Yuanhaur Chang, Han Liu, Evin Jaff, Chenyang Lu, Ning Zhang
The integration of technology and healthcare has ushered in a new era where�software systems, powered by artificial intelligence and machine learning, have�become essential components of medical products and services. While these�advancements hold great promise for enhancing patient care and healthcare�delivery efficiency, they also expose sensitive medical data and system�integrity to potential cyberattacks. This paper explores the security and�privacy threats posed by AI/ML applications in healthcare. Through a thorough�examination of existing research across a range of medical domains, we have�identified significant gaps in understanding the adversarial attacks targeting�medical AI systems. By outlining specific adversarial threat models for medical�settings and identifying vulnerable application domains, we lay the groundwork�for future research that investigates the security and resilience of AI-driven�medical systems. Through our analysis of different threat models and�feasibility studies on adversarial attacks in different medical domains, we�provide compelling insights into the pressing need for cybersecurity research�in the rapidly evolving field of AI healthcare technology.
{"title":"SoK: Security and Privacy Risks of Medical AI","authors":"Yuanhaur Chang, Han Liu, Evin Jaff, Chenyang Lu, Ning Zhang","doi":"arxiv-2409.07415","DOIUrl":"https://doi.org/arxiv-2409.07415","url":null,"abstract":"The integration of technology and healthcare has ushered in a new era where\u0000software systems, powered by artificial intelligence and machine learning, have\u0000become essential components of medical products and services. While these\u0000advancements hold great promise for enhancing patient care and healthcare\u0000delivery efficiency, they also expose sensitive medical data and system\u0000integrity to potential cyberattacks. This paper explores the security and\u0000privacy threats posed by AI/ML applications in healthcare. Through a thorough\u0000examination of existing research across a range of medical domains, we have\u0000identified significant gaps in understanding the adversarial attacks targeting\u0000medical AI systems. By outlining specific adversarial threat models for medical\u0000settings and identifying vulnerable application domains, we lay the groundwork\u0000for future research that investigates the security and resilience of AI-driven\u0000medical systems. Through our analysis of different threat models and\u0000feasibility studies on adversarial attacks in different medical domains, we\u0000provide compelling insights into the pressing need for cybersecurity research\u0000in the rapidly evolving field of AI healthcare technology.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"34 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201642","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Malicious website detection is an increasingly relevant yet intricate task�that requires the consideration of a vast amount of fine details. Our objective�is to create a machine learning model that is trained on as many of these finer�details as time will allow us to classify a website as benign or malicious. If�malicious, the model will classify the role it plays (phishing, spam, malware�hosting, etc.). We proposed 77 features and created a dataset of 441,701�samples spanning 9 website classifications to train our model. We grouped the�proposed features into feature subsets based on the time and resources required�to compute these features and the performance changes with the inclusion of�each subset to the model. We found that the performance of the best performing�model increased as more feature subsets were introduced. In the end, our best�performing model was able to classify websites into 1 of 9 classifications with�a 95.89% accuracy score. We then investigated how well the features we�proposed ranked in importance and detail the top 10 most relevant features�according to our models. 2 of our URL embedding features were found to be the�most relevant by our best performing model, with content-based features�representing half of the top 10 spots. The rest of the list was populated with�singular features from different feature categories including: a host feature,�a robots.txt feature, a lexical feature, and a passive domain name system�feature.
