A More Secure Split: Enhancing the Security of Privacy-Preserving Split Learning

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Abstract

Split learning (SL) is a new collaborative learning technique that allows participants, e.g. a client and a server, to train machine learning models without the client sharing raw data. In this setting, the client initially applies its part of the machine learning model on the raw data to generate Activation Maps (AMs) and then sends them to the server to continue the training process. Previous works in the field demonstrated that reconstructing AMs could result in privacy leakage of client data. In addition to that, existing mitigation techniques that overcome the privacy leakage of SL prove to be significantly worse in terms of accuracy. In this paper, we improve upon previous works by constructing a protocol based on U-shaped SL that can operate on homomorphically encrypted data. More precisely, in our approach, the client applies homomorphic encryption on the AMs before sending them to the server, thus protecting user privacy. This is an important improvement that reduces privacy leakage in comparison to other SL-based works. Finally, our results show that, with the optimum set of parameters, training with HE data in the U-shaped SL setting only reduces accuracy by 2.65% compared to training on plaintext. In addition, raw training data privacy is preserved.
Original languageEnglish
Title of host publicationSecure IT Systems
Subtitle of host publication28th Nordic Conference, NordSec 2023, Oslo, Norway, November 16–17, 2023, Proceedings
EditorsLothar Fritsch, Ismail Hassan, Ebenezer Paintsil
Place of PublicationCham
PublisherSpringer
Pages307-329
Number of pages23
ISBN (Print)978-3-031-47748-5
DOIs
Publication statusPublished - 2024
Publication typeA4 Article in conference proceedings
EventNordic Conference on Secure IT Systems - NordSec - Oslo, Norway
Duration: 16 Nov 202317 Nov 2023

Publication series

NameLecture Notes in Computer Science
Volume14324
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceNordic Conference on Secure IT Systems - NordSec
Country/TerritoryNorway
CityOslo
Period16/11/2317/11/23

Publication forum classification

  • Publication forum level 1

Fingerprint

Dive into the research topics of 'A More Secure Split: Enhancing the Security of Privacy-Preserving Split Learning'. Together they form a unique fingerprint.

Cite this