This article has been accepted for publication in a future issue of this journal, but has not been

fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.
Digital Object Identifier 10.1109/ACCESS.2021.Doi Number

Enhanced security in cloud computing using

Neural Network and Encryption
Muhammad Usman Sana1, Zhanli Li1, Fawad Javaid2, Hannan Bin Liaqat3, and Muhammad
Usman Ali4
1
College of Computer Science and Technology, Xi’an University of Science and Technology, Xi’an, Shaanxi, China
2
Department of Communication and Information Engineering, Xi’an University of Science and Technology, Xi’an, Shaanxi, China
3
Department of Information Technology, University of Gujrat, Gujrat, Punjab, Pakistan
4
Department of Computer Science, University of Gujrat, Gujrat, Punjab, Pakistan

Corresponding Author: Muhammad Usman Sana ([email protected] )

This Work is supported by the Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2019JM-348).

ABSTRACT In the last five years, demand for cloud computing among businesses and individual users is increasing
immensely because of numerous reasons including, improved productivity, efficiency and speed, cost savings, performance,
and most importantly security. Machine learning techniques are making progress in a variety of domains of cloud computing
to resolve security concerns and manage data efficiently. In cloud security, a relatively novel approach is Artificial Neural
Networks (ANN). We propose a new security design using neural network and encryption to confirm a safe communication
system in the cloud environment, by letting the third parties access the information in an encrypted form without disclosing
the data of the provider party to secure important information. We recommend a solution based on fully homomorphic
encryption (FHE) to handle sensitive information without revealing the original data. The encryption technique we
considered is matrix operation-based randomization and encipherment (MORE), which allows the computations to be
performed directly on floating-point data within a neural network with a minor computational overhead. In this paper, we
examined the speech and voice recognition problem and the performance of the proposed method has been validated in
MATLAB simulation. Results showed that applying neural network training with MORE improved accuracy, runtime, and
performance. These results highlight the potential of the proposed neural network and encryption technique to protect the
privacy and providing high accuracy in a reasonable period when compared to other state of the art techniques.

INDEX TERMS Ciphertext, Cloud Computing, Homomorphic Encryption, Matrix operation-based

randomization and encryption, Neural Network.

I. INTRODUCTION experiences. To provide more practicality on current cloud

The current advancement in cloud computing has computing platforms artificial intelligence tools are being
significantly changed everyone’s perspective on used. Software-as-a-service providers are applying machine
development models, software delivery, and infrastructure learning tools to bigger software groups to provide greater
architectures. Some of the main advantages of using a cloud productivity and functionality to end-users [2]. The brain is
environment are the availability of resources, cost an ideal example that basically learns with experiences. The
reduction, and storage flexibility. Despite these gains cloud neural structure of the brain is the inspiration behind the
computing also has certain issues, and the most important ANN. After the natural procedure of thinking has been
one is security. Cloud adopts all security problems of its studied in biological research, it was revealed that the brain
modules because of its complex framework. ANN are a saves information in the form of complex patterns. A new
new technique in cloud that is applied mainly in the research field in computer science is arises based on the
detection of intrusion in security [1]. Machine learning is a methods which result in keeping the data as patterns.
subdivision of artificial intelligence. Artificial intelligence Nowadays large parallel networks are required to be created
with cloud computing is the association of the cloud which then are trained when a particular problem needs to
computing environments with machine learning abilities of be solved [3].
artificial intelligence to make instinctive and connected

VOLUME XX, 2021 1

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

Recent developments in neural networks have achieved added in the encryption process. When applying only
amazing success in a variety of applications, including, encryption and decryption processes this is not much of a
language representation, image classification, etc. This concern because by scaling the message by suitable element
progress is enabled with the accessibility of large and the error can be removed without difficulty [7].
representative datasets to be trained by neural networks. In recent years, great effort has been made to develop a
These datasets are usually from several sources and may variety of privacy protection techniques that can bridge the
contain sensitive information. This requires a technology gap between data privacy and utility. Among these
that meets the needs of an application which provides good approaches, numerous machine learning-based techniques
and strict privacy assurance. In the past machine learning are starting to grow rapidly, including HE that secures
methods and advanced privacy mechanisms are combined multi-terminal computing, and gap privacy. This
to train neural networks with an affordable security budget. technology guarantees data privacy while allowing data to
This may achieve good results in convex models with be outsourced to commercialized cloud computing systems
smaller parameters or dealing with non-convex targets, for processing, all despite the fact that the data is encrypted.
multiple layers, and models with tens to millions of While this technology shows encouraging results, but their
parameters but in complex neural networks, they can only use in modern machine learning applications is still limited
be processed with huge loss of privacy [4] With strong since it relies heavily on specialized and dedicated user-
computational supremacy and the ability to resolve large server applications to achieve accurate function. Also,
datasets, Artificial Neural Networks in machine learning is among these technologies, there is always an exchange
the most widely used model and is continuing to evolve. between privacy and performance, as each technology has
[5]. certain advantages and disadvantages.
Homomorphic encryption is an encryption method that Much has been accomplished in Neural Networks in
without compromising the encryption enables to make recent years. It has succeeded in speech recognition, natural
computations over encoded data. Traditional encryption language processing, and image classification. Several
systems rely on sharing keys between peers involved in efforts have also been made to solve the issue of data
swapping encoded messages. However, these techniques do privacy in deep learning. In this paper, we proposed an
raise confidentiality concerns. The user or deal provider that improved type of encoding technique that allows us to
owns the key has limited rights to the data. Especially when encrypt data as it is being processed. Therefore, we aim to
using the general cloud service station, the user loses maintain the confidentiality of the data by permitting third
control over the secrecy of important data. If the key is not parties to access the information in an encrypted form
public, the encoded information will be public with third without disclosing the basic data. We explain the following
parties but the owner does not want them to access the research questions through our results:
details. In addition, members of staff serving, suppliers, and
workers will be able to retain the selected user items for a  How do we use homomorphic encryption for data
long time even after the users cut their relationship with alteration in the cloud?
untrusted cloud services. Homomorphic Encryption (HE) is  How to Encode Plain Text with Matrix operation-
a proprietary encrypted pattern that can solve this problem based Randomization and encipherment (MORE)?
as it permits the third parties to work with the encoded data  What is the ANN process of enhancing security?
without decoding the encrypted data first. Although this
useful HE plan feature has been around for more than a  What are the security models included in ANN
decade, Craig Gentry launched the first fully-achievable over encryption?
encryption scheme known as fully Homomorphic The contribution of this research is an understanding of
Encryption (FHE) in 2009 to be implemented on encoded how machine learning or deep learning methods and tools
data. This is a huge achievement, but there are other help to create a secure security system with encryption of
advanced programs so far that indicate that FHE still needs user data. To export sensitive data without violating
major improvements to be applicable to all platforms [6]. confidentiality, we need to encrypt the data anonymously.
The MORE scheme plans to perform a random set of The use of anonymous encrypted data limits the ability of
techniques directly on the encoded information without neural networks to elicit valuable information and insights
disclosing basic data or encryption keys. This feature is from that data. In this research, we examine how we use a
especially useful in the perspective of deep learning method based on Homomorphic Encoding to address the
explanations because it guarantees that the data limitations and to maintain confidentiality. We find the
confidentiality and forecasts are preserved while the data is solution that how the proposed method improving the
being processed. The main cause of the ineffectiveness of efficiency of the cryptographic model in real-world
the FHE scheme is the reality that these encryption schemes applications and also explain how to perform neural
are based on matrix problems that are integrally blaring: for network prediction on encoded data as it is a non-linear
example, encrypting the integer message and then model of machine learning with big modular capability.
decryption function is applying this give an alarming The key purpose of this study is to create a cloud-based
message for security purposes with a minor error term "safe" structure for storing data on a cloud platform, to

