Im building a webclient where a tensorflow model needs to run in the browser. I would want the Model to be protected so that it cant be just downloaded off "Developer tools". The model has to be encrypted and transferred and then decrypted at the client. What would be the best way to implement such a feature ?
Asked
Active
Viewed 254 times
0
-
5Decrypting at the client does not protect against accessing it in developer tools. – Steffen Ullrich Nov 15 '18 at 09:26
3 Answers
2
If you want to prevent the users of the client from using the model you send them, you need some form of DRM.
There are posts about why you will fail.
Josef
- 5,903
- 25
- 33
1
I would say that HTTPS is not the answer for your problem. HTTPS encrpyts the data on the transport layer - the server encrypts, the browser decrypts. What you want is to prevent data which already resides on the client (javascript-code) from beeing accessed by the user.
In short, thats not possible. Everything that happens on the client of a user is to 100% under control by the user. There is no way to encrypt the data in a manner that the browser can decrypt it but the user who controls the browser can not decrypt it.
You may want to think about obfuscation / minification of your javascript-code. But keep in mind that obscurity != security and that obfuscation does not prevent a user from just copying the code from developer tools. With obfusction, it's just not that easy to read. But it executes without a problem, and with enough effort it can be reengineered to cleartext.
Alex
- 273
- 1
- 2
- 7
0
In general when you need to transfer encrypted data over the Internet in a client server architecture with HTTP the recommendation is use TLS/SSL, some people referees also as Secure Sockets. And I think that is what you for your case need basically.
camp0
- 2,172
- 1
- 10
- 10