-
Aggressive or Imperceptible, or Both: Network Pruning Assisted Hybrid Byzantines in Federated Learning
Authors:
Emre Ozfatura,
Kerem Ozfatura,
Alptekin Kupcu,
Deniz Gunduz
Abstract:
Federated learning (FL) has been introduced to enable a large number of clients, possibly mobile devices, to collaborate on generating a generalized machine learning model thanks to utilizing a larger number of local samples without sharing to offer certain privacy to collaborating clients. However, due to the participation of a large number of clients, it is often difficult to profile and verify…
▽ More
Federated learning (FL) has been introduced to enable a large number of clients, possibly mobile devices, to collaborate on generating a generalized machine learning model thanks to utilizing a larger number of local samples without sharing to offer certain privacy to collaborating clients. However, due to the participation of a large number of clients, it is often difficult to profile and verify each client, which leads to a security threat that malicious participants may hamper the accuracy of the trained model by conveying poisoned models during the training. Hence, the aggregation framework at the parameter server also needs to minimize the detrimental effects of these malicious clients. A plethora of attack and defence strategies have been analyzed in the literature. However, often the Byzantine problem is analyzed solely from the outlier detection perspective, being oblivious to the topology of neural networks (NNs).
In the scope of this work, we argue that by extracting certain side information specific to the NN topology, one can design stronger attacks. Hence, inspired by the sparse neural networks, we introduce a hybrid sparse Byzantine attack that is composed of two parts: one exhibiting a sparse nature and attacking only certain NN locations with higher sensitivity, and the other being more silent but accumulating over time, where each ideally targets a different type of defence mechanism, and together they form a strong but imperceptible attack. Finally, we show through extensive simulations that the proposed hybrid Byzantine attack is effective against 8 different defence methods.
△ Less
Submitted 9 April, 2024;
originally announced April 2024.
-
Gamu Blue: A Practical Tool for Game Theory Security Equilibria
Authors:
Ameer Taweel,
Burcu Yıldız,
Alptekin Küpçü
Abstract:
The application of game theory in cybersecurity enables strategic analysis, adversarial modeling, and optimal decision-making to address security threats' complex and dynamic nature. Previous studies by Abraham et al. and Biçer et al. presented various definitions of equilibria to examine the security aspects of games involving multiple parties. Nonetheless, these definitions lack practical and ea…
▽ More
The application of game theory in cybersecurity enables strategic analysis, adversarial modeling, and optimal decision-making to address security threats' complex and dynamic nature. Previous studies by Abraham et al. and Biçer et al. presented various definitions of equilibria to examine the security aspects of games involving multiple parties. Nonetheless, these definitions lack practical and easy-to-use implementations. Our primary contribution is addressing this gap by develo** Gamu Blue, an easy-to-use tool with implementations for computing the equilibria definitions including k-resiliency, l-repellence, t-immunity, (l, t)-resistance, and m-stability.
△ Less
Submitted 27 March, 2024;
originally announced March 2024.
-
SplitOut: Out-of-the-Box Training-Hijacking Detection in Split Learning via Outlier Detection
Authors:
Ege Erdogan,
Unat Teksen,
Mehmet Salih Celiktenyildiz,
Alptekin Kupcu,
A. Ercument Cicek
Abstract:
Split learning enables efficient and privacy-aware training of a deep neural network by splitting a neural network so that the clients (data holders) compute the first layers and only share the intermediate output with the central compute-heavy server. This paradigm introduces a new attack medium in which the server has full control over what the client models learn, which has already been exploit…
▽ More
Split learning enables efficient and privacy-aware training of a deep neural network by splitting a neural network so that the clients (data holders) compute the first layers and only share the intermediate output with the central compute-heavy server. This paradigm introduces a new attack medium in which the server has full control over what the client models learn, which has already been exploited to infer the private data of clients and to implement backdoors in the client models. Although previous work has shown that clients can successfully detect such training-hijacking attacks, the proposed methods rely on heuristics, require tuning of many hyperparameters, and do not fully utilize the clients' capabilities. In this work, we show that given modest assumptions regarding the clients' compute capabilities, an out-of-the-box outlier detection method can be used to detect existing training-hijacking attacks with almost-zero false positive rates. We conclude through experiments on different tasks that the simplicity of our approach we name \textit{SplitOut} makes it a more viable and reliable alternative compared to the earlier detection methods.
△ Less
Submitted 7 July, 2024; v1 submitted 16 February, 2023;
originally announced February 2023.
-
Byzantines can also Learn from History: Fall of Centered Clip** in Federated Learning
Authors:
Kerem Ozfatura,
Emre Ozfatura,
Alptekin Kupcu,
Deniz Gunduz
Abstract:
The increasing popularity of the federated learning (FL) framework due to its success in a wide range of collaborative learning tasks also induces certain security concerns. Among many vulnerabilities, the risk of Byzantine attacks is of particular concern, which refers to the possibility of malicious clients participating in the learning process. Hence, a crucial objective in FL is to neutralize…
▽ More
The increasing popularity of the federated learning (FL) framework due to its success in a wide range of collaborative learning tasks also induces certain security concerns. Among many vulnerabilities, the risk of Byzantine attacks is of particular concern, which refers to the possibility of malicious clients participating in the learning process. Hence, a crucial objective in FL is to neutralize the potential impact of Byzantine attacks and to ensure that the final model is trustable. It has been observed that the higher the variance among the clients' models/updates, the more space there is for Byzantine attacks to be hidden. As a consequence, by utilizing momentum, and thus, reducing the variance, it is possible to weaken the strength of known Byzantine attacks. The centered clip** (CC) framework has further shown that the momentum term from the previous iteration, besides reducing the variance, can be used as a reference point to neutralize Byzantine attacks better. In this work, we first expose vulnerabilities of the CC framework, and introduce a novel attack strategy that can circumvent the defences of CC and other robust aggregators and reduce their test accuracy up to %33 on best-case scenarios in image classification tasks. Then, we propose a new robust and fast defence mechanism that is effective against the proposed and other existing Byzantine attacks.
△ Less
Submitted 1 January, 2024; v1 submitted 21 August, 2022;
originally announced August 2022.
-
LightChain: Scalable DHT-Based Blockchain
Authors:
Yahya Hassanzadeh-Nazarabadi,
Alptekin Küpçü,
Öznur Özkasap
Abstract:
As an append-only distributed database, blockchain is utilized in a vast variety of applications including the cryptocurrency and Internet-of-Things (IoT). The existing blockchain solutions show downsides in communication and storage scalability, as well as decentralization. In this article, we propose LightChain , which is the first blockchain architecture that operates over a Distributed Hash Ta…
▽ More
As an append-only distributed database, blockchain is utilized in a vast variety of applications including the cryptocurrency and Internet-of-Things (IoT). The existing blockchain solutions show downsides in communication and storage scalability, as well as decentralization. In this article, we propose LightChain , which is the first blockchain architecture that operates over a Distributed Hash Table (DHT) of participating peers. LightChain is a permissionless blockchain that provides addressable blocks and transactions within the network, which makes them efficiently accessible by all peers. Each block and transaction is replicated within the DHT of peers and is retrieved in an on-demand manner. Hence, peers in LightChain are not required to retrieve or keep the entire ledger. LightChain is fair as all of the participating peers have a uniform chance of being involved in the consensus regardless of their influence such as hashing power or stake. We provide formal mathematical analysis and experimental results (simulations and cloud deployment) to demonstrate the security, efficiency, and fairness of LightChain , and show that LightChain is the only existing blockchain that can provide integrity under the corrupted majority power of peers. As we experimentally demonstrate, compared to the mainstream blockchains such as Bitcoin and Ethereum, LightChain requires around 66 times smaller per node storage, and is around 380 times faster on bootstrap** a new node to the system, and each LightChain node is rewarded equally likely for participating in the protocol.
△ Less
Submitted 1 September, 2021;
originally announced September 2021.
-
SplitGuard: Detecting and Mitigating Training-Hijacking Attacks in Split Learning
Authors:
Ege Erdogan,
Alptekin Kupcu,
A. Ercument Cicek
Abstract:
Distributed deep learning frameworks such as split learning provide great benefits with regards to the computational cost of training deep neural networks and the privacy-aware utilization of the collective data of a group of data-holders. Split learning, in particular, achieves this goal by dividing a neural network between a client and a server so that the client computes the initial set of laye…
▽ More
Distributed deep learning frameworks such as split learning provide great benefits with regards to the computational cost of training deep neural networks and the privacy-aware utilization of the collective data of a group of data-holders. Split learning, in particular, achieves this goal by dividing a neural network between a client and a server so that the client computes the initial set of layers, and the server computes the rest. However, this method introduces a unique attack vector for a malicious server attempting to steal the client's private data: the server can direct the client model towards learning any task of its choice, e.g. towards outputting easily invertible values. With a concrete example already proposed (Pasquini et al., CCS '21), such training-hijacking attacks present a significant risk for the data privacy of split learning clients.
In this paper, we propose SplitGuard, a method by which a split learning client can detect whether it is being targeted by a training-hijacking attack or not. We experimentally evaluate our method's effectiveness, compare it with potential alternatives, and discuss in detail various points related to its use. We conclude that SplitGuard can effectively detect training-hijacking attacks while minimizing the amount of information recovered by the adversaries.
△ Less
Submitted 16 September, 2022; v1 submitted 20 August, 2021;
originally announced August 2021.
-
UnSplit: Data-Oblivious Model Inversion, Model Stealing, and Label Inference Attacks Against Split Learning
Authors:
Ege Erdogan,
Alptekin Kupcu,
A. Ercument Cicek
Abstract:
Training deep neural networks often forces users to work in a distributed or outsourced setting, accompanied with privacy concerns. Split learning aims to address this concern by distributing the model among a client and a server. The scheme supposedly provides privacy, since the server cannot see the clients' models and inputs. We show that this is not true via two novel attacks. (1) We show that…
▽ More
Training deep neural networks often forces users to work in a distributed or outsourced setting, accompanied with privacy concerns. Split learning aims to address this concern by distributing the model among a client and a server. The scheme supposedly provides privacy, since the server cannot see the clients' models and inputs. We show that this is not true via two novel attacks. (1) We show that an honest-but-curious split learning server, equipped only with the knowledge of the client neural network architecture, can recover the input samples and obtain a functionally similar model to the client model, without being detected. (2) We show that if the client keeps hidden only the output layer of the model to "protect" the private labels, the honest-but-curious server can infer the labels with perfect accuracy. We test our attacks using various benchmark datasets and against proposed privacy-enhancing extensions to split learning. Our results show that plaintext split learning can pose serious risks, ranging from data (input) privacy to intellectual property (model parameters), and provide no more than a false sense of security.
△ Less
Submitted 16 September, 2022; v1 submitted 20 August, 2021;
originally announced August 2021.
-
AggFT: Low-Cost Fault-Tolerant Smart Meter Aggregation with Proven Termination and Privacy
Authors:
Günther Eibl,
Sanaz Taheri-Boshrooyeh,
Alptekin Küpçü
Abstract:
Smart meter data aggregation protocols have been developed to address rising privacy threats against customers' consumption data. However, these protocols do not work satisfactorily in the presence of failures of smart meters or network communication links. In this paper, we propose a lightweight and fault-tolerant aggregation algorithm that can serve as a solid foundation for further research. We…
▽ More
Smart meter data aggregation protocols have been developed to address rising privacy threats against customers' consumption data. However, these protocols do not work satisfactorily in the presence of failures of smart meters or network communication links. In this paper, we propose a lightweight and fault-tolerant aggregation algorithm that can serve as a solid foundation for further research. We revisit an existing error-resilient privacy-preserving aggregation protocol based on masking and improve it by: (i) performing changes in the cryptographic parts that lead to a reduction of computational costs, (ii) simplifying the behaviour of the protocol in the presence of faults, and showing a proof of proper termination under a well-defined failure model, (iii) decoupling the computation part from the data flow so that the algorithm can also be used with homomorphic encryption as a basis for privacy-preservation. To best of our knowledge, this is the first algorithm that is formulated for both, masking and homomorphic encryption. (iv) Finally, we provide a formal proof of the privacy guarantee under failure. The systematic treatment with strict proofs and the established connection to graph theory may also serve as a starting point for possible generalizations and improvements with respect to increased resilience.
