Joseph O'Neill - Thesis Defence

A Fully Secure Approach to Privacy-Preserving Machine Learning for Satellite Image Classification

MSc COMP SCI Candidate: Joseph O’Neill

24 June 2024
Carnegie Hall, Room 410
10:00 AM

Thesis Committee:
Dr. Lydia Bouzar-Benlabiod, Supervisor
Dr. Moulay Akhloufi, U of Moncton, External Examiner
Dr. Andrew McIntyre, Internal Examiner
Dr. Jessica Slights, Chair of the defence

Abstract

This thesis explores the concept of a fully secure privacy-preserving machine learning image classification system for satellite images. The proposed approach combines two unique areas of research: Homomorphic Encryption (HE) and supervised Machine Learning (ML). While current state of the art research has shown high levels of accuracy when using Convolutional Neural Networks (CNN) in combination with HE, no current work is fully secure. Using homomorphic encryption adds several unique constraints, some that can be overcome and some that cannot. For example, HE only supports a limited number of mathematical operations. This restriction influences many ML algorithms, such as CNN, where certain layers are removed during the prediction stage as the math is not supported. The work presented here combines the CKKS homomorphic encryption scheme with Support Vector Machines (SVMs) to achieve a fully secure image classification system. The SVM model is trained using unencrypted images before both the images and ML model are encrypted with CKKS encryption scheme. Once fully encrypted using 128-BIT AES equivalent encryption, the data can be uploaded to the cloud for secure predictions. The ciphertext-to-ciphertext mathematics are complex, but the cloud provides immense resources allowing for efficient predictions. Preliminary results show that fully secure ciphertext-to-ciphertext image classification is possible at a rate of roughly 30,000 images per hour. At this rate, the proposed system retains an accuracy of 87%, matching the results of the unencrypted system. This demonstrates that by using CKKS homomorphic encryption and SVM machine learning it is possible to create a fully secure privacy-preserving image classification system.

About Joseph …

Joseph O'Neill graduated from Acadia University in 2009 with a Bachelor of Computer Science and has since spent 15 years in industry. During his tenure at Acadia, Joseph was involved in the Computer Science Society as President for two years running. Since that time Joseph has completed the requirements for his Masters of Science in Computer Science at Acadia University and will be defending his Masters Thesis on June 24, 2024. Joseph focused his Masters research on Cyber Security and Artificial Intelligence, specifically focusing on a fully secure approach to machine learning on the cloud. His work has resulted in an accepted conference poster and extended abstract at the 37th Canadian Artificial Intelligence Conference in May 2024 and has landed him a PHD Fellowship Offer with Dr. Nur Zincir-Heywood at Dalhousie University.

Go back