-
Distributionally Robust Degree Optimization for BATS Codes
Authors:
Hoover H. F. Yin,
Jie Wang,
Sherman S. M. Chow
Abstract:
Batched sparse (BATS) code is a network coding solution for multi-hop wireless networks with packet loss. Achieving a close-to-optimal rate relies on an optimal degree distribution. Technical challenges arise from the sensitivity of this distribution to the often empirically obtained rank distribution at the destination node. Specifically, if the empirical distribution overestimates the channel, B…
▽ More
Batched sparse (BATS) code is a network coding solution for multi-hop wireless networks with packet loss. Achieving a close-to-optimal rate relies on an optimal degree distribution. Technical challenges arise from the sensitivity of this distribution to the often empirically obtained rank distribution at the destination node. Specifically, if the empirical distribution overestimates the channel, BATS codes experience a significant rate degradation, leading to unstable rates across different runs and hence unpredictable transmission costs. Confronting this unresolved obstacle, we introduce a formulation for distributionally robust optimization in degree optimization. Deploying the resulting degree distribution resolves the instability of empirical rank distributions, ensuring a close-to-optimal rate, and unleashing the potential of applying BATS codes in real-world scenarios.
△ Less
Submitted 13 May, 2024;
originally announced May 2024.
-
DP-Forward: Fine-tuning and Inference on Language Models with Differential Privacy in Forward Pass
Authors:
Minxin Du,
Xiang Yue,
Sherman S. M. Chow,
Tianhao Wang,
Chenyu Huang,
Huan Sun
Abstract:
Differentially private stochastic gradient descent (DP-SGD) adds noise to gradients in back-propagation, safeguarding training data from privacy leakage, particularly membership inference. It fails to cover (inference-time) threats like embedding inversion and sensitive attribute inference. It is also costly in storage and computation when used to fine-tune large pre-trained language models (LMs).…
▽ More
Differentially private stochastic gradient descent (DP-SGD) adds noise to gradients in back-propagation, safeguarding training data from privacy leakage, particularly membership inference. It fails to cover (inference-time) threats like embedding inversion and sensitive attribute inference. It is also costly in storage and computation when used to fine-tune large pre-trained language models (LMs).
We propose DP-Forward, which directly perturbs embedding matrices in the forward pass of LMs. It satisfies stringent local DP requirements for training and inference data. To instantiate it using the smallest matrix-valued noise, we devise an analytic matrix Gaussian~mechanism (aMGM) by drawing possibly non-i.i.d. noise from a matrix Gaussian distribution. We then investigate perturbing outputs from different hidden (sub-)layers of LMs with aMGM noises. Its utility on three typical tasks almost hits the non-private baseline and outperforms DP-SGD by up to 7.7pp at a moderate privacy level. It saves 3$\times$ time and memory costs compared to DP-SGD with the latest high-speed library. It also reduces the average success rates of embedding inversion and sensitive attribute inference by up to 88pp and 41pp, respectively, whereas DP-SGD fails.
△ Less
Submitted 19 September, 2023; v1 submitted 13 September, 2023;
originally announced September 2023.
-
Vulnerability of Machine Learning Approaches Applied in IoT-based Smart Grid: A Review
Authors:
Zhenyong Zhang,
Mengxiang Liu,
Mingyang Sun,
Ruilong Deng,
Peng Cheng,
Dusit Niyato,
Mo-Yuen Chow,
Jiming Chen
Abstract:
Machine learning (ML) sees an increasing prevalence of being used in the internet-of-things (IoT)-based smart grid. However, the trustworthiness of ML is a severe issue that must be addressed to accommodate the trend of ML-based smart grid applications (MLsgAPPs). The adversarial distortion injected into the power signal will greatly affect the system's normal control and operation. Therefore, it…
▽ More
Machine learning (ML) sees an increasing prevalence of being used in the internet-of-things (IoT)-based smart grid. However, the trustworthiness of ML is a severe issue that must be addressed to accommodate the trend of ML-based smart grid applications (MLsgAPPs). The adversarial distortion injected into the power signal will greatly affect the system's normal control and operation. Therefore, it is imperative to conduct vulnerability assessment for MLsgAPPs applied in the context of safety-critical power systems. In this paper, we provide a comprehensive review of the recent progress in designing attack and defense methods for MLsgAPPs. Unlike the traditional survey about ML security, this is the first review work about the security of MLsgAPPs that focuses on the characteristics of power systems. We first highlight the specifics for constructing the adversarial attacks on MLsgAPPs. Then, the vulnerability of MLsgAPP is analyzed from both the aspects of the power system and ML model. Afterward, a comprehensive survey is conducted to review and compare existing studies about the adversarial attacks on MLsgAPPs in scenarios of generation, transmission, distribution, and consumption, and the countermeasures are reviewed according to the attacks that they defend against. Finally, the future research directions are discussed on the attacker's and defender's side, respectively. We also analyze the potential vulnerability of large language model-based (e.g., ChatGPT) power system applications. Overall, we encourage more researchers to contribute to investigating the adversarial issues of MLsgAPPs.
