-
Chernoff Information as a Privacy Constraint for Adversarial Classification
Authors:
Ayşe Ünsal,
Melek Önen
Abstract:
This work studies a privacy metric based on Chernoff information, \textit{Chernoff differential privacy}, due to its significance in characterization of classifier performance. Adversarial classification, as any other classification problem is built around minimization of the (average or correct detection) probability of error in deciding on either of the classes in the case of binary classificati…
▽ More
This work studies a privacy metric based on Chernoff information, \textit{Chernoff differential privacy}, due to its significance in characterization of classifier performance. Adversarial classification, as any other classification problem is built around minimization of the (average or correct detection) probability of error in deciding on either of the classes in the case of binary classification. Unlike the classical hypothesis testing problem, where the false alarm and mis-detection probabilities are handled separately resulting in an asymmetric behavior of the best error exponent, in this work, we focus on the Bayesian setting and characterize the relationship between the best error exponent of the average error probability and $\varepsilon-$differential privacy. Accordingly, we re-derive Chernoff differential privacy in terms of $\varepsilon-$differential privacy using the Radon-Nikodym derivative and show that it satisfies the composition property. Subsequently, we present numerical evaluation results, which demonstrates that Chernoff information outperforms Kullback-Leibler divergence as a function of the privacy parameter $\varepsilon$, the impact of the adversary's attack and global sensitivity for the problem of adversarial classification in Laplace mechanisms.
△ Less
Submitted 15 March, 2024;
originally announced March 2024.
-
Multi-Function Multi-Way Analog Technology for Sustainable Machine Intelligence Computation
Authors:
Vassilis Kalantzis,
Mark S. Squillante,
Shashanka Ubaru,
Tayfun Gokmen,
Chai Wah Wu,
Anshul Gupta,
Haim Avron,
Tomasz Nowicki,
Malte Rasch,
Murat Onen,
Vanessa Lopez Marrero,
Effendi Leobandung,
Yasuteru Kohda,
Wilfried Haensch,
Lior Horesh
Abstract:
Numerical computation is essential to many areas of artificial intelligence (AI), whose computing demands continue to grow dramatically, yet their continued scaling is jeopardized by the slowdown in Moore's law. Multi-function multi-way analog (MFMWA) technology, a computing architecture comprising arrays of memristors supporting in-memory computation of matrix operations, can offer tremendous imp…
▽ More
Numerical computation is essential to many areas of artificial intelligence (AI), whose computing demands continue to grow dramatically, yet their continued scaling is jeopardized by the slowdown in Moore's law. Multi-function multi-way analog (MFMWA) technology, a computing architecture comprising arrays of memristors supporting in-memory computation of matrix operations, can offer tremendous improvements in computation and energy, but at the expense of inherent unpredictability and noise. We devise novel randomized algorithms tailored to MFMWA architectures that mitigate the detrimental impact of imperfect analog computations while realizing their potential benefits across various areas of AI, such as applications in computer vision. Through analysis, measurements from analog devices, and simulations of larger systems, we demonstrate orders of magnitude reduction in both computation and energy with accuracy similar to digital computers.
△ Less
Submitted 24 January, 2024;
originally announced January 2024.
-
Node Injection Link Stealing Attack
Authors:
Oualid Zari,
Javier Parra-Arnau,
Ayşe Ünsal,
Melek Önen
Abstract:
In this paper, we present a stealthy and effective attack that exposes privacy vulnerabilities in Graph Neural Networks (GNNs) by inferring private links within graph-structured data. Focusing on the inductive setting where new nodes join the graph and an API is used to query predictions, we investigate the potential leakage of private edge information. We also propose methods to preserve privacy…
▽ More
In this paper, we present a stealthy and effective attack that exposes privacy vulnerabilities in Graph Neural Networks (GNNs) by inferring private links within graph-structured data. Focusing on the inductive setting where new nodes join the graph and an API is used to query predictions, we investigate the potential leakage of private edge information. We also propose methods to preserve privacy while maintaining model utility. Our attack demonstrates superior performance in inferring the links compared to the state of the art. Furthermore, we examine the application of differential privacy (DP) mechanisms to mitigate the impact of our proposed attack, we analyze the trade-off between privacy preservation and model utility. Our work highlights the privacy vulnerabilities inherent in GNNs, underscoring the importance of develo** robust privacy-preserving mechanisms for their application.
