TU Darmstadt / ULB / TUbiblio

Privacy-preserving speech processing via STPC and TEEs

Bayerl, Sebastian P. ; Brasser, Ferdinand ; Busch, Christoph ; Frassetto, Tommaso ; Jauernig, Patrick ; Kolberg, Jascha ; Nautsch, Andreas ; Riedhammer, Korbinian ; Sadeghi, Ahmad-Reza ; Schneider, Thomas ; Stapf, Emmanuel ; Treiber, Amos ; Weinert, Christian (2019)
Privacy-preserving speech processing via STPC and TEEs.
2nd Privacy Preserving Machine Learning (PPML) - CCS 2019 Workshop. London, United Kingdom (15.11.2019-15.11.2019)
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

With the advent of mobile and smart-home devices such as Amazon Alexa or the Google Assistant providing voice-based interfaces, voice data is commonly transferred to corresponding cloud services. This is necessary to quickly and accurately perform tasks like automatic speaker verification (ASV) and speech recognition (ASR) that heavily rely on machine learning. While enabling intriguing new applications, this development also poses significant risks: Voice data is highly sensitive since it contains biometric information of the speaker as well as the spoken words. Thus, the security and privacy of billions of end-users is at stake if voice data is not protected properly. When developing privacy-preserving solutions to mitigate such risks, it is also important to keep in mind that the involved machine learning models represent intellectual property of the service providers and therefore must not be revealed to users. The contribution of our work is three-fold: First, we present an efficient architecture for privacy-preserving ASV via outsourced secure two-party computation (STPC). Compared to existing solutions based on homomorphic encryption (HE), the verification process is 4,000x faster, while retaining a high verification accuracy and guaranteeing unlinkability, irreversibility, and renewability of stored biometric data. Since cryptographic secure computation protocols currently do not scale to more involved tasks like ASR, we then present VoiceGuard, an architecture that efficiently protects speech processing inside a trusted execution environment (TEE). We provide a proof-of-concept implementation and evaluate it on speech recognition tasks isolated with Intel SGX, a widely available TEE implementation, demonstrating even real time processing capabilities. Finally, we present Offline Model Guard (OMG) to enable privacy- preserving speech processing on the predominant mobile computing platform ARM even in offline scenarios. Beyond relying on the Intel SGX equivalent ARM TrustZone, we employ the security architecture SANCTUARY (NDSS'19) for strict hardware-enforced isolation from all other system components. Our prototype implementation performs privacy-preserving keyword recognition using TensorFlow Lite in real time.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2019
Autor(en): Bayerl, Sebastian P. ; Brasser, Ferdinand ; Busch, Christoph ; Frassetto, Tommaso ; Jauernig, Patrick ; Kolberg, Jascha ; Nautsch, Andreas ; Riedhammer, Korbinian ; Sadeghi, Ahmad-Reza ; Schneider, Thomas ; Stapf, Emmanuel ; Treiber, Amos ; Weinert, Christian
Art des Eintrags: Bibliographie
Titel: Privacy-preserving speech processing via STPC and TEEs
Sprache: Englisch
Publikationsjahr: 16 November 2019
Veranstaltungstitel: 2nd Privacy Preserving Machine Learning (PPML) - CCS 2019 Workshop
Veranstaltungsort: London, United Kingdom
Veranstaltungsdatum: 15.11.2019-15.11.2019
Kurzbeschreibung (Abstract):

With the advent of mobile and smart-home devices such as Amazon Alexa or the Google Assistant providing voice-based interfaces, voice data is commonly transferred to corresponding cloud services. This is necessary to quickly and accurately perform tasks like automatic speaker verification (ASV) and speech recognition (ASR) that heavily rely on machine learning. While enabling intriguing new applications, this development also poses significant risks: Voice data is highly sensitive since it contains biometric information of the speaker as well as the spoken words. Thus, the security and privacy of billions of end-users is at stake if voice data is not protected properly. When developing privacy-preserving solutions to mitigate such risks, it is also important to keep in mind that the involved machine learning models represent intellectual property of the service providers and therefore must not be revealed to users. The contribution of our work is three-fold: First, we present an efficient architecture for privacy-preserving ASV via outsourced secure two-party computation (STPC). Compared to existing solutions based on homomorphic encryption (HE), the verification process is 4,000x faster, while retaining a high verification accuracy and guaranteeing unlinkability, irreversibility, and renewability of stored biometric data. Since cryptographic secure computation protocols currently do not scale to more involved tasks like ASR, we then present VoiceGuard, an architecture that efficiently protects speech processing inside a trusted execution environment (TEE). We provide a proof-of-concept implementation and evaluate it on speech recognition tasks isolated with Intel SGX, a widely available TEE implementation, demonstrating even real time processing capabilities. Finally, we present Offline Model Guard (OMG) to enable privacy- preserving speech processing on the predominant mobile computing platform ARM even in offline scenarios. Beyond relying on the Intel SGX equivalent ARM TrustZone, we employ the security architecture SANCTUARY (NDSS'19) for strict hardware-enforced isolation from all other system components. Our prototype implementation performs privacy-preserving keyword recognition using TensorFlow Lite in real time.

Freie Schlagworte: Primitives, P3, Solutions, S2, Engineering, E4
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Praktische Kryptographie und Privatheit
20 Fachbereich Informatik > Systemsicherheit
DFG-Sonderforschungsbereiche (inkl. Transregio)
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche
DFG-Graduiertenkollegs
DFG-Graduiertenkollegs > Graduiertenkolleg 2050 Privacy and Trust for Mobile Users
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen
Hinterlegungsdatum: 14 Aug 2019 05:20
Letzte Änderung: 06 Aug 2024 08:56
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen