论文标题
离线模型护罩:移动设备上的安全和私人ML
Offline Model Guard: Secure and Private ML on Mobile Devices
论文作者
论文摘要
在移动应用程序中执行机器学习任务会产生具有挑战性的利益冲突:高度敏感的客户信息(例如,语音数据)应保持私密,而服务提供商的知识产权(例如,模型参数)也必须受到保护。加密技术为此提供了安全的解决方案,但具有不可接受的开销,并且需要频繁的网络交互。在这项工作中,我们设计了一种实际上有效的基于硬件的解决方案。具体来说,我们构建了离线模型护罩(OMG),以在主要的移动计算平台组上启用隐私机器学习,即使在离线场景中也是如此。通过利用可信赖的执行环境与其他系统组件进行严格的硬件强制隔离,OMG保证了客户数据的隐私,提供的模型保密以及处理算法的完整性。我们在ARM Hikey 960开发板上的原型实现,使用TensorFlow Lite实时实时使用TensorFlow Lite执行隐私的关键字识别。
Performing machine learning tasks in mobile applications yields a challenging conflict of interest: highly sensitive client information (e.g., speech data) should remain private while also the intellectual property of service providers (e.g., model parameters) must be protected. Cryptographic techniques offer secure solutions for this, but have an unacceptable overhead and moreover require frequent network interaction. In this work, we design a practically efficient hardware-based solution. Specifically, we build Offline Model Guard (OMG) to enable privacy-preserving machine learning on the predominant mobile computing platform ARM - even in offline scenarios. By leveraging a trusted execution environment for strict hardware-enforced isolation from other system components, OMG guarantees privacy of client data, secrecy of provided models, and integrity of processing algorithms. Our prototype implementation on an ARM HiKey 960 development board performs privacy-preserving keyword recognition using TensorFlow Lite for Microcontrollers in real time.