{"title":"Advancing Malicious Website Identification: A Machine Learning Approach Using Granular Feature Analysis","authors":"Kinh Tran, Dusan Sovilj","doi":"arxiv-2409.07608","DOIUrl":"https://doi.org/arxiv-2409.07608","url":null,"abstract":"Malicious website detection is an increasingly relevant yet intricate task\u0000that requires the consideration of a vast amount of fine details. Our objective\u0000is to create a machine learning model that is trained on as many of these finer\u0000details as time will allow us to classify a website as benign or malicious. If\u0000malicious, the model will classify the role it plays (phishing, spam, malware\u0000hosting, etc.). We proposed 77 features and created a dataset of 441,701\u0000samples spanning 9 website classifications to train our model. We grouped the\u0000proposed features into feature subsets based on the time and resources required\u0000to compute these features and the performance changes with the inclusion of\u0000each subset to the model. We found that the performance of the best performing\u0000model increased as more feature subsets were introduced. In the end, our best\u0000performing model was able to classify websites into 1 of 9 classifications with\u0000a 95.89% accuracy score. We then investigated how well the features we\u0000proposed ranked in importance and detail the top 10 most relevant features\u0000according to our models. 2 of our URL embedding features were found to be the\u0000most relevant by our best performing model, with content-based features\u0000representing half of the top 10 spots. The rest of the list was populated with\u0000singular features from different feature categories including: a host feature,\u0000a robots.txt feature, a lexical feature, and a passive domain name system\u0000feature.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"40 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201625","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We propose in this paper to revisit the design of existing encrypted�transport protocols to improve their efficiency. We call the methodology�"Reverso" from reversing the order of field elements within a protocol�specification. We detail how such a benign-looking change within the�specifications may unlock implementation optimizations for encrypted protocols.�To demonstrate our findings, we release quiceh, a QUIC implementation of QUIC�VReverso, an extension of the QUIC V1 standard (RFC9000). Our methodology�applied to the QUIC protocol reports ~30% of CPU efficiency improvement for�processing packets at no added cost on the sender side and without relaxing any�security guarantee from QUIC V1. We also implement a fork of Cloudflare's�HTTP/3 module and client/server demonstrator using quiceh and show our�optimizations to directly transfer to HTTP/3 as well, resulting in our new�HTTP/3 to be ~ 38% more efficient than the baseline implementation using QUIC�V1. We argue that Reverso applies to any modern encrypted protocol and its�implementations and that similar efficiency improvement can also be unlocked�for them, independently of the layer in which they operate.
{"title":"Improving Encrypted Transport Protocol Designs: Deep Dive on the QUIC Case","authors":"Florentin Rochet","doi":"arxiv-2409.07138","DOIUrl":"https://doi.org/arxiv-2409.07138","url":null,"abstract":"We propose in this paper to revisit the design of existing encrypted\u0000transport protocols to improve their efficiency. We call the methodology\u0000\"Reverso\" from reversing the order of field elements within a protocol\u0000specification. We detail how such a benign-looking change within the\u0000specifications may unlock implementation optimizations for encrypted protocols.\u0000To demonstrate our findings, we release quiceh, a QUIC implementation of QUIC\u0000VReverso, an extension of the QUIC V1 standard (RFC9000). Our methodology\u0000applied to the QUIC protocol reports ~30% of CPU efficiency improvement for\u0000processing packets at no added cost on the sender side and without relaxing any\u0000security guarantee from QUIC V1. We also implement a fork of Cloudflare's\u0000HTTP/3 module and client/server demonstrator using quiceh and show our\u0000optimizations to directly transfer to HTTP/3 as well, resulting in our new\u0000HTTP/3 to be ~ 38% more efficient than the baseline implementation using QUIC\u0000V1. We argue that Reverso applies to any modern encrypted protocol and its\u0000implementations and that similar efficiency improvement can also be unlocked\u0000for them, independently of the layer in which they operate.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"41 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Jamal Al-Karaki, Muhammad Al-Zafar Khan, Marwan Omar
The rising use of Large Language Models (LLMs) to create and disseminate�malware poses a significant cybersecurity challenge due to their ability to�generate and distribute attacks with ease. A single prompt can initiate a wide�array of malicious activities. This paper addresses this critical issue through�a multifaceted approach. First, we provide a comprehensive overview of LLMs and�their role in malware detection from diverse sources. We examine five specific�applications of LLMs: Malware honeypots, identification of text-based threats,�code analysis for detecting malicious intent, trend analysis of malware, and�detection of non-standard disguised malware. Our review includes a detailed�analysis of the existing literature and establishes guiding principles for the�secure use of LLMs. We also introduce a classification scheme to categorize the�relevant literature. Second, we propose performance metrics to assess the�effectiveness of LLMs in these contexts. Third, we present a risk mitigation�framework designed to prevent malware by leveraging LLMs. Finally, we evaluate�the performance of our proposed risk mitigation strategies against various�factors and demonstrate their effectiveness in countering LLM-enabled malware.�The paper concludes by suggesting future advancements and areas requiring�deeper exploration in this fascinating field of artificial intelligence.