△ Less
Submitted 25 July, 2023;
originally announced July 2023.
-
Differentially Private Adversarial Auto-Encoder to Protect Gender in Voice Biometrics
Authors:
Oubaïda Chouchane,
Michele Panariello,
Oualid Zari,
Ismet Kerenciler,
Imen Chihaoui,
Massimiliano Todisco,
Melek Önen
Abstract:
Over the last decade, the use of Automatic Speaker Verification (ASV) systems has become increasingly widespread in response to the growing need for secure and efficient identity verification methods. The voice data encompasses a wealth of personal information, which includes but is not limited to gender, age, health condition, stress levels, and geographical and socio-cultural origins. These attr…
▽ More
Over the last decade, the use of Automatic Speaker Verification (ASV) systems has become increasingly widespread in response to the growing need for secure and efficient identity verification methods. The voice data encompasses a wealth of personal information, which includes but is not limited to gender, age, health condition, stress levels, and geographical and socio-cultural origins. These attributes, known as soft biometrics, are private and the user may wish to keep them confidential. However, with the advancement of machine learning algorithms, soft biometrics can be inferred automatically, creating the potential for unauthorized use. As such, it is crucial to ensure the protection of these personal data that are inherent within the voice while retaining the utility of identity recognition. In this paper, we present an adversarial Auto-Encoder--based approach to hide gender-related information in speaker embeddings, while preserving their effectiveness for speaker verification. We use an adversarial procedure against a gender classifier and incorporate a layer based on the Laplace mechanism into the Auto-Encoder architecture. This layer adds Laplace noise for more robust gender concealment and ensures differential privacy guarantees during inference for the output speaker embeddings. Experiments conducted on the VoxCeleb dataset demonstrate that speaker verification tasks can be effectively carried out while concealing speaker gender and ensuring differential privacy guarantees; moreover, the intensity of the Laplace noise can be tuned to select the desired trade-off between privacy and utility.
△ Less
Submitted 5 July, 2023;
originally announced July 2023.
-
Fed-BioMed: Open, Transparent and Trusted Federated Learning for Real-world Healthcare Applications
Authors:
Francesco Cremonesi,
Marc Vesin,
Sergen Cansiz,
Yannick Bouillard,
Irene Balelli,
Lucia Innocenti,
Santiago Silva,
Samy-Safwan Ayed,
Riccardo Taiello,
Laetita Kameni,
Richard Vidal,
Fanny Orlhac,
Christophe Nioche,
Nathan Lapel,
Bastien Houis,
Romain Modzelewski,
Olivier Humbert,
Melek Önen,
Marco Lorenzi
Abstract:
The real-world implementation of federated learning is complex and requires research and development actions at the crossroad between different domains ranging from data science, to software programming, networking, and security. While today several FL libraries are proposed to data scientists and users, most of these frameworks are not designed to find seamless application in medical use-cases, d…
▽ More
The real-world implementation of federated learning is complex and requires research and development actions at the crossroad between different domains ranging from data science, to software programming, networking, and security. While today several FL libraries are proposed to data scientists and users, most of these frameworks are not designed to find seamless application in medical use-cases, due to the specific challenges and requirements of working with medical data and hospital infrastructures. Moreover, governance, design principles, and security assumptions of these frameworks are generally not clearly illustrated, thus preventing the adoption in sensitive applications. Motivated by the current technological landscape of FL in healthcare, in this document we present Fed-BioMed: a research and development initiative aiming at translating federated learning (FL) into real-world medical research applications. We describe our design space, targeted users, domain constraints, and how these factors affect our current and future software architecture.
△ Less
Submitted 24 April, 2023;
originally announced April 2023.
