Several security-typed languages have recently been proposed to enforce security properties such as confidentiality or integrity by type checking. We propose a new security-typed language, SPL@, that addresses two important limitations of previous approaches.First, existing languages assume that the underlying execution platform is trusted; this assumption does not scale to distributed computation in which a variety of differently trusted hosts are available to execute programs. Our new approach,secure program partitioning, translates programs written assuming complete trust in a single executing host into programs that execute using a collection of variously trusted hosts to perform computation. As the trust configuration of a distributed system evolves, this translation can be performed as necessary for security.Second, many common program transformations do not work in existing security-typed languages;although they produce equivalent programs, these programs are rejected because of apparent information flows. SPL@ uses a novel mechanism based on ordered linear continuations to permit a richer class of program transformations, including secure program partitioning.This report is the technical companion to [ZM00]. It contains expanded discussion and extensive proofs of both the soundness and noninterference theorems mentioned in Section 3.3 of that work. Read More
Tag Archives: Homomorphic Encryption
Untrusted Hosts and Confidentiality: Secure Program Partitioning
This paper presents secure program partitioning, a language-based technique for protecting confidential data during computation in distributed systems containing mutually untrusted hosts. Confidentiality and integrity policies can be expressed by annotating programs with security types that constrain information flow; these programs can then be partitioned automatically to run securely on heterogeneously trusted hosts. The resulting communicating sub-programs collectively implement the original program, yet the system as a whole satisfies the security requirements of participating principals without requiring a universally trusted host machine.The experience in applying this methodology and the performance of the resulting distributed code suggest that this is a promising way to obtain secure distributed computation. Read More
More efficient security for cloud-based machine learning
A novel encryption method devised by MIT researchers secures data used in online neural networks, without dramatically slowing their runtimes. This approach holds promise for using cloud-based neural networks for medical-image analysis and other applications that use sensitive data.
Outsourcing machine learning is a rising trend in industry. Major tech firms have launched cloud platforms that conduct computation-heavy tasks, such as, say, running data through a convolutional neural network (CNN) for image classification. Resource-strapped small businesses and other users can upload data to those services for a fee and get back results in several hours.
But what if there are leaks of private data? In recent years, researchers have explored various secure-computation techniques to protect such sensitive data. But those methods have performance drawbacks that make neural network evaluation (testing and validating) sluggish — sometimes as much as million times slower — limiting their wider adoption. Read More
GAZELLE: A Low Latency Framework for Secure Neural Network Inference
The growing popularity of cloud-based machine learning raises natural questions about the privacy guarantees that can be provided in such settings. Our work tackles this problem in the context of prediction-as-a-service wherein a server has a convolutional neural network (CNN) trained on its private data and wishes to provide classifications on clients’ private images. Our goal is to build efficient secure computation protocols which allow a client to obtain the classification result without revealing their input to the server, while at the same preserving the privacy of the server’s neural network.
