KnoxMLEncryptionToolLinuxV1.2.zip
.
> chmod 777 setup.sh > sudo ./setup.sh
To generate the encrypted neural model package, following inputs from the user are required:
Input field | Required | Explanation | Supported Format |
---|---|---|---|
ML file format | Yes | List of Model formats to choose from. The user need to select format of the Raw model which will be encrypted. Currently supported model formats are tflite, tensorflow, caffe, keras, coreML, and pytorch. |
|
ONNX conversion | Yes | Select whether you want to convert to ONNX format. * CoreML,Keras,Pytorch format is required to conver to ONNX format as mandatory |
|
Package Version | Yes | An integer value that is the version of the encrypted model package. | An integer in the range 1 - 4294967296 |
Allowed Apps List and Certificate Hash | Yes | List of allowed packages that can load the model along with Hash of the signing certificate used to sign the Apk which will be allowed to load and execute the model. |
|
Following are the software packages and its versions supported by Knox ML Encryption 1.2 tool.
Software Packages | Libraries | Supported Version |
---|---|---|
Keras | keras | 2.4.3 |
keras2onnx | 1.7.0 | |
Onnx | onnx | 1.9.0 |
onnxmltools | 1.7.0 | |
Scikit | scikit-learn(linux) | 1.0 |
scikit-learn(windows) | 0.24.2 | |
skl2onnx(linux) | 1.9.3 | |
skl2onnx(windows) | 1.9.3 | |
TensorFlow | tensorflow | 2.3.0 |
tf2onnx | 1.9.1 | |
Tflite | tflite | 2.4.0 |
Pytorch | torch | 1.9.0 |
To encrypt your ML model, open the Knox ML Encryption Tool on your computer and do as follows depending on the tool's version. To see which version you can use depending on device, refer to Knox ML Encryption Tool Revision page.
Tool Configurations:
Before encryption, you need to do some configurations. In the image, Action 1 shows the Settings tab, Action 2 shows the Utility tab, and Action 3 shows the Resource Manager tab.
Settings Tab:
In the Settings tab, you can choose the location to save the encrypted models. If you do not select any location, the encrypted model is saved at the same location as the raw model. Action 4 in in the image shows the Change button to click first and Action 5 shows the Select folder button after browsing to the desired location. Action 6 shows the selected location under Location.
Utility Tab:
In the Utility tab you can choose the certificate used to sign the Apk and generate hash which is used during packaging after model encryption. Action 7 in the image shows the Browse button to choose this certificate file. After choosing the certificate, its path is visible under Location shown by Action 8. Action 9 shows the Generate Hash button. After hash generation, hash code is visible in Generated Hash box. Click Copy to copy Hash and add it to the Allowed Apps List along side of the package name for the App.
Resource Manager Tab:
In the Resource Manager tab you can download resources required for conversion of models to ONNX. This is a one-time process and once downloaded, the resources will remain downloaded. Alternatively, resources can be downloaded during encryption, as and when required.
You can generate following two types of Knox ML packages:
You can deploy the generated model package by keeping it in the application assets folder. Knox SDK provides the APIs to load the model in the application run-time.
To load the Model package in the application run-time, make a File Descriptor (FD) or create a data buffer of the package —if the package is present in the assets of the application— and call the subsequent API. To learn more about the development process, see model protection deployment, but ensure that you have the Knox SDK installed before you do so.
If you run into any errors, a failure log is generated. You can create a support ticket through your Knox Partner Portal > Support. Attach the failure log with the ticket and describe the issue in detail so that we can reproduce it to fix the error.