As the use of machine learning and cloud platform to upload private data rises across industries, so are concerns about the security of such data. Researchers at the Massachusetts Institute of Technology are developing a solution to address this problem.
To understand the problem better, consider this example: A hospital uses a neural network–the algorithms that many people think of when they hear machine learning—to upload data such as medical scans, but the fear of a security breach keeps it from doing so. And the methods available to protect such data make the neural network sluggish and jacks up costs.
Like the hospital cited above, most small companies would want to upload their data, run it through neural networks and get artificial intelligence for their specific needs. But the threat of data breaches and high cost make it difficult.
Now, a solution to the security problem without compromising the speed of machine learning seems to be at hand. MIT researchers have now come up with a security solution that does not dramatically compromise the speed of neural networks used for medical-image analysis and other applications.
Gazelle, as it’s called, works on a combination of two techniques -- homomorphic encryption and garbled circuits.
It ensures that the cloud server where the neural network lives in never gets to understand any uploaded data, and the user at the other end never learns anything about the parameters of the neural network. Gazelle runs 20 to 30 times faster than traditional systems, as well as greatly reduces the required network bandwidth.
“The next step is to take real medical data and show that, even when we scale it up for applications real users care about, it still provides acceptable performance,” Chiraag Juvekar, a PhD student, said.
In Gazelle, the MIT team combined the two encryption techniques -- homomorphic encryption and garbled circuits -- to weed out their individual inefficiencies.
Homomorphic encryption is used to operate on encrypted data without decrypting it. However, when the technique is applied to a neural network, it starts accumulating noise (inefficiencies), resulting in a slowdown.
Garbled circuits are a form of secure two-party computation. It works well in nonlinear layers, where computation is minimal, but the bandwidth becomes unwieldy in math-heavy linear layers.
Under Gazelle, the MIT team bypassed the inefficiencies of both by sharing the computation workload best handled by each system. “We’re only using the techniques for where they’re most efficient,” Juvekar said.