△ Less
Submitted 18 February, 2021;
originally announced February 2021.
-
BlockSim-Net: A Network Based Blockchain Simulator
Authors:
Nandini Agrawal,
R Prashanthi,
Osman Biçer,
Alptekin Küpçü
Abstract:
Since its proposal by Eyal and Sirer (CACM '13), selfish mining attack on proof-of-work blockchains has been studied extensively in terms of both improving its impact and defending against it. Before any defense is deployed in a real world blockchain system, it needs to be tested for security and dependability. However, real blockchain systems are too complex to conduct any test on or benchmark th…
▽ More
Since its proposal by Eyal and Sirer (CACM '13), selfish mining attack on proof-of-work blockchains has been studied extensively in terms of both improving its impact and defending against it. Before any defense is deployed in a real world blockchain system, it needs to be tested for security and dependability. However, real blockchain systems are too complex to conduct any test on or benchmark the developed protocols. Some simulation environments have been proposed recently, such as BlockSim (Maher et al., '20). However, BlockSim is developed for the simulation of an entire network on a single CPU. Therefore, it is insufficient to capture the essence of a real blockchain network, as it is not distributed and the complications such as propagation delays that occur in reality cannot be simulated realistically enough. In this work, we propose BlockSim-Net, a simple, efficient, high performance, network-based blockchain simulator, to better reflect reality.
△ Less
Submitted 27 November, 2020; v1 submitted 6 November, 2020;
originally announced November 2020.
-
A containerized proof-of-concept implementation of LightChain system
Authors:
Yahya Hassanzadeh-Nazarabadi,
Nazir Nayal,
Shadi Sameh Hamdan,
Öznur Özkasap,
Alptekin Küpçü
Abstract:
LightChain is the first Distributed Hash Table (DHT)-based blockchain with a logarithmic asymptotic message and memory complexity. In this demo paper, we present the software architecture of our open-source implementation of LightChain, as well as a novel deployment scenario of the entire LightChain system on a single machine aiming at results reproducibility.
LightChain is the first Distributed Hash Table (DHT)-based blockchain with a logarithmic asymptotic message and memory complexity. In this demo paper, we present the software architecture of our open-source implementation of LightChain, as well as a novel deployment scenario of the entire LightChain system on a single machine aiming at results reproducibility.
△ Less
Submitted 26 July, 2020;
originally announced July 2020.
-
SkipSim: Scalable Skip Graph Simulator
Authors:
Yahya Hassanzadeh-Nazarabadi,
Ali Utkan Şahin,
Öznur Özkasap,
Alptekin Küpçü
Abstract:
SkipSim is an offline Skip Graph simulator that enables Skip Graph-based algorithms including blockchains and P2P cloud storage to be simulated while preserving their scalability and decentralized nature. To the best of our knowledge, it is the first Skip Graph simulator that provides several features for experimentation on Skip Graph-based overlay networks. In this demo paper, we present SkipSim…
▽ More
SkipSim is an offline Skip Graph simulator that enables Skip Graph-based algorithms including blockchains and P2P cloud storage to be simulated while preserving their scalability and decentralized nature. To the best of our knowledge, it is the first Skip Graph simulator that provides several features for experimentation on Skip Graph-based overlay networks. In this demo paper, we present SkipSim features, its architecture, as well as a sample blockchain demo scenario.
△ Less
Submitted 26 July, 2020;
originally announced July 2020.