-
Privacy Preserving Image Registration
Authors:
Riccardo Taiello,
Melek Önen,
Francesco Capano,
Olivier Humbert,
Marco Lorenzi
Abstract:
Image registration is a key task in medical imaging applications, allowing to represent medical images in a common spatial reference frame. Current approaches to image registration are generally based on the assumption that the content of the images is usually accessible in clear form, from which the spatial transformation is subsequently estimated. This common assumption may not be met in practic…
▽ More
Image registration is a key task in medical imaging applications, allowing to represent medical images in a common spatial reference frame. Current approaches to image registration are generally based on the assumption that the content of the images is usually accessible in clear form, from which the spatial transformation is subsequently estimated. This common assumption may not be met in practical applications, since the sensitive nature of medical images may ultimately require their analysis under privacy constraints, preventing to openly share the image content.In this work, we formulate the problem of image registration under a privacy preserving regime, where images are assumed to be confidential and cannot be disclosed in clear. We derive our privacy preserving image registration framework by extending classical registration paradigms to account for advanced cryptographic tools, such as secure multi-party computation and homomorphic encryption, that enable the execution of operations without leaking the underlying data. To overcome the problem of performance and scalability of cryptographic tools in high dimensions, we propose several techniques to optimize the image registration operations by using gradient approximations, and by revisiting the use of homomorphic encryption trough packing, to allow the efficient encryption and multiplication of large matrices. We demonstrate our privacy preserving framework in linear and non-linear registration problems, evaluating its accuracy and scalability with respect to standard, non-private counterparts. Our results show that privacy preserving image registration is feasible and can be adopted in sensitive medical imaging applications.
△ Less
Submitted 16 April, 2024; v1 submitted 17 May, 2022;
originally announced May 2022.
-
Information-Theoretic Approaches to Differential Privacy
Authors:
Ayse Unsal,
Melek Onen
Abstract:
This tutorial studies relationships between differential privacy and various information-theoretic measures by using several selective articles. In particular, we present how these connections can provide new interpretations for the privacy guarantee in systems that deploy differential privacy in an information-theoretic framework. To this end, the tutorial provides an extensive summary on the exi…
▽ More
This tutorial studies relationships between differential privacy and various information-theoretic measures by using several selective articles. In particular, we present how these connections can provide new interpretations for the privacy guarantee in systems that deploy differential privacy in an information-theoretic framework. To this end, the tutorial provides an extensive summary on the existing literature that makes use of information-theoretic measures and tools such as mutual information, min-entropy, Kullback-Leibler divergence and rate-distortion function for quantification and characterization of differential privacy in various settings.
△ Less
Submitted 28 March, 2023; v1 submitted 22 March, 2022;
originally announced March 2022.
-
Neural Network Training with Asymmetric Crosspoint Elements
Authors:
Murat Onen,
Tayfun Gokmen,
Teodor K. Todorov,
Tomasz Nowicki,
Jesus A. del Alamo,
John Rozen,
Wilfried Haensch,
Seyoung Kim
Abstract:
Analog crossbar arrays comprising programmable nonvolatile resistors are under intense investigation for acceleration of deep neural network training. However, the ubiquitous asymmetric conductance modulation of practical resistive devices critically degrades the classification performance of networks trained with conventional algorithms. Here, we describe and experimentally demonstrate an alterna…
▽ More
Analog crossbar arrays comprising programmable nonvolatile resistors are under intense investigation for acceleration of deep neural network training. However, the ubiquitous asymmetric conductance modulation of practical resistive devices critically degrades the classification performance of networks trained with conventional algorithms. Here, we describe and experimentally demonstrate an alternative fully-parallel training algorithm: Stochastic Hamiltonian Descent. Instead of conventionally tuning weights in the direction of the error function gradient, this method programs the network parameters to successfully minimize the total energy (Hamiltonian) of the system that incorporates the effects of device asymmetry. We provide critical intuition on why device asymmetry is fundamentally incompatible with conventional training algorithms and how the new approach exploits it as a useful feature instead. Our technique enables immediate realization of analog deep learning accelerators based on readily available device technologies.
△ Less
Submitted 31 January, 2022;
originally announced January 2022.
