Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
Gemini 2.5 Pro
GPT-5
GPT-4o
DeepSeek R1 via Azure
2000 character limit reached

Privacy-Enhancing Technologies for Artificial Intelligence-Enabled Systems (2404.03509v1)

Published 4 Apr 2024 in cs.CR

Abstract: AI models introduce privacy vulnerabilities to systems. These vulnerabilities may impact model owners or system users; they exist during model development, deployment, and inference phases, and threats can be internal or external to the system. In this paper, we investigate potential threats and propose the use of several privacy-enhancing technologies (PETs) to defend AI-enabled systems. We then provide a framework for PETs evaluation for a AI-enabled systems and discuss the impact PETs may have on system-level variables.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (57)
  1. 2022. IBM Global AI Adoption Index 2022. IBM Technology Adoption Report. IBM Corporation, Armonk, NY.
  2. An adversarial attack detection method in deep neural networks based on re-attacking approach. Multimedia Tools and Applications 80 (03 2021), 1–30. https://doi.org/10.1007/s11042-020-10261-5
  3. Homomorphic Encryption Security Standard. Technical Report. HomomorphicEncryption.org, Toronto, Canada.
  4. Gerard Andrews. 2021. What is Synthetic Data? NVIDIA (2021). https://blogs.nvidia.com/blog/2021/06/08/what-is-synthetic-data/
  5. Microsoft Azure. 2022. SGX enclaves. https://learn.microsoft.com/en-us/azure/confidential-computing/confidential-computing-enclaves
  6. OpenFHE: Open-Source Fully Homomorphic Encryption Library. Cryptology ePrint Archive, Paper 2022/915. https://eprint.iacr.org/2022/915 https://eprint.iacr.org/2022/915.
  7. Recent Advances in Adversarial Training for Adversarial Robustness. arXiv:2102.01356 [cs.LG]
  8. Nick Bradley. 2015. The Threat Is Coming From Inside the Network: Insider Threats Outrank External Attacks. https://securityintelligence.com/the-threat-is-coming-from-inside-the-network/
  9. Language Models are Few-Shot Learners. arXiv:2005.14165 [cs.CL]
  10. Why the Census Bureau Chose Differential Privacy. U.S. Census Bureau (2023). https://www2.census.gov/library/publications/decennial/2020/census-briefs/c2020br-03.pdf
  11. Rosario Cammarota. 2022. Intel HERACLES: Homomorphic Encryption Revolutionary Accelerator with Correctness for Learning-Oriented End-to-End Solutions. In Proceedings of the 2022 on Cloud Computing Security Workshop (Los Angeles, CA, USA) (CCSW’22). Association for Computing Machinery, New York, NY, USA, 3. https://doi.org/10.1145/3560810.3565290
  12. Ro Cammarota. 2023. Intel Labs Continues Focused Research and Standards Efforts to Make FHE Viable. Intel (2023).
  13. Extracting Training Data from Large Language Models. arXiv:2012.07805 [cs.CR]
  14. Nick Cavalancia. 2020. User and Entity Behavior Analytics (UEBA) explained. AT&T (2020). https://cybersecurity.att.com/blogs/security-essentials/user-entity-and-behavior-analytics-explained
  15. Mike Chapple. 2019. Privacy vs Confidentiality vs Security: What’s the Difference? https://edtechmagazine.com/higher/article/2019/10/security-privacy-and-confidentiality-whats-difference
  16. Machine Learning Security against Data Poisoning: Are We There Yet? arXiv:2204.05986 [cs.CR]
  17. Enable fully homomorphic encryption with Amazon SageMaker endpoints for secure, real-time inferencing. AWS Machine Learning Blog (2023). https://aws.amazon.com/blogs/machine-learning/enable-fully-homomorphic-encryption-with-amazon-sagemaker-endpoints-for-secure-real-time-inferencing/
  18. DARPA. 2020. Data Protection in Virtual Environments (DPRIVE).
  19. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. arXiv:1810.04805 [cs.CL]
  20. Exposed! A Survey of Attacks on Private Data. Annual Review of Statistics and Its Application 4, 1 (2017), 61–84. https://doi.org/10.1146/annurev-statistics-060116-054123 arXiv:https://doi.org/10.1146/annurev-statistics-060116-054123
  21. Lindsay Ellis. 2023. ChatGPT Can Save You Hours at Work. Why Are Some Companies Banning It? Wall Street Journal (2023).
  22. ENISA. 2019. ENISA’s PETs Maturity Assessment Repository. https://www.enisa.europa.eu/publications/enisa2019s-pets-maturity-assessment-repository
  23. Gradient leakage attacks in federated learning. Artificial Intelligence Review (2023). https://doi.org/10.1007/s10462-023-10550-z
  24. Mark Gurman. 2023. Samsung Bans Staff’s AI Use After Spotting ChatGPT Data Leak. Bloomberg (2023). https://www.bloomberg.com/news/articles/2023-05-02/samsung-bans-chatgpt-and-other-generative-ai-use-by-staff-after-leak
  25. Karen Hao. 2019. Hackers trick a Tesla into veering into the wrong lane. MIT Technology Review (2019). https://www.technologyreview.com/2019/04/01/65915/hackers-trick-teslas-autopilot-into-veering-towards-oncoming-traffic/
