-
SoK: SCT Auditing in Certificate Transparency
Authors:
Sarah Meiklejohn,
Joe DeBlasio,
Devon O'Brien,
Chris Thompson,
Kevin Yeo,
Emily Stark
Abstract:
The Web public key infrastructure is essential to providing secure communication on the Internet today, and certificate authorities play a crucial role in this ecosystem by issuing certificates. These authorities may misissue certificates or suffer misuse attacks, however, which has given rise to the Certificate Transparency (CT) project. The goal of CT is to store all issued certificates in publi…
▽ More
The Web public key infrastructure is essential to providing secure communication on the Internet today, and certificate authorities play a crucial role in this ecosystem by issuing certificates. These authorities may misissue certificates or suffer misuse attacks, however, which has given rise to the Certificate Transparency (CT) project. The goal of CT is to store all issued certificates in public logs, which can then be checked for the presence of potentially misissued certificates. Thus, the requirement that a given certificate is indeed in one (or several) of these logs lies at the core of CT. In its current deployment, however, most individual clients do not check that the certificates they see are in logs, as requesting a proof of inclusion directly reveals the certificate and thus creates the clear potential for a violation of that client's privacy. In this paper, we explore the techniques that have been proposed for privacy-preserving auditing of certificate inclusion, focusing on their effectiveness, efficiency, and suitability in a near-term deployment. In doing so, we also explore the parallels with related problems involving browser clients. Guided by a set of constraints that we develop, we ultimately observe several key limitations in many proposals, ranging from their privacy provisions to the fact that they focus on the interaction between a client and a log but leave open the question of how a client could privately report any certificates that are missing.
△ Less
Submitted 3 March, 2022;
originally announced March 2022.
-
Spreading of Memes on Multiplex Networks
Authors:
Joseph D. O'Brien,
Ioannis K. Dassios,
James P. Gleeson
Abstract:
A model for the spreading of online information or "memes" on multiplex networks is introduced and analyzed using branching-process methods. The model generalizes that of [Gleeson et al., Phys.Rev. X., 2016] in two ways. First, even for a monoplex (single-layer) network, the model is defined for any specific network defined by its adjacency matrix, instead of being restricted to an ensemble of ran…
▽ More
A model for the spreading of online information or "memes" on multiplex networks is introduced and analyzed using branching-process methods. The model generalizes that of [Gleeson et al., Phys.Rev. X., 2016] in two ways. First, even for a monoplex (single-layer) network, the model is defined for any specific network defined by its adjacency matrix, instead of being restricted to an ensemble of random networks. Second, a multiplex version of the model is introduced to capture the behaviour of users who post information from one social media platform to another. In both cases the branching process analysis demonstrates that the dynamical system is, in the limit of low innovation, poised near a critical point, which is known to lead to heavy-tailed distributions of meme popularity similar to those observed in empirical data.
△ Less
Submitted 28 February, 2019; v1 submitted 30 October, 2018;
originally announced October 2018.
-
Law and Adversarial Machine Learning
Authors:
Ram Shankar Siva Kumar,
David R. O'Brien,
Kendra Albert,
Salome Vilojen
Abstract:
When machine learning systems fail because of adversarial manipulation, how should society expect the law to respond? Through scenarios grounded in adversarial ML literature, we explore how some aspects of computer crime, copyright, and tort law interface with perturbation, poisoning, model stealing and model inversion attacks to show how some attacks are more likely to result in liability than ot…
▽ More
When machine learning systems fail because of adversarial manipulation, how should society expect the law to respond? Through scenarios grounded in adversarial ML literature, we explore how some aspects of computer crime, copyright, and tort law interface with perturbation, poisoning, model stealing and model inversion attacks to show how some attacks are more likely to result in liability than others. We end with a call for action to ML researchers to invest in transparent benchmarks of attacks and defenses; architect ML systems with forensics in mind and finally, think more about adversarial machine learning in the context of civil liberties. The paper is targeted towards ML researchers who have no legal background.
△ Less
Submitted 4 December, 2018; v1 submitted 25 October, 2018;
originally announced October 2018.
-
Accountability of AI Under the Law: The Role of Explanation
Authors:
Finale Doshi-Velez,
Mason Kortz,
Ryan Budish,
Chris Bavitz,
Sam Gershman,
David O'Brien,
Kate Scott,
Stuart Schieber,
James Waldo,
David Weinberger,
Adrian Weller,
Alexandra Wood
Abstract:
The ubiquity of systems using artificial intelligence or "AI" has brought increasing attention to how those systems should be regulated. The choice of how to regulate AI systems will require care. AI systems have the potential to synthesize large amounts of data, allowing for greater levels of personalization and precision than ever before---applications range from clinical decision support to aut…
▽ More
The ubiquity of systems using artificial intelligence or "AI" has brought increasing attention to how those systems should be regulated. The choice of how to regulate AI systems will require care. AI systems have the potential to synthesize large amounts of data, allowing for greater levels of personalization and precision than ever before---applications range from clinical decision support to autonomous driving and predictive policing. That said, there exist legitimate concerns about the intentional and unintentional negative consequences of AI systems. There are many ways to hold AI systems accountable. In this work, we focus on one: explanation. Questions about a legal right to explanation from AI systems was recently debated in the EU General Data Protection Regulation, and thus thinking carefully about when and how explanation from AI systems might improve accountability is timely. In this work, we review contexts in which explanation is currently required under the law, and then list the technical considerations that must be considered if we desired AI systems that could provide kinds of explanations that are currently required of humans.
△ Less
Submitted 20 December, 2019; v1 submitted 3 November, 2017;
originally announced November 2017.