{"title":"Exploring LLMs for Malware Detection: Review, Framework Design, and Countermeasure Approaches","authors":"Jamal Al-Karaki, Muhammad Al-Zafar Khan, Marwan Omar","doi":"arxiv-2409.07587","DOIUrl":"https://doi.org/arxiv-2409.07587","url":null,"abstract":"The rising use of Large Language Models (LLMs) to create and disseminate\u0000malware poses a significant cybersecurity challenge due to their ability to\u0000generate and distribute attacks with ease. A single prompt can initiate a wide\u0000array of malicious activities. This paper addresses this critical issue through\u0000a multifaceted approach. First, we provide a comprehensive overview of LLMs and\u0000their role in malware detection from diverse sources. We examine five specific\u0000applications of LLMs: Malware honeypots, identification of text-based threats,\u0000code analysis for detecting malicious intent, trend analysis of malware, and\u0000detection of non-standard disguised malware. Our review includes a detailed\u0000analysis of the existing literature and establishes guiding principles for the\u0000secure use of LLMs. We also introduce a classification scheme to categorize the\u0000relevant literature. Second, we propose performance metrics to assess the\u0000effectiveness of LLMs in these contexts. Third, we present a risk mitigation\u0000framework designed to prevent malware by leveraging LLMs. Finally, we evaluate\u0000the performance of our proposed risk mitigation strategies against various\u0000factors and demonstrate their effectiveness in countering LLM-enabled malware.\u0000The paper concludes by suggesting future advancements and areas requiring\u0000deeper exploration in this fascinating field of artificial intelligence.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201620","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Vivek SuryawanshiIndian Institute of Technology Kharagpur, Shamik SuralIndian Institute of Technology Kharagpur
Modern computing environments demand robust security measures to protect�sensitive data and resources. Ciphertext-Policy Attribute-Based Encryption�(CP-ABE) is a well-established encryption technique known for its fine-grained�access control capabilities. However, as the digital landscape evolves, there�is a growing need to enhance the security of CP-ABE operations. We propose an�approach that utilizes CP-ABE with Intel SGX. It allows data to be encrypted�and decrypted securely within the SGX enclave based on the rules in policy by�ensuring that only authorized users gain access. We evaluate its performance�through different experiments by focusing on key parameters such as the number�of rules, attributes and file size. Our results demonstrate the performance and�scalability of integrating SGX with CP-ABE in enhancing data security with only�minimal increase in execution time due to enclave overhead.
{"title":"Ciphertext Policy Attribute Based Encryption with Intel SGX","authors":"Vivek SuryawanshiIndian Institute of Technology Kharagpur, Shamik SuralIndian Institute of Technology Kharagpur","doi":"arxiv-2409.07149","DOIUrl":"https://doi.org/arxiv-2409.07149","url":null,"abstract":"Modern computing environments demand robust security measures to protect\u0000sensitive data and resources. Ciphertext-Policy Attribute-Based Encryption\u0000(CP-ABE) is a well-established encryption technique known for its fine-grained\u0000access control capabilities. However, as the digital landscape evolves, there\u0000is a growing need to enhance the security of CP-ABE operations. We propose an\u0000approach that utilizes CP-ABE with Intel SGX. It allows data to be encrypted\u0000and decrypted securely within the SGX enclave based on the rules in policy by\u0000ensuring that only authorized users gain access. We evaluate its performance\u0000through different experiments by focusing on key parameters such as the number\u0000of rules, attributes and file size. Our results demonstrate the performance and\u0000scalability of integrating SGX with CP-ABE in enhancing data security with only\u0000minimal increase in execution time due to enclave overhead.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"5 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As the XDC network celebrates five years of stable mainnet operation and�prepares for the highly anticipated launch of XDC 2.0, this research proposes a�comprehensive improvement plan for the network's staking and tokenomics�mechanisms. Our analysis reveals opportunities to optimize the current model,�ensuring a more sustainable, decentralized, and resilient ecosystem. We�introduce novel concepts, including validator NFTs, decentralized governance,�and utility-based tokenomics, to increase validator node liquidity and promote�staking participation. Our proposal aims to establish a robust foundation for�XDC 2.0, fostering a thriving ecosystem that rewards validators, stakeholders,�and users alike. By addressing the intricacies of staking and tokenomics, this�research paves the way for XDC to solidify its position as a leading�decentralized network, poised for long-term success and growth.
