Matomo

Cryptographic IP protection for AI/ML product | Cossack Labs

🇺🇦 We stand with Ukraine, and we stand for Ukraine. We offer free assessment and mitigation services to improve Ukrainian companies security resilience.

Case ML & TensorFlow B2C app DEC 2020 - JUNE 2021

Cryptographic IP protection for AI/ML product

Industry

  • AI/ML

  • Media

Technology stack

  • iOS native, Android apps

  • GCP

  • Python, Go backend

  • ML / TensorFlow

Regulations

  • CCPA, GDPR, local privacy regulations

  • Encryption Export Regulations

Challenges

Technology requirements

IP protection system

Security that doesn't ruin UI/UX

Flexible cryptographic layer

Our approach

Security as business value

Risk analysis

Moving hand in hand with dev team

Solution

Additional relevant materials

Products and services involved

Themis, <span class="font-normal">a cross-platform crypto library</span>

Themis, a cross-platform crypto library

Themis is a cross-platform high-level open-source cryptographic library. We used Themis as a building block for cryptographic protocol, focusing on the data flow and performance while having cryptography covered.

Read more
Security advisory

Security advisory

We've built risk, threat and trust models, analysed and prioritised attack vectors, planned security controls, and assisted with implementation and verification of controls.

Read more
Cryptography engineering

Cryptography engineering

We've designed cryptographic protocol and key management layout for ML models encryption, assisted with implementation and verification.

Read more
Security engineering

Security engineering

We've recommended numerous platform-specific security controls for mobile apps, assisted in improving backend API security and designing the anti-fraud system for protection against malicious users.

Read more

Benefits

The designed data security solution allowed to prevent stealing and misusing ML models (unique business IP) and lower operational costs by preventing malicious users from abusing the API and paid functionality.

Results and outcomes

Developers should not struggle with security

It's possible to build secure and usable systems without frustrating developers on each step. Introducing a data security layer is more than just deploying a docker container; it's shifting the engineering culture inside the company. Talk to us if you are looking to take your data security to the next level.

Contact us

Get whitepaper

Thank you!
We’ve received your request and will respond soon.