Attacking and Protecting Data Privacy in Edge-Cloud Collaborative Inference Systems

Zecheng He; Tianwei Zhang; Ruby B. Lee

doi:10.1109/JIOT.2020.3022358

Attacking and Protecting Data Privacy in Edge-Cloud Collaborative Inference Systems

Zecheng He, Tianwei Zhang, Ruby B. Lee

Research output: Contribution to journal › Article › peer-review

25 Scopus citations

Abstract

Benefiting from the advance of deep learning (DL) technology, Internet-of-Things (IoT) devices and systems are becoming more intelligent and multifunctional. They are expected to run various DL inference tasks with high efficiency and performance. This requirement is challenged by the mismatch between the limited computing capability of edge devices and large-scale deep neural networks. Edge-cloud collaborative systems are then introduced to mitigate this conflict, enabling resource-constrained IoT devices to host arbitrary DL applications. However, the introduction of third-party clouds can bring potential privacy issues to edge computing. In this article, we conduct a systematic study about the opportunities of attacking and protecting the privacy of edge-cloud collaborative systems. Our contributions are twofold: 1) we first devise a set of new attacks for an untrusted cloud to recover arbitrary inputs fed into the system, even if the attacker has no access to the edge device's data or computations, or permissions to query this system and 2) we empirically demonstrate that solutions that add noise fail to defeat our proposed attacks, and then propose two more effective defense methods. This provides insights and guidelines to develop more privacy-preserving collaborative systems and algorithms.

Original language	English (US)
Article number	9187880
Pages (from-to)	9706-9716
Number of pages	11
Journal	IEEE Internet of Things Journal
Volume	8
Issue number	12
DOIs	https://doi.org/10.1109/JIOT.2020.3022358
State	Published - Jun 15 2021

All Science Journal Classification (ASJC) codes

Signal Processing
Information Systems
Hardware and Architecture
Computer Science Applications
Computer Networks and Communications

Keywords

Artificial intelligence
collaborative inference
edge-cloud computing
security and privacy

Access to Document

10.1109/JIOT.2020.3022358

Cite this

@article{3a0e0b98ed144370bb59dc7fb59ceaec,

title = "Attacking and Protecting Data Privacy in Edge-Cloud Collaborative Inference Systems",

abstract = "Benefiting from the advance of deep learning (DL) technology, Internet-of-Things (IoT) devices and systems are becoming more intelligent and multifunctional. They are expected to run various DL inference tasks with high efficiency and performance. This requirement is challenged by the mismatch between the limited computing capability of edge devices and large-scale deep neural networks. Edge-cloud collaborative systems are then introduced to mitigate this conflict, enabling resource-constrained IoT devices to host arbitrary DL applications. However, the introduction of third-party clouds can bring potential privacy issues to edge computing. In this article, we conduct a systematic study about the opportunities of attacking and protecting the privacy of edge-cloud collaborative systems. Our contributions are twofold: 1) we first devise a set of new attacks for an untrusted cloud to recover arbitrary inputs fed into the system, even if the attacker has no access to the edge device's data or computations, or permissions to query this system and 2) we empirically demonstrate that solutions that add noise fail to defeat our proposed attacks, and then propose two more effective defense methods. This provides insights and guidelines to develop more privacy-preserving collaborative systems and algorithms. ",

keywords = "Artificial intelligence, collaborative inference, edge-cloud computing, security and privacy",

author = "Zecheng He and Tianwei Zhang and Lee, {Ruby B.}",

note = "Funding Information: Manuscript received May 18, 2020; revised July 18, 2020; accepted August 20, 2020. Date of publication September 8, 2020; date of current version June 7, 2021. This work was supported in part by NSF STARSS under Grant 1526493, and in part by a research gift from Siemens. The work of Tianwei Zhang was supported by Singapore MoE AcRF Tier1 under Grant RS02/19. The work of Ruby B. Lee was supported by the Qualcomm Faculty Award. This article was presented in part at the 35th Annual Computer Security Applications Conference (ACSAC{\textquoteright}19), San Juan, PR, USA, Dec. 2019. (Corresponding author: Ruby B. Lee.) Zecheng He and Ruby B. Lee are with the Department of Electrical Engineering, Princeton University, Princeton, NJ 08540 USA (e-mail: zechengh@princeton.edu; rblee@princeton.edu). Publisher Copyright: {\textcopyright} 2014 IEEE.",

year = "2021",

month = jun,

day = "15",

doi = "10.1109/JIOT.2020.3022358",

language = "English (US)",

volume = "8",

pages = "9706--9716",

journal = "IEEE Internet of Things Journal",

issn = "2327-4662",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "12",

}

TY - JOUR

T1 - Attacking and Protecting Data Privacy in Edge-Cloud Collaborative Inference Systems

AU - He, Zecheng

AU - Zhang, Tianwei

AU - Lee, Ruby B.