-
Adversarial Classification under Gaussian Mechanism: Calibrating the Attack to Sensitivity
Authors:
Ayse Unsal,
Melek Onen
Abstract:
This work studies anomaly detection under differential privacy (DP) with Gaussian perturbation using both statistical and information-theoretic tools. In our setting, the adversary aims to modify the content of a statistical dataset by inserting additional data without being detected by using the DP guarantee to her own benefit. To this end, we characterize information-theoretic and statistical th…
▽ More
This work studies anomaly detection under differential privacy (DP) with Gaussian perturbation using both statistical and information-theoretic tools. In our setting, the adversary aims to modify the content of a statistical dataset by inserting additional data without being detected by using the DP guarantee to her own benefit. To this end, we characterize information-theoretic and statistical thresholds for the first and second-order statistics of the adversary's attack, which balances the privacy budget and the impact of the attack in order to remain undetected. Additionally, we introduce a new privacy metric based on Chernoff information for classifying adversaries under differential privacy as a stronger alternative to $(ε, δ)-$ and Kullback-Leibler DP for the Gaussian mechanism. Analytical results are supported by numerical evaluations.
△ Less
Submitted 22 August, 2022; v1 submitted 24 January, 2022;
originally announced January 2022.
-
A Statistical Threshold for Adversarial Classification in Laplace Mechanisms
Authors:
Ayşe Ünsal,
Melek Önen
Abstract:
This paper studies the statistical characterization of detecting an adversary who wants to harm some computation such as machine learning models or aggregation by altering the output of a differentially private mechanism in addition to discovering some information about the underlying dataset. An adversary who is able to modify the published information from a differentially private mechanism aims…
▽ More
This paper studies the statistical characterization of detecting an adversary who wants to harm some computation such as machine learning models or aggregation by altering the output of a differentially private mechanism in addition to discovering some information about the underlying dataset. An adversary who is able to modify the published information from a differentially private mechanism aims to maximize the possible damage to the system while remaining undetected. We present a trade-off between the privacy parameter of the system, the sensitivity and the attacker's advantage (the bias) through determining the threshold for the best critical region of the hypothesis testing problem for deciding whether or not the adversary's attack is detected. Such trade-offs are provided for Laplace mechanisms using one-sided and two-sided hypothesis tests. Corresponding error probabilities are analytically derived and ROC curves are presented for various levels of the sensitivity, the absolute mean of the attack and the privacy parameter. Subsequently, we provide an interval for the bias induced by the adversary so that the defender detects the attack. Finally, we adapt the Kullback-Leibler differential privacy to adversarial classification.
△ Less
Submitted 25 June, 2021; v1 submitted 12 May, 2021;
originally announced May 2021.
-
Self-Heating Hotspots in Superconducting Nanowires Cooled by Phonon Black-Body Radiation
Authors:
Andrew Dane,
Jason Allmaras,
Di Zhu,
Murat Onen,
Marco Colangelo,
Reza Bahgdadi,
Jean-Luc Tambasco,
Yukimi Morimoto,
Ignacio Estay Forno,
Ilya Charaev,
Qingyuan Zhao,
Mikhail Skvortsov,
Alexander Kozorezov,
Karl Berggren
Abstract:
Controlling thermal transport is important for a range of devices and technologies, from phase change memories to next-generation electronics. This is especially true in nano-scale devices where thermal transport is altered by the influence of surfaces and changes in dimensionality. In superconducting nanowire single-photon detectors, the thermal boundary conductance (TBC) between the nanowire and…
▽ More
Controlling thermal transport is important for a range of devices and technologies, from phase change memories to next-generation electronics. This is especially true in nano-scale devices where thermal transport is altered by the influence of surfaces and changes in dimensionality. In superconducting nanowire single-photon detectors, the thermal boundary conductance (TBC) between the nanowire and the substrate it is fabricated on influences most of the performance metrics that make these detectors attractive for applications. This includes the maximum count rate, latency, jitter, and quantum efficiency. Despite its importance, the study of TBC in superconducting nanowire devices has not been done systematically, primarily due to the lack of a straightforward characterization method. Here, we show that simple electrical measurements can be used to estimate the TBC between nanowires and substrates and that these measurements match acoustic mismatch theory across a variety of substrates. Numerical simulations allow us to refine our understanding, however, open questions remain. This work should enable thermal engineering in superconducting nanowire electronics and cryogenic detectors for improved device performance.
△ Less
Submitted 9 April, 2021;
originally announced April 2021.
-
QSOR: Quantum-Safe Onion Routing
Authors:
Zsolt Tujner,
Thomas Rooijakkers,
Maran van Heesch,
Melek Önen
Abstract:
In this work, we propose a study on the use of post-quantum cryptographic primitives for the Tor network in order to make it safe in a quantum world. With this aim, the underlying keying material has first been analysed. We observe that breaking the security of the algorithms/protocols that use long- and medium-term keys (usually RSA keys) have the highest impact in security. Therefore, we investi…
▽ More
In this work, we propose a study on the use of post-quantum cryptographic primitives for the Tor network in order to make it safe in a quantum world. With this aim, the underlying keying material has first been analysed. We observe that breaking the security of the algorithms/protocols that use long- and medium-term keys (usually RSA keys) have the highest impact in security. Therefore, we investigate the cost of quantum-safe variants. These include key generation, key encapsulation and decapsulation. Six different post-quantum cryptographic algorithms that ensure level 1 NIST security are evaluated. We further target the Tor circuit creation operation and evaluate the overhead of the post-quantum variant. This comparative study is performed through a reference implementation based on SweetOnions that simulates Tor with slight simplifications. We show that a quantum-safe Tor circuit creation is possible and suggest two versions - one that can be used in a purely quantum-safe setting, and one that can be used in a hybrid setting.
△ Less
Submitted 10 January, 2020;
originally announced January 2020.
-
Single-Photon Single-Flux Coupled Detectors
Authors:
Murat Onen,
Marco Turchetti,
Brenden A. Butters,
Mina R. Bionta,
Phillip D. Keathley,
Karl K. Berggren
Abstract:
In this work, we present a novel device that is a combination of a superconducting nanowire single-photon detector and a superconducting multi-level memory. We show that these devices can be used to count the number of detections through single-photon to single-flux conversion. Electrical characterization of the memory properties demonstrates single-flux quantum (SFQ) separated states. Optical mea…
▽ More
In this work, we present a novel device that is a combination of a superconducting nanowire single-photon detector and a superconducting multi-level memory. We show that these devices can be used to count the number of detections through single-photon to single-flux conversion. Electrical characterization of the memory properties demonstrates single-flux quantum (SFQ) separated states. Optical measurements using attenuated laser pulses with different mean photon number, pulse energies and repetition rates are shown to differentiate single-photon detection from other possible phenomena, such as multi-photon detection and thermal activation. Finally, different geometries and material stacks to improve device performance, as well as arraying methods are discussed.
△ Less
Submitted 24 October, 2019;
originally announced October 2019.
-
Design and Characterization of Superconducting Nanowire-Based Processors for Acceleration of Deep Neural Network Training
Authors:
Murat Onen,
Brenden A. Butters,
Emily Toomey,
Tayfun Gokmen,
Karl K. Berggren
Abstract:
Training of deep neural networks (DNNs) is a computationally intensive task and requires massive volumes of data transfer. Performing these operations with the conventional von Neumann architectures creates unmanageable time and power costs. Recent studies have shown that mixed-signal designs involving crossbar architectures are capable of achieving acceleration factors as high as 30,000x over the…
▽ More
Training of deep neural networks (DNNs) is a computationally intensive task and requires massive volumes of data transfer. Performing these operations with the conventional von Neumann architectures creates unmanageable time and power costs. Recent studies have shown that mixed-signal designs involving crossbar architectures are capable of achieving acceleration factors as high as 30,000x over the state of the art digital processors. These approaches involve utilization of non-volatile memory (NVM) elements as local processors. However, no technology has been developed to-date that can satisfy the strict device requirements for the unit cell. This paper presents the superconducting nanowire-based processing element as a cross-point device. The unit cell has many programmable non-volatile states that can be used to perform analog multiplication. Importantly, these states are intrinsically discrete due to quantization of flux, which provides symmetric switching characteristics. Operation of these devices in a crossbar is described and verified with electro-thermal circuit simulations. Finally, validation of the concept in an actual DNN training task is shown using an emulator.
△ Less
Submitted 5 July, 2019;
originally announced July 2019.