  26. Adversarial Attacks on Neural Network Policies. arXiv:1702.02284 [cs.LG]
  27. Alex Hughes. 2023. ChatGPT: Everything you need to know about OpenAI’s GPT-4 tool. BBC Science Focus (2023). https://www.sciencefocus.com/future-technology/gpt-3
  28. Intel. [n.d.]a. Intel® Software Guard Extensions (Intel® SGX). https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html
  29. Intel. [n.d.]b. Strengthen Enclave Trust with Attestation. https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/attestation-services.html
  30. ISO. 2023a. ISO/IEC TR 27563:2023. (2023). https://www.iso.org/standard/80396.html
  31. ISO. 2023b. ISO/IEC WD 18033-8. (2023). https://www.iso.org/standard/83139.html
  32. Daniel Jakubovitz and Raja Giryes. 2019. Improving DNN Robustness to Adversarial Attacks using Jacobian Regularization. arXiv:1803.08680 [cs.LG]
  33. BTS: An Accelerator for Bootstrappable Fully Homomorphic Encryption. In Proceedings of the 49th Annual International Symposium on Computer Architecture (New York, New York) (ISCA ’22). Association for Computing Machinery, New York, NY, USA, 711–725. https://doi.org/10.1145/3470496.3527415
  34. Optimization of Homomorphic Comparison Algorithm on RNS-CKKS Scheme. IEEE Access 10 (2022), 26163–26176. https://doi.org/10.1109/ACCESS.2022.3155882
  35. Attestation Mechanisms for Trusted Execution Environments Demystified. In Distributed Applications and Interoperable Systems. Springer International Publishing, 95–113. https://doi.org/10.1007/978-3-031-16092-9_7
  36. Microsoft. [n.d.]. What is data loss prevention (DLP)? https://www.microsoft.com/en-us/security/business/security-101/what-is-data-loss-prevention-dlp
  37. MITRE. [n.d.]. ATLAS Matrix. https://atlas.mitre.org/matrices/ATLAS/
  38. Arvind Narayanan and Vitaly Shmatikov. 2008. Robust De-anonymization of Large Sparse Datasets. In 2008 IEEE Symposium on Security and Privacy (sp 2008). 111–125. https://doi.org/10.1109/SP.2008.33
  39. Privacy-Preserving Inference in Machine Learning Services Using Trusted Execution Environments. arXiv:1912.03485 [cs.LG]
  40. NIST National Cybersecurity Center of Excellence. [n.d.]. Data Confidentiality: Identifying and Protecting Assets. https://www.nccoe.nist.gov/data-confidentiality-identifying-and-protecting-assets-and-data-against-data-breaches
  41. Differential Privacy for Privacy-Preserving Data Analysis. Cybersecurity Insights (A NIST Blog) (2020). https://www.nist.gov/blogs/cybersecurity-insights/differential-privacy-privacy-preserving-data-analysis-introduction-our
  42. U.S. Department of Health and Human Services. [n.d.]. Summary of the HIPAA Privacy Rule. https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
  43. U.S. Department of Labor. [n.d.]. Guidance on the Protection of Personal Identifiable Information. https://www.dol.gov/general/ppii
  44. UCI Office of Research. [n.d.]. Privacy and Confidentiality. https://research.uci.edu/human-research-protections/research-subjects/privacy-and-confidentiality/
  45. OpenAI. 2022. Introducing ChatGPT. https://openai.com/blog/chatgpt
  46. A taxonomy and survey of attacks against machine learning. Computer Science Review 34 (2019), 100199. https://doi.org/10.1016/j.cosrev.2019.100199
  47. Privacy-preserving Deep Learning based Record Linkage. arXiv:2211.02161 [cs.CR]
  48. Kurt Rohloff. 2017. Homomorphic Encryption – Making it Real. Duality (2017). https://dualitytech.com/blog/homomorphic-encryption-making-it-real/
  49. Kurt Rohloff. 2022. Duality Advances Homomorphic Encryption Landscape with OpenFHE. Duality (2022). https://dualitytech.com/blog/duality-advances-homomorphic-encryption-landscape-with-openfhe/
  50. A Study of Split Learning Model. In 2022 16th International Conference on Ubiquitous Information Management and Communication (IMCOM). 1–4. https://doi.org/10.1109/IMCOM53663.2022.9721798
  51. Amazon Web Services. [n.d.]. AWS Nitro Enclaves. https://aws.amazon.com/ec2/nitro/nitro-enclaves/
  52. Comprehensive Performance Analysis of Homomorphic Cryptosystems for Practical Data Processing. arXiv:2202.02960 [cs.CR]
  53. WSJ Staff. 2021. Inside TikTok’s Algorithm: A WSJ Video Investigation. Wall Street Journal (2021). https://www.wsj.com/articles/tiktok-algorithm-video-investigation-11626877477
  54. Ben Wolford. [n.d.]. What is GDPR, the EU’s new data protection law? https://gdpr.eu/what-is-gdpr/
  55. Mitigating Adversarial Effects Through Randomization. arXiv:1711.01991 [cs.CV]
  56. Gradient Leakage Attacks in Federated Learning: Research Frontiers, Taxonomy and Future Directions. IEEE Network (2023), 1–8. https://doi.org/10.1109/MNET.001.2300140
  57. How Does a Deep Learning Model Architecture Impact Its Privacy? A Comprehensive Study of Privacy Attacks on CNNs and Transformers. arXiv:2210.11049 [cs.CR]
Citations (1)
View on Semantic Scholar

