PriMask: Cascadable and Collusion-Resilient Data Masking for Mobile Cloud Inference
Authors: 
Linshan Jiang, Qun Song, Rui Tan, Mo LiAuthors Info & Claims
Pages 164 - 178
Abstract
Mobile cloud offloading is indispensable for inference tasks based on large-scale deep models. However, transmitting privacy-rich inference data to the cloud incurs concerns. This paper presents the design of a system called PriMask, in which the mobile device uses a secret small-scale neural network called MaskNet to mask the data before transmission. PriMask significantly weakens the cloud's capability to recover the data or extract certain private attributes. The MaskNet is cascadable in that the mobile can opt in to or out of its use seamlessly without any modifications to the cloud's inference service. Moreover, the mobiles use different MaskNets, such that the collusion between the cloud and some mobiles does not weaken the protection for other mobiles. We devise a split adversarial learning method to train a neural network that generates a new MaskNet quickly (within two seconds) at run time. We apply PriMask to three mobile sensing applications with diverse modalities and complexities, i.e., human activity recognition, urban environment crowdsensing, and driver behavior recognition. Results show PriMask's effectiveness in all the three applications.
References
[1]
collusions, howpublished = https://competitionandmarkets.blog.gov.uk/2018/10/08/business-cartels-recent-cases-weve-taken-action-on/, note = Accessed: 2022-09-30.
[2]
How to verify your business on google. https://support.google.com/business/answer/7107242?hl=en. Accessed: 2022-10-3.
[3]
Jetson nano developer kit. https://developer.nvidia.com/embedded/jetson-nano-developer-kit.
[4]
Mnist. http://yann.lecun.com/exdb/mnist/.
[5]
Pytorch. https://pytorch.org/.
[6]
Pytorch mobile. https://pytorch.org/mobile/home/.
[7]
Sharif Abuadbba, Kyuyeon Kim, Minki Kim, Chandra Thapa, Seyit A. Camtepe, Yansong Gao, Hyoungshick Kim, and Surya Nepal. Can we use split learning on 1d cnn models for privacy preserving training? In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS '20, page 305--318, New York, NY, USA, 2020. Association for Computing Machinery.
[8]
Davide Anguita, Alessandro Ghio, Luca Oneto, Xavier Parra, and Jorge Luis Reyes-Ortiz. A public domain dataset for human activity recognition using smartphones. In European Symposium on Artificial Neural Networks (ESANN), 2013.
[9]
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, and Karn Seth. Practical secure aggregation for privacy-preserving machine learning. In ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 1175--1191. ACM, 2017.
[10]
Chu Cao, Zhidan Liu, Mo Li, Wenqiang Wang, and Zheng Qin. Walkway discovery from large scale crowdsensing. In 2018 17th ACM/IEEE International Conference on Information Processing in Sensor Networks (IPSN), pages 13--24. IEEE, 2018.
[11]
Nicholas Carlini, Samuel Deng, Sanjam Garg, Somesh Jha, Saeed Mahloujifar, Mohammad Mahmoody, Abhradeep Thakurta, and Florian Tramèr. Is private learning possible with instance encoding? In IEEE Symposium on Security and Privacy (Oakland), pages 410--427. IEEE, 2021.
[12]
CDC. Distracted driving. https://www.cdc.gov/motorvehiclesafety/distracted_driving/index.html.
[13]
Si Chen, Ruoxi Jia, and Guo-Jun Qi. Improved techniques for model inversion attacks, 2020.
[14]
Jianfeng Chi, Emmanuel Owusu, Xuwang Yin, Tong Yu, William Chan, Patrick Tague, and Yuan Tian. Privacy partitioning: Protecting user data during the deep learning inference phase. arXiv preprint arXiv:1812.02863, 2018.
[15]
Jeffrey Dean, Greg Corrado, Rajat Monga, Kai Chen, Matthieu Devin, Mark Mao, Andrew Senior, Paul Tucker, Ke Yang, Quoc V Le, and Marc'Aurelio Ranzato. Large scale distributed deep networks. In Advances in Neural Information Processing Systems (NIPS), pages 1223--1231, 2012.
