-
Preliminary Report: On Information Hiding in Multi-Hop Radio Networks
Authors:
Marek Klonowski,
Mateusz Marciniak
Abstract:
In this paper, we consider the problem of an adversary aiming to learn information about the network topology or the executed algorithm from some signals obtained during the algorithm's execution. The problem is defined in a very general form. However, it is mainly motivated by multi-hop ad hoc radio networks. In contrast to previous work concentrated on single-hop radio networks, this model is cr…
▽ More
In this paper, we consider the problem of an adversary aiming to learn information about the network topology or the executed algorithm from some signals obtained during the algorithm's execution. The problem is defined in a very general form. However, it is mainly motivated by multi-hop ad hoc radio networks. In contrast to previous work concentrated on single-hop radio networks, this model is critically more complex due to the number of possible settings that need to be taken into account when considering different combinations of topologies and communication models. Moreover, the definition of the adversary is also ambiguous, and the adequate approach needs to depend on the adversary's aims and capabilities. This preliminary report presents a general theoretical background and some basic algorithms. We also propose some general taxonomy as a framework for future research.
△ Less
Submitted 20 November, 2023;
originally announced November 2023.
-
Generalized Framework for Group Testing: Queries, Feedbacks and Adversaries
Authors:
Marek Klonowski,
Dariusz R. Kowalski,
Dominik Pajak
Abstract:
In the Group Testing problem, the objective is to learn a subset K of some much larger domain N, using the shortest-possible sequence of queries Q. A feedback to a query provides some information about the intersection between the query and subset K. Several specific feedbacks have been studied in the literature, often proving different formulas for the estimate of the query complexity of the prob…
▽ More
In the Group Testing problem, the objective is to learn a subset K of some much larger domain N, using the shortest-possible sequence of queries Q. A feedback to a query provides some information about the intersection between the query and subset K. Several specific feedbacks have been studied in the literature, often proving different formulas for the estimate of the query complexity of the problem, defined as the shortest length of queries' sequence solving Group Testing problem with specific feedback. In this paper we study what are the properties of the feedback that influence the query complexity of Group Testing and what is their measurable impact. We propose a generic framework that covers a vast majority of relevant settings considered in the literature, which depends on two fundamental parameters of the feedback: input capacity $α$ and output expressiveness $β$. They upper bound the logarithm of the size of the feedback function domain and image, respectively. To justify the value of the framework, we prove upper bounds on query complexity of non adaptive, deterministic Group Testing under some "efficient" feedbacks, for minimum, maximum and general expressiveness, and complement them with a lower bound on all feedbacks with given parameters $α,β$. Our upper bounds also hold if the feedback function could get an input twisted by a malicious adversary, in case the intersection of a query and the hidden set is bigger than the feedback capacity $α$. We also show that slight change in the feedback function may result in substantial worsening of the query complexity. Additionally, we analyze explicitly constructed randomized counterparts of the deterministic results. Our results provide some insights to what are the most useful bits of information an output-restricted feedback could provide, and open a number of challenging research directions.
△ Less
Submitted 2 December, 2021;
originally announced December 2021.
-
What Do Our Choices Say About Our Preferences?
Authors:
Krzysztof Grining,
Marek Klonowski,
Małgorzata Sulkowska
Abstract:
Taking online decisions is a part of everyday life. Think of buying a house, parking a car or taking part in an auction. We often take those decisions publicly, which may breach our privacy - a party observing our choices may learn a lot about our preferences. In this paper we investigate the online stop** algorithms from the privacy preserving perspective, using a mathematically rigorous differ…
▽ More
Taking online decisions is a part of everyday life. Think of buying a house, parking a car or taking part in an auction. We often take those decisions publicly, which may breach our privacy - a party observing our choices may learn a lot about our preferences. In this paper we investigate the online stop** algorithms from the privacy preserving perspective, using a mathematically rigorous differential privacy notion. In differentially private algorithms there is usually an issue of balancing the privacy and utility. In this regime, in most cases, having both optimality and high level of privacy at the same time is impossible. We propose a natural mechanism to achieve a controllable trade-off, quantified by a parameter, between the accuracy of the online algorithm and its privacy. Depending on the parameter, our mechanism can be optimal with weaker differential privacy or suboptimal, yet more privacy-preserving. We conduct a detailed accuracy and privacy analysis of our mechanism applied to the optimal algorithm for the classical secretary problem. Thereby the classical notions from two distinct areas - optimal stop** and differential privacy - meet for the first time.
