Cryptographic protection of ML models

Cryptographic protection of ML models

Imagine a system that operates with ML models. These models are unique and work with user-generated content better than anyone else. For various business reasons, instead of running one large sophisticated model on the server, developers have to to run models on mobile devices (viva TensorFlow!).

The security challenge is to protect these models from leakage and massive accumulation, which leads to reverse engineering of unique IP.

This talk explains building DRM-like protection with application-level encryption using HPKE-like approach on ephemeral keys. We will discuss risks, threats, dataflow, cryptographic layer, key management and integration with traditional appsec controls for defense-in-depth approach.

Click to read slides.

Points we cover

In the end, ML models are just special files :)

Read a case-study “Сryptographic IP protection for AI-powered synthesized media app” to gather more details.

Watch ENG 📺

As soon as video is available on NoNameCon channel.

Presented at ✨

  • NoNameCon online, Ukraine, 3 September, 2021.