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

spread new security ideas in the future for cloud setup and design, a secure prediction scheme DELPHI that allows
data migration in the virtual world. The biggest problem performing neural network inference between two parties
with implementing this solution is the fact that the without disclosing the data of both parties. By
activation function commonly used in neural networks is instantaneously co-designing machine learning and
not polynomial. They contain linear sigmoidal functions. In cryptography DELPHI solved the problem. The authors
this paper, we provide detailed information about the neural proposed a hybrid cryptographic procedure that improves
network model developed for the application under study, upon the computation and communication costs as compare
also show their runtime performance and model accuracy to previous work. They also provide developer neural
results. network structure configurations that show the improved
accuracy and performance of this proposed hybrid
II. LITERATURE REVIEW procedure.
Schemes based on HE in neural networks have been Chameleon, an innovative hybrid (mixed-protocol)
proposed to solve the problem of nonlinear activation architecture was presented [10] for secure function
functions by establishing a shared protocol between data evaluation that without revealing their private inputs allows
holders and model vendors. In short, every nonlinear two parties to mutually compute a function. Chameleon
transformation is estimated by the data owner. The model combines additive secret sharing with the finest
sends input to the nonlinear transformation in encrypted characteristics of standard secure function evaluation
form, then decrypts the data of the owner, applies the procedures. Specifically, the architecture implements linear
conversion, encrypts the result, and sends it again. operations by using additively secret shared values in the
Unfortunately, these interactions involve a lot of response ring and using the Goldreich-Micali-Wigderson and Yao's
time and add difficulties for the owner of the data, which is Garbled Circuits protocols for nonlinear operations.
arbitrary. Also, information about the model is leaked. In the cloud when information is transferred over the
Consequently, to alleviate this problem, security internet, retaining its security is the main issue. Therefore,
mechanisms such as arbitrary execution orders have been data stored also needs security employing standard
introduced. On the contrary, the presented process does not encryption methods in the cloud. On the contrary, in
require complex connection diagrams. The data is cryptographic systems, the receiver or the second party to
encrypted and transmitted to the owner of the data. The decrypt the data needs to have the sender’s private key.
model does the calculation and sends the prediction Hence, every single time in the cloud when a user sends a
(coding) again [8]. requisition to its virtual atmosphere and assumes secure and
A homogeneous cryptographic technology based on fast computing on its information it must provide a private
estimations is proposed in Asiacrypt 2017, which is both key along with the request of the user, and the processing is
theoretically efficient and highly practical. Complete key completed after decoding of the data. Though, each time it
recovery is possible with high probability and very small is computed, the threat of the key being disclosed will
execution time. This technique is implemented and tested enhance. In such a situation user will have to alter the key,
attacks against major homogeneous open source and in case of the key being leaked they need to reproduce
cryptographic libraries including HEAAN, SEAL, and the secret key over again and if symmetric encryption is
PALISADE, as well as against a number of features often being applied, both parties are required to have the similar
seen in machine learning of encoded data using CKKS secret key. Regardless of the great speed, security violations
diagrams such as average and variance calculations, will enhance computational overheads and processing time.
Maclaurin series is access for logical and exponential Privacy-preserving mechanisms can resolve this concern.
functions. This attack cannot obtain complete security The technique and comprehensive solution that preserves
against passive enemies when the current expression of data privacy is encryption [11].
IND-CPA security is executed by CKKS (or Maintaining security and data privacy does not involve
indistinguishable from the chosen-plaintext attacks) is only careful attention but also needs precise predictions
applied to a similar cryptographic scheme, and to assess its when applying machine learning to an issue that includes
integrity. It indicates the need for a stronger plan for the financial, medical, or sensitive data. Ethical and legal
security [7]. boundaries may stop the use of machine learning solutions
For a wide range of applications, numerous corporations on the cloud for such jobs [12]. Proposed a technique in
offer neural network prediction services to customers. which they transform learned neural networks to
Though, one party’s privacy is compromised by using CryptoNets. This permits the owner of data to send their
current prediction schemes: either the provider of services data to hosts of the network which is cloud service in an
must store on the customer’s device its exclusive neural encrypted form. The data remains confidential because of
networks or the customer has to show secretive inputs for the encryption and the cloud doesnot have access to the
sorting to the provider for services. Both ways are not keys needed to decrypt the data. However, to make encoded
appropriate because this will disclose the service supplier’s predictions to the encoded data the cloud service is able to
exclusive model and also expose the private secretive use the neural network, and to give them data back in
information of the customer [9] implement, estimate, and encoded form. The owner of the secret key can take back

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

these encoded predictions and can also decode them.

Hence, the cloud facility does not attain any data about the
prediction it prepared or about the raw data. The MNIST
optical character recognition jobs determine on CryptoNets.
CryptoNets can create about 59000 predictions per hour on
a single PC and attains 99% accuracy. Thus, agree to,
private and accurate predictions and high throughput.
Recent signs of progress in machine learning have
increased the range of Neural Network (NN) interpretation
in general uses such as recognization of voice and
classification of the image [13][14]. Provide a well-
organized structure for enhancing the security of Cloud
Computing-Internet of things based intelligent
FIGURE 1. Layer of Cloud Computing
transportation systems. The suggested structure allows
without disclosing any sensitive data extracting specific
• Platform as A Service
vehicle information. In the direction of this objective, the
• Software as A Service
author applies a convolutional neural network to categorize
• Infrastructure as A Service
encrypted images, based on vehicle type in real-time,
achieved with cameras incorporated into units on road-side
A. PLATFORM AS A SERVICE (PaaS)
that based on intelligent transportation system making
With this type of service, the software can be developed at
hidden all the sensitive information. Within the suggested
no cost, provide hassle-free purchasing and handling of
outline, the Authors improve a novel image classification
main hardware and software, and also provide virtualized
design that protecting the personal information of drivers'
hosting services. Software developers can construct novel
by not completely decrypts the images, such as license
applications or upgrade longstanding applications
plate, location, and vehicle contents. In addition, as
effortlessly. They do not have to bear the cost of application
compared to conventional systems the structure does not
development. This service will offer a level of system
wants an entirely decrypted image that increases the
software that can use and create an advanced level of
computational effectiveness of the system. The achieved
service. The platform services include centralized tools,
results demonstrate that the suggested partially decryption
integration tools, messaging and information exchange, and
classification method shows up to an 18% decrease in
communication setup. For example, applications created on
complication in computational work when matched with the
the Google Apps engine are wholly retained by Google, and
system which is fully decrypted. The basic idea of the
cannot give clients the services that it cannot provides in
projected collection of methods is to consider and associate
that package. Many corporations have industrialized stages
numerous different works and apply the common elective
that permit end users to route their applications over a
judgment method to get a more well-organized
central server over the Internet. Examples of these services
classification for each work. The recreation consequences
are Microsoft's Azure OS and google Apps [15].
demonstrate that the projected technique greatly reduces the
time complexity and retains high accuracy compared to
B. SOFTWARE AS A SERVICE (SaaS)
other existing techniques.
It is an application service or cloud-as-a-service that can
provide the software an online service, which eliminates the
III. FUNDAMENTALS OF THE CLOUD COMPUTING
SYSTEM need for software installation on client computers and
Generally, a structural design of a cloud computing system makes repair and sustenance easy. The key characteristics
consists of three levels. Characteristic levels of cloud of this service are:
computing services are shown in Fig. 1. • Network communication and administration of
business software. Actions are controlled by particular
centers and centers are located someplace else other than
the location of every single client, allowing clients to get
requests slightly over the network. Compared to a one-to-
one model, the service delivery model is nearer to a one-to-
many model.
• Centrally manage software upgrades and without
the requirement of upgrades or downloading patches.
Including security services, for example, MessageLabs P2P
software, for example, Skype; software services, for
example, Google Labs, salesforce.com, CRM, HR, IBM
Lotus, Payroll, Gmail, Google Calendar, and Live web
applications, for example, YouTube Twitter, and Facebook

