Skip to main content

A fully secure approach to privacy-preserving machine learning for satellite image classification

Document
Call Number
LE3 .A278 2024
Date Issued
2024
Degree Name
Master of Science
Degree Level
Masters
Degree Discipline
Affiliation
Abstract

This thesis explores the concept of a fully secure privacy-preserving machine learning image classification system for satellite images. The proposed approach combines two unique areas of research: Homomorphic Encryption (HE) and supervised Machine Learning (ML). While current state of the art research has shown high levels of accuracy when using Convolutional Neural Networks (CNN) in combination with HE, no current work is fully secure. Using homomorphic encryption adds several unique constraints, some that can be overcome and some that cannot. For example, HE only supports a limited number of mathematical operations. This restriction influences many ML algorithms, such as CNN, where certain layers are removed during the prediction stage as the math is not supported. The work presented here combines the CKKS homomorphic encryption scheme with Support Vector Machines (SVMs) to achieve a fully secure image classification system. The SVM model is trained using unencrypted images before both the images and ML model are encrypted with CKKS encryption scheme. Once fully encrypted using 128-BIT AES equivalent encryption, the data can be uploaded to the cloud for secure predictions. The ciphertext-to-ciphertext mathematics are complex, but the cloud provides immense resources allowing for efficient predictions. Preliminary results show that fully secure ciphertext-to-ciphertext image classification is possible at a rate of roughly 30,000 images per hour. At this rate, the proposed system retains an accuracy of 87%, matching the results of the unencrypted system. This demonstrates that by using CKKS homomorphic encryption and SVM machine learning it is possible to create a fully secure privacy-preserving image classification system.

Rights
The author retains copyright in this thesis. Any substantial copying or any other actions that exceed fair dealing or other exceptions in the Copyright Act require the permission of the author.
Publisher
Acadia University

Generate Citation