Summary

  • The paper presents a comprehensive framework for assessing PETs in the context of AI, focusing on secure computation and data privacy.
  • It evaluates key methodologies such as Fully Homomorphic Encryption, Federated Learning, and Trusted Execution Environments to address vulnerabilities during data use.
  • The study highlights the threat landscape of insider and outsider risks, emphasizing the need for performance trade-offs and readiness in PET integration.

Privacy-Enhancing Technologies for Artificial Intelligence-Enabled Systems

Introduction to Privacy-Enhancing Technologies (PETs)

AI models carry inherent privacy vulnerabilities that span from the development phase to deployment and inference stages. To safeguard AI-enabled systems against both internal and external threats, the adoption of privacy-enhancing technologies (PETs) has become crucial. PETs aim to protect data during its use by allowing secure computation on sensitive information without revealing the actual data or compromising the system's functionality. This paper provides an extensive evaluation of PETs, presenting a framework for assessing their suitability in AI contexts and discussing their potential to reshape system-level security paradigms.

Data In Use: The Core Concern

The term "data in use" capture scenarios where data is being actively processed, whether by humans (e.g., data analysis) or machines (e.g., model training, inference). Unlike data at rest or in transit, data in use is vulnerable to exposure, necessitating innovative protection methods beyond traditional encryption and access control measures. This is particularly significant in AI systems, where data is not merely processed but plays a central role in model training and inference, introducing unique privacy challenges.

The Significance of PETs

PETs are designed to enable collaboration and data sharing with privacy as the foremost priority. These technologies offer several capabilities, including:

  • Secure collaborative analytics
  • Insight extraction from sensitive data without disclosure
  • Trusted computation in untrusted environments
  • Quantum-resistant encryption methods

Among the categories of PETs, Fully Homomorphic Encryption (FHE), Federated Learning (FL), and Trusted Execution Environments (TEEs) are positioned as transformative solutions for addressing AI-specific privacy concerns.

Understanding the Threat Landscape

PETs must contend with diverse threats that compromise the confidentiality and integrity of AI models and data. Insider threats (both careless and malicious) and outsider threats present distinct challenges, necessitating tailored PET solutions. For instance, careless insiders might inadvertently expose sensitive data to external AI services, while outsiders might attempt to reverse-engineer AI models to glean sensitive information.

PETs in Action: Architectural Solutions

  • Trusted Execution Environments (TEEs) ensure isolated, secure computation spaces, safeguarding the execution from external visibility or alteration.
  • Fully Homomorphic Encryption (FHE) enables operations on encrypted data, offering a robust shield for AI inference without compromising privacy.
  • Federated Learning (FL) epitomizes collaborative model training with privacy, allowing multiple entities to contribute without exposing their data sets.

Each PET addresses specific phases of the AI model lifecycle, from development/training to deployment/inference, showcasing the multifaceted approach required to secure AI systems effectively.

Evaluating PETs for AI Systems

Selecting the appropriate PETs for an AI-enabled system entails rigorous evaluation of the use case applicability, system impact, and implementation readiness. The process involves understanding the PET's technical objectives, threat mitigation capabilities, and the trade-offs in performance or functionality. Moreover, readiness assessment, both in terms of technology maturity and organizational preparedness, is pivotal for successful PET integration.

Concluding Remarks

The integration of PETs into AI systems underscores a critical evolution in cybersecurity, extending protection to data in use. This advancement is not merely a technical necessity but a moral imperative to uphold the principle of "do no harm" in the era of AI. As AI technologies proliferate, PETs offer a pathway to mitigate privacy risks and foster trust in AI applications, aligning technological progress with ethical considerations.

File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown
Dice Question Streamline Icon: https://streamlinehq.com

Follow-up Questions

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets