Cryptography and Security

New submissions

• New submissions
• Cross-lists
• Replacements

New submissions for Fri, 31 Mar 23

[1]  arXiv:2303.16956 [pdf, other]

Title: FeDiSa: A Semi-asynchronous Federated Learning Framework for Power System Fault and Cyberattack Discrimination

Authors: Muhammad Akbar Husnoo, Adnan Anwar, Haftu Tasew Reda, Nasser Hosseizadeh, Shama Naz Islam, Abdun Naser Mahmood, Robin Doss

Comments: To appear in IEEE INFOCOM AidTSP 2023

Subjects: Cryptography and Security (cs.CR); Distributed, Parallel, and Cluster Computing (cs.DC); Machine Learning (cs.LG); Systems and Control (eess.SY)

With growing security and privacy concerns in the Smart Grid domain, intrusion detection on critical energy infrastructure has become a high priority in recent years. To remedy the challenges of privacy preservation and decentralized power zones with strategic data owners, Federated Learning (FL) has contemporarily surfaced as a viable privacy-preserving alternative which enables collaborative training of attack detection models without requiring the sharing of raw data. To address some of the technical challenges associated with conventional synchronous FL, this paper proposes FeDiSa, a novel Semi-asynchronous Federated learning framework for power system faults and cyberattack Discrimination which takes into account communication latency and stragglers. Specifically, we propose a collaborative training of deep auto-encoder by Supervisory Control and Data Acquisition sub-systems which upload their local model updates to a control centre, which then perform a semi-asynchronous model aggregation for a new global model parameters based on a buffer system and a preset cut-off time. Experiments on the proposed framework using publicly available industrial control systems datasets reveal superior attack detection accuracy whilst preserving data confidentiality and minimizing the adverse effects of communication latency and stragglers. Furthermore, we see a 35% improvement in training time, thus validating the robustness of our proposed method.

[2]  arXiv:2303.17069 [pdf, other]

Title: ACM with Overlapping Partitions: Implementation and Periodicity Analysis

Authors: Anthony O'Dea

Subjects: Cryptography and Security (cs.CR)

The Arnold Cat Map (ACM) is a popular chaotic map used in image encryption. Chaotic maps are known for their sensitivity to initial conditions and their ability to mix, or rearrange, pixels. However, ACM is periodic, and the period is relatively short. This periodicity decreases the effective key space for a cryptosystem. Further, ACM can only be performed on square matrices. For non-square images, this issue can be solved by performing ACM on multiple square partitions of the image. If these partitions overlap, the periodicity will greatly increase. The resulting system will be referred to as overlapping ACM or OACM. This paper will cover the implementation and periodicity analysis for these overlapping systems, which previous papers involving similar overlapping block partitions did not. Viewing OACM as a scan as opposed to a map allows for faster implementation and period analysis.

[3]  arXiv:2303.17206 [pdf]

Title: Innovative Countermeasures to Defeat Cyber Attacks Against Blockchain Wallets: A Crypto Terminal Use Case

Authors: Pascal Urien (LTCI)

Journal-ref: 5th Cyber Security in Networking Conference (CSNet), 2021, IEEE, Oct 2021, Rio de Jaineiro, Brazil. pp.49-54

Subjects: Cryptography and Security (cs.CR)

Blockchain transactions are signed by private keys. Secure key storage and tamper-proof computers are essential requirements for deploying a trusted infrastructure. In this paper, we identify some threats against blockchain wallets and propose a set of physical and logical countermeasures to thwart them. We present the crypto terminal device, operating with a removable secure element, built on open software and hardware architectures, capable of detecting a cloned device or corrupted software. These technologies are based on tamper-resistant computing (javacard), smart card anti-cloning, smart card content attestation, application firewall, bare-metal architecture, remote attestation, dynamic Physical Unclonable Function (dPUF), and programming tokens as a root of trust.This paper is an extended version of the paper ''Innovative Countermeasures to Defeat Cyber Attacks Against Blockchain Wallets,'' 2021 5th Cyber Security in Networking Conference (CSNet), 2021, pp. 49-54, doi: 10.1109/CSNet52717.2021.9614649

