APSIPA Transactions on Signal and Information Processing > Vol 11 > Issue 1

Access Control of Semantic Segmentation Models Using Encrypted Feature Maps

Hiroki Ito, Department of Computer Science, Tokyo Metropolitan University, Japan, MaungMaung AprilPyone, Department of Computer Science, Tokyo Metropolitan University, Japan, Sayaka Shiota, Department of Computer Science, Tokyo Metropolitan University, Japan, Hitoshi Kiya, Department of Computer Science, Tokyo Metropolitan University, Japan, kiya@tmu.ac.jp
 
Suggested Citation
Hiroki Ito, MaungMaung AprilPyone, Sayaka Shiota and Hitoshi Kiya (2022), "Access Control of Semantic Segmentation Models Using Encrypted Feature Maps", APSIPA Transactions on Signal and Information Processing: Vol. 11: No. 1, e24. http://dx.doi.org/10.1561/116.00000013

Publication Date: 10 Aug 2022
© 2022 H. Ito, M. AprilPyone, S. Shiota and H. Kiya
 
Subjects
 
Keywords
Access controldeep learningsemantic segmentationmodel protection
 

Share

Open Access

This is published under the terms of CC BY-NC.

Downloaded: 106 times

In this article:
Introduction 
Related Work 
Access Control with Encrypted Feature Maps 
Experimental Results 
Conclusion and Future Work 
References 

Abstract

In this paper, we propose an access control method with a secret key for semantic segmentation models for the first time so that unauthorized users without a secret key cannot benefit from the performance of trained models. The method enables us not only to provide a high segmentation performance to authorized users, but also to degrade the performance for unauthorized users. We first point out that, for the application of semantic segmentation, conventional access control methods which use encrypted images for classification tasks are not directly applicable due to performance degradation. Accordingly, in this paper, selected feature maps are encrypted with a secret key for training and testing models, instead of input images. In an experiment, the protected models allowed authorized users to obtain almost the same performance as that of non-protected models but also with robustness against unauthorized access without a key.

DOI:10.1561/116.00000013