Skip to main content
SpringerLink
Log in

Privacy-preserving remote deep-learning-based inference under constrained client-side environment

  • Original Research
  • Published:
Journal of Ambient Intelligence and Humanized Computing Aims and scope Submit manuscript

Abstract

Remote deep learning paradigm raises important privacy concerns related to clients sensitive data and deep learning models. However, dealing with such concerns may come at the expense of more client-side overhead, which does not fit applications relying on constrained environments. In this paper, we propose a privacy-preserving solution for deep-learning-based inference, which ensures effectiveness and privacy, while meeting efficiency requirements of constrained client-side environments. The solution adopts the non-colluding two-server architecture, which prevents accuracy loss as it avoids using approximation of activation functions, and copes with constrained client-side due to low overhead cost. The solution also ensures privacy by leveraging two reversible perturbation techniques in combination with paillier homomorphic encryption scheme. Client-side overhead evaluation compared to the conventional homomorphic encryption approach, achieves up to more than two thousands times improvement in terms of execution time, and up to more than thirty times improvement in terms of the transmitted data size.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Data availability

Two datasets are used to support the findings of this study, namely “MNIST” and “Pima Indians Diabetes” that are available in “Wolfram Data” Repository (https://doi.org/10.24097/wolfram.62081.data) and “Replication Data for: Pima Indians Diabetes” (https://doi.org/10.7910/DVN/XFOZQR) respectively.

References

  • Acar A, Aksu H, Uluagac A, Conti M (2018) A survey on homomorphic encryption schemes. ACM Comput Surv 51:1–35. https://doi.org/10.1145/3214303

    Article  Google Scholar 

  • Aldweesh A, Derhab A, Emam A (2020) Deep learning approaches for anomaly-based intrusion detection systems: a survey, taxonomy, and open issues. Knowl Based Syst 189:105124. https://doi.org/10.1016/j.knosys.2019.105124

    Article  Google Scholar 

  • Baryalai M, Jang-Jaccard J, Liu D (2016) Towards privacy-preserving classification in neural networks. In: 14th annual conference on privacy, security and trust (PST)

  • Bengio Y (2009) Learning deep architectures for AI. Found Trends Mach Learn 2:1–127. https://doi.org/10.1561/2200000006

    Article  MATH  Google Scholar 

  • Boneh D, Goh EJ, Nissim K (2005) Evaluating 2-DNF formulas on ciphertexts. In: Theory of cryptography conference. Springer, Berlin, pp 325–341

  • Bos JW, Lauter K, Loftus J, Naehrig M (2013) Improved security for a ring-based fully homomorphic encryption scheme. In: IMA international conference on cryptography and coding. Springer, Berlin, pp 45–64

  • Boulemtafes A, Derhab A, Challal Y (2020) A review of privacy-preserving techniques for deep learning. Neurocomputing 384:21–45. https://doi.org/10.1016/j.neucom.2019.11.041

    Article  Google Scholar 

  • Brakerski Z, Gentry C, Vaikuntanathan V (2014) (Leveled) fully homomorphic encryption without bootstrapping. ACM Trans Comput Theory 6:1–36. https://doi.org/10.1145/2633600

    Article  MathSciNet  MATH  Google Scholar 

  • Brualdi R (2006) Combinatorial matrix classes. Cambridge University Press, Cambridge

    Book  MATH  Google Scholar 

  • Bu F, Ma Y, Chen Z, Xu H (2015) Privacy preserving back-propagation based on BGV on cloud. In: 17th international conference on high performance computing and communications, 7th international symposium on cyberspace safety and security, and 12th international conference on embedded software and systems

  • Chabanne H, De Wargny H, Milgram J, Morel C, Prouff E (2017) Privacy-preserving classification on deep neural network. In: IACR Cryptology ePrint Archive (035)

  • Damgård I, Jurik M (2001) A generalisation, a simplification and some applications of paillier's probabilistic public-key system. In: International workshop on public key cryptography. Springer, Berlin, pp 119–136

  • Deng L (2014) A tutorial survey of architectures, algorithms, and applications for deep learning. APSIPA Trans Signal Inf Process. https://doi.org/10.1017/atsip.2013.9

    Article  Google Scholar 

  • Elgamal T (1985) A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans Inf Theory 31:469–472. https://doi.org/10.1109/tit.1985.1057074

