We gratefully acknowledge support from
the Simons Foundation and member institutions.

Cryptography and Security

New submissions

[ total of 23 entries: 1-23 ]
[ showing up to 2000 entries per page: fewer | more ]

New submissions for Wed, 8 Feb 23

[1]  arXiv:2302.03118 [pdf, other]
Title: From Emulation to Mathematical: A More General Traffic Obfuscation Approach To Encounter Feature based Mobile App traffic Classification
Subjects: Cryptography and Security (cs.CR); Networking and Internet Architecture (cs.NI)

The usage of the mobile app is unassailable in this digital era. While tons of data are generated daily, user privacy security concerns become an important issue. Nowadays, tons of techniques, such as machine learning and deep learning traffic classifiers, have been applied to analyze users app traffic. These techniques allow the monitor to get the fingerprints of using apps while the user traffic is still encrypted, which raises a severe privacy issue. In order to fight against this type of data analysis, people have been researching obfuscation algorithms to confuse feature-based machine learning classifiers with data camouflage by modification on packet length distribution. The existing works achieve this goal by remapping traffic packet length distribution from the source app to the fake camouflage app. However, this solution suffers from its lack of scalability and flexibility in practical application since the method needs to pre-sample the target fake apps traffic before the use of traffic camouflage. In this paper, we proposed a practical solution by using a mathematical model to calculate the target distribution while maintaining at least 50 percent accuracy drops on the performance of the AppScanner mobile traffic classifier and roughly 20 percent overhead created during packet modification.

[2]  arXiv:2302.03162 [pdf, other]
Title: Protecting Language Generation Models via Invisible Watermarking
Subjects: Cryptography and Security (cs.CR); Computation and Language (cs.CL); Machine Learning (cs.LG)

Language generation models have been an increasingly powerful enabler for many applications. Many such models offer free or affordable API access, which makes them potentially vulnerable to model extraction attacks through distillation. To protect intellectual property (IP) and ensure fair use of these models, various techniques such as lexical watermarking and synonym replacement have been proposed. However, these methods can be nullified by obvious countermeasures such as "synonym randomization". To address this issue, we propose GINSEW, a novel method to protect text generation models from being stolen through distillation. The key idea of our method is to inject secret signals into the probability vector of the decoding steps for each target token. We can then detect the secret message by probing a suspect model to tell if it is distilled from the protected one. Experimental results show that GINSEW can effectively identify instances of IP infringement with minimal impact on the generation quality of protected APIs. Our method demonstrates an absolute improvement of 19 to 29 points on mean average precision (mAP) in detecting suspects compared to previous methods against watermark removal attacks.

[3]  arXiv:2302.03251 [pdf, other]
Title: SCALE-UP: An Efficient Black-box Input-level Backdoor Detection via Analyzing Scaled Prediction Consistency
Subjects: Cryptography and Security (cs.CR)

Deep neural networks (DNNs) are vulnerable to backdoor attacks, where adversaries embed a hidden backdoor trigger during the training process for malicious prediction manipulation. These attacks pose great threats to the applications of DNNs under the real-world machine learning as a service (MLaaS) setting, where the deployed model is fully black-box while the users can only query and obtain its predictions. Currently, there are many existing defenses to reduce backdoor threats. However, almost all of them cannot be adopted in MLaaS scenarios since they require getting access to or even modifying the suspicious models. In this paper, we propose a simple yet effective black-box input-level backdoor detection, called SCALE-UP, which requires only the predicted labels to alleviate this problem. Specifically, we identify and filter malicious testing samples by analyzing their prediction consistency during the pixel-wise amplification process. Our defense is motivated by an intriguing observation (dubbed scaled prediction consistency) that the predictions of poisoned samples are significantly more consistent compared to those of benign ones when amplifying all pixel values. Besides, we also provide theoretical foundations to explain this phenomenon. Extensive experiments are conducted on benchmark datasets, verifying the effectiveness and efficiency of our defense and its resistance to potential adaptive attacks. Our codes are available at https://github.com/JunfengGo/SCALE-UP.