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

software storage services, add-on services, for example, plaintext and is characterized by using integer coefficients
Microsoft Online Services; are examples of application as a polynomial. Homomorphic processes are done with
layers. The aforementioned companies were created both SEAL and HELib lead to noise, therefore restricting
specifically for Software as a Service. When customers get the total processes that can be done by means of
the application over the internet network, these companies ciphertexts. To retain the noise level under a certain margin,
charge a user registration fee and install the software on a noise-management methods have been incorporated, to the
central server [16]. extent that the ciphertext is not turn out to be degraded.
Though SEAL practices a scale-invariant error decreasing
C. INFRASTRUCTURE AS A SERVICE (IaaS) procedure that will be completed as theoretical information
It gives the computer infrastructure commonly an effective which needs a number of operations estimation. HELib uses
platform as a service and is known as a cloud infrastructure the costly technique of bootstrapping to allow unrestricted
service. Users do not need to buy software and hardware, computations. Furthermore, based on the kinds of
network tools, or space for data centers but they can procedures that are implemented on the ciphertext there will
purchase this infrastructure entirely as a full subcontracted be some limitations. The strategies used in SEAL and
service. Cost of Services is often charged according to the HELib concerning multiplication and addition are fully
resources used and based on the computing model they homomorphic and merely polynomial functions can be
utilized therefore charges be determined by the amount of simply implemented. Consequently, there is no hidden
usage. In fact, this technique is a development of the private backing for nonlinear functions and division, and by this
virtual service delivery model, which usually has a virtual low-degree polynomials are estimated.
computing framework. Generally, this computer Although in terms of proven security these strategies are
infrastructure service and virtualization framework can be identified for their efficacy, the aforementioned limitations,
provided as a service. One such example is Amazon AWS along with the computational expenses, in the neural
services [17]. network topology present clear restraints, which as a result
upset privacy-maintaining neural networks performance
IV.HOMOMORPHIC ENCRYPTION [24].
A fully homomorphic encryption structure is first Instead of FHE other recommended approaches depend
introduced [18], In the review [19] many modifications in on partially homomorphic encryption (PHE) also
the original scheme were recommended. Many of these implementing. Presently in a real-world system, FHE is
strategies are computationally intensive and in terms of practically difficult to be used so a practical method in a
security recognized for their efficiency. Decipherment is no system that is specified only for exact processes based on
longer possible only a restricted number of processes can be PHE will be used. This technique may be used in a real-
implemented. In real-world applications, this noticeably world application with acceptable overhead and presents a
limited their usability. Features like computations take part clear benefit in terms of running time.
in numerous levels of magnitude slower than the plaintext Algebra homomorphic encryption strategy is also very
corresponding parts gathered noise which restricted all encouraging [25] this is an encryption scheme in which
computations being applied in modulo N and the total both multiplications and addition can be implemented on
number of processes that can be completed, for the encoded data that is homomorphic regarding algebraic
collaboration of data analysis and deep learning this act a multiplication and addition. A comparatively lesser
big barrier. Presently no existing strategies can handle computational complication is the main benefit of this
rational numbers whereas improvements in HE led to strategy, like ElGamal and Paillier, however, being
modifications of encryption techniques. homomorphic with multiplication and addition. This
In recent years numerous open-source HE techniques scheme only permits the encryption of comparatively small
have developed, based on the involved encryption strategy integer numbers and this is the key limitation of this
each one with different characteristics [20]. Simple approach along with ElGamal and Paillier. More precisely,
Encrypted Arithmetic Library (SEAL) of Microsoft strategy an exponentiation process requires to be assessed, during
[21], with sustenance for the Cheon-Kim-Kim-Song the encryption process, where the message to be encoded is
(CKKS) strategy [22], the Brakerski/Fan-Vercauteren the exponent. Therefore, even with a multi-accurate
strategy Fan and Vercauteren (2012) based on the algebraic library, the process even though creates an
Brakerski-Gentry-Vaikuntanathan strategy and HELib of overflow. With 1024-bit integers, it was found only the
IBM [23] are two most extensive used HE techniques. The largest number that can be encoded is up to about 103.
absence of support for floating-point numbers is an These limitations become extra significant when
observable limitation of HELib is SEAL takes benefit of a accomplishing mathematical operations on encoded data. In
specific property of the CKKS strategy, computation allows other words, cannot fix if the amount of encryption is too
to be implemented on rational numbers, without altering the large to perform certain operations.
encrypted value, rescaling can be implemented. Floating- To ease privacy-based Deep Learning analysis, the
point characteristics of the information are scaled by a cryptographic system should be capable to perform
factor that disturbs the accuracy of the computation as computations on model rational information. To meet this