△ Less
Submitted 26 July, 2023; v1 submitted 4 May, 2020;
originally announced May 2020.
-
Probabilistic Counters for Privacy Preserving Data Aggregation
Authors:
Dominik Bojko,
Krzysztof Grining,
Marek Klonowski
Abstract:
Probabilistic counters are well-known tools often used for space-efficient set cardinality estimation. In this paper, we investigate probabilistic counters from the perspective of preserving privacy. We use the standard, rigid differential privacy notion. The intuition is that the probabilistic counters do not reveal too much information about individuals but provide only general information about…
▽ More
Probabilistic counters are well-known tools often used for space-efficient set cardinality estimation. In this paper, we investigate probabilistic counters from the perspective of preserving privacy. We use the standard, rigid differential privacy notion. The intuition is that the probabilistic counters do not reveal too much information about individuals but provide only general information about the population. Therefore, they can be used safely without violating the privacy of individuals. However, it turned out, that providing a precise, formal analysis of the privacy parameters of probabilistic counters is surprisingly difficult and needs advanced techniques and a very careful approach.
We demonstrate that probabilistic counters can be used as a privacy protection mechanism without extra randomization. Namely, the inherent randomization from the protocol is sufficient for protecting privacy, even if the probabilistic counter is used multiple times. In particular, we present a specific privacy-preserving data aggregation protocol based on Morris Counter and MaxGeo Counter. Some of the presented results are devoted to counters that have not been investigated so far from the perspective of privacy protection. Another part is an improvement of previous results. We show how our results can be used to perform distributed surveys and compare the properties of counter-based solutions and a standard Laplace method.
△ Less
Submitted 17 July, 2023; v1 submitted 25 March, 2020;
originally announced March 2020.
-
Energy Efficient Adversarial Routing in Shared Channels
Authors:
Bogdan S. Chlebus,
Elijah Hradovich,
Tomasz Jurdzinski,
Marek Klonowski,
Dariusz R. Kowalski
Abstract:
We investigate routing on networks modeled as multiple access channels, when packets are injected continually. There is an energy cap understood as a bound on the number of stations that can be switched on simultaneously. Each packet is injected into some station and needs to be delivered to its destination station via the channel. A station has to be switched on in order to receive a packet when…
▽ More
We investigate routing on networks modeled as multiple access channels, when packets are injected continually. There is an energy cap understood as a bound on the number of stations that can be switched on simultaneously. Each packet is injected into some station and needs to be delivered to its destination station via the channel. A station has to be switched on in order to receive a packet when it is heard on the channel. Each station manages when it is switched on and off by way of a programmable wakeup mechanism, which is scheduled by a routing algorithm. Packet injection is governed by adversarial models that determine upper bounds on injection rates and burstiness. We develop deterministic distributed routing algorithms and assess their performance in the worst-case sense. One of the algorithms maintains bounded queues for the maximum injection rate 1 subject only to the energy cap 3. This energy cap is provably optimal, in that obtaining the same throughput with the energy cap 2 is impossible. We give algorithms subject to the minimum energy cap 2 that have latency polynomial in the total number of stations n for each fixed adversary of injection rate less than 1. An algorithm is k-energy-oblivious if at most k stations are switched on in a round and for each station the rounds when it will be switched on are determined in advance. We give a k-energy-oblivious algorithm that has packet delay O(n) for adversaries of injection rates less than (k-1)/(n-1), and show that there is no k-energy-oblivious stable algorithm against adversaries with injection rates greater than k/n. We give a k-energy-oblivious algorithm routing directly that has latency O(n^2/k) for adversaries of sufficiently small injection rates that are O(k^2/n^2). We show that no k-energy-oblivious algorithm routing directly can be stable against adversaries with injection rates greater than k(k-1)/n(n-1).
△ Less
Submitted 25 February, 2019; v1 submitted 26 October, 2018;
originally announced October 2018.