{"title":"XDC Staking and Tokenomics -- Improvement Proposal: Enhancing Sustainability and Decentralization on the Eve of XDC 2.0","authors":"Van Khanh Nguyen","doi":"arxiv-2409.07420","DOIUrl":"https://doi.org/arxiv-2409.07420","url":null,"abstract":"As the XDC network celebrates five years of stable mainnet operation and\u0000prepares for the highly anticipated launch of XDC 2.0, this research proposes a\u0000comprehensive improvement plan for the network's staking and tokenomics\u0000mechanisms. Our analysis reveals opportunities to optimize the current model,\u0000ensuring a more sustainable, decentralized, and resilient ecosystem. We\u0000introduce novel concepts, including validator NFTs, decentralized governance,\u0000and utility-based tokenomics, to increase validator node liquidity and promote\u0000staking participation. Our proposal aims to establish a robust foundation for\u0000XDC 2.0, fostering a thriving ecosystem that rewards validators, stakeholders,\u0000and users alike. By addressing the intricacies of staking and tokenomics, this\u0000research paves the way for XDC to solidify its position as a leading\u0000decentralized network, poised for long-term success and growth.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"15 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201641","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Computationally hard problems based on coding theory, such as the syndrome�decoding problem, have been used for constructing secure cryptographic schemes�for a long time. Schemes based on these problems are also assumed to be secure�against quantum computers. However, these schemes are often considered�impractical for real-world deployment due to large key sizes and inefficient�computation time. In the recent call for standardization of additional�post-quantum digital signatures by the National Institute of Standards and�Technology, several code-based candidates have been proposed, including LESS,�CROSS, and MEDS. These schemes are designed on the relatively new�zero-knowledge framework. Although several works analyze the hardness of these�schemes, there is hardly any work that examines the security of these schemes�in the presence of physical attacks. In this work, we analyze these signature schemes from the perspective of�fault attacks. All these schemes use a similar tree-based construction to�compress the signature size. We attack this component of these schemes.�Therefore, our attack is applicable to all of these schemes. In this work, we�first analyze the LESS signature scheme and devise our attack. Furthermore, we�showed how this attack can be extended to the CROSS signature scheme. Our�attacks are built on very simple fault assumptions. Our results show that we�can recover the entire secret key of LESS and CROSS using as little as a single�fault. Finally, we propose various countermeasures to prevent these kinds of�attacks and discuss their efficiency and shortcomings.
