簡易檢索 / 詳目顯示

回結果列表
研究生: 林哲瑋
LIN, Zhe-Wei
論文名稱: 具有可否認性的可學習圖像加密
LED: Learnable Encryption with Deniability
指導教授: 紀博文
Chi, Po-Wen
口試委員: 官振傑
Guan, Albert
王銘宏
Wang, Ming-Hung
紀博文
Chi, Po-Wen
口試日期: 2023/01/16
學位類別: 碩士
Master
系所名稱: 資訊工程學系
Department of Computer Science and Information Engineering
論文出版年: 2023
畢業學年度: 111
語文別: 英文
論文頁數: 46
中文關鍵詞: 隱私保護機器學習可學習加密可否認加密
英文關鍵詞: privacy-preserving machine learning, learnable encryption, deniable encryption
研究方法: 實驗設計法比較研究
DOI URL: http://doi.org/10.6345/NTNU202300194
論文種類: 學術論文
相關次數: 點閱:74下載:19
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 使用者的資料隱私在雲端機器學習中是一個非常重要的議題,在本篇論文中 我們提出一種新的威脅來自上級權威機構,權威機構可以要求使用者與雲端服務 供應商給出隱私資料,權威機構也可以監控使用者在雲端服務的行為,我們提出 了一種具有可否認性的可學習圖像加密的保護方法,當使用者遭到了上級權威機 構脅迫交出在雲端服務平台中的訓練資料,可以生成出一把假的密鑰使脅迫者進 而去解密出假的資料,保護使用者在雲端服務平台中的隱私資料,而雲端服務供 應商也因為圖像被加密無法得知使用者的隱私資料。我們使用了分佈式多模型預 測查詢提升預測準確率.因可學習圖像加密準確度降低的問題。我們也將我們的 方案與其他可學習的加密技術進行比較。

    User privacy is an important issue in the cloud machine learning service. In this pa- per, we raise a new threat about the online machine learning service, which comes from outside superior authority. The authority may ask the user and the cloud to disclose se- crets and the authority can monitor the user behavior. We propose a protection approach called learnable encryption with deniability (LED), which can convince the outsider of the fake data and can protect the user privacy. Our use of learnable image encryption leads to a decrease in the accuracy of model predictions. We use distributed multi-model pre- diction queries to improve prediction accuracy. We also compared our scheme with other learnable encryption techniques.

    Chapter 1 Introduction 1 1.1 Introduction 1 1.2 Motivation 2 1.3 Contributions 3 Chapter 2 Related Works 5 2.1 Privacy-Preserving Machine Learning Schemes 5 2.2 Learnable Image Encryption 7 2.2.1 Tanaka’s Learnable Image Encryption 8 2.2.2 Pixel-Based Image Encryption 8 2.2.3 GAN-Based Image Encryption 9 2.2.4 Transformation Network Image Encryption 10 2.3 Deniable Encryption 11 Chapter 3 Primitive 13 3.1 CNN 13 3.1.1 Convolution Layers 13 3.1.2 Max Pooling Layer 14 3.2 ResNet 15 3.3 Learnable Image Encryption[28] 17 3.4 Multi-distributional Deniable Encryption18 Chapter 4 Learnable Encryption with Deniability 21 4.1 Scenario 21 4.2 Leanable Encryption with Deniability 23 4.3 Deniable Key Generation 27 4.4 Prediction Accuracy Enhancement 28 4.5 Data Augmentation 29 Chapter 5 Evaluation 30 5.1 Experiment Schemes 30 5.2 LED Prediction Accuracy: Single Model 31 5.3 LED Prediction Accuracy: Multi-Models 34 5.4 Accuracy vs. Number of Models 35 Chapter 6 Conclusions 40 6.1 Conclusions 40 6.2 Future Works 40 References 42