[4]  arXiv:2303.17210 [pdf, other]

Title: DecentRAN: Decentralized Radio Access Network for 5.5G and beyond

Authors: Hao Xu, Xun Liu, Qinghai Zeng, Qiang Li, Shibin Ge, Guohua Zhou, Raymond Forbes

Subjects: Cryptography and Security (cs.CR); Networking and Internet Architecture (cs.NI); Systems and Control (eess.SY)

Radio Access Network faces challenges from privacy and flexible wide area and local area network access. RAN is limited from providing local service directly due to centralized design of cellular network and concerns of user privacy and data security. DecentRAN or Decentralized Radio Access Network offers an alternative perspective to cope with the emerging demands of 5G Non-public Network and the hybrid deployment of 5GS and Wi-Fi in the campus network. Starting from Public key as an Identity, independent mutual authentication between UE and RAN are made possible in a privacy-preserving manner. With the introduction of decentralized architecture and network functions using blockchain and smart contracts, DecentRAN has ability to provide users with locally managed, end-to-end encrypted 5G NPN and the potential connectivity to Local Area Network via campus routers. Furthermore, the performance regarding throughput and latency are discussed, offering the deployment guidance for DecentRAN.

[5]  arXiv:2303.17340 [pdf]

Title: Applying of The new Integral KAJ Transform in Cryptography

Authors: Jinan A. Jasim, Maysam Rahi Ali, Emad A. Kuff

Comments: 7 pages

Subjects: Cryptography and Security (cs.CR); Numerical Analysis (math.NA)

In this study, a new sort of transform known as (Kuffi- Abbas- Jawad transform) or KAJ- integral transformation is introduced. We introduce and explore important KAJ- transformation features and applications in cryptography. KAJ- transformation is used for encryption and inverse KAJ- transformation is used for decryption; an example is provided to illustrate the encryption and decryption of the given data.

[6]  arXiv:2303.17343 [pdf, other]

Title: Not Yet Another Digital ID: Privacy-preserving Humanitarian Aid Distribution

Authors: Boya Wang, Wouter Lueks, Justinas Sukaitis, Vincent Graf Narbel, Carmela Troncoso

Subjects: Cryptography and Security (cs.CR)

Humanitarian aid-distribution programs help bring physical goods (e.g., food, blankets) to people in need. Traditional paper-based solutions to support aid distribution do not scale to large populations and are hard to secure. Existing digital solutions solve these issues, at the cost of collecting large amount of personal information. Failing to protect aid recipients' privacy can result on harms for them and enables surveillance in the long run. In collaboration with the International Committee of the Red Cross, we build a safe aid-distribution system in this paper. We first systematize the requirements such a system should satisfy and then propose a decentralized solution based on the use of tokens. Our design provides strong scalability and accountability, at the same time, ensures privacy by design. We provide two instantiations of our design, on a smart card and on a smartphone. We formally prove the security and privacy properties of our design, and empirically show that the two instantiations can scale to hundreds of thousands of recipients.

[7]  arXiv:2303.17351 [pdf, other]

Title: Differential Area Analysis for Ransomware: Attacks, Countermeasures, and Limitations

Authors: Marco Venturini, Francesco Freda, Emanuele Miotto, Alberto Giaretta, Mauro Conti

Comments: 14 pages, 12 figures, journal article

Subjects: Cryptography and Security (cs.CR)

Crypto-ransomware attacks have been a growing threat over the last few years. The goal of every ransomware strain is encrypting user data, such that attackers can later demand users a ransom for unlocking their data. To maximise their earning chances, attackers equip their ransomware with strong encryption which produce files with high entropy values. Davies et al. proposed Differential Area Analysis (DAA), a technique that analyses files headers to differentiate compressed, regularly encrypted, and ransomware-encrypted files. In this paper, first we propose three different attacks to perform malicious header manipulation and bypass DAA detection. Then, we propose three countermeasures, namely 2-Fragments (2F), 3-Fragments (3F), and 4-Fragments (4F), which can be applied equally against each of the three attacks we propose. We conduct a number of experiments to analyse the ability of our countermeasures to detect ransomware-encrypted files, whether implementing our proposed attacks or not. Last, we test the robustness of our own countermeasures by analysing the performance, in terms of files per second analysed and resilience to extensive injection of low-entropy data. Our results show that our detection countermeasures are viable and deployable alternatives to DAA.