[4]  arXiv:2302.03262 [pdf, ps, other]
Title: Membership Inference Attacks against Diffusion Models
Subjects: Cryptography and Security (cs.CR); Machine Learning (cs.LG)

Diffusion models have attracted attention in recent years as innovative generative models. In this paper, we investigate whether a diffusion model is resistant to a membership inference attack, which evaluates the privacy leakage of a machine learning model. We primarily discuss the diffusion model from the standpoints of comparison with a generative adversarial network (GAN) as conventional models and hyperparameters unique to the diffusion model, i.e., time steps, sampling steps, and sampling variances. We conduct extensive experiments with DDIM as a diffusion model and DCGAN as a GAN on the CelebA and CIFAR-10 datasets in both white-box and black-box settings and then confirm if the diffusion model is comparably resistant to a membership inference attack as GAN. Next, we demonstrate that the impact of time steps is significant and intermediate steps in a noise schedule are the most vulnerable to the attack. We also found two key insights through further analysis. First, we identify that DDIM is vulnerable to the attack for small sample sizes instead of achieving a lower FID. Second, sampling steps in hyperparameters are important for resistance to the attack, whereas the impact of sampling variances is quite limited.

[5]  arXiv:2302.03290 [pdf]
Title: Homomorphic Hashing Based on Elliptic Curve Cryptography
Authors: Abel C. H. Chen
Comments: in Chinese language
Subjects: Cryptography and Security (cs.CR)

For avoiding the exposure of plaintexts in cloud environments, some homomorphic hashing algorithms have been proposed to generate the hash value of each plaintext, and cloud environments only store the hash values and calculate the hash values for future needs. However, longer hash value generation time and longer have value summary time may be required by these homomorphic hashing algorithms with higher security strengths. Therefore, this study proposes a homomorphic hashing based on elliptic curve cryptography (ECC) to provide a homomorphic hashing function in accordance with the characteristics of ECC. Furthermore, mathematical models and practical cases have been given to prove the proposed method. In experiments, the results show that the proposed method have higher efficiency with different security strengths.

[6]  arXiv:2302.03511 [pdf, ps, other]
Title: Differential Privacy with Higher Utility through Non-identical Additive Noise
Subjects: Cryptography and Security (cs.CR); Signal Processing (eess.SP)

Differential privacy is typically ensured by perturbation with additive noise that is sampled from a known distribution. Conventionally, independent and identically distributed (i.i.d.) noise samples are added to each coordinate. In this work, propose to add noise which is independent, but not identically distributed (i.n.i.d.) across the coordinates. In particular, we study the i.n.i.d. Gaussian and Laplace mechanisms and obtain the conditions under which these mechanisms guarantee privacy. The optimal choice of parameters that ensure these conditions are derived theoretically. Theoretical analyses and numerical simulations show that the i.n.i.d. mechanisms achieve higher utility for the given privacy requirements compared to their i.i.d. counterparts.

[7]  arXiv:2302.03581 [pdf]
Title: A Review of existing GDPR Solutions for Citizens and SMEs - preprint -
Comments: 52 pages
Subjects: Cryptography and Security (cs.CR)

The GDPR grants data subjects certain rights, like the right to access their data from companies, but in practice multiple problems exist with exercising these rights such as unknown data holders or interpreting the received data. Small and medium enterprises on the other hand need to facilitate the obligations given by the GDPR, but often lack proper systems, staff and other resources to do so effectively. For the GDPR to be effective in practice, these problems need to be addressed. With the work at hand we provide an overview of existing software solutions for the these problems (from an internet research), discuss to which degree they solve the various problems and what issues remain.