    [1] R. Agrawal and R. Srikant. Privacy-preserving data mining. SIGMOD Rec., 29(2):439–450, May 2000.
    [2] S. I. Ahamed and V. Ravi. Privacy-preserving chaotic extreme learning machine with fully homomorphic encryption, 2022.
    [3] E. Bisong. Google Colaboratory, pages 59–64. Apress, Berkeley, CA, 2019.
    [4] J. W. Bos, K. Lauter, J. Loftus, and M. Naehrig. Improved security for a ring- based fully homomorphic encryption scheme. In M. Stam, editor, Cryptography and Coding, pages 45–64, Berlin, Heidelberg, 2013. Springer Berlin Heidelberg.
    [5] R. Canetti, C. Dwork, M. Naor, and R. Ostrovsky. Deniable encryption. In B. S. K. Jr., editor, Advances in Cryptology - CRYPTO ’97, 17th Annual International Cryptology Conference, Santa Barbara, California, USA, August 17-21, 1997, Proceedings, volume 1294 of Lecture Notes in Computer Science, pages 90–104. Springer, 1997.
    [6] H.Chabanne,A.deWargny,J.Milgram,C.Morel,andE.Prouff.Privacy-preserving classification on deep neural network. Cryptology ePrint Archive, Report 2017/035, 2017. https://eprint.iacr.org/2017/035.
    [7] G. Chen, Q. Chen, X. Zhu, and Y. Chen. Encrypted image feature extraction by
    privacy-preserving mfs. In 2018 7th International Conference on Digital Home (ICDH), pages 42–45, Nov. 2018.
    [8] Y.FreundandR.E.Schapire.Adecision-theoreticgeneralizationofon-linelearning and an application to boosting. Journal of computer and system sciences, 55(1):119– 139, 1997.
    [9] P. Gasti, G. Ateniese, and M. Blanton. Deniable cloud storage: sharing files via public-key deniability. In Proceedings of the 9th annual ACM workshop on Privacy in the electronic society, pages 31–42, 2010.
    [10] R. Gilad-Bachrach, N. Dowlin, K. Laine, K. Lauter, M. Naehrig, and J. Wernsing. Cryptonets: Applying neural networks to encrypted data with high throughput and accuracy. In International Conference on Machine Learning, pages 201–210, 2016.[11] O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game. In Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, STOC ’87, pages 218–229, New York, NY, USA, 1987. ACM.
    [12] K. He, X. Zhang, S. Ren, and J. Sun. Deep residual learning for image recognition. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 770–778, 2016.
    [13] H. Ito, Y. Kinoshita, M. Aprilpyone, and H. Kiya. Image to perturbation: An image transformation network for generating visually protected images for privacy- preserving deep neural networks. IEEE Access, 9:64629–64638, 2021.
    [14] H. Kiya. Compressible and learnable encryption for untrusted cloud environments. CoRR, abs/1811.10254, 2018.
    [15] A. Krizhevsky, G. Hinton, et al. Learning multiple layers of features from tiny images. 2009.
    [16] Y. LeCun, B. Boser, J. S. Denker, D. Henderson, R. E. Howard, W. Hubbard, and L. D. Jackel. Backpropagation applied to handwritten zip code recognition. Neural Computation, 1(4):541–551, 1989.
    [17] J. Lee, H. Kang, Y. Lee, W. Choi, J. Eom, M. Deryabin, E. Lee, J. Lee, D. Yoo, Y. Kim, and J. No. Privacy-preserving machine learning with fully homomorphic encryption for deep neural network. CoRR, abs/2106.07229, 2021.
    [18] J. Liu, M. Juuti, Y. Lu, and N. Asokan. Oblivious neural network predictions via minionn transformations. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS ’17, pages 619–631, New York, NY, USA, 2017. ACM.
    [19] K. Madono, M. Tanaka, M. Onishi, and T. Ogawa. Block-wise scrambled image recognition using adaptation network. CoRR, abs/2001.07761, 2020.
    [20] I. Masi, Y. Wu, T. Hassner, and P. Natarajan. Deep face recognition: A survey. In 2018 31st SIBGRAPI Conference on Graphics, Patterns and Images (SIBGRAPI), pages 471–478, 2018.
    [21] P. Mohassel and Y. Zhang. Secureml: A system for scalable privacy-preserving machine learning. In 2017 IEEE Symposium on Security and Privacy (SP), pages 19–38, May 2017.
    [22] A. O’Neill, C. Peikert, and B. Waters. Bi-deniable public-key encryption. In P. Ro- gaway, editor, Advances in Cryptology – CRYPTO 2011, pages 525–542, Berlin, Heidelberg, 2011. Springer Berlin Heidelberg.
    [23] R. Podschwadt, D. Takabi, and P. Hu. Sok: Privacy-preserving deep learning with homomorphic encryption. CoRR, abs/2112.12855, 2021.
    [24] B. D. Rouhani, M. S. Riazi, and F. Koushanfar. Deepsecure: Scalable provably- secure deep learning. In Proceedings of the 55th Annual Design Automation Conference, DAC ’18, pages 2:1–2:6, New York, NY, USA, 2018. ACM.
    [25] C. Shorten and T. M. Khoshgoftaar. A survey on image data augmentation for deep learning. Journal of big data, 6(1):1–48, 2019.
    [26] W. Sirichotedumrong, Y. Kinoshita, and H. Kiya. Pixel-based image encryp- tion without key management for privacy-preserving deep neural networks. IEEE Access, 7:177844–177855, 2019.
    [27] W. Sirichotedumrong and H. Kiya. A gan-based image transformation scheme for privacy-preserving deep neural networks. In 2020 28th European Signal Processing Conference (EUSIPCO), pages 745–749, 2021.
    [28] M. Tanaka. Learnable image encryption. CoRR, abs/1804.00490, 2018.
    [29] A. C. Yao. How to generate and exchange secrets. In 27th Annual Symposium on Foundations of Computer Science (sfcs 1986), pages 162–167, Oct. 1986.

    下載圖示
    QR CODE