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

requirement, cryptographic mechanisms are usually used to With the advancement in cloud computing, techniques of
encrypt a specific rational digit into a series of integers. data analysis play a significant role to provide massive
Few fundamental operations are tough to apply on market values. To perform certain linked mining tasks
encrypted data, and when applied to real data, this method clients with limited resources in computing may use option
has limited functionality. Additionally, the markup scheme of the cloud. In this process data owners may have a
not only bounds data usage but also openly disturbs the possibility of private information leakage of sensitive
computation outcomes [26]. Secure multi-party information. Owners of data may encode raw data prior to
computation (SMPC) technology offers a promising data uploading to reestablish privacy in outsourced data. In
privacy solution by allowing analysis of complex data to be recent years analysis of encoded data is a daring task, the
scattered among different information suppliers and not to attention of numerous researchers is attracted towards this
reveal sensitive data outside the results of the analysis. area. Cryptographic tool is required to solve this challenge
Though the aim of SMPC is not novel, recent technical and which is HE. Its enable processing of data without
hardware advancements have led to more ways to use decryption of encrypted data. Investigating HE
SMPC in this field to ensure data privacy in machine arrangements in a multi-key environment that keep privacy-
learning applications. The first challenge was to train the preserving data mining has become a significant way. A
NN model in an SMPC setup, in which the NN based unique homomorphic cryptosystem, which manages
analysis was performed by underground distribution, numerous cloud users to have altered public keys is
unintended transmission, and chaotic circuits in the safe proposed. Moreover, show that our technology is
bidirectional computation of logical networks. The biggest practically achievable on a real transaction database [30].
problem with SMPC for machine learning is the calculation Over non-abelian rings, a new HE scheme is proposed,
of non-linear functions. This is because these processes and in ciphertexts space homomorphism operations are
cause a spike in training time. Also, availability is define. One-way security can achieve by the scheme. Over
becoming increasingly limited by the time required to a matrix-ring HE is proposed. Established on the
communicate. Although there are investments underway to homomorphism of two order displacement matrix coding
improve the technology, SMPC quiet requires a lot of function supports encryption of real numbers and attains
communication, which is not possible in machine learning, fast homomorphic evaluation of ciphertexts without the
which requires a lot of data. Increasing the number of decryption of any ciphetexts operations and transitional
participants or the complexity of the model has a significant outcome. Moreover, in data ciphertexts environment for
impact on the cost of communication and calculation [27]. training in machine learning and classification the scheme
Cloud computing is wide-open to huge internal and realize privacy preservation. The investigation shows that
external privacy leakage and breaches threats. In cloud proposed technique is effective for homomorphic
authors present a privacy-preserving distributed analytics operations and encryption/decryption [31].
structure for big data. FHE is used as a developing and In recent years, many HE approaches have been
controlling cryptosystem that on encrypted data can established to encounter cloud security requests. Though
implement analysis tasks. In cloud computing to partition this method is very safe, most of the techniques are poorly
both data and analysis of computations into subset nodes perform because it is heavily subjective to processing time,
that can be run independently. The recognized distributed which is slower than plain text computations. This
technique has the scalability. This quickly speed up the obviously limits its availability in practical applications.
performance of encrypted data processing whereas Hence, simplified coding strategies based on linear
preserving a great level accuracy of analysis. Evaluation of transformation are emerging as a more practical and viable
experimental cloud-enabled application for building a alternative in this area [32][33].
secure analytics in terms of both analysis performance and To preserve the privacy in real world up-to-date
accuracy regulates the efficiency of the planned framework applications in cloud exceptional strategy of a
[28]. Authors using HE technique, which without Homomorphic Encryption algorithm is required that allows
decrypting ciphertexts allows cloud computing environment computation over the data which is encrypted. For real
to execute arithmetic operations. By means of the HE world applications the current solutions are not practical.
scheme, consumers can be able to provide only ciphertexts Symmetric methods undergo from low immunity against
for using Reinforcement learning-based services to the attacks for example known and chosen plaintext attack
platform of cloud computing. A privacy-preserving Whereas Asymmetric methods suffer from great overhead
reinforcement learning structure for the platform of cloud computation. Authors [34] are building a new algorithm
computing. Focused on learning with errors the proposed that overcomes the shortcomings of MORE by focusing on
framework exploits a cryptosystem for FHE. Estimation the MORE method simply considering the symmetric
and analysis of performance for the proposed privacy- method. They describe and evaluate the proposed algorithm
preserving reinforcement learning framework are observed in detail. The safety enactment consequences indicate that
in multiple intelligent service scenarios based on cloud the proposed method can prevent attacks on security and
computing [29]. the analysis of performance present that the suggested
method can avoid the strong attacks without deprivation of

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

the performances of the system in term of consuming arrangement of the arrays used to encode messages is an
energy and latency. important factor in controlling the interchange between
Despite researchers criticize it for poor security still this security and efficiency. For a 2x2 setting, MORE coding
type of cryptographic system presently appears to be the arrangements are shown in Table II. The suggested
only way to implement confidentiality protective computing technique is defined by the following matrix equation:
in real-world applications. Consequently, in this paper, we
M(m, k) = S-1 S
applied this technique depend on a variation of the matrix-
operation based homomorphic encoding. As compared to where r is a random integer, m the plaintext in a ring N, S -1
the existing accepted techniques in neural networks based its corresponding inverse and S is
on privacy-preserving solutions [12],[35],[36] the MORE an invertible matrix in N (2x2) one.
encoding strategy is non-deterministic and noise-free. On The decryption method is purely the inverse of the
ciphertext data, a limitless number of processes can be encryption method by applying:
implemented. Same plaintext data with multiple
encryptions, outcome shows different ciphertexts with the V(m, k) = SM(m, k)S-1 =
same key. General algorithm for converting text into the The MORE approach is FHE one can see that because it
encrypted and unencrypted form is shown in Table I. In fulfills the both homomorphic properties. Nonetheless this
addition, the MORE strategy can perform principle method offers extraordinary storage overhead and in [39] a
arithmetic operations on the encoded data. In this paper, significant recovery attack on MORE that needs only side
MORE has been updated to responsively support floating- channel information on plaintext is given. Thus providing
point accuracy for data analysis based on neural networks an efficient FHE algorithm.
for privacy.
TABLE II
TABLE I
MORE ENCODED STRUCTURE
ALGORITHM CONVERT CIPHERTEXT
Communication Scalar values
Algorithm 1:
Formula to convert data: Hidden key building Invertible matrix s belongs N
2x2
c=(x-n) %26 where n is key, 26 alphabets and, x is asci key plain text
#create function Matrix building M = m x r where these are
i. def encrypted (string, shift): random parameters
ii. cipher=' ' #currently no values or data available Encrypted operation M = V = SMS -1
a. for Char in String Decrypted operation V = L = S -1 VS
i. if Char==' ': Recover the text or message m = L(1, 1)
ii. Cipher=Cipher + Char
b. Else if Char. Isupper ():
i. Cipher= Cipher + Chr (ord(Char) + A. ENCRYPTION OF COHERENT DATA
Shift - 65) % 26 + 65) Like the FHE or PHE method, the novel MORE technique
ii. #convert the uppercase alphabets applies only to the N unit of positive integers, and all
c. Else:
i. Cipher=Cipher + Chr (ord(Char) +
operations are performed by the N unit. To perform
Shift -97) % 26 + 97) # #convert the operations on rational numbers, this method is greatly based
lowercase alphabets on an encryption mechanism. As a result, the real numbers
iii. return cipher are converted into integers or groups of integers, and then
iv. #main window
v. text=input ("enter the key”) #enter text you
the numbers are encoded using this homomorphic scheme.
want to encrypt A special way to develop code is to use continuous fraction
vi. s=int (input ("enter the shift key")) #shift key use to points. Now we can get an accurate representation, but it is
add how many key you want to shift e.g. enter 2 difficult to perform simple procedures on the numbers
vii. print ("the original string is:”, text)
viii. print ("the encrypted mgs is:”, encrypted (text, s))
stated in this manner. Instead of this, by multiplying the
coherent number to a big scaling element simpler
encryption can be performed, for example, division, where
V. MATRIX-BASED OPERATION FOR DATA
RANDOMIZATION AND ENCIPHERMENT this element is decreased. Or, enter a simpler symbol by
A MORE coding system variant, which is suitable for increasing the sensible number by a large influence. It's
working directly on floating-point data, was considered. smooth but needs a mechanism to regulate the scaling
According to the MORE coding strategy, the standard factor as for some tasks it is tough to accomplish in which
number of plain text is encoded into an nxn ciphertext array division factors decrease the scaling factors that are difficult
and the matrix algebra is used to compute the ciphertext to implement must be modified. One of the basic
data. Thus, all procedures are accomplished on the advantages of this coding system is that it’s framed for
ciphertext information are known as Matrix-Operations. For rational numbers. The disadvantage of this technique is
example, the standard text development is expressed as susceptible to famous cryptographic attacks.
ciphertext Matrix-Multiplication. In a Matrix Operation for
Randomization and Encryption idea called MORE is
considered for constructing a FHE scheme [37,38] The

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

B. IMPLEMENTING OPERATIONS ON ENCRYPTED phase of the neural network. The complete training dataset
INFORMATION whole processing is referred to as the epoch. For large
The MORE coding scheme has been found to be quite datasets because of computational reasons, the parameter
homomorphic for simple algebraic procedures. In real adjustment and later processing are completed in batches
applications, including deep learning-based methods, must (subsets of data). The forward propagation stage delivers
deal with nonlinear functions. Many of the traditional the expected outcome for the input samples providing a set
methods used in non-linear actions are established on the of initialized parameters randomly in the first iteration.
basis of using a finite series of polynomials to arrive at a After that, the fault in function (loss) among the preferred
specific function. According to this method, the calculation output and predicted ones will be computed and distributed
of the nonlinear function is totally based on the algebraic backward to reduce the total prediction error to conclude
operation, which is fully consistent with the MORE coding the direction through the network where every parameter
setting. However, it is easier to use this method in a system has to be attuned. Lastly, to update the parameters of the
of MORE code words. Knowing that the predominant network the achieved gradients are utilized by following a
nature of the coding scheme and cipher-text procedures are gradient descent (for example numerical optimization
dependent on Matrix-Algebra, non-linear parts can be process). This procedure is repetitive over many iterations
calculated openly using Matrix-Functions. till the error in the network ends reducing