△ Less
Submitted 24 December, 2023; v1 submitted 29 August, 2023;
originally announced August 2023.
-
Unconditionally Secure Access Control Encryption
Authors:
Cheuk Ting Li,
Sherman S. M. Chow
Abstract:
Access control encryption (ACE) enforces, through a sanitizer as the mediator, that only legitimate sender-receiver pairs can communicate, without the sanitizer knowing the communication metadata, including its sender and recipient identity, the policy over them, and the underlying plaintext. Any illegitimate transmission is indistinguishable from pure noise. Existing works focused on computationa…
▽ More
Access control encryption (ACE) enforces, through a sanitizer as the mediator, that only legitimate sender-receiver pairs can communicate, without the sanitizer knowing the communication metadata, including its sender and recipient identity, the policy over them, and the underlying plaintext. Any illegitimate transmission is indistinguishable from pure noise. Existing works focused on computational security and require trapdoor functions and possibly other heavyweight primitives. We present the first ACE scheme with information-theoretic security (unconditionally against unbounded adversaries). Our novel randomization techniques over matrices realize sanitization (traditionally via homomorphism over a fixed randomness space) such that the secret message in the hidden message subspace remains intact if and only if there is no illegitimate transmission.
△ Less
Submitted 12 May, 2023;
originally announced May 2023.
-
Efficient Secure Aggregation for Privacy-Preserving Federated Machine Learning
Authors:
Rouzbeh Behnia,
Mohammadreza Ebrahimi,
Arman Riasi,
Sherman S. M. Chow,
Balaji Padmanabhan,
Thang Hoang
Abstract:
Secure aggregation protocols ensure the privacy of users' data in the federated learning settings by preventing the disclosure of users' local gradients. Despite their merits, existing aggregation protocols often incur high communication and computation overheads on the participants and might not be optimized to handle the large update vectors for machine learning models efficiently. This paper pr…
▽ More
Secure aggregation protocols ensure the privacy of users' data in the federated learning settings by preventing the disclosure of users' local gradients. Despite their merits, existing aggregation protocols often incur high communication and computation overheads on the participants and might not be optimized to handle the large update vectors for machine learning models efficiently. This paper presents e-SeaFL, an efficient, verifiable secure aggregation protocol taking one communication round in aggregation. e-SeaFL allows the aggregation server to generate proof of honest aggregation for the participants. Our core idea is to employ a set of assisting nodes to help the aggregation server, under similar trust assumptions existing works placed upon the participating users. For verifiability, e-SeaFL uses authenticated homomorphic vector commitments. Our experiments show that the user enjoys five orders of magnitude higher efficiency than the state of the art (PPML 2022) for a gradient vector of a high dimension up to $100,000$.
△ Less
Submitted 30 August, 2023; v1 submitted 7 April, 2023;
originally announced April 2023.
-
Prove You Owned Me: One Step beyond RFID Tag/Mutual Authentication
Authors:
Shaoying Cai,
Yingjiu Li,
Changshe Ma,
Sherman S. M. Chow,
Robert H. Deng
Abstract:
Radio Frequency Identification (RFID) is a key technology used in many applications. In the past decades, plenty of secure and privacy-preserving RFID tag/mutual authentication protocols as well as formal frameworks for evaluating them have been proposed. However, we notice that a property, namely proof of possession (PoP), has not been rigorously studied till now, despite it has significant value…
▽ More
Radio Frequency Identification (RFID) is a key technology used in many applications. In the past decades, plenty of secure and privacy-preserving RFID tag/mutual authentication protocols as well as formal frameworks for evaluating them have been proposed. However, we notice that a property, namely proof of possession (PoP), has not been rigorously studied till now, despite it has significant value in many RFID applications. For example, in RFID-enabled supply chains, PoP helps prevent dis-honest parties from publishing information about products/tags that they actually have never processed.