[16]
Ege Erdogan, Alptekin Kupcu, and A Ercument Cicek. Unsplit: Data-oblivious model inversion, model stealing, and label inference attacks against split learning. arXiv preprint arXiv:2108.09033, 2021.
[17]
Giuseppe Garofalo, Enrique Argones Rúa, Davy Preuveneers, Wouter Joosen, et al. A systematic comparison of age and gender prediction on imu sensor-based gait traces. Sensors, 19(13):2945, 2019.
[18]
Ran Gilad-Bachrach, Nathan Dowlin, Kim Laine, Kristin Lauter, Michael Naehrig, and John Wernsing. Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In International Conference on Machine Learning (ICML), pages 201--210, 2016.
[19]
Xueluan Gong, Yanjiao Chen, Wenbin Yang, Guanghao Mei, and Qian Wang. Inversenet: Augmenting model extraction attacks with training data inversion.
[20]
Thore Graepel, Kristin Lauter, and Michael Naehrig. Ml confidential: Machine learning on encrypted data. In International Conference on Information Security and Cryptology (ICISC), pages 1--21. Springer, 2012.
[21]
Rick Groenendijk, Sezer Karaoglu, Theo Gevers, and Thomas Mensink. Multi-loss weighting with coefficient of variations. In Proceedings of the IEEE/CVF winter conference on applications of computer vision, pages 1469--1478, 2021.
[22]
David Ha, Andrew Dai, and Quoc V Le. Hypernetworks. arXiv preprint arXiv:1609.09106, 2016.
[23]
Omid Hajihassnai, Omid Ardakanian, and Hamzeh Khazaei. Obscurenet: Learning attribute-invariant latent representation for anonymizing sensor data. In International Conference on Internet-of-Things Design and Implementation (IoTDI), 2021.
[24]
Ariel Hamlin, Abhi Shelat, Mor Weiss, and Daniel Wichs. Multi-key searchable encryption, revisited. In IACR international workshop on public key cryptography, pages 95--124. Springer, 2018.
[25]
Jihun Hamm, Adam C Champion, Guoxing Chen, Mikhail Belkin, and Dong Xuan. Crowd-ml: A privacy-preserving learning framework for a crowd of smart devices. In International Conference on Distributed Computing Systems (ICDCS), pages 11--20. IEEE, 2015.
[26]
Zecheng He, Tianwei Zhang, and Ruby B Lee. Model inversion attacks against collaborative inference. In Annual Computer Security Applications Conference (ACSAC), pages 148--162, 2019.
[27]
Zecheng He, Tianwei Zhang, and Ruby B Lee. Attacking and protecting data privacy in edge-cloud collaborative inference systems. IEEE Internet of Things Journal, 8(12):9706--9716, 2020.
[28]
Christian Henning, Johannes von Oswald, João Sacramento, Simone Carlo Surace, Jean-Pascal Pfister, and Benjamin F Grewe. Approximating the predictive distribution via adversarially-trained hypernetworks. 2018.
[29]
Ling Huang, Anthony D Joseph, Blaine Nelson, Benjamin IP Rubinstein, and J Doug Tygar. Adversarial machine learning. In The 4th ACM workshop on Security and artificial intelligence (AISec), pages 43--58, 2011.
[30]
Andrey Ignatov, Radu Timofte, William Chou, Ke Wang, Max Wu, Tim Hartley, and Luc Van Gool. Ai benchmark: Running deep neural networks on android smartphones. In The European Conference on Computer Vision (ECCV) Workshops.
[31]
Doaa Kareem Jasim and Sattar B Sadkhan. The eavesdropping attack on security tradeoff for cognitive radio networks. In 2021 4th International Iraqi Conference on Engineering Technology and Their Applications (IICETA), pages 223--229. IEEE, 2021.
[32]
Linshan Jiang, Rui Tan, Xin Lou, and Guosheng Lin. On lightweight privacy-preserving collaborative learning for internet-of-things objects. In International Conference on Internet of Things Design and Implementation (IoTDI), pages 70--81, 2019.
[33]
Kaggle. https://www.kaggle.com/c/state-farm-distracted-driver-detection.