[8]  arXiv:2303.17373 [pdf, other]

Title: URSID: Using formalism to Refine attack Scenarios for vulnerable Infrastructure Deployment

Authors: Pierre-Victor Besson, Valérie Viet Triem Tong, Gilles Guette, Guillaume Piolle, Erwan Abgrall

Comments: 13 pages, 9 figures

Subjects: Cryptography and Security (cs.CR)

In this paper we propose a novel way of deploying vulnerable architectures for defense and research purposes, which aims to generate deception platforms based on the formal description of a scenario. An attack scenario is described by an attack graph in which transitions are labeled by ATT&CK techniques or procedures. The state of the attacker is modeled as a set of secrets he acquires and a set of nodes he controls. Descriptions of a single scenario on a technical level can then be declined into several different scenarios on a procedural level, and each of these scenarios can be deployed into its own vulnerable architecture. To achieve this goal we introduce the notion of architecture constraints, as some procedures may only be exploited on system presenting special properties, such as having a specific operating system version. Finally, we present our deployment process for converting one of these scenarios into a vulnerable infrastructure, and offer an online proof of concept demonstration of our tool, where readers may deploy locally deploy a complete scenario inspired by the threat actor APT-29.

[9]  arXiv:2303.17387 [pdf, other]

Title: Explainable Intrusion Detection Systems Using Competitive Learning Techniques

Authors: Jesse Ables, Thomas Kirby, Sudip Mittal, Ioana Banicescu, Shahram Rahimi, William Anderson, Maria Seale

Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI); Machine Learning (cs.LG)

The current state of the art systems in Artificial Intelligence (AI) enabled intrusion detection use a variety of black box methods. These black box methods are generally trained using Error Based Learning (EBL) techniques with a focus on creating accurate models. These models have high performative costs and are not easily explainable. A white box Competitive Learning (CL) based eXplainable Intrusion Detection System (X-IDS) offers a potential solution to these problem. CL models utilize an entirely different learning paradigm than EBL approaches. This different learning process makes the CL family of algorithms innately explainable and less resource intensive. In this paper, we create an X-IDS architecture that is based on DARPA's recommendation for explainable systems. In our architecture we leverage CL algorithms like, Self Organizing Maps (SOM), Growing Self Organizing Maps (GSOM), and Growing Hierarchical Self Organizing Map (GHSOM). The resulting models can be data-mined to create statistical and visual explanations. Our architecture is tested using NSL-KDD and CIC-IDS-2017 benchmark datasets, and produces accuracies that are 1% - 3% less than EBL models. However, CL models are much more explainable than EBL models. Additionally, we use a pruning process that is able to significantly reduce the size of these CL based models. By pruning our models, we are able to increase prediction speeds. Lastly, we analyze the statistical and visual explanations generated by our architecture, and we give a strategy that users could use to help navigate the set of explanations. These explanations will help users build trust with an Intrusion Detection System (IDS), and allow users to discover ways to increase the IDS's potency.

[10]  arXiv:2303.17499 [pdf, other]

Title: Fuzzified advanced robust hashes for identification of digital and physical objects

Authors: Shashank Tripathi, Volker Skwarek

Comments: 9 pages, 6 figures, 3 tables

Subjects: Cryptography and Security (cs.CR)

With the rising numbers for IoT objects, it is becoming easier to penetrate counterfeit objects into the mainstream market by adversaries. Such infiltration of bogus products can be addressed with third-party-verifiable identification. Generally, state-of-the-art identification schemes do not guarantee that an identifier e.g. barcodes or RFID itself cannot be forged. This paper introduces identification patterns representing the objects intrinsic identity by robust hashes and not only by generated identification patterns. Inspired by these two notions, a collection of uniquely identifiable attributes called quasi-identifiers (QI) can be used to identify an object. Since all attributes do not contribute equally towards an object's identity, each QI has a different contribution towards the identifier. A robust hash developed utilising the QI has been named fuzzified robust hashes (FaR hashes), which can be used as an object identifier. Although the FaR hash is a single hash string, selected bits change in response to the modification of QI. On the other hand, other QIs in the object are more important for the object's identity. If these QIs change, the complete FaR hash is going to change. The calculation of FaR hash using attributes should allow third parties to generate the identifier and compare it with the current one to verify the genuineness of the object.

[11]  arXiv:2303.17519 [pdf, other]

Title: Infinite Horizon Privacy in Networked Control Systems: Utility/Privacy Tradeoffs and Design Tools

Authors: Haleh Hayati, Nathan van de Wouw, Carlos Murguia

Subjects: Cryptography and Security (cs.CR); Information Theory (cs.IT); Systems and Control (eess.SY)

We address the problem of synthesizing distorting mechanisms that maximize infinite horizon privacy for Networked Control Systems (NCSs). We consider stochastic LTI systems where information about the system state is obtained through noisy sensor measurements and transmitted to a (possibly adversarial) remote station via unsecured/public communication networks to compute control actions (a remote LQR controller). Because the network/station is untrustworthy, adversaries might access sensor and control data and estimate the system state. To mitigate this risk, we pass sensor and control data through distorting (privacy-preserving) mechanisms before transmission and send the distorted data through the communication network. These mechanisms consist of a linear coordinate transformation and additive-dependent Gaussian vectors. We formulate the synthesis of the distorting mechanisms as a convex program. In this convex program, we minimize the infinite horizon mutual information (our privacy metric) between the system state and its optimal estimate at the remote station for a desired upper bound on the control performance degradation (LQR cost) induced by the distortion mechanism.

[12]  arXiv:2303.17544 [pdf, other]

Title: TorKameleon: Improving Tor's Censorship Resistance With K-anonimization and Media-based Covert Channels

Authors: João Afonso Vilalonga, João S. Resende, Henrique Domingos

Subjects: Cryptography and Security (cs.CR)

The use of anonymity networks such as Tor and similar tools can greatly enhance the privacy and anonymity of online communications. Tor, in particular, is currently the most widely used system for ensuring anonymity on the Internet. However, recent research has shown that Tor is vulnerable to correlation attacks carried out by state-level adversaries or colluding Internet censors. Therefore, new and more effective solutions emerged to protect online anonymity. Promising results have been achieved by implementing covert channels based on media traffic in modern anonymization systems, which have proven to be a reliable and practical approach to defend against powerful traffic correlation attacks. In this paper, we present TorKameleon, a censorship evasion solution that better protects Tor users from powerful traffic correlation attacks carried out by state-level adversaries. TorKameleon can be used either as a fully integrated Tor pluggable transport or as a standalone anonymization system that uses K-anonymization and encapsulation of user traffic in covert media channels. Our main goal is to protect users from machine and deep learning correlation attacks on anonymization networks like Tor. We have developed the TorKameleon prototype and performed extensive validations to verify the accuracy and experimental performance of the proposed solution in the Tor environment, including state-of-the-art active correlation attacks. As far as we know, we are the first to develop and study a system that uses both anonymization mechanisms described above against active correlation attacks.

Cross-lists for Fri, 31 Mar 23

[13]  arXiv:2303.17046 (cross-list from cs.LG) [pdf, other]

Title: Have it your way: Individualized Privacy Assignment for DP-SGD

Authors: Franziska Boenisch, Christopher Mühl, Adam Dziedzic, Roy Rinberg, Nicolas Papernot

Subjects: Machine Learning (cs.LG); Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR)

When training a machine learning model with differential privacy, one sets a privacy budget. This budget represents a maximal privacy violation that any user is willing to face by contributing their data to the training set. We argue that this approach is limited because different users may have different privacy expectations. Thus, setting a uniform privacy budget across all points may be overly conservative for some users or, conversely, not sufficiently protective for others. In this paper, we capture these preferences through individualized privacy budgets. To demonstrate their practicality, we introduce a variant of Differentially Private Stochastic Gradient Descent (DP-SGD) which supports such individualized budgets. DP-SGD is the canonical approach to training models with differential privacy. We modify its data sampling and gradient noising mechanisms to arrive at our approach, which we call Individualized DP-SGD (IDP-SGD). Because IDP-SGD provides privacy guarantees tailored to the preferences of individual users and their data points, we find it empirically improves privacy-utility trade-offs.

[14]  arXiv:2303.17118 (cross-list from cs.AR) [pdf, other]

Title: RPU: The Ring Processing Unit

Authors: Deepraj Soni, Negar Neda, Naifeng Zhang, Benedict Reynwar, Homer Gamil, Benjamin Heyman, Mohammed Nabeel, Ahmad Al Badawi, Yuriy Polyakov, Kellie Canida, Massoud Pedram, Michail Maniatakos, David Bruce Cousins, Franz Franchetti, Matthew French, Andrew Schmidt, Brandon Reagen

Subjects: Hardware Architecture (cs.AR); Cryptography and Security (cs.CR)

Ring-Learning-with-Errors (RLWE) has emerged as the foundation of many important techniques for improving security and privacy, including homomorphic encryption and post-quantum cryptography. While promising, these techniques have received limited use due to their extreme overheads of running on general-purpose machines. In this paper, we present a novel vector Instruction Set Architecture (ISA) and microarchitecture for accelerating the ring-based computations of RLWE. The ISA, named B512, is developed to meet the needs of ring processing workloads while balancing high-performance and general-purpose programming support. Having an ISA rather than fixed hardware facilitates continued software improvement post-fabrication and the ability to support the evolving workloads. We then propose the ring processing unit (RPU), a high-performance, modular implementation of B512. The RPU has native large word modular arithmetic support, capabilities for very wide parallel processing, and a large capacity high-bandwidth scratchpad to meet the needs of ring processing. We address the challenges of programming the RPU using a newly developed SPIRAL backend. A configurable simulator is built to characterize design tradeoffs and quantify performance. The best performing design was implemented in RTL and used to validate simulator performance. In addition to our characterization, we show that a RPU using 20.5mm2 of GF 12nm can provide a speedup of 1485x over a CPU running a 64k, 128-bit NTT, a core RLWE workload

[15]  arXiv:2303.17196 (cross-list from quant-ph) [pdf, ps, other]

Title: Secure multiparty quantum computations for greatest common divisor and private set intersection

Authors: Muhammad Imran

Subjects: Quantum Physics (quant-ph); Cryptography and Security (cs.CR)

We present a secure multiparty quantum computation (MPQC) for computing greatest common divisor (GCD) based on quantum multiparty private set union (PSU) by Liu, Yang, and Li. As the first step, we improve the security of the MPQC protocol for computing least common multiple (LCM) by Liu and Li by constructing an efficient exact quantum period-finding algorithm (EQPA) as a subroutine instead of the standard (probabilistic) Shor's quantum period-finding algorithm (QPA). The use of EQPA instead of the standard QPA guarantees the correctness of the protocol without repetitions. The improvement of LCM protocol also improves the private set union protocol which is based on computing LCM. Finally, using the same idea of the PSU protocol, we construct a quantum multiparty private set intersection (PSI) by transforming the PSI problem into the problem of computing GCD. Performance analysis shows that the correctness and the unconditional security in the semihonest model are guaranteed directly from the correctness and the security of the subroutine protocols (LCM and PSU protocols). Moreover, we show that the complexity of the proposed protocols is polynomial in the size of the secret inputs and the number of parties.

[16]  arXiv:2303.17255 (cross-list from cs.CV) [pdf, other]

Title: Adversarial Attack and Defense for Dehazing Networks

Authors: Jie Gui, Xiaofeng Cong, Chengwei Peng, Yuan Yan Tang, James Tin-Yau Kwok

Subjects: Computer Vision and Pattern Recognition (cs.CV); Cryptography and Security (cs.CR); Image and Video Processing (eess.IV)

The research on single image dehazing task has been widely explored. However, as far as we know, no comprehensive study has been conducted on the robustness of the well-trained dehazing models. Therefore, there is no evidence that the dehazing networks can resist malicious attacks. In this paper, we focus on designing a group of attack methods based on first order gradient to verify the robustness of the existing dehazing algorithms. By analyzing the general goal of image dehazing task, five attack methods are proposed, which are prediction, noise, mask, ground-truth and input attack. The corresponding experiments are conducted on six datasets with different scales. Further, the defense strategy based on adversarial training is adopted for reducing the negative effects caused by malicious attacks. In summary, this paper defines a new challenging problem for image dehazing area, which can be called as adversarial attack on dehazing networks (AADN). Code is available at https://github.com/guijiejie/AADN.