-
Contention resolution on a restrained channel
Authors:
Elijah Hradovich,
Marek Klonowski,
Dariusz R. Kowalski
Abstract:
We examine deterministic broadcasting on multiple-access channels for a scenario when packets are injected continuously by an adversary to the buffers of the devices at rate $ρ$ packages per round. The aim is to maintain system stability, that is, bounded queues. In contrast to previous work we assume that there is a strict limit of available power, defined as the total number of stations allowed…
▽ More
We examine deterministic broadcasting on multiple-access channels for a scenario when packets are injected continuously by an adversary to the buffers of the devices at rate $ρ$ packages per round. The aim is to maintain system stability, that is, bounded queues. In contrast to previous work we assume that there is a strict limit of available power, defined as the total number of stations allowed to transmit or listen to the channel at a given time, that can never be exceeded. We study how this constraint influences the quality of services with particular focus on stability. We show that in the regime of deterministic algorithms, the significance of energy restriction depends strongly on communication capabilities of broadcasting protocols. For the adaptive and full-sensing protocols, wherein stations may substantially adopt their behavior to the injection pattern, one can construct efficient algorithms using very small amounts of power without sacrificing throughput or stability of the system. In particular, we construct constant-energy adaptive and full sensing protocols stable for $ρ=1$ and any $ρ<1$, respectively, even for worst case (adversarial) injection patterns. Surprisingly, for the case of acknowledgment based algorithms that cannot adopt to the situation on the channel (i.e., their transmitting pattern is fixed in advance), limiting power leads to reducing the throughput. That is, for this class of protocols in order to preserve stability we need to reduce injection rate significantly. We support our theoretical analysis by simulation results of algorithms constructed in the paper. We depict how they work for systems of moderate, realistic sizes. We also provide a comprehensive simulation to compare our algorithms with backoff algorithms, which are common in real-world implementations, in terms of queue sizes and energy consumption.
△ Less
Submitted 16 May, 2020; v1 submitted 7 August, 2018;
originally announced August 2018.
-
Broadcast in radio networks: time vs. energy tradeoffs
Authors:
Marek Klonowski,
Dominik Pająk
Abstract:
In wireless networks, consisting of battery-powered devices, energy is a costly resource and most of it is spent on transmitting and receiving messages. Broadcast is a problem where a message needs to be transmitted from one node to all other nodes of the network. We study algorithms that can work under limited energy measured as the maximum number of transmissions by a single station. The goal of…
▽ More
In wireless networks, consisting of battery-powered devices, energy is a costly resource and most of it is spent on transmitting and receiving messages. Broadcast is a problem where a message needs to be transmitted from one node to all other nodes of the network. We study algorithms that can work under limited energy measured as the maximum number of transmissions by a single station. The goal of the paper is to study tradeoffs between time and energy complexity of broadcast problem in multi-hop radio networks. We consider a model where the topology of the network is unknown and if two neighbors of a station are transmitting in the same discrete time slot, then the signals collide and the receiver cannot distinguish the collided signals from silence.
We observe that existing, time efficient, algorithms are not optimized with respect to energy expenditure. We then propose and analyse two new randomized energy-efficient algorithms. Our first algorithm works in time $O((D+\varphi)\cdot n^{1/\varphi}\cdot \varphi)$ with high probability and uses $O(\varphi)$ energy per station for any $\varphi \leq \log n/(2\log\log n)$ for any graph with $n$ nodes and diameter $D$. Our second algorithm works in time $O((D+\log n)\log n)$ with high probability and uses $O(\log n/\log\log n)$ energy.
We prove that our algorithms are almost time-optimal for given energy limits for graphs with constant diameters by constructing lower bound on time of $Ω(n^{1/\varphi} \cdot \varphi)$. The lower bound shows also that any algorithm working in polylogaritmic time in $n$ for all graphs needs energy $Ω(\log n/\log\log n)$.
△ Less
Submitted 13 May, 2018; v1 submitted 11 November, 2017;
originally announced November 2017.
