Valuable information and knowledge can be learned from users’ location traces and support various location-based applications such as intelligent traffic control, incident response, and COVID-19 contact tracing. However, due to privacy concerns, no authority could simply collect users’ private location traces for mining or even publishing. To echo such concerns, local differential privacy (LDP) enables individual privacy by allowing each user to report a perturbed version of their data. Unfortunately, when applied to location traces, LDP cannot preserve the semantics in the context of location traces because it treats all locations (i.e., various points of interest) as equally sensitive. This results in a low utility of LDP mechanisms for collecting location traces. In this paper, we address the challenge of collecting and sharing location traces with valuable semantics while providing sufficient privacy protection for participating users. We first propose semantic-constrained local differential privacy (SLDP), a new privacy model to provide a provable mathematical privacy guarantee while preserving desirable semantics. Then, we design a location trace perturbation mechanism (LTPM) that users can use to perturb their traces in a way that satisfies SLDP. Finally, we propose a private location trace synthesis (PLTS) framework in which users use LTPM to perturb their traces before sending them to the collector, who aggregates the users’ perturbed data to generate location traces with valuable semantics. Extensive experiments on three real-world datasets demonstrate that our PLTS outperforms existing state-of-the-art methods by at least 21% in a range of real-world applications, such as spatial visiting queries and frequent pattern mining, under the same privacy leakage.
{"title":"Generating Location Traces With Semantic- Constrained Local Differential Privacy","authors":"Xinyue Sun;Qingqing Ye;Haibo Hu;Jiawei Duan;Qiao Xue;Tianyu Wo;Weizhe Zhang;Jie Xu","doi":"10.1109/TIFS.2024.3480712","DOIUrl":"10.1109/TIFS.2024.3480712","url":null,"abstract":"Valuable information and knowledge can be learned from users’ location traces and support various location-based applications such as intelligent traffic control, incident response, and COVID-19 contact tracing. However, due to privacy concerns, no authority could simply collect users’ private location traces for mining or even publishing. To echo such concerns, local differential privacy (LDP) enables individual privacy by allowing each user to report a perturbed version of their data. Unfortunately, when applied to location traces, LDP cannot preserve the semantics in the context of location traces because it treats all locations (i.e., various points of interest) as equally sensitive. This results in a low utility of LDP mechanisms for collecting location traces. In this paper, we address the challenge of collecting and sharing location traces with valuable semantics while providing sufficient privacy protection for participating users. We first propose semantic-constrained local differential privacy (SLDP), a new privacy model to provide a provable mathematical privacy guarantee while preserving desirable semantics. Then, we design a location trace perturbation mechanism (LTPM) that users can use to perturb their traces in a way that satisfies SLDP. Finally, we propose a private location trace synthesis (PLTS) framework in which users use LTPM to perturb their traces before sending them to the collector, who aggregates the users’ perturbed data to generate location traces with valuable semantics. Extensive experiments on three real-world datasets demonstrate that our PLTS outperforms existing state-of-the-art methods by at least 21% in a range of real-world applications, such as spatial visiting queries and frequent pattern mining, under the same privacy leakage.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9850-9865"},"PeriodicalIF":6.3,"publicationDate":"2024-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142439883","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-11DOI: 10.1109/TIFS.2024.3478828
Ningping Mou;Binqing Guo;Lingchen Zhao;Cong Wang;Yue Zhao;Qian Wang
Recent advancements in adversarial attack research have seen a transition from white-box to black-box and even no-box threat models, greatly enhancing the practicality of these attacks. However, existing no-box attacks focus on instance-specific perturbations, leaving more powerful universal adversarial perturbations (UAPs) unexplored. This study addresses a crucial question: can UAPs be generated under a no-box threat model? Our findings provide an affirmative answer with a texture-based method. Artificially crafted textures can act as UAPs, termed Texture-Adv. With a modest density and a fixed budget for perturbations, it can achieve an attack success rate of 80% under the constraint of �$l_{infty }$ � = 10/255. In addition, Texture-Adv can also take effect under traditional black-box threat models. Building upon a phenomenon associated with dominant labels, we utilize Texture-Adv to develop a highly efficient decision-based attack strategy, named Adv-Pool. This approach creates and traverses a set of Texture-Adv instances with diverse classification distributions, significantly reducing the average query budget to less than 1.3, which is near the 1-query lower bound for decision-based attacks. Moreover, we empirically demonstrate that Texture-Adv, when used as a starting point, can enhance the success rates of existing transfer attacks and the efficiency of decision-based attacks. The discovery suggests its potential as an effective starting point for various adversarial attacks while preserving the original constraints of their threat models.
{"title":"No-Box Universal Adversarial Perturbations Against Image Classifiers via Artificial Textures","authors":"Ningping Mou;Binqing Guo;Lingchen Zhao;Cong Wang;Yue Zhao;Qian Wang","doi":"10.1109/TIFS.2024.3478828","DOIUrl":"10.1109/TIFS.2024.3478828","url":null,"abstract":"Recent advancements in adversarial attack research have seen a transition from white-box to black-box and even no-box threat models, greatly enhancing the practicality of these attacks. However, existing no-box attacks focus on instance-specific perturbations, leaving more powerful universal adversarial perturbations (UAPs) unexplored. This study addresses a crucial question: can UAPs be generated under a no-box threat model? Our findings provide an affirmative answer with a texture-based method. Artificially crafted textures can act as UAPs, termed Texture-Adv. With a modest density and a fixed budget for perturbations, it can achieve an attack success rate of 80% under the constraint of \u0000<inline-formula> <tex-math>$l_{infty }$ </tex-math></inline-formula>\u0000 = 10/255. In addition, Texture-Adv can also take effect under traditional black-box threat models. Building upon a phenomenon associated with dominant labels, we utilize Texture-Adv to develop a highly efficient decision-based attack strategy, named Adv-Pool. This approach creates and traverses a set of Texture-Adv instances with diverse classification distributions, significantly reducing the average query budget to less than 1.3, which is near the 1-query lower bound for decision-based attacks. Moreover, we empirically demonstrate that Texture-Adv, when used as a starting point, can enhance the success rates of existing transfer attacks and the efficiency of decision-based attacks. The discovery suggests its potential as an effective starting point for various adversarial attacks while preserving the original constraints of their threat models.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9803-9818"},"PeriodicalIF":6.3,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142415531","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-11DOI: 10.1109/TIFS.2024.3478823
Yue Zhang;Youwen Zhu;Shaowei Wang;Xiaohua Huang
Utility-optimized local differential privacy (ULDP) considers input domain including non-sensitive values which reduces utility loss by leaking some non-sensitive values, without lowering protection to any sensitive one compared with local differential privacy (LDP). The existing ULDP mechanisms are designed under �$epsilon $ �-ULDP which preserve sensitive values under �$epsilon $ �-LDP. Nevertheless, it is still challenging to achieve �$(epsilon ,delta)$ �-ULDP. In this paper, we consider mean aggregation in �$(epsilon ,delta)$ �-ULDP, where sensitive values are protected under �$(epsilon ,delta)$ �-LDP. Specifically, we first propose One-Bit perturbation Mechanism (OBM) for unbiased mean estimation under �$(epsilon ,delta)$ �-LDP and then obtain optimal OBM by minimizing its worst-case error. In OBM, each output is a 1-bit value, and it thus is highly communication-efficient. Second, based on OBM, we design an unbiased mean estimation mechanism in �$(epsilon ,delta)$ �-ULDP, Utility-optimized OBM (UOBM), where sensitive values are strictly protected under �$(epsilon ,delta)$ �-LDP while non-sensitive ones could be disclosed to achieve higher utility. Further, we extend UOBM to the personalized scene where each user has specific privacy budget and sensitive range. Additionally, we theoretically and experimentally compare the proposed mechanisms with existing ones. The results show OBM outperforms existing mechanisms in utility, though its output is just a 1-bit value. UOBM can dramatically decrease the estimation error, compared with OBM.
{"title":"Mean Estimation of Numerical Data Under (ϵ,δ) -Utility-Optimized Local Differential Privacy","authors":"Yue Zhang;Youwen Zhu;Shaowei Wang;Xiaohua Huang","doi":"10.1109/TIFS.2024.3478823","DOIUrl":"10.1109/TIFS.2024.3478823","url":null,"abstract":"Utility-optimized local differential privacy (ULDP) considers input domain including non-sensitive values which reduces utility loss by leaking some non-sensitive values, without lowering protection to any sensitive one compared with local differential privacy (LDP). The existing ULDP mechanisms are designed under \u0000<inline-formula> <tex-math>$epsilon $ </tex-math></inline-formula>\u0000-ULDP which preserve sensitive values under \u0000<inline-formula> <tex-math>$epsilon $ </tex-math></inline-formula>\u0000-LDP. Nevertheless, it is still challenging to achieve \u0000<inline-formula> <tex-math>$(epsilon ,delta)$ </tex-math></inline-formula>\u0000-ULDP. In this paper, we consider mean aggregation in \u0000<inline-formula> <tex-math>$(epsilon ,delta)$ </tex-math></inline-formula>\u0000-ULDP, where sensitive values are protected under \u0000<inline-formula> <tex-math>$(epsilon ,delta)$ </tex-math></inline-formula>\u0000-LDP. Specifically, we first propose One-Bit perturbation Mechanism (OBM) for unbiased mean estimation under \u0000<inline-formula> <tex-math>$(epsilon ,delta)$ </tex-math></inline-formula>\u0000-LDP and then obtain optimal OBM by minimizing its worst-case error. In OBM, each output is a 1-bit value, and it thus is highly communication-efficient. Second, based on OBM, we design an unbiased mean estimation mechanism in \u0000<inline-formula> <tex-math>$(epsilon ,delta)$ </tex-math></inline-formula>\u0000-ULDP, Utility-optimized OBM (UOBM), where sensitive values are strictly protected under \u0000<inline-formula> <tex-math>$(epsilon ,delta)$ </tex-math></inline-formula>\u0000-LDP while non-sensitive ones could be disclosed to achieve higher utility. Further, we extend UOBM to the personalized scene where each user has specific privacy budget and sensitive range. Additionally, we theoretically and experimentally compare the proposed mechanisms with existing ones. The results show OBM outperforms existing mechanisms in utility, though its output is just a 1-bit value. UOBM can dramatically decrease the estimation error, compared with OBM.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9656-9669"},"PeriodicalIF":6.3,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142415533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-11DOI: 10.1109/TIFS.2024.3478834
Zhuo Chen;Liehuang Zhu;Peng Jiang;Zijian Zhang;Chengxiang Si
Covert channels in blockchain networks achieve undetectable and reliable communication, while transactions incorporating secret data are perpetually stored on the chain, thereby leaving the secret data continuously susceptible to extraction. MTMM (IEEE Transactions on Computers 2023) is a state-of-the-art blockchain-based covert channel. It utilizes Bitcoin network traffic that will not be recorded on the chain to embed data, thus mitigating the above issues. However, we identify a distinctive pattern in MTMM, based on which we propose a comparison attack to accurately detect MTMM traffic. To defend against the attack, we present an improvement named ORIM, which exploits the permutation of transaction hashes within inventory messages to transmit secret data. ORIM leverages a pseudo-random function to obscure the transaction hashes involved in the permutation to ensure unobservability. The obfuscated values, rather than the original transaction hashes, are utilized to encode the confidential data. Furthermore, we introduce a variable-length encoding scheme predicated on complete binary trees. This scheme considerably amplifies the bandwidth and facilitates efficient encoding and decoding of secret data. Experimental results indicate that ORIM maintains unobservability and that ORIM’s bandwidth is approximately �$3.7times $ � of MTMM.
