[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3411495.3421369acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
abstract
Public Access

Securing Classifiers Against Both White-Box and Black-Box Attacks using Encrypted-Input Obfuscation

Published: 09 November 2020 Publication History

Abstract

Machine Learning as a Service (aka MLaaS) and Smart Grid as a Service (aka SGaaS) are expected to grow at a significant rate. Just like most cloud services, MLaaS and SGaaS can be subject to a number of attacks. In this paper, we focus on white-box attacks (informally defined as attacks that try to access some or all internal data or computation used by the service program), and black-box attacks (informally defined as attacks only use input-output access to the attacked service program).
We consider a participant model including a setup manager, a cloud server, and one or many data producers. The cloud server runs a machine learning classifier trained on a dataset provided by the setup manager and classifies new input data provided by the data producers. Applications include analytics over data received by distributed sensors, such as, for instance, in a typical SGaaS environment. We propose a new security notion of encrypted-input classifier obfuscation as a set of algorithms that, in the above participant and algorithm model, aims to protect the cloud server's classifier program from both white-box and black-box attacks. This notion builds on cryptographic obfuscation of programs [1], cryptographic obfuscation of classifiers [2], and encrypted-input obfuscation of programs [3]. We model classifiers as a pair of programs: a training program that on input a dataset and secret data values, returns classification parameters, and a classification program that on input classification parameters, and a new input data value, returns a classification result. A typical execution goes as follows. During obfuscation generation, the setup manager randomly chooses a key k and sends a k-based obfuscation of the classifier to the cloud server, and sends to the data producers either k or information to generate k-based input data encryptions. During obfuscation evaluation, the data producers send k-based input data encryptions to the cloud server, which evaluates the obfuscated classifier over the encrypted input data. Here, the goal is to protect the confidentiality of the dataset, the secret data, and the classification parameters.
One can obtain a general-purpose encrypted-input classifier obfuscator in two steps: 1) transforming a suitable composition of training and classification algorithms into a single boolean circuit; 2) applying to this circuit the result from saying that [3] a modification of Yao's protocol[4] is an encrypted-input obfuscation of gate values in any polynomial-size boolean circuit. This result is of only theoretical relevance. Towards finding a practically efficient obfuscation of specific classifiers, we note that techniques from [3] can be used to produce an obfuscator for decision trees. Moreover, in recent results we have produced an obfuscator for image matching (i.e., matching an input image to a secret image).

References

[1]
Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven Rudich, Amit Sahai, Salil P. Vadhan, and Ke Yang. 2012. On the (im)possibility of obfuscating programs. J. ACM, Vol. 59, 2 (2012), 6.
[2]
Giovanni Di Crescenzo, Lisa Bahler, Brian A. Coan, Kurt Rohloff, and Yuriy Polyakov. 2018. Intrusion-Resilient Classifier Approximation: From Wildcard Matching to Range Membership. In 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications / 12th IEEE International Conference On Big Data Science And Engineering, TrustCom/BigDataSE 2018. IEEE, 1885--1890.
[3]
Giovanni Di Crescenzo, Lisa Bahler, and Allen McIntosh. 2020. Encrypted-Input Program Obfuscation: Simultaneous Security Against White box and black box attacks. In 8th IEEE Conference on Communications and Network Security, CNS 2020, Avignon, France, June 29 - July 1, 2020. IEEE, 1--9. https://doi.org/10.1109 / CNS48642.2020.9162267
[4]
Andrew Chi-Chih Yao. 1986. How to Generate and Exchange Secrets (Extended Abstract). In Proc. of 27th IEEE FOCS 1986. 162--167. https://doi.org/10.1109/SFCS.1986.25

Index Terms

  1. Securing Classifiers Against Both White-Box and Black-Box Attacks using Encrypted-Input Obfuscation

      Recommendations

      Comments

      Please enable JavaScript to view thecomments powered by Disqus.

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      CCSW'20: Proceedings of the 2020 ACM SIGSAC Conference on Cloud Computing Security Workshop
      November 2020
      176 pages
      ISBN:9781450380843
      DOI:10.1145/3411495
      Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 09 November 2020

      Check for updates

      Author Tags

      1. program / classifier obfuscation
      2. smart grid / machine learning as a service
      3. white-box / black-box attacks

      Qualifiers

      • Abstract

      Funding Sources

      Conference

      CCS '20
      Sponsor:

      Acceptance Rates

      Overall Acceptance Rate 37 of 108 submissions, 34%

      Upcoming Conference

      CCS '25

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • 0
        Total Citations
      • 166
        Total Downloads
      • Downloads (Last 12 months)39
      • Downloads (Last 6 weeks)7
      Reflects downloads up to 02 Dec 2024

      Other Metrics

      Citations

      View Options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Login options

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media