-
Fault-tolerant parallel scheduling of arbitrary length jobs on a shared channel
Authors:
Marek Klonowski,
Dariusz R. Kowalski,
Jarosław Mirek,
Prudence W. H. Wong
Abstract:
We study the problem of scheduling jobs on fault-prone machines communicating via a shared channel, also known as multiple-access channel. We have $n$ arbitrary length jobs to be scheduled on $m$ identical machines, $f$ of which are prone to crashes by an adversary. A machine can inform other machines when a job is completed via the channel without collision detection. Performance is measured by t…
▽ More
We study the problem of scheduling jobs on fault-prone machines communicating via a shared channel, also known as multiple-access channel. We have $n$ arbitrary length jobs to be scheduled on $m$ identical machines, $f$ of which are prone to crashes by an adversary. A machine can inform other machines when a job is completed via the channel without collision detection. Performance is measured by the total number of available machine steps during the whole execution. Our goal is to study the impact of preemption (i.e., interrupting the execution of a job and resuming later in the same or different machine) and failures on the work performance of job processing. The novelty is the ability to identify the features that determine the complexity (difficulty) of the problem. We show that the problem becomes difficult when preemption is not allowed, by showing corresponding lower and upper bounds, the latter with algorithms reaching them. We also prove that randomization helps even more, but only against a non-adaptive adversary; in the presence of more severe adaptive adversary, randomization does not help in any setting. Our work has extended from previous work that focused on settings including: scheduling on multiple-access channel without machine failures, complete information about failures, or incomplete information about failures (like in this work) but with unit length jobs and, hence, without considering preemption.
△ Less
Submitted 24 July, 2018; v1 submitted 19 October, 2017;
originally announced October 2017.
-
Ordered and Delayed Adversaries and How to Work against Them on a Shared Channel
Authors:
Marek Klonowski,
Dariusz R. Kowalski,
Jaroslaw Mirek
Abstract:
In this work we define a class of ordered adversaries causing distractions according to some partial order fixed by the adversary before the execution, and study how they affect performance of algorithms. We focus on the Do-All problem of performing t tasks on a shared channel consisting of p crash-prone stations. The channel restricts communication: no message is delivered to the alive stations i…
▽ More
In this work we define a class of ordered adversaries causing distractions according to some partial order fixed by the adversary before the execution, and study how they affect performance of algorithms. We focus on the Do-All problem of performing t tasks on a shared channel consisting of p crash-prone stations. The channel restricts communication: no message is delivered to the alive stations if more than one station transmits at the same time. The performance measure for the Do-All problem is work: the total number of available processor steps during the whole execution. We address the question of how the ordered adversaries controlling crashes of stations influence work performance of Do-All algorithms. The first presented algorithm solves Do-All with work O(t+p\sqrt{t}\log p) against the Linearly-Ordered adversary, restricted by some pre-defined linear order of crashing stations. Another algorithm runs against the Weakly-Adaptive adversary, restricted by some pre-defined set of f crash-prone stations (it can be seen as restricted by the order being an anti-chain of crashing stations). The work done by this algorithm is O(t+p\sqrt{t}+p\min{p/(p-f),t}\log p). Both results are close to the corresponding lower bounds from [CKL]. We generalize this result to the class of adversaries restricted by a partial order with a maximum anti-chain of size k and complement with the lower bound. We also consider a class of delayed adaptive adversaries, who could see random choices with some delay. We give an algorithm that runs against the 1-RD adversary (seeing random choices of stations with one round delay), achieving close to optimal O(t+p\sqrt{t}\log^2 p) work complexity. This shows that restricting adversary by even 1 round delay results in (almost) optimal work on a shared channel.
△ Less
Submitted 24 July, 2018; v1 submitted 26 June, 2017;
originally announced June 2017.
-
How to Cooperate Locally to Improve Global Privacy in Social Networks? On Amplification of Privacy Preserving Data Aggregation
Authors:
Krzysztof Grining,
Marek Klonowski,
Małgorzata Sulkowska
Abstract:
In many systems privacy of users depends on the number of participants applying collectively some method to protect their security. Indeed, there are numerous already classic results about revealing aggregated data from a set of users. The conclusion is usually as follows: if you have enough friends to "aggregate" the private data, you can safely reveal your private information.
Apart from data…
▽ More
In many systems privacy of users depends on the number of participants applying collectively some method to protect their security. Indeed, there are numerous already classic results about revealing aggregated data from a set of users. The conclusion is usually as follows: if you have enough friends to "aggregate" the private data, you can safely reveal your private information.
Apart from data aggregation, it has been noticed that in a wider context privacy can be often reduced to being hidden in a crowd. Generally, the problems is how to create such crowd. This task may be not easy in some distributed systems, wherein gathering enough "individuals" is hard for practical reasons.