[34]
Sanjay Kariyappa, Atul Prakash, and Moinuddin K Qureshi. Maze: Data-free model stealing attack using zeroth-order gradient estimation. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 13814--13823, 2021.
[35]
Kalpesh Krishna, Gaurav Singh Tomar, Ankur P Parikh, Nicolas Papernot, and Mohit Iyyer. Thieves on sesame street! model extraction of bert-based apis. arXiv preprint arXiv:1910.12366, 2019.
[36]
Nicholas D Lane and Petko Georgiev. Can deep learning revolutionize mobile sensing? In The 16th International Workshop on Mobile Computing Systems and Applications (HotMobile), pages 117--122, 2015.
[37]
Ang Li, Yixiao Duan, Huanrui Yang, Yiran Chen, and Jianlei Yang. Tiprdc: task-independent privacy-respecting data crowdsourcing framework for deep learning with anonymized intermediate representations. In Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pages 824--832, 2020.
[38]
Ang Li, Jiayi Guo, Huanrui Yang, Flora D Salim, and Yiran Chen. Deepobfuscator: Obfuscating intermediate representations with privacy-preserving adversarial learning on smartphones. In International Conference on Internet-of-Things Design and Implementation (IoTDI), pages 28--39, 2021.
[39]
Bin Liu, Yurong Jiang, Fei Sha, and Ramesh Govindan. Cloud-enabled privacy-preserving collaborative learning for mobile sensing. In ACM Conference on Embedded Networked Sensor Systems (SenSys), 2012.
[40]
Sicong Liu, Junzhao Du, Anshumali Shrivastava, and Lin Zhong. Privacy adversarial network: representation learning for mobile data privacy. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 3(4):1--18, 2019.
[41]
Jiwen Lu, Gang Wang, and Pierre Moulin. Human identity and gender recognition from gait sequences with arbitrary walking directions. IEEE Transactions on information Forensics and Security, 9(1):51--61, 2013.
[42]
Mohammad Maheer. Python notebook using data from state farm distracted driver detection. https://www.kaggle.com/maheer/driver-distraction/notebook.
[43]
Mohammad Malekzadeh, Anastasia Borovykh, and Deniz Gündüz. Honest-but-curious nets: Sensitive attributes of private inputs can be secretly coded into the classifiers' outputs. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pages 825--844, 2021.
[44]
Mohammad Malekzadeh, Richard G Clegg, Andrea Cavallaro, and Hamed Haddadi. Mobile sensor data anonymization. In International conference on internet of things design and implementation (IoTDI), pages 49--58, 2019.
[45]
Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Aguera y Arcas. Communication-efficient learning of deep networks from decentralized data. In International Conference on Artificial intelligence and statistics (AISTATS), pages 1273--1282. PMLR, 2017.
[46]
Takayuki Miura, Satoshi Hasegawa, and Toshiki Shibahara. Megex: Data-free model extraction attack against gradient-based explainable ai. arXiv preprint arXiv:2107.08909, 2021.
[47]
Fan Mo, Hamed Haddadi, Kleomenis Katevas, Eduard Marin, Diego Perino, and Nicolas Kourtellis. Ppfl: privacy-preserving federated learning with trusted execution environments. In The 19th Annual International Conference on Mobile Systems, Applications, and Services (MobiSys), 2021.
[48]
Arup Mondal, Yash More, Prashanthi Ramachandran, Priyam Panda, Harpreet Virk, and Debayan Gupta. Scotch: an efficient secure computation framework for secure aggregation. arXiv preprint arXiv:2201.07730, 2022.
[49]
Milad Nasr, Reza Shokri, and Amir Houmansadr. Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. In 2019 IEEE symposium on security and privacy (SP), pages 739--753. IEEE, 2019.
[50]
Seyed Ali Osia, Ali Shahin Shamsabadi, Ali Taheri, Kleomenis Katevas, Sina Sajadmanesh, Hamid R Rabiee, Nicholas D Lane, and Hamed Haddadi. A hybrid deep learning architecture for privacy-preserving mobile analytics. IEEE Internet of Things Journal, May 2020.
[51]
Dario Pasquini, Giuseppe Ateniese, and Massimo Bernaschi. Unleashing the tiger: Inference attacks on split learning. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pages 2113--2129, 2021.