{"title":"Blockchain-Based Covert Communication: A Detection Attack and Efficient Improvement","authors":"Zhuo Chen;Liehuang Zhu;Peng Jiang;Zijian Zhang;Chengxiang Si","doi":"10.1109/TIFS.2024.3478834","DOIUrl":"10.1109/TIFS.2024.3478834","url":null,"abstract":"Covert channels in blockchain networks achieve undetectable and reliable communication, while transactions incorporating secret data are perpetually stored on the chain, thereby leaving the secret data continuously susceptible to extraction. MTMM (IEEE Transactions on Computers 2023) is a state-of-the-art blockchain-based covert channel. It utilizes Bitcoin network traffic that will not be recorded on the chain to embed data, thus mitigating the above issues. However, we identify a distinctive pattern in MTMM, based on which we propose a comparison attack to accurately detect MTMM traffic. To defend against the attack, we present an improvement named ORIM, which exploits the permutation of transaction hashes within inventory messages to transmit secret data. ORIM leverages a pseudo-random function to obscure the transaction hashes involved in the permutation to ensure unobservability. The obfuscated values, rather than the original transaction hashes, are utilized to encode the confidential data. Furthermore, we introduce a variable-length encoding scheme predicated on complete binary trees. This scheme considerably amplifies the bandwidth and facilitates efficient encoding and decoding of secret data. Experimental results indicate that ORIM maintains unobservability and that ORIM’s bandwidth is approximately \u0000<inline-formula> <tex-math>$3.7times $ </tex-math></inline-formula>\u0000 of MTMM.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9698-9713"},"PeriodicalIF":6.3,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142415530","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Wide Area Measurement Systems (WAMSs) are used in power networks to improve the situational awareness of the operator, as well as to facilitate real-time control and protection decisions. In WAMSs, Phasor Data Concentrators (PDCs) collect time-synchronized data of Phasor Measurement Units (PMUs) through the communication system, and direct it to the control center to be used in wide-area control and protection applications. Due to the dependence of WAMSs on information and communication technologies, cyber-attacks can target these systems and propagate through them, i.e., infect a greater number of components by accessing and controlling a few of them. On this basis, this paper initially develops a Learning-Based Framework (LBF) to estimate the required defense strategy to counter the propagation of cyber-attacks in WAMSs. Afterwards, through solving a linear Binary Integer Programming (BIP) problem, this paper develops a mitigation strategy to optimally reconfigure the communication network and reduce the contamination probability for critical PMUs and PDCs while maintaining the observability of the grid. The simulation results obtained from IEEE 14- and 30-bus test systems corroborate the effectiveness of the proposed LBF and communication network reconfiguration strategy in mitigating the propagation of cyber-attacks in WAMSs.
{"title":"Mitigating Propagation of Cyber-Attacks in Wide-Area Measurement Systems","authors":"Hamed Sarjan;Mohammadmahdi Asghari;Amir Ameli;Mohsen Ghafouri","doi":"10.1109/TIFS.2024.3477269","DOIUrl":"10.1109/TIFS.2024.3477269","url":null,"abstract":"Wide Area Measurement Systems (WAMSs) are used in power networks to improve the situational awareness of the operator, as well as to facilitate real-time control and protection decisions. In WAMSs, Phasor Data Concentrators (PDCs) collect time-synchronized data of Phasor Measurement Units (PMUs) through the communication system, and direct it to the control center to be used in wide-area control and protection applications. Due to the dependence of WAMSs on information and communication technologies, cyber-attacks can target these systems and propagate through them, i.e., infect a greater number of components by accessing and controlling a few of them. On this basis, this paper initially develops a Learning-Based Framework (LBF) to estimate the required defense strategy to counter the propagation of cyber-attacks in WAMSs. Afterwards, through solving a linear Binary Integer Programming (BIP) problem, this paper develops a mitigation strategy to optimally reconfigure the communication network and reduce the contamination probability for critical PMUs and PDCs while maintaining the observability of the grid. The simulation results obtained from IEEE 14- and 30-bus test systems corroborate the effectiveness of the proposed LBF and communication network reconfiguration strategy in mitigating the propagation of cyber-attacks in WAMSs.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9984-9999"},"PeriodicalIF":6.3,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142415532","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Byzantine-robust federated learning (FL) endeavors to empower service providers in acquiring a precise global model, even in the presence of potentially malicious FL clients. While considerable strides have been taken in the development of robust aggregation algorithms for FL in recent years, their efficacy is confined to addressing particular forms of Byzantine attacks, and they exhibit vulnerabilities when confronted with a spectrum of attack vectors. Notably, a prevailing issue lies in the heavy reliance of these algorithms on the examination of local model gradients. It is worth noting that an attacker possesses the ability to manipulate a carefully chosen small gradient of a model within a context where there could be millions of gradients available, thereby facilitating adaptive attacks. Drawing inspiration from the foundational Shapley value methodology in game theory, we introduce an effective FL scheme named �CareFL�. This scheme is designed to provide robustness against a spectrum of state-of-the-art Byzantine attacks. Unlike approaches that rely on the examination of gradients, �CareFL� employs a universal metric, the loss of the local model—independent of specific gradients, to identify potentially malicious clients. Specifically, in each aggregation round, the FL server trains a reference model using a small auxiliary dataset— the auxiliary dataset can be removed with a slight defense degradation trade-off. It employs the Shapley value to assess the contribution of each client-submitted model in minimizing the global model loss. Subsequently, the server selects client models closer to the reference model in terms of Shapley values for the global model update. To reduce the computational overhead of �CareFL� when the number of clients is relatively scaled-up, we construct its variant, namely �CareFL�+ generally by grouping clients. Extensive experimentation conducted on well-established MNIST and CIFAR-10 datasets, encompassing diverse model architectures, including AlexNet, demonstrates that �CareFL� consistently achieves accuracy levels comparable to those attained under attack-free conditions when faced with five formidable attacks. �CareFL� and CareFL+ outperform six existing state-of-the-art Byzantine-robust FL aggregation methods, including �FLTrust�, across both IID and non-IID data distribution settings.