To this end, we design Gazelle, a scalable and low-latency system for secure neural network inference, using an intricate combination of homomorphic encryption and traditional two-party computation techniques (such as gar-bled circuits). Gazelle makes three contributions. First, we design a homomorphic encryption library which provides fast implementations of basic homomorphic operations such as SIMD (single instruction multiple data) addition,SIMD multiplication and ciphertext slot permutation. Second, we implement homomorphic linear algebra kernels which provide fast algorithms that map neural network layers to optimized homomorphic matrix-vector multiplication and convolution routines. Third, we design optimized encryption switching protocols which seamlessly convert between homomorphic and garbled circuit encodings to en-able implementation of complete neural network inference.We evaluate our protocols on benchmark neural net-works trained on the MNIST and CIFAR-10 datasets and show that Gazelle outperforms the best existing systems such as MiniONN (ACM CCS 2017) and Chameleon(Crypto Eprint 2017/1164) by20–30×in online runtime.When compared with fully homomorphic approaches like CryptoNets (ICML 2016), we demonstrate three orders of magnitude faster online run-time. Read More
MIT can secure cloud-based AI without slowing it down
It’s rather important to secure cloud-based AI systems, especially when they they use sensitive data like photos or medical records. To date, though, that hasn’t been very practical — encrypting the data can render machine learning systems so slow as to be virtually unusable. MIT thankfully has a solution in the form of GAZELLE, a technology that promises to encrypt convolutional neural networks without a dramatic slowdown. The key was to meld two existing techniques in a way that avoids the usual bottlenecks those methods create. Read More
ML Confidential: Machine Learning on Encrypted Data
We demonstrate that, by using a recently proposed leveled homomorphic encryption scheme, it is possible to delegate the execution of a machine learning algorithm to a computing service while retaining confidentiality of the training and test data. Since the computational complexity of the homomorphic encryption scheme depends primarily on the number of levels of multiplications to be carried out on the encrypted data, we define a new class of machine learning algorithms in which the algorithm’s predictions, viewed as functions of the input data, can be expressed as polynomials of bounded degree. We pro-pose confidential algorithms for binary classification based on polynomial approximations to least-squares solutions obtained by a small number of gradient descent steps. We present experimental validation of the confidential machine learning pipeline and discuss the trade-offs regarding computational complexity, prediction accuracy and cryptographic security. Read More
Unsupervised Machine Learning on Encrypted Data
In the context of Fully Homomorphic Encryption, which allows computations on encrypted data, Machine Learning has been one of the most popular applications in the recent past. All of these works,however, have focused on supervised learning, where there is a labeled training set that is used to configure the model. In this work, we take thefirst step into the realm of unsupervised learning, which is an important area in Machine Learning and has many real-world applications, by ad-dressing the clustering problem. To this end, we show how to implement the K-Means-Algorithm. This algorithm poses several challenges in the FHE context, including a division, which we tackle by using a natural encoding that allows division and may be of independent interest. While this theoretically solves the problem, performance in practice is not optimal, so we then propose some changes to the clustering algorithm to make it executable under more conventional encodings. We show that our new algorithm achieves a clustering accuracy comparable to the original K-Means-Algorithm, but has less than 5% of its runtime. Read More
These Three Security Trends Are Key to Decentralize Artificial Intelligence
Decentralized artificial intelligence(AI) is one of the most promising trends in the AI space. The hype around decentralized AI has increased lately with the raise on popularity of blockchain technologies. While the value proposition of decentralized AI systems is very clear from a conceptual standpoint, their implementation is full of challenges. Arguably, the biggest challenges of implementing decentralized AI architectures are in the area of security and privacy.
The foundation of decentralized AI systems is an environment in which different parties such as data providers, data scientists and consumers collaborate to create, train and execute AI models without the need of a centralized authority. That type of infrastructure requires to not only establish unbiased trust between the parties but also solve a few security challenges. Let’s take a very simple scenario of a company that wants to create a series of AI models to detect patterns in their sales data. In a decentralized model, the company will publish a series of datasets to a group of data scientists that will collaborate to create different machine learning models. During that process, the data scientists will interact with other parties that will train and regularize the models. Enforcing the privacy of the data as well as the security of the communications between the different parties is essential to enable the creation of AI models in a decentralized manner. Read More
The Learning with Errors Problem
In recent years, the Learning with Errors (LWE) problem, introduced in [Reg05], has turned out to be an amazingly versatile basis for cryptographic constructions. Its main claim to fame is being as hard as worst-case lattice problems, hence rendering all cryptographic constructions based on it secure under the assumption that worst-case lattice problems are hard. Our goal in this survey is to present the state-of-the-art in our understanding of this problem. Although all results presented here already appear in the literature (except for the observation in Appendix A), we tried to make our presentation somewhat simpler than that in the original papers. Read More
Rick's Cafe AI 