Сryptographic IP protection for AI/ML product
Brought to the limelight, the product team behind the [REDACTED]'s application was looking for a high-profile and heavy cover for their technology. This product uses AI/ML technology that alters media data – photos and videos. The technology is based on artificial neural networks, which are heavily optimised and improved.
The [REDACTED] was striving to safeguard their unique IP and asked Cossack Labs to build ML protection technology. They got it by applying the defence in depth approach to protect their IP and sensitive parts of dataflow.
AI & ML
iOS, Android native apps
Python, Go backend
ML / TensorFlow
CCPA, GDPR, local privacy regulations
Encryption Export Regulations
Protecting unique IP (ML models) against leakage and misuse.
Soon after the launch, this highly sophisticated and powerful machine learning technology enjoyed tremendous viral growth and popularity. The team faced the need to optimise the system design under load, meanwhile, their app became an object of envy for attackers and plagiarism.
Overnight success turned into a challenge: how to secure this state-of-the-art tech without affecting the team and app performance, and stay adamant in meeting data security requirements for IP and PII. The team needed help in building specialized security defences to protect their ML models, APIs, and security coverage of the sensitive data life cycle across their apps, services, databases, and data lakes.
After careful study of companies that design security systems and work with cryptography, they asked Cossack Labs' engineers for security advisory and engineering.
IP protection system
Designed IP protection system for TensorFlow models should minimize their lifetime and make them difficult to misuse.
Security that doesn't ruin UI/UX
Security measures should be seamlessly integrated across mobile apps, API, and backend infrastructure.
Flexible cryptographic layer
Cryptographic layer should work across platforms and be easy to maintain, giving the Customer's team the necessary flexibility for improving their product.
Shotgun judgments and immediate decisions only do harm when trying to solve novel sophisticated problems. To make sure that we're focusing on issues that are of real relevance and priority to the Customer's business model, we started from risk assessment and threat modelling.
At this stage, the Customer's team got equipped with a risk analysis of their applications and infrastructure specific needs, as well as a security strategy, all allowing them to prioritize security measures.
Then, together with the app team, we've focused on incorporating security into all steps of SSDLC: designing a well-rounded set of security controls and processes that enable IP protection, PII protection, and application security.
We've designed and built defence in depth security measures focused on ML models protection against IP leakage and reverse engineering techniques.
Products and services involved
Themis, a cross-platform crypto library
Themis is a cross-platform high-level open-source cryptographic library. We used Themis as a building block for cryptographic protocol, focusing on the data flow and performance while having cryptography covered.Read more
We've built risk, threat and trust models, analysed and prioritised attack vectors, planned security controls, and assisted with implementation and verification of controls.Read more
We've designed cryptographic protocol and key management layout for ML models encryption, assisted with implementation and verification.Read more
We've recommended numerous platform-specific security controls for mobile apps, assisted in improving backend API security and designing the anti-fraud system for protection against malicious users.Read more
The designed data security solution provides a solid foundation to cover compliance requirements, as well as data privacy regulations, and is built to grow together with the project's upgrowth.