{"title":"CareFL: Contribution Guided Byzantine-Robust Federated Learning","authors":"Qihao Dong;Shengyuan Yang;Zhiyang Dai;Yansong Gao;Shang Wang;Yuan Cao;Anmin Fu;Willy Susilo","doi":"10.1109/TIFS.2024.3477912","DOIUrl":"10.1109/TIFS.2024.3477912","url":null,"abstract":"Byzantine-robust federated learning (FL) endeavors to empower service providers in acquiring a precise global model, even in the presence of potentially malicious FL clients. While considerable strides have been taken in the development of robust aggregation algorithms for FL in recent years, their efficacy is confined to addressing particular forms of Byzantine attacks, and they exhibit vulnerabilities when confronted with a spectrum of attack vectors. Notably, a prevailing issue lies in the heavy reliance of these algorithms on the examination of local model gradients. It is worth noting that an attacker possesses the ability to manipulate a carefully chosen small gradient of a model within a context where there could be millions of gradients available, thereby facilitating adaptive attacks. Drawing inspiration from the foundational Shapley value methodology in game theory, we introduce an effective FL scheme named \u0000<monospace>CareFL</monospace>\u0000. This scheme is designed to provide robustness against a spectrum of state-of-the-art Byzantine attacks. Unlike approaches that rely on the examination of gradients, \u0000<monospace>CareFL</monospace>\u0000 employs a universal metric, the loss of the local model—independent of specific gradients, to identify potentially malicious clients. Specifically, in each aggregation round, the FL server trains a reference model using a small auxiliary dataset— the auxiliary dataset can be removed with a slight defense degradation trade-off. It employs the Shapley value to assess the contribution of each client-submitted model in minimizing the global model loss. Subsequently, the server selects client models closer to the reference model in terms of Shapley values for the global model update. To reduce the computational overhead of \u0000<monospace>CareFL</monospace>\u0000 when the number of clients is relatively scaled-up, we construct its variant, namely \u0000<monospace>CareFL</monospace>\u0000+ generally by grouping clients. Extensive experimentation conducted on well-established MNIST and CIFAR-10 datasets, encompassing diverse model architectures, including AlexNet, demonstrates that \u0000<monospace>CareFL</monospace>\u0000 consistently achieves accuracy levels comparable to those attained under attack-free conditions when faced with five formidable attacks. \u0000<monospace>CareFL</monospace>\u0000 and CareFL+ outperform six existing state-of-the-art Byzantine-robust FL aggregation methods, including \u0000<monospace>FLTrust</monospace>\u0000, across both IID and non-IID data distribution settings.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9714-9729"},"PeriodicalIF":6.3,"publicationDate":"2024-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142405126","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Federated learning (FL) allows multiple parties, each holding a dataset, to jointly train a model without leaking any information about their own datasets. In this paper, we focus on vertical FL (VFL). In VFL, each party holds a dataset with the same sample space and different feature spaces. All parties should first agree on the training dataset in the ID alignment phase. However, existing works may leak some information about the training dataset and cause privacy leakage. To address this issue, this paper proposes OpenVFL, a vertical federated learning framework with stronger privacy-preserving. We first propose NCLPSI, a new variant of labeled PSI, in which both parties can invoke this protocol to get the encrypted training dataset without leaking any additional information. After that, both parties train the model over the encrypted training dataset. We also formally analyze the security of OpenVFL. In addition, the experimental results show that OpenVFL achieves the best trade-offs between accuracy, performance, and privacy among the most state-of-the-art works.