    Article  MathSciNet  MATH  Google Scholar 

  • Ferrag M, Maglaras L, Moschoyiannis S, Janicke H (2020) Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J Inf Secur Appl 50:102419. https://doi.org/10.1016/j.jisa.2019.102419

    Article  Google Scholar 

  • Gilad-Bachrach R, Dowlin N, Laine K, Lauter L, Naehrig M, Wernsing J (2016) Cryptonets: applying neural networks to encrypted data with high throughput and accuracy. In: International conference on machine learning

  • Hardy S, Henecka W, Ivey-Law H, Nock R, Patrini G, Smith G, Thorne B (2017) Private federated learning on vertically partitioned data via entity resolution and additively homomorphic encryption. arXiv:1711.10677

  • Hesamifard E, Takabi H, Ghasemi M (2017) CryptoDL: deep neural networks over encrypted data. CoRR abs. arXiv:1711.05189

  • Hesamifard E, Takabi H, Ghasemi M, Jones C (2017) Privacy-preserving machine learning in cloud. In: Proceedings of the 2017 on cloud computing security workshop—CCSW

  • Hoffstein J (1996) NTRU: a new high speed public key cryptosystem. Rump session of Crypto

  • Hoffstein J, Pipher J, Silverman J H (1998) NTRU: a ring-based public key cryptosystem. In: International algorithmic number theory symposium. Springer, Berlin, pp 267–288

  • Kamilaris A, Prenafeta-Boldú F (2018) Deep learning in agriculture: a survey. Comput Electron Agric 147:70–90. https://doi.org/10.1016/j.compag.2018.02.016

    Article  Google Scholar 

  • Katz J, Lindell Y (2014) Introduction to modern cryptography. CRC Press, Boca Raton

    Book  MATH  Google Scholar 

  • Lea C, Flynn MD, Vidal R, Reiter A, Hager GD (2017) Temporal convolutional networks for action segmentation and detection. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp 156–165

  • LeCun Y, Bengio Y, Hinton G (2015) Deep learning. Nature 521:436–444. https://doi.org/10.1038/nature14539

    Article  Google Scholar 

  • Li M, Chow S, Hu S et al (2020) Optimizing privacy-preserving outsourced convolutional neural network predictions. IEEE Trans Depend Secure Comput. https://doi.org/10.1109/tdsc.2020.3029899

    Article  Google Scholar 

  • Lindner R, Peikert C (2011) Better key sizes (and attacks) for LWE-based encryption. In: Cryptographers’ track at the RSA conference. Springer, Berlin, pp 319–339

  • Litjens G, Kooi T, Bejnordi B et al (2017) A survey on deep learning in medical image analysis. Med Image Anal 42:60–88. https://doi.org/10.1016/j.media.2017.07.005

    Article  Google Scholar 

  • Liu W, Wang Z, Liu X et al (2017) A survey of deep neural network architectures and their applications. Neurocomputing 234:11–26. https://doi.org/10.1016/j.neucom.2016.12.038

    Article  Google Scholar 

  • Min S, Lee B, Yoon S (2016) Deep learning in bioinformatics. Brief Bioinform. https://doi.org/10.1093/bib/bbw068

    Article  Google Scholar 

  • Okay FY, Ozdemir S (2018) Routing in fog-enabled IoT platforms: a survey and an SDN-based solution. IEEE Internet Things J 5:4871–4889

    Article  Google Scholar 

  • Paillier P (1999) Public-key cryptosystems based on composite degree residuosity classes. International conference on the theory and applications of cryptographic techniques. Springer, Berlin

  • Paillier P (2005) Paillier encryption and signature schemes

  • Phong L, Phuong T (2018) Privacy-preserving deep learning for any activation function. CoRR abs. arXiv:1809.03272

  • Pympler (2021) Pympler 0.5 documentation. In: Pythonhosted.org. https://pythonhosted.org/Pympler/. Accessed 28 Apr 2021

  • Pysize (2021) bosswissam/pysize. In: GitHub. https://github.com/bosswissam/pysize. Accessed 28 Apr 2021

  • Python-Paillier (2021) data61/python-paillier. In: GitHub. https://github.com/data61/python-paillier. Accessed 28 Apr 2021

  • Ravi D, Wong C, Deligianni F, Berthelot M, Andreu-Perez J, Lo B, Yang GZ (2017) Deep learning for health informatics. IEEE J Biomed Health Inform 21:4–21

