Neural networks protection by Senselock hardware keys
One problem we’ve solved is model’s protection in edge computing. All classic protection methods have the layer when decrypted model is availible by framework methods. For example, this one:
So, as we can see on edge device we can find decrypted model by changing some methods of open source framework.
In our projects we use hardware keys Senselock from Seculab company. We built all sources of OpenVINO toolkit as one stand-alone portable binary file, encrypted with Virbox Protector. The model encrypted too and it can be opened only by this binary. Inference can run on CPU, iGPU, VPU (Movidius) or FPGA and nobody can get or copy model.
Hardware Senselock key contains information about number of runs and license experation date. Some rarely used inference functions from OpenVINO toolkit are implemented in the key and it is very difficult to debug or hack stand-alone encrypted software kit. But for us it is very easy to protect all ready models and stop illegal copying of them. We think that it is very important to secure ready models from copying because models with high accuracy have their own value and maybe interesting for hackers as primary dataset too.
Here are Senselock keys used in our solutions:
If you have the same problem with models encryption, please contact us and we’ll help you — https://combox.io/en/
