597 research outputs found
DeepMarks: A Digital Fingerprinting Framework for Deep Neural Networks
This paper proposes DeepMarks, a novel end-to-end framework for systematic
fingerprinting in the context of Deep Learning (DL). Remarkable progress has
been made in the area of deep learning. Sharing the trained DL models has
become a trend that is ubiquitous in various fields ranging from biomedical
diagnosis to stock prediction. As the availability and popularity of
pre-trained models are increasing, it is critical to protect the Intellectual
Property (IP) of the model owner. DeepMarks introduces the first fingerprinting
methodology that enables the model owner to embed unique fingerprints within
the parameters (weights) of her model and later identify undesired usages of
her distributed models. The proposed framework embeds the fingerprints in the
Probability Density Function (pdf) of trainable weights by leveraging the extra
capacity available in contemporary DL models. DeepMarks is robust against
fingerprints collusion as well as network transformation attacks, including
model compression and model fine-tuning. Extensive proof-of-concept evaluations
on MNIST and CIFAR10 datasets, as well as a wide variety of deep neural
networks architectures such as Wide Residual Networks (WRNs) and Convolutional
Neural Networks (CNNs), corroborate the effectiveness and robustness of
DeepMarks framework
Lime: Data Lineage in the Malicious Environment
Intentional or unintentional leakage of confidential data is undoubtedly one
of the most severe security threats that organizations face in the digital era.
The threat now extends to our personal lives: a plethora of personal
information is available to social networks and smartphone providers and is
indirectly transferred to untrustworthy third party and fourth party
applications.
In this work, we present a generic data lineage framework LIME for data flow
across multiple entities that take two characteristic, principal roles (i.e.,
owner and consumer). We define the exact security guarantees required by such a
data lineage mechanism toward identification of a guilty entity, and identify
the simplifying non repudiation and honesty assumptions. We then develop and
analyze a novel accountable data transfer protocol between two entities within
a malicious environment by building upon oblivious transfer, robust
watermarking, and signature primitives. Finally, we perform an experimental
evaluation to demonstrate the practicality of our protocol
Contributions to Identity-Based Broadcast Encryption and Its Anonymity
Broadcast encryption was introduced to improve the efficiency of encryption when a message should be sent to or shared with a group of users. Only the legitimate users chosen in the encryption phase are able to retrieve the message. The primary challenge in construction a broadcast encryption scheme is to achieve collusion resistance such that the unchosen users learn nothing about the content of the encrypted message even they collude
Tardos fingerprinting is better than we thought
We review the fingerprinting scheme by Tardos and show that it has a much
better performance than suggested by the proofs in Tardos' original paper. In
particular, the length of the codewords can be significantly reduced.
First we generalize the proofs of the false positive and false negative error
probabilities with the following modifications: (1) we replace Tardos'
hard-coded numbers by variables and (2) we allow for independently chosen false
positive and false negative error rates. It turns out that all the
collusion-resistance properties can still be proven when the code length is
reduced by a factor of more than 2.
Second, we study the statistical properties of the fingerprinting scheme, in
particular the average and variance of the accusations. We identify which
colluder strategy forces the content owner to employ the longest code. Using a
gaussian approximation for the probability density functions of the
accusations, we show that the required false negative and false positive error
rate can be achieved with codes that are a factor 2 shorter than required for
rigid proofs.
Combining the results of these two approaches, we show that the Tardos scheme
can be used with a code length approximately 5 times shorter than in the
original construction.Comment: Modified presentation of result
- …