mo F, Haddadi H, Katevas K, Marin E, Perino D, Kourtellis N. "PPFL: Privacy-preserving federated learning with trusted execution environments", pp.94-108, Jun. 2021.
4 VanNostrand PM, Kyriazis I, Cheng M, Guo T, Walls RJ. "Confidential deep learning: Executing proprietary models on untrusted devices." arXiv preprint arXiv:1908.10730. Aug. 2019.
5 Xu X, Ding Y, Hu SX, et al. "Scaling for edge inference of deep neural networks. Nature Electronics", Vol. 1. no. 4, pp.216-222, Apr. 2018.   DOI
6 Li E, Zhou Z, Chen X. "Edge intelligence: On-demand deep learning model co-inference with device-edge synergy", pp. 31-36, Jun. 2018.
7 Wu C, Brooks D, Chen K, et al. "Machine learning at facebook: Understanding inference at the edge", pp.331-344, Mar. 2019.
8 Sundararajan K, Woodard DL. "Deep learning for biometrics: A survey." ACM Computing Surveys (CSUR), vol. 51, no. 3, pp. 1-34, May. 2019.   DOI
9 He K, Zhang X, Ren S, Sun J. "Deep residual learning for image recognition", pp.770-778, Dec, 2016
10 Xiong W, Wu L, Alleva F, Droppo J, Huang X, Stolcke A. "The microsoft 2017 conversational speech recognition system", pp.5934-5938, Sep. 2018.
11 Wang B, Gong NZ. "Stealing hyperparameters in machine learning", pp.36-52, July. 2018.
12 ARM Developer, "ARM Security Technology Building a Secure System using TrustZone Technology" https://developer.arm.com/documentation/PRD29-GENC-009492/c Apr. 2009.
13 Hesamifard E, Takabi H, Ghasemi M. "Cryptodl: Deep neural networks over encrypted data". arXiv preprint arXiv: 1711.05189. Nov. 2017.
14 Xie P, Ren X, Sun G. "Customizing trusted AI accelerators for efficient privacy-preserving machine learning". arXiv preprint arXiv:2011.06376. Nov. 2020.
15 Molek, V., & Hurtik, P. (2020, August). "Training Neural Network Over Encrypted Data". In 2020 IEEE Third International Conference on Data StreamMining & Processing (DSMP) pp. 23-27, Sep. 2020.
16 Mo F, Shamsabadi AS, Katevas K, et al. "Darknetz: Towards model privacy at the edge using trusted execution environments", pp.161-174, Jun, 2020
17 Shokri R, Stronati M, Song C, Shmatikov V. "Membership inference attacks against machine learning models", pp. 3-18, Jun, 2017
18 GitHub repository, "Fan Mo. DarkneTZ" https://github.com/mofanv/darknetz. Dec. 2020.
19 Fredrikson M, Jha S, Ristenpart T. "Model inversion attacks that exploit confidence information and basic countermeasures", pp. 1322-1333, Oct. 2015.
20 Biggio B, Corona I, Maiorca D, et al. "Evasion attacks against machine learning at test time", Springer, pp.387-402, Sep. 2013.
21 Tramer F, Zhang F, Juels A, Reiter MK, Ristenpart T. "Stealing machine learning models via prediction {APIs}", pp.601-618, Oct. 2016.
22 Jun So-Hee, Lee Young-Han, Kim Hyun-Jun, Paek Yun-Heung. "A Study of AI model extraction attack and defense techniques". Proceedings of the Korea Information Processing Society Conference. 28(1), pp.382-384, May. 2021.
23 cve.mitre.org. "Cve-2020-15205" https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15205. Accessed .05.02, 2022.
24 Gilad-Bachrach R, Dowlin N, Laine K, Lauter K, Naehrig M, Wernsing J. "Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy", pp.201-210, Feb. 2016.
25 cve.mitre.org, "Cve-2021-37678" https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37678. Accessed .05.02, sa2022.
26 www.cs.toronto.edu "Cifar-10" https://www.cs.toronto.edu/~kriz/cifar.html. Accessed .01.25, 2022.
27 Li H, Ota K, Dong M. "Learning IoT in edge: Deep learning for the internet of things with edge computing." IEEE network, vol. 32, no. 1, pp.96-101, Jan. 2018.   DOI
28 Kim K, Kim CH, Rhee JJ, et al. "Vessels: Efficient and scalable deep learning prediction on trusted processors", : pp.462-476, Oct. 2020.