-
Improving PKI, BGP, and DNS Using Blockchain: A Systematic Review
Authors:
Faizan Safdar Ali,
Alptekin Kupcu
Abstract:
The Internet has many backbone components on top of which the whole world is connected. It is important to make these components, like Border Gateway Protocol (BGP), Domain Name System (DNS), and Public Key Infrastructure (PKI), secure and work without any interruption. All of the aforementioned components have vulnerabilities, mainly because of their dependence on the centralized parties, that sh…
▽ More
The Internet has many backbone components on top of which the whole world is connected. It is important to make these components, like Border Gateway Protocol (BGP), Domain Name System (DNS), and Public Key Infrastructure (PKI), secure and work without any interruption. All of the aforementioned components have vulnerabilities, mainly because of their dependence on the centralized parties, that should be resolved.
Blockchain is revolutionizing the concept of today's Internet, primarily because of its degree of decentralization and security properties. In this paper, we discuss how blockchain provides nearly complete solutions to the open challenges for these network backbone components.
△ Less
Submitted 3 January, 2020;
originally announced January 2020.
-
Decentralized utility- and locality-aware replication for heterogeneous DHT-based P2P cloud storage systems
Authors:
Yahya Hassanzadeh-Nazarabadi,
Alptekin Küpçü,
Öznur Özkasap
Abstract:
As a Distributed Hash Table (DHT), Skip Graph routing overlays are exploited in several peer-to-peer (P2P) services, including P2P cloud storage. The fully decentralized replication algorithms that are applicable to the Skip Graph-based P2P cloud storage fail on improving the performance of the system with respect to both the availability of replicas as well as their response time. Additionally, t…
▽ More
As a Distributed Hash Table (DHT), Skip Graph routing overlays are exploited in several peer-to-peer (P2P) services, including P2P cloud storage. The fully decentralized replication algorithms that are applicable to the Skip Graph-based P2P cloud storage fail on improving the performance of the system with respect to both the availability of replicas as well as their response time. Additionally, they presume the system as homogeneous with respect to the nodes' latency distribution, availability behavior, bandwidth, or storage. In this paper, we propose Pyramid, which is the first fully decentralized utility- and locality-aware replication approach for Skip Graph-based P2P cloud storage systems. Pyramid considers the nodes as heterogeneous with respect to their latency distribution, availability behavior, bandwidth, and storage. Pyramid is utility-aware as it maximizes the average available bandwidth of replicas per time slot (e.g., per hour). Additionally, Pyramid is locality-aware as it minimizes the average latency between nodes and their closest replica. Our simulation results show that compared to the state-of-the-art solutions that either perform good in utility-awareness, or in locality-awareness, our proposed Pyramid improves both the utility- and locality-awareness of replicas with a gain of about 1.2 and 1.1 times at the same time, respectively.
△ Less
Submitted 27 July, 2019;
originally announced July 2019.
-
LightChain: A DHT-based Blockchain for Resource Constrained Environments
Authors:
Yahya Hassanzadeh-Nazarabadi,
Alptekin Küpçü,
Öznur Özkasap
Abstract:
As an append-only distributed database, blockchain is utilized in a vast variety of applications including the cryptocurrency and Internet-of-Things (IoT). The existing blockchain solutions have downsides in communication and storage efficiency, convergence to centralization, and consistency problems. In this paper, we propose LightChain, which is the first blockchain architecture that operates ov…
▽ More
As an append-only distributed database, blockchain is utilized in a vast variety of applications including the cryptocurrency and Internet-of-Things (IoT). The existing blockchain solutions have downsides in communication and storage efficiency, convergence to centralization, and consistency problems. In this paper, we propose LightChain, which is the first blockchain architecture that operates over a Distributed Hash Table (DHT) of participating peers. LightChain is a permissionless blockchain that provides addressable blocks and transactions within the network, which makes them efficiently accessible by all the peers. Each block and transaction is replicated within the DHT of peers and is retrieved in an on-demand manner. Hence, peers in LightChain are not required to retrieve or keep the entire blockchain. LightChain is fair as all of the participating peers have a uniform chance of being involved in the consensus regardless of their influence such as hashing power or stake. LightChain provides a deterministic fork-resolving strategy as well as a blacklisting mechanism, and it is secure against colluding adversarial peers attacking the availability and integrity of the system. We provide mathematical analysis and experimental results on scenarios involving 10K nodes to demonstrate the security and fairness of LightChain. As we experimentally show in this paper, compared to the mainstream blockchains like Bitcoin and Ethereum, LightChain requires around 66 times less per node storage, and is around 380 times faster on bootstrap** a new node to the system, while each LightChain node is rewarded equally likely for participating in the protocol.