-
Calculating the Band Structure of 3C-SiC Using sp3d5s*+$Δ$ Model
Authors:
Murat Onen,
Marco Turchetti
Abstract:
We report on a semi-empirical tight binding model for 3C-SiC including the effect of sp3d5s* orbitals and spin-orbital coupling. In this work, we illustrate in detail the method to develop such a model for semiconductors with zincblende structure, based on Slater-Koster integrals, and we explain the optimization method used to fit the experimental results with such a model. This method shows high…
▽ More
We report on a semi-empirical tight binding model for 3C-SiC including the effect of sp3d5s* orbitals and spin-orbital coupling. In this work, we illustrate in detail the method to develop such a model for semiconductors with zincblende structure, based on Slater-Koster integrals, and we explain the optimization method used to fit the experimental results with such a model. This method shows high accuracy for the evaluation of 3C-SiC band diagram both in terms of the experimental energy levels at high symmetry points and the effective masses.
△ Less
Submitted 19 January, 2019;
originally announced January 2019.
-
Bridging the gap between nanowires and Josephson junctions: a superconducting device based on controlled fluxon transfer across nanowires
Authors:
Emily Toomey,
Murat Onen,
Marco Colangelo,
Brenden A. Butters,
Adam N. McCaughan,
Karl K. Berggren
Abstract:
The basis for superconducting electronics can broadly be divided between two technologies: the Josephson junction and the superconducting nanowire. While the Josephson junction (JJ) remains the dominant technology due to its high speed and low power dissipation, recently proposed nanowire devices offer improvements such as gain, high fanout, and compatibility with CMOS circuits. Despite these bene…
▽ More
The basis for superconducting electronics can broadly be divided between two technologies: the Josephson junction and the superconducting nanowire. While the Josephson junction (JJ) remains the dominant technology due to its high speed and low power dissipation, recently proposed nanowire devices offer improvements such as gain, high fanout, and compatibility with CMOS circuits. Despite these benefits, nanowire-based electronics have largely been limited to binary operations, with devices switching between the superconducting state and a high-impedance resistive state dominated by uncontrolled hotspot dynamics. Unlike the JJ, they cannot increment an output through successive switching, and their operation speeds are limited by their slow thermal reset times. Thus, there is a need for an intermediate device with the interfacing capabilities of a nanowire but a faster, moderated response allowing for modulation of the output. Here, we present a nanowire device based on controlled fluxon transport. We show that the device is capable of responding proportionally to the strength of its input, unlike other nanowire technologies. The device can be operated to produce a multilevel output with distinguishable states, which can be tuned by circuit parameters. Agreement between experimental results and electrothermal circuit simulations demonstrates that the device is classical and may be readily engineered for applications including use as a multilevel memory.
△ Less
Submitted 22 October, 2018;
originally announced October 2018.
-
Training Deep Convolutional Neural Networks with Resistive Cross-Point Devices
Authors:
Tayfun Gokmen,
O. Murat Onen,
Wilfried Haensch
Abstract:
In a previous work we have detailed the requirements to obtain a maximal performance benefit by implementing fully connected deep neural networks (DNN) in form of arrays of resistive devices for deep learning. This concept of Resistive Processing Unit (RPU) devices we extend here towards convolutional neural networks (CNNs). We show how to map the convolutional layers to RPU arrays such that the p…
▽ More
In a previous work we have detailed the requirements to obtain a maximal performance benefit by implementing fully connected deep neural networks (DNN) in form of arrays of resistive devices for deep learning. This concept of Resistive Processing Unit (RPU) devices we extend here towards convolutional neural networks (CNNs). We show how to map the convolutional layers to RPU arrays such that the parallelism of the hardware can be fully utilized in all three cycles of the backpropagation algorithm. We find that the noise and bound limitations imposed due to analog nature of the computations performed on the arrays effect the training accuracy of the CNNs. Noise and bound management techniques are presented that mitigate these problems without introducing any additional complexity in the analog circuits and can be addressed by the digital circuits. In addition, we discuss digitally programmable update management and device variability reduction techniques that can be used selectively for some of the layers in a CNN. We show that combination of all those techniques enables a successful application of the RPU concept for training CNNs. The techniques discussed here are more general and can be applied beyond CNN architectures and therefore enables applicability of RPU approach for large class of neural network architectures.
△ Less
Submitted 22 May, 2017;
originally announced May 2017.