[8]  arXiv:2302.03591 [pdf, other]
Title: DSAC: Low-Cost Rowhammer Mitigation Using In-DRAM Stochastic and Approximate Counting Algorithm
Comments: 11 pages
Subjects: Cryptography and Security (cs.CR); Hardware Architecture (cs.AR)

DRAM has scaled to achieve low cost per bit and this scaling has decreased Rowhammer threshold. Thus, DRAM has adopted Target-Row-Refresh (TRR) which refreshes victim rows that can possibly lose stored data due to neighboring aggressor rows. Accordingly, prior works focused on TRR algorithm that can identify the most frequently accessed row, Rowhammer, to detect the victim rows. TRR algorithm can be implemented in memory controller, yet it can cause either insufficient or excessive number of TRRs due to lack of information of Rowhammer threshold and it can also degrade system performance due to additional command for Rowhammer mitigation. Therefore, this paper focuses on in-DRAM TRR algorithm.
In general, counter-based detection algorithms have higher detection accuracy and scalability compared to probabilistic detection algorithms. However, modern DRAM extremely limits the number of counters for TRR algorithm. This paper demonstrates that decoy-rows are the fundamental reason the state-of-the-art counter-based algorithms cannot properly detect Rowhammer under the area limitation. Decoy-rows are rows whose number of accesses does not exceed the number of Rowhammer accesses within an observation period. Thus, decoy-rows should not replace Rowhammer which are in a count table. Unfortunately, none of the state-of-the-art counter-based algorithms filter out decoy-rows. Consequently, decoy-rows replace Rowhammer in a count table and dispossess TRR opportunities from victim rows. Therefore, this paper proposes `in-DRAM Stochastic and Approximate Counting (DSAC) algorithm', which leverages Stochastic Replacement to filter out decoy-rows and Approximate Counting for low area cost. The key idea is that a replacement occurs if a new row comes in more than a minimum count row in a count table on average so that decoy-rows cannot replace Rowhammer in a count table.

Cross-lists for Wed, 8 Feb 23

[9]  arXiv:2302.02831 (cross-list from math.GR) [pdf, ps, other]
Title: Uniform Cyclic Group Factorizations of Finite Groups
Subjects: Group Theory (math.GR); Cryptography and Security (cs.CR)

In this paper, we introduce a kind of decomposition of a finite group called a uniform group factorization, as a generalization of exact factorizations of a finite group. A group $G$ is said to admit a uniform group factorization if there exist subgroups $H_1, H_2, \ldots, H_k$ such that $G = H_1 H_2 \cdots H_k$ and the number of ways to represent any element $g \in G$ as $g = h_1 h_2 \cdots h_k$ ($h_i \in H_i$) does not depend on the choice of $g$. Moreover, a uniform group factorization consisting of cyclic subgroups is called a uniform cyclic group factorization. First, we show that any finite solvable group admits a uniform cyclic group factorization. Second, we show that whether all finite groups admit uniform cyclic group factorizations or not is equivalent to whether all finite simple groups admit uniform group factorizations or not. Lastly, we give some concrete examples of such factorizations.

[10]  arXiv:2302.03098 (cross-list from cs.LG) [pdf, other]
Title: One-shot Empirical Privacy Estimation for Federated Learning
Comments: Submitted to ICML 2023
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR)

Privacy auditing techniques for differentially private (DP) algorithms are useful for estimating the privacy loss to compare against analytical bounds, or empirically measure privacy in settings where known analytical bounds on the DP loss are not tight. However, existing privacy auditing techniques usually make strong assumptions on the adversary (e.g., knowledge of intermediate model iterates or the training data distribution), are tailored to specific tasks and model architectures, and require retraining the model many times (typically on the order of thousands). These shortcomings make deploying such techniques at scale difficult in practice, especially in federated settings where model training can take days or weeks. In this work, we present a novel "one-shot" approach that can systematically address these challenges, allowing efficient auditing or estimation of the privacy loss of a model during the same, single training run used to fit model parameters. Our privacy auditing method for federated learning does not require a priori knowledge about the model architecture or task. We show that our method provides provably correct estimates for privacy loss under the Gaussian mechanism, and we demonstrate its performance on a well-established FL benchmark dataset under several adversarial models.