长期以来,基于编码理论的计算困难问题,如综合解码问题,一直被用于构建安全的加密方案。基于这些问题的方案也被认为对量子计算机是安全的。然而,由于密钥规模大、计算时间短,这些方案在实际应用中往往被认为是不切实际的。美国国家标准与技术研究院(National Institute of Standards andTechnology)最近呼吁对额外的量子后数字签名进行标准化,其中提出了几种基于代码的候选方案,包括 LESS、CROSS 和 MEDS。这些方案都是基于相对较新的零知识框架设计的。虽然有几项工作分析了这些方案的硬度,但几乎没有任何工作研究这些方案在物理攻击情况下的安全性。在这项工作中,我们从故障攻击的角度分析了这些签名方案。所有这些方案都使用类似的树状结构来压缩签名大小。因此,我们的攻击适用于所有这些方案。在这项工作中,我们首先分析了 LESS 签名方案,并设计了我们的攻击。此外,我们还展示了如何将这种攻击扩展到 CROSS 签名方案。我们的攻击建立在非常简单的故障假设之上。我们的结果表明,只需一个故障,我们就能恢复 LESS 和 CROSS 的整个密钥。最后,我们提出了防止这类攻击的各种对策,并讨论了它们的效率和缺点。
{"title":"ZKFault: Fault attack analysis on zero-knowledge based post-quantum digital signature schemes","authors":"Puja Mondal, Supriya Adhikary, Suparna Kundu, Angshuman Karmakar","doi":"arxiv-2409.07150","DOIUrl":"https://doi.org/arxiv-2409.07150","url":null,"abstract":"Computationally hard problems based on coding theory, such as the syndrome\u0000decoding problem, have been used for constructing secure cryptographic schemes\u0000for a long time. Schemes based on these problems are also assumed to be secure\u0000against quantum computers. However, these schemes are often considered\u0000impractical for real-world deployment due to large key sizes and inefficient\u0000computation time. In the recent call for standardization of additional\u0000post-quantum digital signatures by the National Institute of Standards and\u0000Technology, several code-based candidates have been proposed, including LESS,\u0000CROSS, and MEDS. These schemes are designed on the relatively new\u0000zero-knowledge framework. Although several works analyze the hardness of these\u0000schemes, there is hardly any work that examines the security of these schemes\u0000in the presence of physical attacks. In this work, we analyze these signature schemes from the perspective of\u0000fault attacks. All these schemes use a similar tree-based construction to\u0000compress the signature size. We attack this component of these schemes.\u0000Therefore, our attack is applicable to all of these schemes. In this work, we\u0000first analyze the LESS signature scheme and devise our attack. Furthermore, we\u0000showed how this attack can be extended to the CROSS signature scheme. Our\u0000attacks are built on very simple fault assumptions. Our results show that we\u0000can recover the entire secret key of LESS and CROSS using as little as a single\u0000fault. Finally, we propose various countermeasures to prevent these kinds of\u0000attacks and discuss their efficiency and shortcomings.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"15 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Lijia Lv, Weigang Zhang, Xuehai Tang, Jie Wen, Feng Liu, Jizhong Han, Songlin Hu
Jailbreak vulnerabilities in Large Language Models (LLMs) refer to methods�that extract malicious content from the model by carefully crafting prompts or�suffixes, which has garnered significant attention from the research community.�However, traditional attack methods, which primarily focus on the semantic�level, are easily detected by the model. These methods overlook the difference�in the model's alignment protection capabilities at different output stages. To�address this issue, we propose an adaptive position pre-fill jailbreak attack�approach for executing jailbreak attacks on LLMs. Our method leverages the�model's instruction-following capabilities to first output pre-filled safe�content, then exploits its narrative-shifting abilities to generate harmful�content. Extensive black-box experiments demonstrate our method can improve the�attack success rate by 47% on the widely recognized secure model (Llama2)�compared to existing approaches. Our code can be found at:�https://github.com/Yummy416/AdaPPA.