[17]  arXiv:2303.17297 (cross-list from cs.CV) [pdf, other]

Title: Understanding the Robustness of 3D Object Detection with Bird's-Eye-View Representations in Autonomous Driving

Authors: Zijian Zhu, Yichi Zhang, Hai Chen, Yinpeng Dong, Shu Zhao, Wenbo Ding, Jiachen Zhong, Shibao Zheng

Comments: 8 pages, CVPR2023

Subjects: Computer Vision and Pattern Recognition (cs.CV); Cryptography and Security (cs.CR)

3D object detection is an essential perception task in autonomous driving to understand the environments. The Bird's-Eye-View (BEV) representations have significantly improved the performance of 3D detectors with camera inputs on popular benchmarks. However, there still lacks a systematic understanding of the robustness of these vision-dependent BEV models, which is closely related to the safety of autonomous driving systems. In this paper, we evaluate the natural and adversarial robustness of various representative models under extensive settings, to fully understand their behaviors influenced by explicit BEV features compared with those without BEV. In addition to the classic settings, we propose a 3D consistent patch attack by applying adversarial patches in the 3D space to guarantee the spatiotemporal consistency, which is more realistic for the scenario of autonomous driving. With substantial experiments, we draw several findings: 1) BEV models tend to be more stable than previous methods under different natural conditions and common corruptions due to the expressive spatial representations; 2) BEV models are more vulnerable to adversarial noises, mainly caused by the redundant BEV features; 3) Camera-LiDAR fusion models have superior performance under different settings with multi-modal inputs, but BEV fusion model is still vulnerable to adversarial noises of both point cloud and image. These findings alert the safety issue in the applications of BEV detectors and could facilitate the development of more robust models.

Replacements for Fri, 31 Mar 23

[18]  arXiv:2012.03162 (replaced) [pdf, other]

Title: MeLPUF: Memory-in-Logic PUF Structures for Low-Overhead IC Authentication

Authors: Christopher Vega, Shubhra Deb Paul, Patanjali SLPSK, Swarup Bhunia

Subjects: Cryptography and Security (cs.CR)

[19]  arXiv:2206.02658 (replaced) [pdf, other]

Title: Longitudinal Analysis of Privacy Labels in the Apple App Store

Authors: David G. Balash, Mir Masood Ali, Xiaoyuan Wu, Chris Kanich, Adam J. Aviv

Subjects: Cryptography and Security (cs.CR)

[20]  arXiv:2210.00875 (replaced) [pdf, other]

Title: Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection

Authors: Yiming Li, Yang Bai, Yong Jiang, Yong Yang, Shu-Tao Xia, Bo Li

Comments: This work is accepted by the NeurIPS 2022 (selected as Oral paper, TOP 2%). The first two authors contributed equally to this work. 25 pages. We have fixed some typos in the previous version

Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI); Computer Vision and Pattern Recognition (cs.CV); Machine Learning (cs.LG)

[21]  arXiv:2207.08335 (replaced) [pdf, other]

Title: Concurrent Composition Theorems for Differential Privacy

Authors: Salil Vadhan, Wanrong Zhang

Journal-ref: Proceedings of the 55th Annual ACM Symposium on Theory of Computing (STOC '23), June 20--23, 2023, Orlando, FL, USA

Subjects: Data Structures and Algorithms (cs.DS); Cryptography and Security (cs.CR); Information Theory (cs.IT)

[22]  arXiv:2303.16372 (replaced) [pdf, other]

Title: Non-Asymptotic Lower Bounds For Training Data Reconstruction

Authors: Prateeti Mukherjee, Satya Lokam

Comments: Corrected minor typos and restructured appendix

Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR); Machine Learning (stat.ML)

• New submissions
• Cross-lists
• Replacements