• DepthAI

  • Distributing proprietary models / pipelines

Hi All,

I have a question about the distribution of DepthAI pipelines using proprietary custom models.

I'm sure there isn't a single "correct" answer for this, but I'm trying to understand how one would best distribute such software for others to use without it being trivially easy for someone to reverse engineer it (for example extracting the model).

For example, would generating a dap (DepthAI Application Package) of a pipeline (to load onto a device in standalone mode) sufficiently obfuscate the pipeline and model to make it non-trivial to extract?

Thanks,

Julian

4 days later

Hi @jakaskerl ,

Thanks for the reply. Yeah that is my suspicion also, though I'll still try to follow this up to have a little higher confidence that distributing .dap files keeps their contents and model "private".

Are you aware of anyone internally who I could reach out to directly?

Thanks,

Julian

Hi @julian
Synced with the team;

The .dap file is not encrypted, the data is only obscured so if you know where to look, it should be relatively easy to extract the blob.
Blob is also not encrypted, but its not a 1:1 to the model+weights as its "compiled". Still, rough network structure is extractable, albeit non trivially.

Thanks,
Jaka

    jakaskerl
    Hi @jakaskerl,

    Thanks for the follow up. So it sounds like if given access to a .dap file a motivated user could relatively easy extract the model (blob) and use it in their own application?

    Are you aware of any approaches that could be used to prevent this?
    Eg. encrypting the .dap (or elements within the dap like the blob) and them being decrypted at runtime with factory configured key?

        julian
        What is the usecase? Are you afraid someone gets physical access to the device and reads the flash/RAM? Otherwise, for distribution, you can encrypt the .dap files yourself.

        Thanks,
        Jaka

            jakaskerl

            Yeah for this use case the customer will have physical access to the device, so I'm just trying to understand what potential measures might be possible to increase the difficulty of simply taking the model and pipeline and using it elsewhere.

            With physical access to the device can a user simply read the flash to recover the .dap file that was uploaded to standalone mode?

            Thanks,

            Julian

              Hi @julian ,
              Yes, they can read the whole flash with depthai - they just wouldn't know what bytes are what (what is pipeline, weights, depthai fw, etc.). Even if that wasn't the case, they could just connect to flash with a few wires and read it that way.