DistilLock: Safeguarding LLMs from Unauthorized Knowledge Distillation on the Edge
This addresses privacy and IP leakage concerns for model owners and data owners in edge-based LLM personalization, though it is an incremental improvement over existing secure computing methods.
The paper tackles the problem of fine-tuning large language models on edge devices without compromising data privacy or model intellectual property, proposing DistilLock, a TEE-assisted framework that prevents unauthorized knowledge distillation and model-stealing attacks while maintaining computational efficiency.
Large Language Models (LLMs) have demonstrated strong performance across diverse tasks, but fine-tuning them typically relies on cloud-based, centralized infrastructures. This requires data owners to upload potentially sensitive data to external servers, raising serious privacy concerns. An alternative approach is to fine-tune LLMs directly on edge devices using local data; however, this introduces a new challenge: the model owner must transfer proprietary models to the edge, which risks intellectual property (IP) leakage. To address this dilemma, we propose DistilLock, a TEE-assisted fine-tuning framework that enables privacy-preserving knowledge distillation on the edge. In DistilLock, a proprietary foundation model is executed within a trusted execution environment (TEE) enclave on the data owner's device, acting as a secure black-box teacher. This setup preserves both data privacy and model IP by preventing direct access to model internals. Furthermore, DistilLock employs a model obfuscation mechanism to offload obfuscated weights to untrusted accelerators for efficient knowledge distillation without compromising security. We demonstrate that DistilLock prevents unauthorized knowledge distillation processes and model-stealing attacks while maintaining high computational efficiency, but offering a secure and practical solution for edge-based LLM personalization.