Such example are social networks (or similar systems), where users have only a limited number of semi trusted contacts and their aim is to reveal some aggregated data in a privacy preserving manner. This may be particularly problematic in the presence of a strong adversary that can additionally corrupt some users.
We show two methods that allow to significantly amplify privacy with only limited number of local operations and very moderate communication overhead. Except theoretical analysis we show experimental results on topologies of real-life social networks to demonstrate that our methods can significantly amplify privacy of chosen aggregation protocols even facing a massive attack of a powerful adversary.
We believe however that our results can have much wider applications for improving security of systems based on locally trusted relations.
△ Less
Submitted 26 April, 2017; v1 submitted 18 April, 2017;
originally announced April 2017.
-
On spreading rumor in heterogeneous systems
Authors:
Jacek Cichoń,
Zbigniew Goł\eobbiewski,
Marcin Kardas,
Marek Klonowski,
Filip Zagórski
Abstract:
In this paper we consider a model of spreading information in heterogeneous systems wherein we have two kinds of objects. Some of them are active and others are passive. Active objects can, if they possess information, share it with an encountered passive object. We focus on a particular case such that active objects communicate independently with randomly chosen passive objects. Such model is mot…
▽ More
In this paper we consider a model of spreading information in heterogeneous systems wherein we have two kinds of objects. Some of them are active and others are passive. Active objects can, if they possess information, share it with an encountered passive object. We focus on a particular case such that active objects communicate independently with randomly chosen passive objects. Such model is motivated by two real-life scenarios. The first one is a very dynamic system of mobile devices distributing information among stationary devices. The second is an architecture wherein clients communicate with several servers and can leave some information learnt from other servers. The main question we investigate is how many rounds is needed to deliver the information to all objects under the assumption that at the beginning exactly one object has the information?
In this paper we provide mathematical models of such process and show rigid and very precise mathematical analysis for some special cases important from practical point of view. Some mathematical results are quite surprising -- we find relation of investigated process to both coupon collector's problem as well as the birthday paradox. Additionally, we present simulations for showing behaviour for general parameters
△ Less
Submitted 3 December, 2016;
originally announced December 2016.
-
On Location Hiding in Distributed Systems
Authors:
Karol Gotfryd,
Marek Klonowski,
Dominik Pająk
Abstract:
We consider the following problem - a group of mobile agents perform some task on a terrain modeled as a graph. In a given moment of time an adversary gets an access to the graph and positions of the agents. Shortly before adversary's observation the mobile agents have a chance to relocate themselves in order to hide their initial configuration. We assume that the initial configuration may possibl…
▽ More
We consider the following problem - a group of mobile agents perform some task on a terrain modeled as a graph. In a given moment of time an adversary gets an access to the graph and positions of the agents. Shortly before adversary's observation the mobile agents have a chance to relocate themselves in order to hide their initial configuration. We assume that the initial configuration may possibly reveal to the adversary some information about the task they performed. Clearly agents have to change their location in possibly short time using minimal energy. In our paper we introduce a definition of a \emph{well hiding} algorithm in which the starting and final configurations of the agents have small mutual information. Then we discuss the influence of various features of the model on the running time of the optimal well-hiding algorithm. We show that if the topology of the graph is known to the agents, then the number of steps proportional to the diameter of the graph is sufficient and necessary. In the unknown topology scenario we only consider a single agent case. We first show that the task is impossible in the deterministic case if the agent has no memory. Then we present a polynomial randomized algorithm. Finally in the model with memory we show that the number of steps proportional to the number of edges of the graph is sufficient and necessary. In some sense we investigate how complex is the problem of "losing" information about location (both physical and logical) for different settings.
△ Less
Submitted 13 November, 2016;
originally announced November 2016.