    Article  Google Scholar 

  • Regev O (2009) On lattices, learning with errors, random linear codes, and cryptography. J ACM 56:1–40. https://doi.org/10.1145/1568318.1568324

    Article  MathSciNet  MATH  Google Scholar 

  • Rouhani BD, Riazi MS, Koushanfar F (2018) Deepsecure: scalable provably-secure deep learning. In: Proceedings of the 55th annual design automation conference

  • Shokri R, Shmatikov V (2015) Privacy-preserving deep learning. In: 53rd annual Allerton conference on communication, control, and computing (Allerton)

  • Tanuwidjaja HC, Choi R, Kim K (2019) Limitations of privacy-preserving for confidential data training by deep learning. In: 2019 symposium on cryptography and information security (SCIS 2019). IEICE Technical Committee on Information Security

  • Tebaa M, El Hajji S, El Ghazi A (2012) Homomorphic encryption applied to the cloud computing security. Proc World Congress Eng 1:4–6

    Google Scholar 

  • Tebaa M, Zkik K, El Hajji S (2015) Hybrid homomorphic encryption method for protecting the privacy of banking data in the cloud. Int J Secur Appl 9:61–70. https://doi.org/10.14257/ijsia.2015.9.6.07

    Article  Google Scholar 

  • Tebaa M, Zkik K, El Hajji S (2015) Hybrid homomorphic encryption method for protecting the privacy of banking data in the cloud. Int J Secur Appl 9(6):61–70

    Google Scholar 

  • Tsaban B, Lifshitz N (2015) Cryptanalysis of the MORE symmetric key fully homomorphic encryption scheme. J Math Cryptol. https://doi.org/10.1515/jmc-2014-0013

    Article  MathSciNet  MATH  Google Scholar 

  • Util (2021) mwojnars/nifty. In: GitHub. https://github.com/mwojnars/nifty/blob/master/util.py. Accessed 28 Apr 2021

  • Vizitiu A, Niţă CI, Puiu A, Suciu C, Itu LM (2019) Towards privacy-preserving deep learning based medical imaging applications. IEEE Int Symp Med Meas Appl (MeMeA) 2019:1–6

    Google Scholar 

  • Xu D, Zheng M, Jiang L et al (2020) Lightweight and unobtrusive data obfuscation at IoT edge for remote inference. IEEE Internet Things J 7:9540–9551. https://doi.org/10.1109/jiot.2020.2983278

    Article  Google Scholar 

  • Yang Y, Huang X, Liu X et al (2019) A comprehensive survey on secure outsourced computation and its applications. IEEE Access 7:159426–159465. https://doi.org/10.1109/access.2019.2949782

    Article  Google Scholar 

  • Zhang Q, Wang C, Wu H, Xin C, Phuong TV (2018) GELU-Net: a globally encrypted, locally unencrypted deep neural network for privacy-preserved learning. In: IJCAI

  • Zhu Q, Lv X (2018) 2P-DNN: privacy-preserving deep neural networks based on homomorphic cryptosystem. CoRR abs/1807.08459

  • Ziad MTI, Alanwar A, Alzantot M, Srivastava M (2016) Cryptoimg: privacy preserving processing over encrypted images. IEEE Conf Commun Netw Secur (CNS) 2016:570–575

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Division Sécurité Informatique, Centre de Recherche sur l’Information Scientifique et Technique, Algiers, Algeria

    Amine Boulemtafes

  2. Département Informatique, Faculté des Sciences exactes, Université de Bejaia, 06000, Bejaia, Algeria

    Amine Boulemtafes

  3. Center of Excellence in Information Assurance, King Saud University, Riyadh, Saudi Arabia

    Abdelouahid Derhab

  4. CNRS, LAMSADE, Université Paris-Dauphine, PSL Research University, 75016, Paris, France

    Nassim Ait Ali Braham

  5. Laboratoire de Méthodes de Conception des Systèmes, Ecole Nationale Supérieure d’Informatique, Algiers, Algeria

    Yacine Challal

Authors
  1. Amine Boulemtafes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abdelouahid Derhab
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nassim Ait Ali Braham
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yacine Challal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amine Boulemtafes.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Boulemtafes, A., Derhab, A., Ait Ali Braham, N. et al. Privacy-preserving remote deep-learning-based inference under constrained client-side environment. J Ambient Intell Human Comput 14, 553–566 (2023). https://doi.org/10.1007/s12652-021-03312-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12652-021-03312-8

Keywords

Search

Navigation