N1 - Funding Information: Manuscript received May 18, 2020; revised July 18, 2020; accepted August 20, 2020. Date of publication September 8, 2020; date of current version June 7, 2021. This work was supported in part by NSF STARSS under Grant 1526493, and in part by a research gift from Siemens. The work of Tianwei Zhang was supported by Singapore MoE AcRF Tier1 under Grant RS02/19. The work of Ruby B. Lee was supported by the Qualcomm Faculty Award. This article was presented in part at the 35th Annual Computer Security Applications Conference (ACSAC’19), San Juan, PR, USA, Dec. 2019. (Corresponding author: Ruby B. Lee.) Zecheng He and Ruby B. Lee are with the Department of Electrical Engineering, Princeton University, Princeton, NJ 08540 USA (e-mail: zechengh@princeton.edu; rblee@princeton.edu). Publisher Copyright: © 2014 IEEE.

PY - 2021/6/15

Y1 - 2021/6/15

N2 - Benefiting from the advance of deep learning (DL) technology, Internet-of-Things (IoT) devices and systems are becoming more intelligent and multifunctional. They are expected to run various DL inference tasks with high efficiency and performance. This requirement is challenged by the mismatch between the limited computing capability of edge devices and large-scale deep neural networks. Edge-cloud collaborative systems are then introduced to mitigate this conflict, enabling resource-constrained IoT devices to host arbitrary DL applications. However, the introduction of third-party clouds can bring potential privacy issues to edge computing. In this article, we conduct a systematic study about the opportunities of attacking and protecting the privacy of edge-cloud collaborative systems. Our contributions are twofold: 1) we first devise a set of new attacks for an untrusted cloud to recover arbitrary inputs fed into the system, even if the attacker has no access to the edge device's data or computations, or permissions to query this system and 2) we empirically demonstrate that solutions that add noise fail to defeat our proposed attacks, and then propose two more effective defense methods. This provides insights and guidelines to develop more privacy-preserving collaborative systems and algorithms.

AB - Benefiting from the advance of deep learning (DL) technology, Internet-of-Things (IoT) devices and systems are becoming more intelligent and multifunctional. They are expected to run various DL inference tasks with high efficiency and performance. This requirement is challenged by the mismatch between the limited computing capability of edge devices and large-scale deep neural networks. Edge-cloud collaborative systems are then introduced to mitigate this conflict, enabling resource-constrained IoT devices to host arbitrary DL applications. However, the introduction of third-party clouds can bring potential privacy issues to edge computing. In this article, we conduct a systematic study about the opportunities of attacking and protecting the privacy of edge-cloud collaborative systems. Our contributions are twofold: 1) we first devise a set of new attacks for an untrusted cloud to recover arbitrary inputs fed into the system, even if the attacker has no access to the edge device's data or computations, or permissions to query this system and 2) we empirically demonstrate that solutions that add noise fail to defeat our proposed attacks, and then propose two more effective defense methods. This provides insights and guidelines to develop more privacy-preserving collaborative systems and algorithms.

KW - Artificial intelligence

KW - collaborative inference

KW - edge-cloud computing

KW - security and privacy

UR - http://www.scopus.com/inward/record.url?scp=85107490061&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85107490061&partnerID=8YFLogxK

U2 - 10.1109/JIOT.2020.3022358

DO - 10.1109/JIOT.2020.3022358

M3 - Article

AN - SCOPUS:85107490061

SN - 2327-4662

VL - 8

SP - 9706

EP - 9716

JO - IEEE Internet of Things Journal

JF - IEEE Internet of Things Journal

IS - 12

M1 - 9187880

ER -

Attacking and Protecting Data Privacy in Edge-Cloud Collaborative Inference Systems

Abstract

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this