Deploying Convolutional Networks on Untrusted Platforms Using 2D Holographic Reduced Representations

TL;DR

This paper proposes a heuristic security method using Holographic Reduced Representations to securely deploy convolutional networks on untrusted platforms, balancing efficiency and robustness against attacks.

Contribution

It introduces a novel approach combining HRR with neural networks for fast, heuristic security, providing practical obfuscation without heavy computational costs.

Findings

Empirical robustness of the method against attacks

Efficient deployment on untrusted hardware

Comparison with provably secure protocols

Abstract

Due to the computational cost of running inference for a neural network, the need to deploy the inferential steps on a third party's compute environment or hardware is common. If the third party is not fully trusted, it is desirable to obfuscate the nature of the inputs and outputs, so that the third party can not easily determine what specific task is being performed. Provably secure protocols for leveraging an untrusted party exist but are too computational demanding to run in practice. We instead explore a different strategy of fast, heuristic security that we call Connectionist Symbolic Pseudo Secrets. By leveraging Holographic Reduced Representations (HRR), we create a neural network with a pseudo-encryption style defense that empirically shows robustness to attack, even under threat models that unrealistically favor the adversary.