[11]  arXiv:2302.03107 (cross-list from cs.CY) [pdf, ps, other]
Title: Decentralized Zero-Trust Framework for Digital Twin-based 6G
Comments: Submitted to IEEE Communications Magazine
Subjects: Computers and Society (cs.CY); Cryptography and Security (cs.CR); Networking and Internet Architecture (cs.NI)

The Sixth Generation (6G) network is a platform for the fusion of the physical and virtual worlds. It will integrate processing, communication, intelligence, sensing, and storage of things. All devices and their virtual counterparts will become part of the service-provisioning process. In essence, 6G is a purposefully cooperative network that heavily depends on the capabilities of edge and end-devices. Digital Twin (DT) will become an essential part of 6G, not only in terms of providing a virtual representation of the physical elements and their dynamics and functionalities but rather DT will become a catalyst in the realization of the cooperative 6G environment. DT will play a main role in realizing the full potential of the 6G network by utilizing the collected data at the cyber twin and then implementing using the physical twin to ensure optimal levels of accuracy and efficiency. With that said, such a cooperative non-conventional network infrastructure cannot rely on conventional centralized intrusion detection and prevention systems. Zero-trust is a new security framework that aims at protecting distributed data, devices, components and users. This article presents a new framework that integrates the zero-trust architecture in DT-enabled 6G networks. Unlike conventional zero-trust solutions, the proposed framework adapts a decentralized mechanism to ensure the security, privacy and authenticity of both the physical devices and their DT counterparts. Blockchain plays an integral part in the authentication of DTs and the communicated data. Artificial Intelligence (AI) is integrated into all cooperating nodes using meta, generalized and federated learning solutions. The article also discusses current solutions and future outlooks, with challenges and some technology enablers.

[12]  arXiv:2302.03650 (cross-list from math.NT) [pdf, ps, other]
Title: Multiplication polynomials for elliptic curves over finite local rings
Subjects: Number Theory (math.NT); Cryptography and Security (cs.CR)

For a given elliptic curve $E$ over a finite local ring, we denote by $E^{\infty}$ its subgroup at infinity. Every point $P \in E^{\infty}$ can be described solely in terms of its $x$-coordinate $P_x$, which can be therefore used to parameterize all its multiples $nP$. We refer to the coefficient of $(P_x)^i$ in the parameterization of $(nP)_x$ as the $i$-th multiplication polynomial. We show that this coefficient is a degree-$i$ rational polynomial without a constant term in $n$. We also prove that no primes greater than $i$ may appear in the denominators of its terms. As a consequence, for every finite field $\mathbb{F}_q$ and any $k\in\mathbb{N}^*$, we prescribe the group structure of a generic elliptic curve defined over $\mathbb{F}_q[X]/(X^k)$, and we show that their ECDLP on $E^{\infty}$ may be efficiently solved.

[13]  arXiv:2302.03657 (cross-list from cs.CV) [pdf, other]
Title: Toward Face Biometric De-identification using Adversarial Examples
Comments: Accepted at the AAAI-23 workshop on Artificial Intelligence for Cyber Security (AICS)
Subjects: Computer Vision and Pattern Recognition (cs.CV); Cryptography and Security (cs.CR); Machine Learning (cs.LG)

The remarkable success of face recognition (FR) has endangered the privacy of internet users particularly in social media. Recently, researchers turned to use adversarial examples as a countermeasure. In this paper, we assess the effectiveness of using two widely known adversarial methods (BIM and ILLC) for de-identifying personal images. We discovered, unlike previous claims in the literature, that it is not easy to get a high protection success rate (suppressing identification rate) with imperceptible adversarial perturbation to the human visual system. Finally, we found out that the transferability of adversarial examples is highly affected by the training parameters of the network with which they are generated.

[14]  arXiv:2302.03670 (cross-list from cs.IT) [pdf, ps, other]
Title: Private Read Update Write (PRUW) With Heterogeneous Databases
Subjects: Information Theory (cs.IT); Cryptography and Security (cs.CR); Networking and Internet Architecture (cs.NI); Signal Processing (eess.SP)

We investigate the problem of private read update write (PRUW) with heterogeneous storage constrained databases in federated submodel learning (FSL). In FSL a machine learning (ML) model is divided into multiple submodels based on different types of data used to train it. A given user downloads, updates and uploads the updates back to a single submodel of interest, based on the type of user's local data. With PRUW, the process of reading (downloading) and writing (uploading) is carried out such that information theoretic privacy of the updating submodel index and the values of updates is guaranteed. We consider the practical scenario where the submodels are stored in databases with arbitrary (heterogeneous) storage constraints, and provide a PRUW scheme with a storage mechanism that utilizes submodel partitioning and encoding to minimize the communication cost.