△ Less
Submitted 20 December, 2020; v1 submitted 31 March, 2019;
originally announced April 2019.
-
Interlaced: Fully decentralized churn stabilization for Skip Graph-based DHTs
Authors:
Yahya Hassanzadeh-Nazarabadi,
Alptekin Küpçü,
Öznur Özkasap
Abstract:
As a distributed hash table (DHT) routing overlay, Skip Graph is used in a variety of peer-to-peer (P2P) systems including cloud storage, social networks, and search engines. The overlay connectivity of P2P systems is negatively affected by the arrivals and departures of nodes to and from the system that is known as churn. Preserving connectivity of the overlay network (i.e., the reachability of e…
▽ More
As a distributed hash table (DHT) routing overlay, Skip Graph is used in a variety of peer-to-peer (P2P) systems including cloud storage, social networks, and search engines. The overlay connectivity of P2P systems is negatively affected by the arrivals and departures of nodes to and from the system that is known as churn. Preserving connectivity of the overlay network (i.e., the reachability of every pair of nodes) under churn is a performance challenge in every P2P system including the Skip Graph-based ones. The existing decentralized churn stabilization solutions that are applicable on Skip Graphs have intensive communication complexities, which leave them unable to provide a strong overlay connectivity, especially under high rates of churn.
In this paper, we propose Interlaced, a fully decentralized churn stabilization mechanism for Skip Graphs that provides drastically stronger overlay connectivity without changing the asymptotic complexity of the Skip Graph in terms of storage, computation, and communication. We also propose the Sliding Window De Bruijn Graph (SW-DBG) as a tool to predict the availability of nodes with high accuracy. Our simulation results show that in comparison to the best existing DHT-based solutions, Interlaced improves the overlay connectivity of Skip Graph under churn with the gain of about 1.81 times. A Skip Graph that benefits from Interlaced and SW-DBG is about 2.47 times faster on average in routing the queries under churn compared to the best existing solutions. We also present an adaptive extension of Interlaced to be applied on other DHTs, for example Kademlia.
△ Less
Submitted 18 March, 2019;
originally announced March 2019.
-
Efficient Dynamic Searchable Encryption with Forward Privacy
Authors:
Mohammad Etemad,
Alptekin Küpçü,
Charalampos Papamanthou,
David Evans
Abstract:
Searchable symmetric encryption (SSE) enables a client to perform searches over its outsourced encrypted files while preserving privacy of the files and queries. Dynamic schemes, where files can be added or removed, leak more information than static schemes. For dynamic schemes, forward privacy requires that a newly added file cannot be linked to previous searches. We present a new dynamic SSE sch…
▽ More
Searchable symmetric encryption (SSE) enables a client to perform searches over its outsourced encrypted files while preserving privacy of the files and queries. Dynamic schemes, where files can be added or removed, leak more information than static schemes. For dynamic schemes, forward privacy requires that a newly added file cannot be linked to previous searches. We present a new dynamic SSE scheme that achieves forward privacy by replacing the keys revealed to the server on each search. Our scheme is efficient and parallelizable and outperforms the best previous schemes providing forward privacy, and achieves competitive performance with dynamic schemes without forward privacy. We provide a full security proof in the random oracle model. In our experiments on the Wikipedia archive of about four million pages, the server takes one second to perform a search with 100,000 results.
△ Less
Submitted 30 September, 2017;
originally announced October 2017.