{"title":"AdaPPA: Adaptive Position Pre-Fill Jailbreak Attack Approach Targeting LLMs","authors":"Lijia Lv, Weigang Zhang, Xuehai Tang, Jie Wen, Feng Liu, Jizhong Han, Songlin Hu","doi":"arxiv-2409.07503","DOIUrl":"https://doi.org/arxiv-2409.07503","url":null,"abstract":"Jailbreak vulnerabilities in Large Language Models (LLMs) refer to methods\u0000that extract malicious content from the model by carefully crafting prompts or\u0000suffixes, which has garnered significant attention from the research community.\u0000However, traditional attack methods, which primarily focus on the semantic\u0000level, are easily detected by the model. These methods overlook the difference\u0000in the model's alignment protection capabilities at different output stages. To\u0000address this issue, we propose an adaptive position pre-fill jailbreak attack\u0000approach for executing jailbreak attacks on LLMs. Our method leverages the\u0000model's instruction-following capabilities to first output pre-filled safe\u0000content, then exploits its narrative-shifting abilities to generate harmful\u0000content. Extensive black-box experiments demonstrate our method can improve the\u0000attack success rate by 47% on the widely recognized secure model (Llama2)\u0000compared to existing approaches. Our code can be found at:\u0000https://github.com/Yummy416/AdaPPA.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"15 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201636","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Several recently proposed censorship circumvention systems use encrypted�network channels of popular applications to hide their communications. For�example, a Tor pluggable transport called Snowflake uses the WebRTC data�channel, while a system called Protozoa substitutes content in a WebRTC�video-call application. By using the same channel as the cover application and�(in the case of Protozoa) matching its observable traffic characteristics,�these systems aim to resist powerful network-based censors capable of�large-scale traffic analysis. Protozoa, in particular, achieves a strong�indistinguishability property known as behavioral independence. We demonstrate that this class of systems is generically vulnerable to a new�type of active attacks we call "differential degradation." These attacks do not�require multi-flow measurements or traffic classification and are thus�available to all real-world censors. They exploit the discrepancies between the�respective network requirements of the circumvention system and its cover�application. We show how a censor can use the minimal application-level�information exposed by WebRTC to create network conditions that cause the�circumvention system to suffer a much bigger degradation in performance than�the cover application. Even when the attack causes no observable differences in�network traffic and behavioral independence still holds, the censor can block�circumvention at a low cost, without resorting to traffic analysis, and with�minimal collateral damage to non-circumvention users. We present effective differential degradation attacks against Snowflake and�Protozoa. We explain the root cause of these vulnerabilities, analyze the�tradeoffs faced by the designers of circumvention systems, and propose a�modified version of Protozoa that resists differential degradation attacks.
{"title":"Differential Degradation Vulnerabilities in Censorship Circumvention Systems","authors":"Zhen Sun, Vitaly Shmatikov","doi":"arxiv-2409.06247","DOIUrl":"https://doi.org/arxiv-2409.06247","url":null,"abstract":"Several recently proposed censorship circumvention systems use encrypted\u0000network channels of popular applications to hide their communications. For\u0000example, a Tor pluggable transport called Snowflake uses the WebRTC data\u0000channel, while a system called Protozoa substitutes content in a WebRTC\u0000video-call application. By using the same channel as the cover application and\u0000(in the case of Protozoa) matching its observable traffic characteristics,\u0000these systems aim to resist powerful network-based censors capable of\u0000large-scale traffic analysis. Protozoa, in particular, achieves a strong\u0000indistinguishability property known as behavioral independence. We demonstrate that this class of systems is generically vulnerable to a new\u0000type of active attacks we call \"differential degradation.\" These attacks do not\u0000require multi-flow measurements or traffic classification and are thus\u0000available to all real-world censors. They exploit the discrepancies between the\u0000respective network requirements of the circumvention system and its cover\u0000application. We show how a censor can use the minimal application-level\u0000information exposed by WebRTC to create network conditions that cause the\u0000circumvention system to suffer a much bigger degradation in performance than\u0000the cover application. Even when the attack causes no observable differences in\u0000network traffic and behavioral independence still holds, the censor can block\u0000circumvention at a low cost, without resorting to traffic analysis, and with\u0000minimal collateral damage to non-circumvention users. We present effective differential degradation attacks against Snowflake and\u0000Protozoa. We explain the root cause of these vulnerabilities, analyze the\u0000tradeoffs faced by the designers of circumvention systems, and propose a\u0000modified version of Protozoa that resists differential degradation attacks.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"32 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201338","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Khoa Nguyen, Mindaugas Budzys, Eugene Frimpong, Tanveer Khan, Antonis Michalas
Machine Learning (ML) has become one of the most impactful fields of data�science in recent years. However, a significant concern with ML is its privacy�risks due to rising attacks against ML models. Privacy-Preserving Machine�Learning (PPML) methods have been proposed to mitigate the privacy and security�risks of ML models. A popular approach to achieving PPML uses Homomorphic�Encryption (HE). However, the highly publicized inefficiencies of HE make it�unsuitable for highly scalable scenarios with resource-constrained devices.�Hence, Hybrid Homomorphic Encryption (HHE) -- a modern encryption scheme that�combines symmetric cryptography with HE -- has recently been introduced to�overcome these challenges. HHE potentially provides a foundation to build new�efficient and privacy-preserving services that transfer expensive HE operations�to the cloud. This work introduces HHE to the ML field by proposing�resource-friendly PPML protocols for edge devices. More precisely, we utilize�HHE as the primary building block of our PPML protocols. We assess the�performance of our protocols by first extensively evaluating each party's�communication and computational cost on a dummy dataset and show the efficiency�of our protocols by comparing them with similar protocols implemented using�plain BFV. Subsequently, we demonstrate the real-world applicability of our�construction by building an actual PPML application that uses HHE as its�foundation to classify heart disease based on sensitive ECG data.