{"title":"OpenVFL: A Vertical Federated Learning Framework With Stronger Privacy-Preserving","authors":"Yunbo Yang;Xiang Chen;Yuhao Pan;Jiachen Shen;Zhenfu Cao;Xiaolei Dong;Xiaoguo Li;Jianfei Sun;Guomin Yang;Robert Deng","doi":"10.1109/TIFS.2024.3477924","DOIUrl":"10.1109/TIFS.2024.3477924","url":null,"abstract":"Federated learning (FL) allows multiple parties, each holding a dataset, to jointly train a model without leaking any information about their own datasets. In this paper, we focus on vertical FL (VFL). In VFL, each party holds a dataset with the same sample space and different feature spaces. All parties should first agree on the training dataset in the ID alignment phase. However, existing works may leak some information about the training dataset and cause privacy leakage. To address this issue, this paper proposes OpenVFL, a vertical federated learning framework with stronger privacy-preserving. We first propose NCLPSI, a new variant of labeled PSI, in which both parties can invoke this protocol to get the encrypted training dataset without leaking any additional information. After that, both parties train the model over the encrypted training dataset. We also formally analyze the security of OpenVFL. In addition, the experimental results show that OpenVFL achieves the best trade-offs between accuracy, performance, and privacy among the most state-of-the-art works.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9670-9681"},"PeriodicalIF":6.3,"publicationDate":"2024-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142405127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-09DOI: 10.1109/TIFS.2024.3477325
Jianping Cai;Qingqing Ye;Haibo Hu;Ximeng Liu;Yanggeng Fu
Incorporating differentially private continuous data release (DPCR) into private federated learning (FL) has recently emerged as a powerful technique for enhancing accuracy. Designing an effective DPCR model is the key to improving accuracy. Still, the state-of-the-art DPCR models hinder the potential for accuracy improvement due to insufficient privacy budget allocation and the design only for specific iteration numbers. To boost accuracy further, we develop an augmented BIT-based continuous data release (AuBCR) model, leading to demonstrable accuracy enhancements. By employing a dual-release strategy, AuBCR gains the potential to further improve accuracy, while confronting the challenge of consistent release and doubly-nested complex privacy budget allocation problem. Against this, we design an efficient optimal consistent estimation algorithm with only �$O(1)$ � complexity per release. Subsequently, we introduce the �$(k, N)$ �-AuBCR Model concept and design a meta-factor method. This innovation significantly reduces the optimization variables from �$O(T)$ � to �$Oleft ({{lg^{2} T}}right)$ �, thereby greatly enhancing the solvability of optimal privacy budget allocation and simultaneously supporting arbitrary iteration number T. Our experiments on classical datasets show that AuBCR boosts accuracy by 4.9% ~ 18.1% compared to traditional private FL and 0.4% ~ 1.2% compared to the state-of-the-art ABCRG model.
{"title":"Boosting Accuracy of Differentially Private Continuous Data Release for Federated Learning","authors":"Jianping Cai;Qingqing Ye;Haibo Hu;Ximeng Liu;Yanggeng Fu","doi":"10.1109/TIFS.2024.3477325","DOIUrl":"10.1109/TIFS.2024.3477325","url":null,"abstract":"Incorporating differentially private continuous data release (DPCR) into private federated learning (FL) has recently emerged as a powerful technique for enhancing accuracy. Designing an effective DPCR model is the key to improving accuracy. Still, the state-of-the-art DPCR models hinder the potential for accuracy improvement due to insufficient privacy budget allocation and the design only for specific iteration numbers. To boost accuracy further, we develop an augmented BIT-based continuous data release (AuBCR) model, leading to demonstrable accuracy enhancements. By employing a dual-release strategy, AuBCR gains the potential to further improve accuracy, while confronting the challenge of consistent release and doubly-nested complex privacy budget allocation problem. Against this, we design an efficient optimal consistent estimation algorithm with only \u0000<inline-formula> <tex-math>$O(1)$ </tex-math></inline-formula>\u0000 complexity per release. Subsequently, we introduce the \u0000<inline-formula> <tex-math>$(k, N)$ </tex-math></inline-formula>\u0000-AuBCR Model concept and design a meta-factor method. This innovation significantly reduces the optimization variables from \u0000<inline-formula> <tex-math>$O(T)$ </tex-math></inline-formula>\u0000 to \u0000<inline-formula> <tex-math>$Oleft ({{lg^{2} T}}right)$ </tex-math></inline-formula>\u0000, thereby greatly enhancing the solvability of optimal privacy budget allocation and simultaneously supporting arbitrary iteration number T. Our experiments on classical datasets show that AuBCR boosts accuracy by 4.9% ~ 18.1% compared to traditional private FL and 0.4% ~ 1.2% compared to the state-of-the-art ABCRG model.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"10287-10301"},"PeriodicalIF":6.3,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142397879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-09DOI: 10.1109/TIFS.2024.3477265
Rui Wang;Longlong Li;Guozheng Yang;Xuehu Yan;Wei Yan