-
Towards Extending Noiseless Privacy -- Dependent Data and More Practical Approach
Authors:
Krzysztof Grining,
Marek Klonowski
Abstract:
In 2011 Bhaskar et al. pointed out that in many cases one can ensure sufficient level of privacy without adding noise by utilizing adversarial uncertainty. Informally speaking, this observation comes from the fact that if at least a part of the data is randomized from the adversary's point of view, it can be effectively used for hiding other values. So far the approach to that idea in the literatu…
▽ More
In 2011 Bhaskar et al. pointed out that in many cases one can ensure sufficient level of privacy without adding noise by utilizing adversarial uncertainty. Informally speaking, this observation comes from the fact that if at least a part of the data is randomized from the adversary's point of view, it can be effectively used for hiding other values. So far the approach to that idea in the literature was mostly purely asymptotic, which greatly limited its adaptation in real-life scenarios. In this paper we aim to make the concept of utilizing adversarial uncertainty not only an interesting theoretical idea, but rather a practically useful technique, complementary to differential privacy, which is the state-of-the-art definition of privacy. This requires non-asymptotic privacy guarantees, more realistic approach to the randomness inherently present in the data and to the adversary's knowledge. In our paper we extend the concept proposed by Bhaskar et al. and present some results for wider class of data. In particular we cover the data sets that are dependent. We also introduce rigorous adversarial model. Moreover, in contrast to most of previous papers in this field, we give detailed (non-asymptotic) results which is motivated by practical reasons. Note that it required a modified approach and more subtle mathematical tools, including Stein method which, to the best of our knowledge, was not used in privacy research before. Apart from that, we show how to combine adversarial uncertainty with differential privacy approach and explore synergy between them to enhance the privacy parameters already present in the data itself by adding small amount of noise.
△ Less
Submitted 22 September, 2020; v1 submitted 25 May, 2016;
originally announced May 2016.
-
Practical Fault-Tolerant Data Aggregation
Authors:
Krzysztof Grining,
Marek Klonowski,
Piotr Syga
Abstract:
During Financial Cryptography 2012 Chan et al. presented a novel privacy-protection fault-tolerant data aggregation protocol. Comparing to previous work, their scheme guaranteed provable privacy of individuals and could work even if some number of users refused to participate. In our paper we demonstrate that despite its merits, their method provides unacceptably low accuracy of aggregated data fo…
▽ More
During Financial Cryptography 2012 Chan et al. presented a novel privacy-protection fault-tolerant data aggregation protocol. Comparing to previous work, their scheme guaranteed provable privacy of individuals and could work even if some number of users refused to participate. In our paper we demonstrate that despite its merits, their method provides unacceptably low accuracy of aggregated data for a wide range of assumed parameters and cannot be used in majority of real-life systems. To show this we use both precise analytic and experimental methods. Additionally, we present a precise data aggregation protocol that provides provable level of security even facing massive failures of nodes. Moreover, the protocol requires significantly less computation (limited exploiting of heavy cryptography) than most of currently known fault tolerant aggregation protocols and offers better security guarantees that make it suitable for systems of limited resources (including sensor networks). To obtain our result we relax however the model and allow some limited communication between the nodes.
△ Less
Submitted 31 May, 2016; v1 submitted 12 February, 2016;
originally announced February 2016.
-
Dynamic sharing of a multiple access channel
Authors:
Marcin Bienkowski,
Marek Klonowski,
Miroslaw Korzeniowski,
Dariusz R. Kowalski
Abstract:
In this paper we consider the mutual exclusion problem on a multiple access channel. Mutual exclusion is one of the fundamental problems in distributed computing. In the classic version of this problem, n processes perform a concurrent program which occasionally triggers some of them to use shared resources, such as memory, communication channel, device, etc. The goal is to design a distributed…
▽ More
In this paper we consider the mutual exclusion problem on a multiple access channel. Mutual exclusion is one of the fundamental problems in distributed computing. In the classic version of this problem, n processes perform a concurrent program which occasionally triggers some of them to use shared resources, such as memory, communication channel, device, etc. The goal is to design a distributed algorithm to control entries and exits to/from the shared resource in such a way that in any time there is at most one process accessing it. We consider both the classic and a slightly weaker version of mutual exclusion, called ep-mutual-exclusion, where for each period of a process staying in the critical section the probability that there is some other process in the critical section is at most ep. We show that there are channel settings, where the classic mutual exclusion is not feasible even for randomized algorithms, while ep-mutual-exclusion is. In more relaxed channel settings, we prove an exponential gap between the makespan complexity of the classic mutual exclusion problem and its weaker ep-exclusion version. We also show how to guarantee fairness of mutual exclusion algorithms, i.e., that each process that wants to enter the critical section will eventually succeed.
△ Less
Submitted 3 February, 2010; v1 submitted 18 January, 2010;
originally announced January 2010.