VI NEURAL NETWORK TABLE III

A neural network at an advanced level can be known as a TRAINING NETWORK
computational model that over an arrangement of layers Algorithm 2:
depict inputs to outputs with interrelated processing units 1. Procedure train (a, b)
2. Initialized parameters: Ɵh+1
(activation functions and transformations). Fig. 2 showed 3. for iteration Ɛ to M do
the structural design of a simple neural network, a non- 4. For set Ɛ to (N / y) do
linear activation function is added to each processing unit to 5. Model a set of y train model: (ax, by) ← {ai, bi} N I =1
create a mapping of complex arbitrary functions. It filters 6. Calculate the prediction
7. Calculate loss
the data that passes over the network to determine the 8. Calculate gradient of the loss with their output parameter
relevant input signal that will be passed to the next layer. It 9. For L belongs to h do
basically decides whether or not a particular neuron will be 10. Repeat step 8
activated. In the absence of specific neurons, the NN 11. End for
12. For I Ɛ h + 1 do
develops as a plain linear model. 13. Keep informed the model: Ɵi = Ɵi - T lambda Ɵi
14. end for
15. end for
16. end for
17. end process

Before the data is processed, the encryption of training data

is done with a key that is certainly not shared.
Subsequently, the model based on machine learning would
have approached only ciphertext data (the encrypted form
of data), whereas the plaintext data (actual data) are kept
secretive on the data provider side separated from the
processing unit. Lastly, the MORE encoding strategy with
the homomorphic principles is applied (Table IV), which
directly supports floating-point calculation. With the help of
the uniform function of the MORE coding system, all the
operations performed on the network are designed to ensure
the application of the ciphertext data, and it can be directly
trained on the ciphertext data. This creates a model that
provides an encrypted prediction that only the owner of the
secret key can decrypt. When the training phase is
FIGURE 2. Design of Neural Network complete, you can use the coded model to predict a new
cryptographic instance (the inference phase). Herewith the
In machine learning using supervised machine learning, the same key the input samples are encoded used in the training
model is designed to automatically recognize the mapping phase. MORE cryptographic systems rely on symmetric
function based on repeated labeled training, reducing the keys. Therefore, the decoding of the ciphertext data and the
fault function (such as loss) among the predictable and encoding of the plaintext data both are done with the secret
accomplished outputs. In Table III Algorithm 2 enlightens key.
the distinctive processes that are included in the training

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

TABLE IV
MORE STRATEGY
Algorithm for Encryption:
1. Input: secret key s Ɛ N2*2
2. Input: plaintext data m Ɛ N
3. Output: ciphertext V Ɛ N2*2
4. Fun Encrypt (m, S)
5. m Ɛ N2*2 ← zero matrix
6. M (0, 0) ←m
7. M (1, 1) ← random variable (max value, min value)
8. V← S* M*S-1
9. Return V
10. End fun

Algorithm for Decryption:

1. Input: secret key s Ɛ N2*2
2. Input: ciphertext c Ɛ N2*2
3. Output: plaintext data m Ɛ N
4. Fun decrypt (V, S):
5. L← S-1 * C*S
FIGURE 3. General framework
6. N← L (0, 0)
7. Return m
8. End fun A. METHOD
We can further develop the functionality of the NN network
Algorithm for Key Generation:
model by using the homomorphic properties of the MORE
1. Output: secret key S Ɛ N2*2
2. Key generation () scheme to complete the work of coding data. The proposed
3. While true do workflow on homomorphic encryption and NN is shown in
4. S ←random (size= (2, 2), max value, min value,) Fig. 4. In the processing stage, the trained data is encoded
5. If det (S) ≠ 0 then
using a secret key which is not shared. Then, the neural
6. Break
7. End if network model can only access the encoded copy of the
8. End while information or data (cipher encrypted text), and the actual
9. Return S data (plain text) is separated from the processing unit and
10. End fun kept secret from the data provider.
Finally, it directly supports floating-point calculation
VII. PROPOSED MODEL with the help of the homomorphic function of the MORE
There are many procedures that are used in ANN for this encrypting scheme, and all the processes achieved on the
purpose. This research has explained a new method for network are designed to confirm the application of the
predicting the gender through their voice with a ciphertext data, and the network is able to train directly on
feedforward propagation neural network over encryption the encrypted text information. This creates a model that
data of plaintext into ciphertext. The proposed method is gives an encoded prediction that merely the holder of the
based on MORE homogeneous encryption technology and secret key can decrypt. When the training stage is complete,
can directly train and develop a simple neural network use the encoded model to predict new cipher instances.
model for homomorphically encrypted data. There are two Here the input sample is encoded using the same key used
phases first is the training phase and the second is validate in the training stage. MORE encryption schemes rely on
phase, these two steps are linked one-to-one over a cloud symmetric keys to encrypt plain-text data and decrypt
environment. Fig. 3 shows the general framework of this cipher-text data.
research.

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

C. PRE-PROCESSING
Firstly, the formulation of sample data and group data is
required to build the architecture of the ANN model. To
measure the noise of the signal before and after in given
figures, encrypt data and store it in the cloud platform. For
this sample data, we take built-in values for noise is noissin
variable. Subsequently data collection, three basic issues
are focused on for training using artificial neural network.
The missing data problem is the first problem, and this data
is interchanged by the ordinary immediate value. Second
normalized data, and lastly randomized our data. A mean
method used to calculate the missing values is formulated
as:
T(c)={󠆹mean(c), if c=null
c, otherwise

D. APPLICATION LAYER
FIGURE 4. Workflow of proposed homomorphic encryption in Neural The application training layer is applying after the pre-
Network (NN) processing. It is split into two sub-layers the one forecast
layer and the second enactment valuation layer. The first
B. DATASET layer recycled the Adapted- Feed-Forward neural network.
We took a dataset for voice recognition from kaggle.com It is additionally distributed into three layers, including the
(The dataset which is used to check the validity of the input layer, output layer, and the hidden layer. The input
proposed methodology is available at link layer has contains 21 neurons; in the output layer 30 hidden
https://www.kaggle.com/primaryobjects/voicegender) it neurons are involved that why there is simply one output.
contains feature base data which is based on acoustic Here, use sigmoid (x) activation function, hidden layer
properties of speech and voice. The dataset includes 3168 s(x)= sigmoid (x) input inscribed as in Eq. (1).
recorded male and female voice samples, 21 attributes, and §J = ∑mi=1 (Uij * ∞i) + bi (1)
few missing values that we calculate in preprocessing. The The hidden layer of the projected structure with the
output variable has two classes that are identified as the Sigmoid Function (SF) is presented in Eq. (2)
voice of a man or woman. The attributes of our dataset are ∂j = 1/(1+e-$j) (2)
shown in Fig. 5. where k = 1,2, 3, …...n
From the output layer input is occupied is presented in Eq.
(3)
$k = b2 + ∑j=1n (βjk+∂j) (3)
The Activation Function (AF) of output layer is presented
in Eq. (4).
∂k=1/(1+e-$k) (4)
where k = 1,2, 3, …...q
Fault in back propagation is show as in Eq. (5).
∞ ­ ∑ (Ҭ ­ ∂k)2 (5)
Afterward, calculate the enactment of the predicted layer
in expressions of means square error and Accuracy. If
mandatory learning criteria are not attained, in that case,
retrained the prediction layer. When learning standards are
achieved, now move forward for validation purposes and
the trained model is store on the cloud.
Generally, training is usually implemented using
backpropagation as a matrix. We tried to find the time-
complexity of a training proposed method using a training
sample and nodes i, j, k, l with n iterations. The result is
o(nt * (iJ + jK + Kl)) o(nt * (iJ + jK + Kl)). We consider the
naivest formula of matrix development with cubic time-
complexity. It uses the adaptive Bayesian algorithm. The
results of stochastic modifications and Bayesian adaptations
should be the same. Also, with thrust optimization, the
FIGURE 5. Attributes time-complexity of the algorithm is not affected because the

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

additional matrix operations are all element based

operations and thus have the same time-complexity.

E. VALIDATION LAYER
When trained data is saved on the cloud, the validation step
occurred which can further divide into two-layer, the
prediction layer, and the data acquisition layer. The
prediction layer contains the trained data and after that
evaluation and calculation of received data occurred and
forecasts the gender. The data acquisition layer contains
input data, as specified earlier is similar.

VIII. SIMULATION AND RESULTS

Machine learning procedure has been applied to the datasets
and the MATLAB tool is used for simulations. In the
machine learning method, the dataset contains 3168
samples, in training 70% of data is utilized (2217 samples)
whereas for testing and validation remaining 30% of data is
used (950 samples). Dataset is encrypted and has stored in
the cloud when we want to decrypt data (ciphertext data)
from the cloud we use HE. To evaluate the performance of
our proposed model we train the above-mentioned datasets
on different epochs and applied three different algorithms
Levenberg-Marquardt, Bayesian Regulization, and Scale
Conjugate Gradient of ANN using the MATLAB tool.
When we train our model, we identify that
Bayesian Regulization trained accurately rather than the
other two algorithms of the Neural network. The results of
simulations in Figure 6 shown that when we trained the
dataset its state regression plot is built Figure 7 shows the
validation/test result of the dataset on the cloud using a
neural network algorithm. We applied this to validate the
performance of the network. By training and testing
datasets concerning targets, the regression plots show the
outputs of the network. The data fall along a 45- degree
line, a perfect fit, where the targets are equal to the outputs
of the network. The fit is practically good for all data sets,
with values of R in all cases is 0.9 or above for this
problem, for more accurate results we can retrain the
datasets. After retraining improved results may produce
because the initial burden and preferences of the network
will changes.
Figure 8 shows the performance evaluation of the
Bayesian Regulization algorithm. The validation result
should be less than the training result, in this paper the
results are accurate for the training and testing set. Training
stops when a test error occurs in 6 iterations at 975 epochs
as shown in the figure. In this simulation, the results are
justified by the following considerations.
• The error of the finished isometric square is very
small.
• Test setup errors and verification setup errors have similar
characteristics.
• Redundancy 975 (which leads to the best validation
performance) does not cause significant overfitting.
FIGURE 6. Training state regression plot and training evolution result
of the dataset on cloud using neural network

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

FIGURE 9. Comparison of Neural Network algorithms

FIGURE 7. Validation result of the dataset on cloud using neural To calculate the performance of the planned neural network
network
model for privacy protection, we investigated two criteria:
reliability and applicability in the speech place function
library. Therefore, for each use case, we applied the model
to both encrypted (encrypted text) and unencrypted (plain
text) data to analyze the performance and results of the
data-driven model. The results of the two cases are
compared to analyze and measure the ability of the privacy
model to maintain performance. In addition to
dependability, an alternative factor that acts as a significant
feature in defining the eligibility of confidentiality of a
model to work in real-world processes is runtime.
Consequently, the period was analyzed in detail and the
conclusion and timing of the training were reported.
The results of the analysis show that the data
security is guaranteed based on the homogeneous coding,
and the NN data analysis can be achieved effectively.
Research also shows that the data-driven model has been
optimized in the same way in both encrypted and non-
encrypted versions. To demonstrate the network capability
FIGURE 8. Performance evaluation of the dataset on cloud using neural to acquire the ciphertext data, after decoding the training
network error in the classification task is shown in Figure 10, where
the number of epoch/iteration is shown on the x-axis and
A. PERFORMANCE RMS shown in the y-axis. This graph represents the
When we train the dataset using Levenberg-Marquardt network's ability to learn from the ciphertext data and
(LM), Bayesian Regulization (BR), and scale conjugate represents the loss of training due to regression processes
gradient (SCG) performance, training, and validation, after decoding.
results in the visualized form are given in Figure 9. The
performance result of LM very poor as compare to SCG
and its performance is low than BR.

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

FIGURE 10. Development of the training for encoded network on FIGURE 11. Development of the Accuracy after training on cipher text
ciphertext data. data

Similarly, the accuracy of training of the ANN model that B. CONCERNS REGARDING SECURITY
retains the personal information provided has also been Even though the MORE encryption scheme has many
developed. For getting more accurate results, we choose the benefits regarding directness, practicality and has some
Bayesian Regulation Algorithm in NN because Bayesian major features that go with machine learning privacy-
organization approaches can be cast-off to answer preserving but in corresponding to other HE schemes its
prediction problems. This is because, according to the offers restricted security. The linear nature of MORE is
consequences of the investigation, the fault rate is very low providing the most important security concern because
and the results are already near to the preferred goal other common encryption schemes over large numbers are
information. An evaluation of the three network structural centered on strongly modular arithmetics and nonlinear
design simulations used shows that the design model is the functions. This linear nature of MORE may possibly allow
best because it takes very little time and results in mean someone to identify the secret key by accessing a relatively
square error testing and performance. This is superior to large amount of encrypted and non-encrypted values in
other models. Our data set is used for classification and we pairs. Otherwise specified, the secret key might be
have two categories in our labels. This is why the other two identified by an optimization problem if an adequately large
algorithms do not give more reasonable results than Bayes' amount of ciphertext-plaintext data pairs are present. For
rule. The BR enhancement technology is superior to the some specific privacy-preserving applications the MORE
other approaches. To do this, we used the BR algorithm to scheme remains a possible solution even though it is not as
train our dataset at multiple intervals and then produce the much secure as other HE schemes. Subsequently, MORE
best outcome for the security system in the cloud; as you could be applied in settings where the key is never revealed,
can see that at 1000 epochs, it gives them a more relevant for example on the data provider side the raw data is kept
and accurate result. The results obtained after decoding are private whereas to an external computing service ciphertext
shown in Figure 11. Where the number of epoch/iteration is data are uploaded. The primary drawback of this
shown on the y-axis and time in sec shown on the x-axis.
arrangement is that it only permits to encode comparatively
minor digits. More unambiguously, the encryption
procedure requires an exponent, and the exponent is the
message to be encoded. So even with a multi-precision
computational library, this process will still overflow. It is
found that using 1024-bit integers can only encode numbers
up to 103. This restriction develops even more significant
when accomplishment arithmetic operations on encrypted
information. This means that it is impossible to manage if
the encoded number is too large to perform a particular
procedure. Performance presenting that the suggested
scheme can resist the key related different kinds of attacks.
Certainly, the planned methodology in contrast to the static
technique employ the dynamic approach which is used by
the current algorithms of symmetric homomorphic
encryption.