The Asmuth and Bloom threshold secret sharing (AB-SS) is a classical introduction of the Chinese remainder theorem (CRT) to secret sharing, offering low computational complexity compared to other branches of secret sharing. For decades, numerous schemes have been proposed for practical applications of AB-SS, such as secret image sharing (SIS). However, in terms of security, AB-SS has proved to be neither ideal nor perfect, and its derivatives in image sharing exhibit vulnerabilities associated with secret leakage. This paper studies the security issues in the SIS schemes derived from AB-SS and improves the core sharing principle of AB-SS to enhance security in image protection. First, for �$(2,n)$ �-CRTSIS schemes, we exploit the vulnerability in a single share image to crack the confidential information of the original image, including secret pixel values and the ratio of different pixels. Then, by employing the XOR operation, we introduce a chain obfuscation technology and propose a secure image sharing scheme based on the Chinese remainder theorem (COxor-CRTSIS). The COxor-CRTSIS scheme utilizes integer linear programming for achieving lossless recovery without segmentation and eliminates potential secret disclosure risks without additional encryption. Furthermore, to comprehensively evaluate the security of existing schemes, this paper presents three metrics, information loss rate, fluctuation degree, and coverage rate, enabling a quantitative comparison of security for the first time. Theoretical analyses and experiments are conducted to validate the effectiveness of our scheme.
{"title":"Secret Cracking and Security Enhancement for the Image Application of CRT-Based Secret Sharing","authors":"Rui Wang;Longlong Li;Guozheng Yang;Xuehu Yan;Wei Yan","doi":"10.1109/TIFS.2024.3477265","DOIUrl":"10.1109/TIFS.2024.3477265","url":null,"abstract":"The Asmuth and Bloom threshold secret sharing (AB-SS) is a classical introduction of the Chinese remainder theorem (CRT) to secret sharing, offering low computational complexity compared to other branches of secret sharing. For decades, numerous schemes have been proposed for practical applications of AB-SS, such as secret image sharing (SIS). However, in terms of security, AB-SS has proved to be neither ideal nor perfect, and its derivatives in image sharing exhibit vulnerabilities associated with secret leakage. This paper studies the security issues in the SIS schemes derived from AB-SS and improves the core sharing principle of AB-SS to enhance security in image protection. First, for \u0000<inline-formula> <tex-math>$(2,n)$ </tex-math></inline-formula>\u0000-CRTSIS schemes, we exploit the vulnerability in a single share image to crack the confidential information of the original image, including secret pixel values and the ratio of different pixels. Then, by employing the XOR operation, we introduce a chain obfuscation technology and propose a secure image sharing scheme based on the Chinese remainder theorem (COxor-CRTSIS). The COxor-CRTSIS scheme utilizes integer linear programming for achieving lossless recovery without segmentation and eliminates potential secret disclosure risks without additional encryption. Furthermore, to comprehensively evaluate the security of existing schemes, this paper presents three metrics, information loss rate, fluctuation degree, and coverage rate, enabling a quantitative comparison of security for the first time. Theoretical analyses and experiments are conducted to validate the effectiveness of our scheme.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9819-9834"},"PeriodicalIF":6.3,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142397642","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-09DOI: 10.1109/TIFS.2024.3477305
Long Li;Chingfang Hsu;Man Ho Au;Jianqun Cui;Lein Harn;Zhuo Zhao
The vehicular ad hoc network (VANET) is a basic component of intelligent transportation systems. Due to the growing security and privacy-preserving requirements of the VANET, a lot of conditional privacy-preserving authentication (CPPA) protocols have been proposed in recent years. Unfortunately, the traditional CPPA protocols, which are based on a trusted authority (TA) and rely solely on classical mathematical problems, cannot resist quantum attacks. Moreover, these protocols do not take into account the increasingly complex traffic flow in the VANET and cannot utilize fog nodes (FNs) to assist in the TA’s authentication work. In this paper, we design a lattice-based and fog-assisted conditional privacy-preserving authentication (LFCPPA) protocol to solve the above challenges. Compared to existing solutions, we have made the following improvements. First, our protocol is resistant to quantum attacks. Second, the solution supports batch processing of signature verification and mutual authentication of identity between the TA / FNs and vehicles. Third, in our design, FNs reduce the computing pressure of the TA to improve the efficiency of the system. In addition, we demonstrate the security of the protocol under the random oracle model with provable security. Finally, the efficiency and security of this scheme are better than similar solutions. Specifically, compared with the latest scheme, in terms of computational cost, our scheme is reduced by 74.47%, 85.58%, 19.69%, and 85.90% in the four stages of the protocol. Meanwhile, in terms of communication cost, our protocol reduces it by 89.98%.