[52]
Sarvar Patel, Giuseppe Persiano, and Kevin Yeo. Symmetric searchable encryption with sharing and unsharing. In European Symposium on Research in Computer Security, pages 207--227. Springer, 2018.
[53]
TOMM Peake. Eavesdropping in communication. Animal communication networks, pages 13--37, 2005.
[54]
Martin Pesendorfer. A study of collusion in first-price auctions. The Review of Economic Studies, 67(3):381--411, 2000.
[55]
Yinian Qi and Mikhail J Atallah. Efficient privacy-preserving k-nearest neighbor search. In International Conference on Distributed Computing Systems (ICDCS), pages 311--319. IEEE, 2008.
[56]
Neale Ratzlaff and Li Fuxin. Hypergan: A generative model for diverse, performant neural networks. In International Conference on Machine Learning (ICML), pages 5361--5369. PMLR, 2019.
[57]
Aria Rezaei, Chaowei Xiao, Jie Gao, Bo Li, and Sirajum Munir. Application-driven privacy-preserving data publishing with correlated attributes. In International Conference on Embedded Wireless Systems and Networks (EWSN), pages 91--102, 2021.
[58]
Maria Rigaki and Sebastian Garcia. A survey of privacy attacks in machine learning. arXiv preprint arXiv:2007.07646, 2020.
[59]
Yiran Shen, Chengwen Luo, Dan Yin, Hongkai Wen, Rus Daniela, and Wen Hu. Privacy-preserving sparse representation classification in cloud-enabled mobile applications. Computer Networks, 133:59--72, 2018.
[60]
Reza Shokri and Vitaly Shmatikov. Privacy-preserving deep learning. In ACM Conference on Computer and Communications Security (CCS), pages 1310--1321. ACM, 2015.
[61]
Abhishek Singh, Ayush Chopra, Ethan Garza, Emily Zhang, Praneeth Vepakomma, Vivek Sharma, and Ramesh Raskar. Disco: Dynamic and invariant sensitive channel obfuscation for deep neural networks. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 12125--12135, 2021.
[62]
Congzheng Song and Vitaly Shmatikov. Overlearning reveals sensitive attributes. arXiv preprint arXiv:1905.11742, 2019.
[63]
Emma Strubell, Ananya Ganesh, and Andrew McCallum. Energy and policy considerations for deep learning in nlp. arXiv preprint arXiv:1906.02243, 2019.
[64]
Shaolin Su, Qingsen Yan, Yu Zhu, Cheng Zhang, Xin Ge, Jinqiu Sun, and Yanning Zhang. Blindly assess image quality in the wild guided by a self-adaptive hyper network. In IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pages 3667--3676, 2020.
[65]
Shi Yuan Tang, Athirai A Irissappane, Frans A Oliehoek, and Jie Zhang. Learning complex policy distribution with cem guided adversarial hypernetwork. In Proceedings of the 20th International Conference on Autonomous Agents and Multi-Agent Systems, pages 1308--1316, 2021.
[66]
Praneeth Vepakomma, Otkrist Gupta, Tristan Swedish, and Ramesh Raskar. Split learning for health: Distributed deep learning without sharing raw patient data. arXiv preprint arXiv:1812.00564, 2018.
[67]
Ji Wang, Jianguo Zhang, Weidong Bao, Xiaomin Zhu, Bokai Cao, and Philip S Yu. Not just privacy: Improving performance of private deep learning in mobile cloud. In ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), pages 2407--2416. ACM, 2018.
[68]
Kuan-Chieh Wang, Paul Vicol, James Lucas, Li Gu, Roger Grosse, and Richard Zemel. Adversarial distillation of bayesian neural network posteriors. In International Conference on Machine Learning (ICML), pages 5190--5199. PMLR, 2018.
[69]
Yun Wang and Dimitrios Papadopoulos. Multi-user collusion-resistant searchable encryption with optimal search time. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pages 252--264, 2021.
