CheckNet: Secure Inference on Untrusted Devices
This addresses security concerns for users deploying neural networks on untrusted hardware, though it is incremental as it builds on existing verification concepts.
The paper tackles the problem of ensuring secure inference on untrusted devices by introducing CheckNet, a method that verifies computation integrity without specialized hardware, achieving attack detection with 0.88-0.99 AUC and negligible performance impact.
We introduce CheckNet, a method for secure inference with deep neural networks on untrusted devices. CheckNet is like a checksum for neural network inference: it verifies the integrity of the inference computation performed by untrusted devices to 1) ensure the inference has actually been performed, and 2) ensure the inference has not been manipulated by an attacker. CheckNet is completely transparent to the third party running the computation, applicable to all types of neural networks, does not require specialized hardware, adds little overhead, and has negligible impact on model performance. CheckNet can be configured to provide different levels of security depending on application needs and compute/communication budgets. We present both empirical and theoretical validation of CheckNet on multiple popular deep neural network models, showing excellent attack detection (0.88-0.99 AUC) and attack success bounds.