车载临时网络(VANET)是智能交通系统的基本组成部分。由于 VANET 对安全性和隐私保护的要求越来越高,近年来提出了很多条件隐私保护认证(CPPA)协议。遗憾的是,传统的 CPPA 协议以可信机构(TA)为基础,完全依赖于经典数学问题,无法抵御量子攻击。此外,这些协议没有考虑到 VANET 中日益复杂的交通流,也无法利用雾节点(FN)来协助 TA 进行身份验证工作。在本文中,我们设计了一种基于网格和雾节点辅助的有条件隐私保护认证(LFCPPA)协议来解决上述难题。与现有解决方案相比,我们做了以下改进。首先,我们的协议可以抵御量子攻击。其次,该方案支持批量处理 TA / FN 与车辆之间的签名验证和身份相互认证。第三,在我们的设计中,FN 可减轻 TA 的计算压力,从而提高系统效率。此外,我们还证明了该协议在随机甲骨文模型下的安全性。最后,该方案的效率和安全性都优于同类方案。具体来说,与最新方案相比,在计算成本方面,我们的方案在协议的四个阶段分别降低了 74.47%、85.58%、19.69% 和 85.90%。同时,在通信成本方面,我们的协议降低了 89.98%。
{"title":"Lattice-Based Conditional Privacy-Preserving Batch Authentication Protocol for Fog-Assisted Vehicular Ad Hoc Networks","authors":"Long Li;Chingfang Hsu;Man Ho Au;Jianqun Cui;Lein Harn;Zhuo Zhao","doi":"10.1109/TIFS.2024.3477305","DOIUrl":"10.1109/TIFS.2024.3477305","url":null,"abstract":"The vehicular ad hoc network (VANET) is a basic component of intelligent transportation systems. Due to the growing security and privacy-preserving requirements of the VANET, a lot of conditional privacy-preserving authentication (CPPA) protocols have been proposed in recent years. Unfortunately, the traditional CPPA protocols, which are based on a trusted authority (TA) and rely solely on classical mathematical problems, cannot resist quantum attacks. Moreover, these protocols do not take into account the increasingly complex traffic flow in the VANET and cannot utilize fog nodes (FNs) to assist in the TA’s authentication work. In this paper, we design a lattice-based and fog-assisted conditional privacy-preserving authentication (LFCPPA) protocol to solve the above challenges. Compared to existing solutions, we have made the following improvements. First, our protocol is resistant to quantum attacks. Second, the solution supports batch processing of signature verification and mutual authentication of identity between the TA / FNs and vehicles. Third, in our design, FNs reduce the computing pressure of the TA to improve the efficiency of the system. In addition, we demonstrate the security of the protocol under the random oracle model with provable security. Finally, the efficiency and security of this scheme are better than similar solutions. Specifically, compared with the latest scheme, in terms of computational cost, our scheme is reduced by 74.47%, 85.58%, 19.69%, and 85.90% in the four stages of the protocol. Meanwhile, in terms of communication cost, our protocol reduces it by 89.98%.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"19 ","pages":"9629-9642"},"PeriodicalIF":6.3,"publicationDate":"2024-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142397881","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: