Tuesday, December 24, 2024

Recent security protocol protects data from attackers during cloud computing

Share

Deep learning models are used in many fields, from healthcare diagnostics to financial forecasting. However, these models are so computationally intensive that they require the exploit of powerful cloud servers.

Relying on cloud computing comes with significant security risks, especially in areas like healthcare, where hospitals may be wary of using AI tools to analyze sensitive patient data due to privacy concerns.

To address this pressing problem, MIT researchers have developed a security protocol that leverages the quantum properties of lightweight to ensure that data transmitted to and from a cloud server remains sheltered during deep learning computations.

The protocol uses basic quantum mechanics to encode data in the lightweight of a laser used in fiber-optic communication systems, preventing attackers from copying or intercepting the information without being detected.

What’s more, the technique ensures security without compromising the accuracy of deep learning models. In tests, the researchers showed that their protocol could maintain 96 percent accuracy while providing solid security measures.

“Deep learning models like GPT-4 have unprecedented capabilities but are computationally intensive. Our protocol enables users to leverage these powerful models without compromising the privacy of their data or the proprietary nature of the models themselves,” says Kfir Sulimany, a postdoctoral fellow at MIT’s Research Laboratory for Electronics (RLE) and lead author document about this security protocol.

Joining Sulimany on the paper are Sri Krishna Vadlamani, a postdoc at MIT; Ryan Hamerly, a former postdoc now at NTT Research, Inc.; Prahlad Iyengar, a graduate student in electrical engineering and computer science (EECS); and senior author Dirk Englund, a professor at EECS, principal investigator of the Quantum Photonics and Artificial Intelligence Group, and RLE. The research was recently presented at the annual Quantum Cryptography Conference.

A Two-Way Road for Security in Deep Learning

The cloud computing scenario the researchers focused on involves two parties — a client with sensitive data, such as medical images, and a central server controlling the deep learning model.

The client wants to exploit a deep learning model to make predictions, such as whether a patient has cancer, based on medical images, without revealing any information about the patient.

In this scenario, confidential data must be sent to generate a prediction. However, patient data must remain secure during the process.

Furthermore, the server does not want to reveal any elements of the proprietary model that a company like OpenAI has spent years and millions of dollars to create.

“Both sides have something they want to hide,” Vadlamani adds.

In digital computing, a person making a mistake can easily copy data sent from a server or client.

On the other hand, quantum information cannot be perfectly copied. Scientists exploit this property, known as the no-cloning principle, in their security protocol.

As part of the researchers’ protocol, a server encodes the weights of a deep neural network in an optical field using laser lightweight.

A neural network is a deep learning model that consists of layers of connected nodes, or neurons, that perform calculations on data. Weights are components of the model that perform mathematical operations on each input, layer by layer. The output of one layer is fed to the next layer until the last layer generates a prediction.

The server sends network weights to the client, which implements operations to obtain a result based on its private data. The data remains protected from the server.

At the same time, the security protocol allows the client to measure only one result and prevents him from copying scales due to the quantum nature of lightweight.

Once the client passes the first result to the next layer, the protocol is designed to cancel the first layer so that the client cannot learn anything more about the model.

“Instead of measuring all the light coming from the server, the client only measures the light needed to run the deep neural network and pass the result on to the next layer. The client then sends the residual light back to the server for safety checks,” Sulimany explains.

Due to the no-cloning theorem, the client inevitably applies compact errors to the model when measuring its output. When the server receives the residual lightweight from the client, it can measure these errors to determine whether any information has been leaked. Importantly, it has been proven that this residual lightweight does not reveal the client’s data.

Practical protocol

Contemporary telecommunications equipment typically relies on optical fibers to transmit information because of the need to handle massive bandwidth over long distances. Because this equipment already contains optical lasers, scientists can encode data in lightweight for their security protocol without any special equipment.

After testing this approach, the researchers found that it could guarantee server and client security, allowing the deep neural network to achieve 96 percent accuracy.

The compact amount of model information that leaks when the client performs operations is less than 10 percent of what an adversary would need to recover the hidden information. In the other direction, a malicious server could only get about 1 percent of the information it would need to steal the client’s data.

“You can be confident that it’s secure in both directions—from client to server and from server to client,” Sulimany says.

“A few years ago, when we were developing our distributed machine learning inference demonstration between MIT’s main campus and MIT Lincoln Lab, it occurred to me that we could do something completely new to provide physical layer security, building on years of work in quantum cryptography, also shown on this test bench“, says Englund. “However, there were many deep theoretical challenges that had to be overcome to see whether this perspective of distributed, privacy-assured machine learning could be realized. That didn’t happen until Kfir joined our team, because Kfir had a unique understanding of both the experimental and theoretical components to develop a unified framework that underpins this work.”

In the future, the researchers want to explore how this protocol could be applied to a technique called federated learning, in which multiple parties exploit their data to train a central deep learning model. It could also be applied to quantum operations rather than the classical operations they studied in this work, which could provide benefits in both accuracy and security.

“This work combines in a clever and intriguing way techniques from fields that do not usually meet, in particular deep learning and quantum key distribution. Using methods from the latter, it adds a layer of security to the former while enabling what seems like a realistic implementation. This could be interesting for privacy in distributed architectures. I am looking forward to seeing how the protocol behaves in the face of experimental imperfections and its practical implementation,” says Eleni Diamanti, CNRS research director at the Sorbonne in Paris, who was not involved in the work.

This work was supported in part by the Israel Council for Higher Education and the Zuckerman STEM Leaders Program.

Latest Posts

More News