TY - JOUR TI - HybridTEE: secure and privacy-preserving mobile DNN execution using hybrid trusted execution environment DO - https://doi.org/doi:10.7282/t3-e7j4-c004 PY - 2020 AB - Deep neural networks (DNNs) have been increasingly adopted in many mobile applications involving security/privacy sensitive data and inference models. Therefore, there is an urgent demand for security and privacy protection of DNN execution on mobile devices. Catering to this demand, hardware-based trusted execution environments (TEEs), such as ARM TrustZone, have recently been considered for secure mobile DNN execution. However, none of the existing attempts of running DNN in TrustZone have been successful due to the stringent resource and performance limitations posed by the mobile TEE. We develop HybridTEE, a novel hardware-based security framework to securely execute DNN in the resource-constrained local TEE (i.e., ARM TrustZone), by offloading a part of the DNN model to a resource-rich remote TEE (i.e., Intel SGX). The key design of HybridTEE is two-fold. First, it strategically divides the DNN model into privacy-aware local (TrustZone) and remote (SGX) partitions by employing two privacy-oriented metrics based on object recognition and Scale Invariant Feature Transform (SIFT). Second, it builds a trustworthy communication channel bridging TrustZone and SGX to enable secure offloading of the DNN model between the two TEEs. Our evaluations based on a prototype implementation of HybridTEE and 4 popular DNN models indicate enhanced security and a 1.75x - 3.5x speedup compared to mobile-only DNN execution without TEE. KW - Deep neural networks KW - Electrical and Computer Engineering LA - English ER -