We propose the first formal framework for RFID tag/mutual authentication with PoP after correcting deficiencies of some existing RFID formal frameworks. We provide a generic construction to transform an RFID tag/mutual authentication protocol to one that supports PoP using a cryptographic hash function, a pseudorandom function (PRF) and a signature scheme. We prove that the constructed protocol is secure and privacy-preserving under our framework if all the building blocks possess desired security properties. Finally, we show an RFID mutual authentication protocol with PoP. Arming tag/mutual authentication protocols with PoP is an important step to strengthen RFID-enabled systems as it bridges the security gap between physical layer and data layer, and reduces the misuses of RFID-related data.
△ Less
Submitted 18 October, 2022;
originally announced October 2022.
-
Can a Tesla Turbine be Utilised as a Non-Magnetic Actuator for MRI-Guided Robotic Interventions?
Authors:
David Navarro-Alarcon,
Luiza Labazanova,
Man Kiu Chow,
Kwun Wang Ng,
Derek Kwok
Abstract:
This paper introduces a new type of nonmagnetic actuator for MRI interventions. Ultrasonic and piezoelectric motors are one the most commonly used actuators in MRI applications. However, most of these actuators are only MRI-safe, which means they cannot be operated while imaging as they cause significant visual artifacts. To cope with this issue, we developed a new pneumatic rotary servo-motor (ba…
▽ More
This paper introduces a new type of nonmagnetic actuator for MRI interventions. Ultrasonic and piezoelectric motors are one the most commonly used actuators in MRI applications. However, most of these actuators are only MRI-safe, which means they cannot be operated while imaging as they cause significant visual artifacts. To cope with this issue, we developed a new pneumatic rotary servo-motor (based on the Tesla turbine) that can be effectively used during continuous MR imaging. We thoroughly tested the performance and magnetic properties of our MRI-compatible actuator with several experiments, both inside and outside an MRI scanner. The reported results confirm the feasibility to use this motor for MRI-guided robotic interventions.
△ Less
Submitted 19 August, 2021;
originally announced August 2021.
-
Differential Privacy for Text Analytics via Natural Text Sanitization
Authors:
Xiang Yue,
Minxin Du,
Tianhao Wang,
Yaliang Li,
Huan Sun,
Sherman S. M. Chow
Abstract:
Texts convey sophisticated knowledge. However, texts also convey sensitive information. Despite the success of general-purpose language models and domain-specific mechanisms with differential privacy (DP), existing text sanitization mechanisms still provide low utility, as cursed by the high-dimensional text representation. The companion issue of utilizing sanitized texts for downstream analytics…
▽ More
Texts convey sophisticated knowledge. However, texts also convey sensitive information. Despite the success of general-purpose language models and domain-specific mechanisms with differential privacy (DP), existing text sanitization mechanisms still provide low utility, as cursed by the high-dimensional text representation. The companion issue of utilizing sanitized texts for downstream analytics is also under-explored. This paper takes a direct approach to text sanitization. Our insight is to consider both sensitivity and similarity via our new local DP notion. The sanitized texts also contribute to our sanitization-aware pretraining and fine-tuning, enabling privacy-preserving natural language processing over the BERT language model with promising utility. Surprisingly, the high utility does not boost up the success rate of inference attacks.
△ Less
Submitted 2 June, 2021;
originally announced June 2021.
-
Parallel Scale-wise Attention Network for Effective Scene Text Recognition
Authors:
Usman Sajid,
Michael Chow,
** Zhang,
Taejoon Kim,
Guanghui Wang
Abstract:
The paper proposes a new text recognition network for scene-text images. Many state-of-the-art methods employ the attention mechanism either in the text encoder or decoder for the text alignment. Although the encoder-based attention yields promising results, these schemes inherit noticeable limitations. They perform the feature extraction (FE) and visual attention (VA) sequentially, which bounds t…
▽ More
The paper proposes a new text recognition network for scene-text images. Many state-of-the-art methods employ the attention mechanism either in the text encoder or decoder for the text alignment. Although the encoder-based attention yields promising results, these schemes inherit noticeable limitations. They perform the feature extraction (FE) and visual attention (VA) sequentially, which bounds the attention mechanism to rely only on the FE final single-scale output. Moreover, the utilization of the attention process is limited by only applying it directly to the single scale feature-maps. To address these issues, we propose a new multi-scale and encoder-based attention network for text recognition that performs the multi-scale FE and VA in parallel. The multi-scale channels also undergo regular fusion with each other to develop the coordinated knowledge together. Quantitative evaluation and robustness analysis on the standard benchmarks demonstrate that the proposed network outperforms the state-of-the-art in most cases.
△ Less
Submitted 25 April, 2021;
originally announced April 2021.