近年来,机器学习(ML)已成为数据科学领域最具影响力的领域之一。然而,由于针对机器学习模型的攻击不断增加,机器学习的隐私风险成为人们关注的焦点。为了减轻 ML 模型的隐私和安全风险,人们提出了隐私保护机器学习(PPML)方法。实现 PPML 的一种流行方法是使用同态加密(HE)。因此,为了克服这些挑战,最近推出了混合同态加密(HHE)--一种将对称加密与 HE 结合在一起的现代加密方案。HHE 有可能为构建高效、保护隐私的新服务奠定基础,从而将昂贵的 HE 操作转移到云中。这项工作通过为边缘设备提出资源友好型 PPML 协议,将 HHE 引入了 ML 领域。更确切地说,我们利用 HHE 作为 PPML 协议的主要构建模块。我们首先在一个虚拟数据集上广泛评估了各方的通信和计算成本,评估了我们协议的性能,并通过与使用普通 BFV 实现的类似协议进行比较,展示了我们协议的效率。随后,我们构建了一个实际的 PPML 应用程序,使用 HHE 作为其基础,根据敏感的心电图数据对心脏病进行分类,从而证明了我们构建的协议在现实世界中的适用性。
{"title":"A Pervasive, Efficient and Private Future: Realizing Privacy-Preserving Machine Learning Through Hybrid Homomorphic Encryption","authors":"Khoa Nguyen, Mindaugas Budzys, Eugene Frimpong, Tanveer Khan, Antonis Michalas","doi":"arxiv-2409.06422","DOIUrl":"https://doi.org/arxiv-2409.06422","url":null,"abstract":"Machine Learning (ML) has become one of the most impactful fields of data\u0000science in recent years. However, a significant concern with ML is its privacy\u0000risks due to rising attacks against ML models. Privacy-Preserving Machine\u0000Learning (PPML) methods have been proposed to mitigate the privacy and security\u0000risks of ML models. A popular approach to achieving PPML uses Homomorphic\u0000Encryption (HE). However, the highly publicized inefficiencies of HE make it\u0000unsuitable for highly scalable scenarios with resource-constrained devices.\u0000Hence, Hybrid Homomorphic Encryption (HHE) -- a modern encryption scheme that\u0000combines symmetric cryptography with HE -- has recently been introduced to\u0000overcome these challenges. HHE potentially provides a foundation to build new\u0000efficient and privacy-preserving services that transfer expensive HE operations\u0000to the cloud. This work introduces HHE to the ML field by proposing\u0000resource-friendly PPML protocols for edge devices. More precisely, we utilize\u0000HHE as the primary building block of our PPML protocols. We assess the\u0000performance of our protocols by first extensively evaluating each party's\u0000communication and computational cost on a dummy dataset and show the efficiency\u0000of our protocols by comparing them with similar protocols implemented using\u0000plain BFV. Subsequently, we demonstrate the real-world applicability of our\u0000construction by building an actual PPML application that uses HHE as its\u0000foundation to classify heart disease based on sensitive ECG data.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"130 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2024-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142201334","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: