key-nets同态加密方案的安全性分析及改进

doi:10.19665/j.issn1001-2400.2023.01.021

摘要/Abstract

摘要：

key-nets作为第一个光学同态加密方案,用以保护用于机器学习的图像的隐私。但是在视觉传感器被非法获得的情况下,笔者通过求解线性方程组得到了key-nets方案中用于加密图像的密钥。鉴于该方案中存在的这一安全隐患以及机器学习模型训练的困难性,笔者借助Diffie-Hellman密钥交换协议,提出了一种在不改变原卷积网络结构的条件下,每次加密都可以使用不同的广义随机矩阵的同态加密方案,进而在提高了key-nets的加密密钥的安全性的同时,也提高了与视觉传感器相匹配的卷积网络的安全性。通过对方案的可行性、隐私参数以及前向安全性、后向安全性等方面的分析,证明了改进后的方案即使在攻击者非法获得视觉传感器的情况下,图片信息仍能够被保护。

关键词: key-nets, 机器学习, 隐私保护, 同态加密

Abstract:

key-nets,as the first optical homomorphic encryption scheme,is used toprotect the privacy of images used for machine learning.However,in the case of the vision sensor being obtained illegally,the author obtained the key used to encrypt the image in the key-nets scheme by solving the system of linear equations.In view of the security risks in this scheme and the difficulty of machine learning model training,this paper proposes a homomorphic encryption scheme that can use different generalized random matrices for each encryption without changing the original convolutional network structure,and further use the Diffie-Hellman key exchange protocol,which improves the security of the encryption key-nets and also improves the security of the convolutional network matching the vision sensor.Through the analysis of the feasibility of the scheme,privacy parameters,forward security,backward security,etc.,it is proved that the improved scheme can still protect the image information even if the attacker illegally obtains the visual sensor.

Key words: key-nets, machine learning, privacy protection, homomorphic encryption

中图分类号:

TN918.2

李文华,董丽华,曾勇. key-nets同态加密方案的安全性分析及改进[J]. 西安电子科技大学学报, 2023, 50(1): 192-202.

LI Wenhua,DONG Lihua,ZENG Yong. Analysis and improvement of the security of the key-nets homomorphic encryption scheme[J]. Journal of Xidian University, 2023, 50(1): 192-202.

图/表 7

图1

图2

图3

图4

表1

图5

表2

参考文献 35

[1]	廖国辉, 刘嘉勇. 基于数据挖掘和机器学习的恶意代码检测方法[J]. 信息安全研究, 2016, 2(1):74-79.
	LIAO G H, LIU J Y. Malicious Code Detection Method Based on Data Mining and Machine Learning[J]. Information Security Research, 2016, 2(1):74-79.
[2]	CHEN S Z, WANG H P, XU F, et al. Target Classification Using the Deep Convolutional Networks for SAR Images[J]. IEEE Transactions on Geoscience and Remote Sensing, 2016, 54(8):4806-4817. doi: 10.1109/TGRS.2016.2551720
[3]	LAUNCHBURY J, ARCHER D, DUBUISSON T, et al. Application-Scale Secure Multiparty Computation[C]// European Symposium on Programming Languages and Systems.Berlin:Springer, 2014:8-26.
[4]	FU K, CHENG D W, TU Y, et al. Credit Card Fraud Detection Using Convolutional Neural Networks[C]// International Conference on Neural Information Processing.Berlin:Springer, 2016:483-490.
[5]	ROY A, SUN J, MAHONEY R, et al. Deep Learning Detecting Fraud in Credit Card Tansactions[C]// 2018 Systems and Information Engineering Design Symposium.Piscataway:IEEE, 2018:129-134.
[6]	ACHARYA, RAJENDRA U, ADELI, et al. Deep Convolutional Neural Network for the Automated Detection and Diagnosis of Seizure Using EEG Signals[J]. Computers in Biology and Medicine, 2018, 100:270-278. doi: S0010-4825(17)30315-3 pmid: 28974302
[7]	XU C G, REN J, ZHANG D Y, et al. GANobfuscator:Mitigating Information Leakage under Gan via Dfferential Privacy[J]. IEEE Transactions on Information Forensics and Security, 2019, 14(9):2358-2371. doi: 10.1109/TIFS.10206
[8]	WANG B H, NEIL Z G. Stealing Hyperparameters in Machine Leaming[C]// IEEE Symposium on Security and Privacy.Piscataway:IEEE, 2018:36-52.
[9]	XIE L Y, LIN K X, WANG S, et al. Differentially Private Generative Adversarial Network[J/OL].[2022-01-10]. https://arxiv.org/abs/2201.03139v1.
[10]	KESARWANI M, MUKHOTY B, ARYA V, et al. Model Extraction Warning in Mlaas Paradigm[C]// Proceedings of the 34th Annual Computer Security Applications Conference.Piscataway:IEEE, 2018:371-380
[11]	YANG Q, LIU Y, CHEN T J, et al. Federated Machine Learning:Concept and Applications[J]. ACM Transactions on Intelligent Systems and Technology(TIST), 2019, 10(2):1-19.
[12]	KUMAR N, RATHEE M, CHANDRAN N, et al. Cryptflow:Secure Tensorflow Inference[C]// 2020 IEEE Symposium on Security and Privacy.Piscataway:IEEE, 2020:336-353.
[13]	ORLANDI C, PIVA A, BAMI M. Oblivious Neural Network Computing via Homomorphic Encryption[J]. EURASIP Journal on Information Security, 2008, 2007(1):1-11.
[14]	UPMANYU M, NAMBOODIRI A M, SRINATHAN K, et al. Efficient Privacy Preserving K-means Clustering[C]// Pacific-Asia Workshop on Intelligence and Security Informatics.Berlin:Springer, 2010:154-166.
[15]	BARNI M, FAILLA P, LAZZERETTI R, et al. Privacy-Preserving ECG Classification with Branching Programs and Neural Networks[J]. IEEE Transactions on Information Forensics & Security, 2011, 6(2):452-468.
[16]	GRAEPEL T, LAUTER K, NAEHRIG M. ML Confidential:Machine Learning on Encrypted Data[C]// International Conference on Information Security and Cryptology.Berlin:Springer, 2012:1-21.
[17]	PAILLIER P, POINTCHEVAL D. Efficient Public-Key Cryptosystems Provably Secure Against Active Ad-Versaries[C]// International Conference on the Theory and Application of Cryptology and Information Security.Berlin:Springer, 1999:165-179.
[18]	RAHULAMATHAVAN Y, PHAN R C W, VELURU S, et al. Privacy-Preserving Multi-class Support Vector Machine for Outsourcing the Data Classification in Cloud[J]. IEEE Transactions on Dependable and Secure Computing, 2013, 11(5):467-479. doi: 10.1109/TDSC.2013.51
[19]	BOST R, POPA R A, TU S, et al. Machine Learning Classification over Encrypted Data[C]// ISOC Network and Distributed System Security Symposium. Rosten: Internet Society, 2015:4324-4325
[20]	GILAD-BACHRACH R, DOWLIN N, LAINE K, et al. Cryptonets:Applying Neural Networks to Encrypted Data with High Throughput and Accuracy[C]// International Conference on Machine Learning. New York: PMLR, 2016:201-210.
[21]	LIU J, JUUTI M, LU Y, et al. Oblivious Neural Network Predictions via Minionn Transformations[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2017:619-631.
[22]	BOURSE F, MINELLI M, MINIHOLD M, et al. Fast Homomorphic Evaluation of Deep Discretized Neural Networks[C]// Annual International Cryptology Conference.Berlin:Springer, 2018:483-512.
[23]	JIANG X Q, KIM M, LAUTER K, et al. Secure Outsourced Matrix Computation and Application to Neural Networks[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2018:1209-1222.
[24]	朱强. 机器学习中的对抗样本防御和隐私保护[D]. 西安: 西安电子科技大学, 2019:31-40.
[25]	Al B A, JIN C, LIN J, et al. Towards the Alexnet Moment for Homomorphic Encryption:Hcnn,the First Homomorphic CNN on Encrypted Data with Gpus[J]. IEEE Transactions on Emerging Topics in Computing, 2020, 9(3):1330-1343. doi: 10.1109/TETC.2020.3014636
[26]	LI J, KUANG X H, LIN S J, et al. Privacy Preservation for Machine Learning Training and Classification Based on Homomorphic Encryption Schemes[J]. Information Sciences, 2020, 526:166-179. doi: 10.1016/j.ins.2020.03.041
[27]	NI H, HAN Y L, DUAN X W, et al. An Improved LeNet-5 Model Based on Encrypted Data[C]// International Conference of Pioneering Computer Scientists,Engineers and Educators.Berlin:Springer, 2021:166-178.
[28]	FANG H K, QAIN Q. Privacy Preserving Machine Learning with Homomorphic Encryption and Federated Learning[J]. Future Internet, 2021, 13(4):1-20. doi: 10.3390/fi13010001
[29]	ZHOU J F, MI B, HUANG D R, et al. Privacy-preserving Machine Learning Based on Homomorphic Conjugate Search Problem[C]// 2021 CAA Symposium on Fault Detection,Supervision,and Safety for Technical Processes(SAFEPROCESS).Piscataway:IEEE, 2021:1-6.
[30]	BYUN J, LEE W, LEE J. Parameter-free HE-friendly Logistic Regression[J]. Advances in Neural Information Processing Systems, 2021, 34:1-21
[31]	BYRNE J, DECANN B, BLOOM S. Key-Nets:Optical Transformation Convolutional Networks for Privacy Preserving Vision Sensors[J/OL].[2020-08-11]. https://arxiv.org/abs/2008.04469.
[32]	WANG Z, BOVIK A C, SHEIKH H R, et al. Image Quality Assessment:From Error Visibility to Structural Similarity[J]. IEEE Transactions on Image Processing, 2004, 13(4):600-612. doi: 10.1109/TIP.2003.819861
[33]	ANDERSIN R. Two Remarks on Public Key Cryptology(2021)[EB/OL].[2021-09-17]. http://www.cl.cam.ac.uk/users/rja14.
[34]	ZUO C, SUN S F, LIU J K, et al. Dynamic Searchable Symmetric Encryption with Forward and Stronger Backward Privacy[C]// European Symposium on Research in Computer Security.Berlin:Springer, 2019:283-303.
[35]	VAVASIS S A. On the Complexity of Nonnegative Matrix Factorization[J]. SIAM Journal on Optimization, 2010, 20(3):1364-1377. doi: 10.1137/070709967

	MNIST	CIFAR-10
原来网络(未加密)	0.983	0.617
加密(k₁=73)	0.983	0.617
加密(k₂=415)	0.983	0.617