-
A Distributed and Resilient Bargaining Game for Weather-Predictive Microgrid Energy Cooperation
Authors:
Lu An,
Jie Duan,
Mo-Yuen Chow,
Alexandra Duel-Hallen
Abstract:
A bargaining game is investigated for cooperative energy management in microgrids. This game incorporates a fully distributed and realistic cooperative power scheduling algorithm (CoDES) as well as a distributed Nash Bargaining Solution (NBS)-based method of allocating the overall power bill resulting from CoDES. A novel weather-based stochastic renewable generation (RG) prediction method is incor…
▽ More
A bargaining game is investigated for cooperative energy management in microgrids. This game incorporates a fully distributed and realistic cooperative power scheduling algorithm (CoDES) as well as a distributed Nash Bargaining Solution (NBS)-based method of allocating the overall power bill resulting from CoDES. A novel weather-based stochastic renewable generation (RG) prediction method is incorporated in the power scheduling. We demonstrate the proposed game using a 4-user grid-connected microgrid model with diverse user demands, storage, and RG profiles and examine the effect of weather prediction on day-ahead power scheduling and cost/profit allocation. Finally, the impact of users' ambivalence about cooperation and /or dishonesty on the bargaining outcome is investigated, and it is shown that the proposed game is resilient to malicious users' attempts to avoid payment of their fair share of the overall bill.
△ Less
Submitted 12 April, 2021;
originally announced April 2021.
-
Optimizing Privacy-Preserving Outsourced Convolutional Neural Network Predictions
Authors:
Minghui Li,
Sherman S. M. Chow,
Shengshan Hu,
Yue**g Yan,
Chao Shen,
Qian Wang
Abstract:
Convolutional neural network is a machine-learning model widely applied in various prediction tasks, such as computer vision and medical image analysis. Their great predictive power requires extensive computation, which encourages model owners to host the prediction service in a cloud platform. Recent researches focus on the privacy of the query and results, but they do not provide model privacy a…
▽ More
Convolutional neural network is a machine-learning model widely applied in various prediction tasks, such as computer vision and medical image analysis. Their great predictive power requires extensive computation, which encourages model owners to host the prediction service in a cloud platform. Recent researches focus on the privacy of the query and results, but they do not provide model privacy against the model-hosting server and may leak partial information about the results. Some of them further require frequent interactions with the querier or heavy computation overheads, which discourages querier from using the prediction service. This paper proposes a new scheme for privacy-preserving neural network prediction in the outsourced setting, i.e., the server cannot learn the query, (intermediate) results, and the model. Similar to SecureML (S&P'17), a representative work that provides model privacy, we leverage two non-colluding servers with secret sharing and triplet generation to minimize the usage of heavyweight cryptography. Further, we adopt asynchronous computation to improve the throughput, and design garbled circuits for the non-polynomial activation function to keep the same accuracy as the underlying network (instead of approximating it). Our experiments on MNIST dataset show that our scheme achieves an average of 122x, 14.63x, and 36.69x reduction in latency compared to SecureML, MiniONN (CCS'17), and EzPC (EuroS&P'19), respectively. For the communication costs, our scheme outperforms SecureML by 1.09x, MiniONN by 36.69x, and EzPC by 31.32x on average. On the CIFAR dataset, our scheme achieves a lower latency by a factor of 7.14x and 3.48x compared to MiniONN and EzPC, respectively. Our scheme also provides 13.88x and 77.46x lower communication costs than MiniONN and EzPC on the CIFAR dataset.
△ Less
Submitted 29 June, 2020; v1 submitted 22 February, 2020;
originally announced February 2020.
-
Qiskit Backend Specifications for OpenQASM and OpenPulse Experiments
Authors:
David C. McKay,
Thomas Alexander,
Luciano Bello,
Michael J. Biercuk,
Lev Bishop,
Jiayin Chen,
Jerry M. Chow,
Antonio D. Córcoles,
Daniel Egger,
Stefan Filipp,
Juan Gomez,
Michael Hush,
Ali Javadi-Abhari,
Diego Moreda,
Paul Nation,
Brent Paulovicks,
Erick Winston,
Christopher J. Wood,
James Wootton,
Jay M. Gambetta
Abstract:
As interest in quantum computing grows, there is a pressing need for standardized API's so that algorithm designers, circuit designers, and physicists can be provided a common reference frame for designing, executing, and optimizing experiments. There is also a need for a language specification that goes beyond gates and allows users to specify the time dynamics of a quantum experiment and recover…
▽ More
As interest in quantum computing grows, there is a pressing need for standardized API's so that algorithm designers, circuit designers, and physicists can be provided a common reference frame for designing, executing, and optimizing experiments. There is also a need for a language specification that goes beyond gates and allows users to specify the time dynamics of a quantum experiment and recover the time dynamics of the output. In this document we provide a specification for a common interface to backends (simulators and experiments) and a standarized data structure (Qobj --- quantum object) for sending experiments to those backends via Qiskit. We also introduce OpenPulse, a language for specifying pulse level control (i.e. control of the continuous time dynamics) of a general quantum device independent of the specific hardware implementation.
