K. Kapusta, V. Thouvenot, Olivier Bettan, Hugo Beguinet, Hugo Senet
{"title":"嵌入到机器学习模型中的水印安全验证协议","authors":"K. Kapusta, V. Thouvenot, Olivier Bettan, Hugo Beguinet, Hugo Senet","doi":"10.1145/3437880.3460409","DOIUrl":null,"url":null,"abstract":"Machine Learning is a well established tool used in a variety of applications. As training advanced models requires considerable amounts of meaningful data in addition to specific knowledge, a new business model separate models creators from model users. Pre-trained models are sold or made available as a service. This raises several security challenges, among others the one of intellectual property protection. Therefore, a new research track actively seeks to provide techniques for model watermarking that would enable model identification in case of suspicion of model theft or misuse. In this paper, we focus on the problem of secure watermarks verification, which affects all of the proposed techniques and until now was barely tackled. First, we revisit the existing threat model. In particular, we explain the possible threats related to a semi-honest or dishonest verification authority. Secondly, we show how to reduce trust requirements between participants by performing the watermarks verification on encrypted data. Finally, we describe a novel secure verification protocol as well as detail its possible implementation using Multi-Party Computation. The proposed solution does not only preserve the confidentiality of the watermarks but also helps detecting evasion attacks. It could be adopted to work with other authentication schemes based on watermarking, especially with image watermarking schemes.","PeriodicalId":120300,"journal":{"name":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-06-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"A Protocol for Secure Verification of Watermarks Embedded into Machine Learning Models\",\"authors\":\"K. Kapusta, V. Thouvenot, Olivier Bettan, Hugo Beguinet, Hugo Senet\",\"doi\":\"10.1145/3437880.3460409\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Machine Learning is a well established tool used in a variety of applications. As training advanced models requires considerable amounts of meaningful data in addition to specific knowledge, a new business model separate models creators from model users. Pre-trained models are sold or made available as a service. This raises several security challenges, among others the one of intellectual property protection. Therefore, a new research track actively seeks to provide techniques for model watermarking that would enable model identification in case of suspicion of model theft or misuse. In this paper, we focus on the problem of secure watermarks verification, which affects all of the proposed techniques and until now was barely tackled. First, we revisit the existing threat model. In particular, we explain the possible threats related to a semi-honest or dishonest verification authority. Secondly, we show how to reduce trust requirements between participants by performing the watermarks verification on encrypted data. Finally, we describe a novel secure verification protocol as well as detail its possible implementation using Multi-Party Computation. The proposed solution does not only preserve the confidentiality of the watermarks but also helps detecting evasion attacks. It could be adopted to work with other authentication schemes based on watermarking, especially with image watermarking schemes.\",\"PeriodicalId\":120300,\"journal\":{\"name\":\"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3437880.3460409\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3437880.3460409","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Protocol for Secure Verification of Watermarks Embedded into Machine Learning Models
Machine Learning is a well established tool used in a variety of applications. As training advanced models requires considerable amounts of meaningful data in addition to specific knowledge, a new business model separate models creators from model users. Pre-trained models are sold or made available as a service. This raises several security challenges, among others the one of intellectual property protection. Therefore, a new research track actively seeks to provide techniques for model watermarking that would enable model identification in case of suspicion of model theft or misuse. In this paper, we focus on the problem of secure watermarks verification, which affects all of the proposed techniques and until now was barely tackled. First, we revisit the existing threat model. In particular, we explain the possible threats related to a semi-honest or dishonest verification authority. Secondly, we show how to reduce trust requirements between participants by performing the watermarks verification on encrypted data. Finally, we describe a novel secure verification protocol as well as detail its possible implementation using Multi-Party Computation. The proposed solution does not only preserve the confidentiality of the watermarks but also helps detecting evasion attacks. It could be adopted to work with other authentication schemes based on watermarking, especially with image watermarking schemes.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