[15]  arXiv:2302.03684 (cross-list from cs.LG) [pdf, other]
Title: Temporal Robustness against Data Poisoning
Comments: 11 pages, 7 figures
Subjects: Machine Learning (cs.LG); Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR); Machine Learning (stat.ML)

Data poisoning considers cases when an adversary maliciously inserts and removes training data to manipulate the behavior of machine learning algorithms. Traditional threat models of data poisoning center around a single metric, the number of poisoned samples. In consequence, existing defenses are essentially vulnerable in practice when poisoning more samples remains a feasible option for attackers. To address this issue, we leverage timestamps denoting the birth dates of data, which are often available but neglected in the past. Benefiting from these timestamps, we propose a temporal threat model of data poisoning and derive two novel metrics, earliness and duration, which respectively measure how long an attack started in advance and how long an attack lasted. With these metrics, we define the notions of temporal robustness against data poisoning, providing a meaningful sense of protection even with unbounded amounts of poisoned samples. We present a benchmark with an evaluation protocol simulating continuous data collection and periodic deployments of updated models, thus enabling empirical evaluation of temporal robustness. Lastly, we develop and also empirically verify a baseline defense, namely temporal aggregation, offering provable temporal robustness and highlighting the potential of our temporal modeling of data poisoning.

Replacements for Wed, 8 Feb 23

[16]  arXiv:2008.12199 (replaced) [pdf, other]
Title: Privacy Intelligence: A Survey on Image Privacy in Online Social Networks
Comments: 32 pages, 9 figures. Under review
Journal-ref: ACM Comput. Surv. 55, 8, Article 161 (August 2023), 35 pages
Subjects: Cryptography and Security (cs.CR); Social and Information Networks (cs.SI)
[17]  arXiv:2106.13926 (replaced) [src]
Title: CLOAK: Enabling Confidential Smart Contract With Multi-Party Transactions
Comments: Withdrawing for avoid misleading. Another significantly different version has been published
Subjects: Cryptography and Security (cs.CR)
[18]  arXiv:2208.14414 (replaced) [pdf, other]
Title: On the (Im)Possibility of Estimating Various Notions of Differential Privacy
Subjects: Cryptography and Security (cs.CR)
[19]  arXiv:2302.02325 (replaced) [pdf, other]
Title: Resilient Consensus Sustained Collaboratively
Comments: 14 pages, 9 figures
Subjects: Cryptography and Security (cs.CR); Databases (cs.DB); Distributed, Parallel, and Cluster Computing (cs.DC)
[20]  arXiv:2202.08728 (replaced) [pdf, other]
Title: A nonparametric extension of randomized response for private confidence sets
Comments: 49 pages, 6 figures
Subjects: Methodology (stat.ME); Cryptography and Security (cs.CR); Statistics Theory (math.ST); Machine Learning (stat.ML)
[21]  arXiv:2202.12993 (replaced) [pdf, other]
Title: Projective Ranking-based GNN Evasion Attacks
Comments: Accepted by IEEE Transactions on Knowledge and Data Engineering
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR)
[22]  arXiv:2301.09732 (replaced) [pdf, other]
Title: Backdoor Attacks in Peer-to-Peer Federated Learning
Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR)
[23]  arXiv:2302.02568 (replaced) [pdf, other]
Title: Less is More: Understanding Word-level Textual Adversarial Attack via n-gram Frequency Descend
Comments: 8 pages, 4 figures. In progress
Subjects: Computation and Language (cs.CL); Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR); Machine Learning (cs.LG)
[ total of 23 entries: 1-23 ]
[ showing up to 2000 entries per page: fewer | more ]

Disable MathJax (What is MathJax?)

Links to: arXiv, form interface, find, cs, recent, 2302, contact, help  (Access key information)