△ Less
Submitted 10 September, 2018;
originally announced September 2018.
-
A Delay-Tolerant Potential-Field-Based Network Implementation of an Integrated Navigation System
Authors:
Rachana Ashok Gupta,
Ahmad A. Masoud,
Mo-Yuen Chow
Abstract:
Network controllers (NCs) are devices that are capable of converting dynamic, spatially extended, and functionally specialized modules into a taskable goal-oriented group called networked control system. This paper examines the practical aspects of designing and building an NC that uses the Internet as a communication medium. It focuses on finding compatible controller components that can be integ…
▽ More
Network controllers (NCs) are devices that are capable of converting dynamic, spatially extended, and functionally specialized modules into a taskable goal-oriented group called networked control system. This paper examines the practical aspects of designing and building an NC that uses the Internet as a communication medium. It focuses on finding compatible controller components that can be integrated via a host structure in a manner that makes it possible to network, in real-time, a webcam, an unmanned ground vehicle (UGV), and a remote computer server along with the necessary operator software interface. The aim is to deskill the UGV navigation process and yet maintain a robust performance. The structure of the suggested controller, its components, and the manner in which they are interfaced are described. Thorough experimental results along with performance assessment and comparisons to a previously implemented NC are provided.
△ Less
Submitted 23 August, 2016;
originally announced August 2016.
-
DoraPicker: An Autonomous Picking System for General Objects
Authors:
Hao Zhang,
Pinxin Long,
Dandan Zhou,
Zhongfeng Qian,
Zheng Wang,
Weiwei Wan,
Dinesh Manocha,
Chonhyon Park,
Tommy Hu,
Chao Cao,
Yibo Chen,
Marco Chow,
Jia Pan
Abstract:
Robots that autonomously manipulate objects within warehouses have the potential to shorten the package delivery time and improve the efficiency of the e-commerce industry. In this paper, we present a robotic system that is capable of both picking and placing general objects in warehouse scenarios. Given a target object, the robot autonomously detects it from a shelf or a table and estimates its f…
▽ More
Robots that autonomously manipulate objects within warehouses have the potential to shorten the package delivery time and improve the efficiency of the e-commerce industry. In this paper, we present a robotic system that is capable of both picking and placing general objects in warehouse scenarios. Given a target object, the robot autonomously detects it from a shelf or a table and estimates its full 6D pose. With this pose information, the robot picks the object using its gripper, and then places it into a container or at a specified location. We describe our pick-and-place system in detail while highlighting our design principles for the warehouse settings, including the perception method that leverages knowledge about its workspace, three grippers designed to handle a large variety of different objects in terms of shape, weight and material, and grasp planning in cluttered scenarios. We also present extensive experiments to evaluate the performance of our picking system and demonstrate that the robot is competent to accomplish various tasks in warehouse settings, such as picking a target item from a tight space, gras** different objects from the shelf, and performing pick-and-place tasks on the table.
△ Less
Submitted 20 March, 2016;
originally announced March 2016.
-
Secure Friend Discovery via Privacy-Preserving and Decentralized Community Detection
Authors:
Pili Hu,
Sherman S. M. Chow,
Wing Cheong Lau
Abstract:
The problem of secure friend discovery on a social network has long been proposed and studied. The requirement is that a pair of nodes can make befriending decisions with minimum information exposed to the other party. In this paper, we propose to use community detection to tackle the problem of secure friend discovery. We formulate the first privacy-preserving and decentralized community detectio…
▽ More
The problem of secure friend discovery on a social network has long been proposed and studied. The requirement is that a pair of nodes can make befriending decisions with minimum information exposed to the other party. In this paper, we propose to use community detection to tackle the problem of secure friend discovery. We formulate the first privacy-preserving and decentralized community detection problem as a multi-objective optimization. We design the first protocol to solve this problem, which transforms community detection to a series of Private Set Intersection (PSI) instances using Truncated Random Walk (TRW). Preliminary theoretical results show that our protocol can uncover communities with overwhelming probability and preserve privacy. We also discuss future works, potential extensions and variations.
△ Less
Submitted 20 May, 2014;
originally announced May 2014.