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

Hence, the suggested technique against the weak keys shows both steps can be implemented on MORE data that is
deliver a good degree resistance. Furthermore, the homomorphically encrypted. The results specify that the
difference in the secret key after every pause and produces suggested encrypting scheme creates a fairly small
an altered set of dynamic key and therefore stop the computational burden and only slightly increases in
unfortunate key disclosure. runtimes; the important thing is that they allow direct
operations on floating-point numbers that represent the
C. COMPARISON WITH PREVIOUS PROPOSED main property of artificial neural networks.
TECHNIQUES Compared to the standard techniques, the MORE
Comparison with previous state of the art proposed encoding technique provides less security, but it is one of
techniques shows that our proposed model of MORE the few schemes that can be used in real-world applications.
encrypting schemes into neural network shown improved In summary, it is shown that the HE method built on linear
accuracy. The table V shown the comparison in Security transformation has huge potential in simplifying the data
and Privacy of Cloud- and IoT-Based Medical Image distribution and allocating data to third parties for data
Diagnosis Using Fuzzy Convolutional Neural Network analysis in regulatory domains, nonetheless, this is achieved
techniques [40], Applying Deep Neural Networks over at the expense of poor security. Modifying the original HE
Homomorphic Encrypted Medical Data techniques [41] and scheme, being able to perform calculations directly on
proposed technique. rational numbers (a prerequisite for machine learning
TABLE V models) puts security at risk. The proposed solution was
COMPARISON WITH STATE OF THE ART PROPOSED
TECHNIQUES
promising at first, but for practicality, further improvements
No Paper Approaches Dataset Accuracy are required to increase the security of the system.
1. Security and fuzzy Medical 99%
Privacy of convolutional image
Cloud- and neural network dataset
IoT-Based REFERENCES
Medical Image [1] S. L. Nita and M. I. Mihailescu, “On artificial neural network used in
Diagnosis cloud computing security-a survey,” in 2018 10th International
Using Fuzzy Conference on Electronics, Computers and Artificial Intelligence
Convolutional (ECAI), pp. 1–6, IEEE, 2018.
Neural [2] Z. Zhang, H. Ning, F. Shi, F. Farha, Y. Xu, J. Xu, F. Zhang, and K.-K.
Network [40] R. Choo, “Artificial intelligence in cyber security: research advances,
2. Applying Deep CNN MNIST 98.2% challenges,and opportunities,” Artificial Intelligence Review, pp. 1–
Neural Dataset 25, 2021.
Networks over [3] A. Agarwal, M. Khari, and R. Singh, “Detection of ddos attack using
Homomorphic deep learning model in cloud storage application,” Wireless Personal
Encrypted Communications, pp. 1–21, 2021.
Medical Data [4] M. Abadi, A. Chu, I. Goodfellow, H. B. McMahan, I. Mironov, K.
[41] Talwar, and L. Zhang, “Deep learning with differential privacy,” in
3. Proposed ANN Voice 99.70% Proceedings of the 2016 ACM SIGSAC conference on computer and
Model Dataset communications security, pp. 308–318, 2016.
[5] M. Chora ś and M. Pawlicki, “Intrusion detection approach
based onoptimised artificial neural network,” Neurocomputing, vol.
452, pp. 705–715, 2021.
IX. CONCLUSION AND FUTURE WORK [6] A. Acar, H. Aksu, A. S. Uluagac, and M. Conti, “A survey on
homomorphic encryption schemes: Theory and implementation,”
In recent years, the demand for cryptographic techniques ACM Computing Surveys (CSUR), vol. 51, no. 4, pp. 1–35, 2018.
has increased that are suitable for data-driven models to [7] B. Li and D. Micciancio, “On the security of homomorphic encryption
address privacy-related issues. Homomorphic encoding on approximate numbers,” in Annual International Conference on the
scheme MORE that is Matrix-based was suggested in Theory and Applications of Cryptographic Techniques, pp. 648–677,
Springer, 2021.
machine learning models for privacy-preserving estimation. [8] F. Boemer, A. Costache, R. Cammarota, and C. Wierzynski, “ngraph-
HE technique is worked with private keys to encode and he2: A high-throughput framework for neural network inference on
decode information, but it differs completely from other encrypted data,” in Proceedings of the 7th ACM Workshop on
encryption techniques as it can preserve algebraic properties Encrypted Computing & Applied Homomorphic Cryptography, pp.
45–56, 2019.
and perform various operations directly on the encoded data [9] P. Mishra, R. Lehmkuhl, A. Srinivasan, W. Zheng, and R. A. Popa,
e.g. ciphertext data, without the need to access decoded data “Delphi: A cryptographic inference service for neural networks,” in
e.g. plain text information and encryption key. 29th {USENIX} Security Symposium ({USENIX} Security 20), pp.
We have shown the potential to incorporate 2505– 2522, 2020.
[10] M. S. Riazi, C. Weinert, O. Tkachenko, E. M. Songhori, T. Schneider,
MORE encrypting schemes into neural network models as and F. Koushanfar, “Chameleon: A hybrid secure computation
results display improved runtime performance and framework for machine learning applications,” in Proceedings of the
accuracy. We focus on standard application in computer 2018 on Asia Conference on Computer and Communications Security,
vision (speech frequency recognition) and classification of pp. 707–721, 2018.
[11] Q. He and H. He, “A novel method to enhance sustainable systems
encrypted data on the basis of voice to assess the security in cloud computing based on the combination of encryption
practicality of the network by operating directly on encoded and data mining,” Sustainability, vol. 13, no. 1, p. 101, 2021. 10
data. We performed both training and validation steps and it VOLUME 4, 2016 Author et al.: Preparation of Papers for IEEE