[70]
Kang Wei, Jun Li, Ming Ding, Chuan Ma, Howard H Yang, Farhad Farokhi, Shi Jin, Tony QS Quek, and H Vincent Poor. Federated learning with differential privacy: Algorithms and performance analysis. IEEE Transactions on Information Forensics and Security, 15:3454--3469, 2020.
[71]
Shuangke Wu, Yanjiao Chen, Qian Wang, Minghui Li, Cong Wang, and Xiangyang Luo. Cream: A smart contract enabled collusion-resistant e-auction. IEEE Transactions on Information Forensics and Security, 14(7):1687--1701, 2018.
[72]
Runhua Xu and James Joshi. Trustworthy and transparent third-party authority. ACM Transactions on Internet Technology (TOIT), 20(4):1--23, 2020.
[73]
Xiaoyu Xu, Hao Hu, Yuling Liu, Jinglei Tan, Hongqi Zhang, and Haotian Song. Moving target defense of routing randomization with deep reinforcement learning against eavesdropping attack. Digital Communications and Networks, 2022.
[74]
Shuochao Yao, Yiran Zhao, Huajie Shao, ShengZhong Liu, Dongxin Liu, Lu Su, and Tarek Abdelzaher. Fastdeepiot: Towards understanding and optimizing neural network execution time on mobile and embedded devices. In ACM Conference on Embedded Networked Sensor Systems (SenSys), 2018.
[75]
Justin Zhijun Zhan, LiWu Chang, and Stan Matwin. Privacy preserving k-nearest neighbor classification. International Journal of Network Security, 1(1), 2005.
[76]
Martin Zinkevich, Markus Weimer, Lihong Li, and Alex J Smola. Parallelized stochastic gradient descent. In Advances in Neural Information Processing Systems (NIPS), pages 2595--2603, 2010.
[77]
Dimitrios Zissis, Dimitrios Lekkas, and Panayiotis Koutsabasis. Cryptographic dysfunctionality-a survey on user perceptions of digital certificates. In Global Security, Safety and Sustainability & e-Democracy, pages 80--87. Springer, 2011.
Index Terms
- PriMask: Cascadable and Collusion-Resilient Data Masking for Mobile Cloud Inference
Recommendations
Backpropagation Algorithms for a Broad Class of Dynamic Networks
This paper introduces a general framework for describing dynamic neural networks-the layered digital dynamic network (LDDN). This framework allows the development of two general algorithms for computing the gradients and Jacobians for these dynamic ...
PieSlicer: Dynamically Improving Response Time for Cloud-based CNN Inference
ICPE '21: Proceedings of the ACM/SPEC International Conference on Performance EngineeringExecuting deep-learning inference on cloud servers enables the usage of high complexity models for mobile devices with limited resources. However, pre-execution time-the time it takes to prepare and transfer data to the cloud-is variable and can take ...
Dynamic neural network-based fault diagnosis of gas turbine engines
AbstractIn this paper, a neural network-based fault detection and isolation (FDI) scheme is presented to detect and isolate faults in a highly nonlinear dynamics of an aircraft jet engine. Towards this end, dynamic neural networks (DNN) are ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2022
1280 pages
ISBN:9781450398862
DOI:10.1145/3560905
- General Chairs:
- Jeremy Gummeson,
- Sunghoon Ivan Lee,
- Program Chairs:
- Jie Gao,
- Guoliang Xing
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- SIGMETRICS: ACM Special Interest Group on Measurement and Evaluation
- SIGCOMM: ACM Special Interest Group on Data Communication
- SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing
- SIGOPS: ACM Special Interest Group on Operating Systems
- SIGBED: ACM Special Interest Group on Embedded Systems
- SIGARCH: ACM Special Interest Group on Computer Architecture
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 24 January 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- N.a.
Conference
SenSys '22: The 20th ACM Conference on Embedded Networked Sensor Systems
November 6 - 9, 2022
Massachusetts, Boston
Acceptance Rates
SenSys '22 Paper Acceptance Rate 52 of 187 submissions, 28%;
Overall Acceptance Rate 174 of 867 submissions, 20%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 336Total Downloads
- Downloads (Last 12 months)220
- Downloads (Last 6 weeks)32
Reflects downloads up to 12 Nov 2024
Other Metrics
Citations
Cited By
View allView Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in