OFFLINE MODEL GUARD: Secure and Private ML on Mobile Devices

Sebastian P. Bayerl1,a, Tommaso Frassetto2,c, Patrick Jauernig2,d, Korbinian Riedhammer1,b, Ahmad-Reza Sadeghi2,e, Thomas Schneider2,f, Emmanuel Stapf2,g and Christian Weinert2,h

1Technische Hochschule Nürnberg, Germany
asebastian.bayerl@th-nuernberg.de
bkorbinian.riedhammer@th-nuernberg.de
2Technische Universität Darmstadt, Germany
ctommaso.frassetto@trust.tu-darmstadt.de
dpatrick.jauernig@trust.tu-darmstadt.de
eahmad.sadeghi@trust.tu-darmstadt.de
femmanuel.stapf@trust.tu-darmstadt.de
gschneider@encrypto.cs.tu-darmstadt.de
hweinert@encrypto.cs.tu-darmstadt.de

ABSTRACT

Performing machine learning tasks in mobile applications yields a challenging conflict of interest: highly sensitive client information (e.g., speech data) should remain private while also the intellectual property of service providers (e.g., model parameters) must be protected. Cryptographic techniques offer secure solutions for this, but have an unacceptable overhead and moreover require frequent network interaction. In this work, we design a practically efficient hardware-based solution. Specifically, we build OFFLINE MODEL GUARD (OMG) to enable privacy-preserving machine learning on the predominant mobile computing platform ARM—even in offline scenarios. By leveraging a trusted execution environment for strict hardware-enforced isolation from other system components, OMG guarantees privacy of client data, secrecy of provided models, and integrity of processing algorithms. Our prototype implementation on an ARM HiKey 960 development board performs privacy-preserving keyword recognition using TensorFlow Lite for Microcontrollers in real time.

Keywords: TEE, TrustZone, Private ML, Speech processing



Full Text (PDF)