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

TRANSACTIONS and JOURNALS homomorphic en-cryption algorithm of more approach for real world
[12] R. Gilad-Bachrach, N. Dowlin, K. Laine, K. Lauter, M. Naehrig, and applications,” Journalof Information Security and Applications, vol.
J. Wernsing, “Cryptonets: Applying neural networks to encrypted 34, pp. 233–242, 2017
data with high throughput and accuracy,” in International conference [35] H. Chabanne, A. de Wargny, J. Milgram, C. Morel, and E. Prouff,
on machine learning, pp. 201–210, PMLR, 2016. “Privacypreserving classification on deep neural network.,” IACR
[13] A. Dalskov, D. Escudero, and M. Keller, “Secure evaluation of Cryptol. ePrint Arch., vol. 2017, p. 35, 2017.
quantized neural networks,” arXiv preprint arXiv:1910.12435, 2019. [36] E. Hesamifard, H. Takabi, and M. Ghasemi, “Cryptodl: Deep neural
[14] V. M. Lidkea, R. Muresan, and A. Al-Dweik, “Convolutional neural networks over encrypted data,” arXiv preprint arXiv:1711.05189,
network framework for encrypted image classification in cloud-based 2017.
its,” IEEE Open Journal of Intelligent Transportation Systems, vol. 1, [37] L. Xiao, O. Bastani, and I.-L. Yen, “An efficient homomorphic
pp. 35– 50, 2020. encryptionprotocol for multi-user systems.,” IACR Cryptol. EPrint
[15] A. H. Shaikh and B. Meshram, “Security issues in cloud computing,” Arch., vol. 2012,p. 193, 2012.
in Intelligent Computing and Networking, pp. 63–77, Springer, 2021. [38] A. Kipnis and E. Hibshoosh, “Efficient methods for practical
[16] T. Agrawal and S. Singh, “Analysis of security algorithms in cloud fully ho-momorphic symmetric-key encrypton, randomization and
computing,” in 2016 3rd International Conference on Computing for verification.,”IACR Cryptol. ePrint Arch., vol. 2012, p. 637, 2012
Sustainable Global Development (INDIACom), pp. 106–108, IEEE, [39] D. Vizer and S. Vaudenay, “Cryptanalysis of chosen symmetric
2016. homomor-phic scheme,” Stud. Sci. Math. Hung, vol. 52, no. 2, pp.
[17] A. J. Ferrer, D. G. Pérez, and R. S. González, “Multi-cloud 288–306, 2015
platformas-a-service model, functionalities and approaches,” Procedia [40] J. Deepika, C. Rajan, and T. Senthil, “Security and privacy of
Computer Science, vol. 97, pp. 63–72, 2016. cloud-and iot-based medical image diagnosis using fuzzy
[18] C. Gentry and S. Halevi, “Implementing gentry’s fully-homomorphic convolutional neuralnetwork,” Computational Intelligence and
encryption scheme,” in Annual international conference on the theory Neuroscience, vol. 2021, 2021.
and applications of cryptographic techniques, pp. 129–148, Springer, [41] A. Vizitiu, C. I. Ni ̆a, A. Puiu, C. Suciu, and L. M. Itu, “Applying
2011. deep neu-ral networks over homomorphic encrypted medical data,”
[19] E.-Y. Ahmed and M. D. ELKETTANI, “Fully homomorphic Computationaland mathematical methods in medicine, vol. 2020,
encryption: state of art and comparison,” International Journal of 2020..
Computer Science and Information Security (IJCSIS), vol. 14, no. 4,
2016.
[20] S. S. Sathya, P. Vepakomma, R. Raskar, R. Ramachandra, and S.
Bhattacharya, “A review of homomorphic encryption libraries for
secure computation,” arXiv preprint arXiv:1812.02428, 2018.
[21] J. H. Cheon, A. Kim, M. Kim, and Y. Song, “Homomorphic
encryption for arithmetic of approximate numbers,” in International
Conference on the Theory and Application of Cryptology and
Information Security, pp. 409– 437, Springer, 2017.
[22] J. Fan and F. Vercauteren, “Somewhat practical fully homomorphic
encryption.,” IACR Cryptol. ePrint Arch., vol. 2012, p. 144, 2012.
[23] S. Halevi and V. Shoup, “Bootstrapping for helib,” Journal of
Cryptology, vol. 34, no. 1, pp. 1–44, 2021.
[24] J. Mancuso, “Privacy-preserving machine learning 2018: a year in
review,” 2018.
[25] P. V. Parmar, S. B. Padhar, S. N. Patel, N. I. Bhatt, and R. H. Jhaveri,
“Survey of various homomorphic encryption algorithms and
schemes,” International Journal of Computer Applications, vol. 91, no.
8, 2014.
[26] H. Chung and M. Kim, “Encoding rational numbers for fhe-based
applications.,” IACR Cryptol. ePrint Arch., vol. 2016, p. 344, 2016.

[27] P. Mohassel and Y. Zhang, “Secureml: A system for scalable

privacy-preserving machine learning,” in 2017 IEEE symposium on
security andprivacy (SP), pp. 19–38, IEEE, 2017..
[28] A. Alabdulatif, I. Khalil, and X. Yi, “Towards secure big data
analytic forcloud-enabled applications with fully homomorphic
encryption,” Journalof Parallel and Distributed Computing, vol. 137,
pp. 192–204, 2020.
[29] J. Park, D. S. Kim, and H. Lim, “Privacy-preserving reinforcement
learn-ing using homomorphic encryption in cloud computing
infrastructures,”IEEE Access, vol. 8, pp. 203564–203579, 2020.
[30].H. Pang and B. Wang, “Privacy-preserving association rule mining
usinghomomorphic encryption in a multikey environment,” IEEE
S ys t em s J ou rn a l, vo l. 1 5 , n o. 2 , p p . 3 13 1 –3 14 1 , 2 0 20 .
[31]. Li, X. Kuang, S. Lin, X. Ma, and Y. Tang, “Privacy
preservationfor machine learning training and classification based
on homomorphicencryption schemes,” Information Sciences, vol.
526, pp. 166–179, 2020.
[32] D. Vizár and S. Vaudenay, “Cryptanalysis of chosen symmetric
homomorphic schemes,” Studia Scientiarum Mathematicarum
Hungarica, vol. 52, no. 2, pp. 288–306, 2015.
[33] B. Tsaban and N. Lifshitz, “Cryptanalysis of the more symmetric key
fully Homomorphic encryption scheme,” Journal of Mathematical
Cryptology, vol. 9, no. 2, pp. 75–78, 2015.
[34] K. Hariss, H. Noura, and A. E. Samhat, “Fully enhanced

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

Muhammad Usman Sana is a Ph.D. Scholar at

Xian University of Science and Technology, Hannan-Bin-Liaqat received the B.S. degree
China. He received his B.E. degree in Information in information technology and the M.S.
Technology from the University of Engineering degree in computer networks from
and Technology Taxilla, Pakistan in 2006 and COMSATS Institute of Information
M.S. in Communication Engineering from Technology, Lahore, Pakistan, in 2006 and
Chalmers University of Technology, Sweden in 2009, respectively. From 2009 to 2011,he
2010.. His current research interests are Cloud was a Lecturer in the Information
Computing, Networks Security and Safety Technology Department with the University
Mechanism of Gujrat, Gujrat, Pakistan. He received the
Ph.D., degree from Dalian University of
Technology, Dalian, China, in 2016.
From 2016 to now, he worked for Department of Information
Technology of University of Gujrat as an Assistant Professor, Ph.D., and
MPhil supervisor. Dr. Hannan has a number of publications to his credits
in international journals and conferences. He is the reviewer of several
international journals and conferences. Furthermore, he also worked as a
Technical Program Chair in number of conferences. His research interests
include ad hoc social networks, IoT, cloud computing, mobile computing,
Zhanli Li received the B.S. degree from and social computing.
Xianyang Normal University, Xi'an, China, in
1984, the M.S. degree from Xi’an University
of Science and Technology, Xi’an, China, in
1989, and the Ph.D. degree from Xi’an
Jiaotong University, Xi’an, China, in 1997. He
is currently a professor and dean of the
School of Computer, Xi'an University of
Science and Technology, and is a professor of
engineering at Iwate University, Japan. He has
authored more than 50 technical papers for
conferences and journals, and holds more than 10 invention patents. His Muhammad Usman Ali received the M.S. degree
research mainly focuses on Artificial Intelligence, Danger Perception, and in computer networks engineering from the
Image Identification. University of Engineering and Technology
Taxila, Pakistan, and Ph.D degree from
Yeungnam University, South Korea, in 2008 and
2018, respectively. He is currently working with
the Department of Computer Science, University
of Gujrat, Pakistan. His current research interests
include multi-sensor fusion-based indoor
Fawad Javaid was born in Sialkot, Pakistan. He positioning systems, Wi-Fi fingerprinting, indoor
received the B.S. in Electronic Engineering from navigation and mapping, computer vision and
International Islamic University, Pakistan, in computer networks technologies
2012 and M.S. degree in Electrical Engineering
from the University of Gujrat, Pakistan, in
2016. Currently he is engaged in PhD at Xian
University of Science and Technology, China
and his research field covers the domain of
Wireless Communication and Networks. He is
the affiliated member of Pakistan engineering
council. He was also a valuable member of
teaching faculty in multiple leading universities of Pakistan from 2012 to
2018

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3122938, IEEE Access

VOLUME XX, 2021

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/