Cryptography and Security

• New submissions
• Cross-lists
• Replacements

See recent articles

Showing new listings for Friday, 15 November 2024

New submissions (showing 8 of 8 entries)

[1] arXiv:2411.09228 [pdf, html, other]

Title: Injection Attacks Against End-to-End Encrypted Applications

Andrés Fábrega, Carolina Ortega Pérez, Armin Namavari, Ben Nassi, Rachit Agarwal, Thomas Ristenpart

Comments: Published in IEEE Security and Privacy 2024

Subjects: Cryptography and Security (cs.CR)

We explore an emerging threat model for end-to-end (E2E) encrypted applications: an adversary sends chosen messages to a target client, thereby "injecting" adversarial content into the application state. Such state is subsequently encrypted and synchronized to an adversarially-visible storage. By observing the lengths of the resulting cloud-stored ciphertexts, the attacker backs out confidential information. We investigate this injection threat model in the context of state-of-the-art encrypted messaging applications that support E2E encrypted backups. We show proof-of-concept attacks that can recover information about E2E encrypted messages or attachments sent via WhatsApp, assuming the ability to compromise the target user's Google or Apple account (which gives access to encrypted backups). We also show weaknesses in Signal's encrypted backup design that would allow injection attacks to infer metadata including a target user's number of contacts and conversations, should the adversary somehow obtain access to the user's encrypted Signal backup. While we do not believe our results should be of immediate concern for users of these messaging applications, our results do suggest that more work is needed to build tools that enjoy strong E2E security guarantees.

[2] arXiv:2411.09229 [pdf, html, other]

Title: Efficient and Secure Cross-Domain Data-Sharing for Resource-Constrained Internet of Things

Kexian Liu, Jianfeng Guan, Xiaolong Hu, Jianli Liu, Hongke Zhang

Comments: 15 pages,10 figures, submitted to Transactions on Information Forensics & Security in 19-Sep-2024

Subjects: Cryptography and Security (cs.CR)

The growing complexity of Internet of Things (IoT) environments, particularly in cross-domain data sharing, presents significant security challenges. Existing data-sharing schemes often rely on computationally expensive cryptographic operations and centralized key management, limiting their effectiveness for resource-constrained devices. To address these issues, we propose an efficient, secure blockchain-based data-sharing scheme. First, our scheme adopts a distributed key generation method, which avoids single point of failure. This method also allows independent pseudonym generation and key updates, enhancing authentication flexibility while reducing computational overhead. Additionally, the scheme provides a complete data-sharing process, covering data uploading, storage, and sharing, while ensuring data traceability, integrity, and privacy. Security analysis shows that the proposed scheme is theoretically secure and resistant to various attacks, while performance evaluations demonstrate lower computational and communication overhead compared to existing solutions, making it both secure and efficient for IoT applications.

[3] arXiv:2411.09231 [pdf, html, other]

Title: AEAKA: An Adaptive and Efficient Authentication and Key Agreement Scheme for IoT in Cloud-Edge-Device Collaborative Environments

Kexian Liu, Jianfeng Guan, Xiaolong Hu, Jing Zhang, Jianli Liu, Hongke Zhang

Comments: 17 pages,14 figures,submitted to Transactions on Dependable and Secure Computing in 30-May-2024

Subjects: Cryptography and Security (cs.CR)

To meet the diverse needs of users, the rapid advancement of cloud-edge-device collaboration has become a standard practice. However, this complex environment, particularly in untrusted (non-collaborative) scenarios, presents numerous security challenges. Authentication acts as the first line of defense and is fundamental to addressing these issues. Although many authentication and key agreement schemes exist, they often face limitations, such as being tailored to overly specific scenarios where devices authenticate solely with either the edge or the cloud, or being unsuitable for resource-constrained devices. To address these challenges, we propose an adaptive and efficient authentication and key agreement scheme (AEAKA) for Cloud-Edge-Device IoT environments. This scheme is highly adaptive and scalable, capable of automatically and dynamically initiating different authentication methods based on device requirements. Additionally, it employs an edge-assisted authentication approach to reduce the load on third-party trust authorities. Furthermore, we introduce a hash-based algorithm for the authentication protocol, ensuring a lightweight method suitable for a wide range of resource-constrained devices while maintaining security. AEAKA ensures that entities use associated authentication credentials, enhancing the privacy of the authentication process. Security proofs and performance analyses demonstrate that AEAKA outperforms other methods in terms of security and authentication efficiency.

[4] arXiv:2411.09240 [pdf, html, other]

Title: Cybersecurity Study Programs: What's in a Name?

Jan Vykopal, Valdemar Švábenský, Michael Tuscano Lopez II, Pavel Čeleda

Comments: Published in ACM SIGCSE 2025 conference proceedings, see this https URL

Subjects: Cryptography and Security (cs.CR); Computers and Society (cs.CY)

Improving cybersecurity education has become a priority for many countries and organizations worldwide. Computing societies and professional associations have recognized cybersecurity as a distinctive computing discipline and created specialized cybersecurity curricular guidelines. Higher education institutions are introducing new cybersecurity programs, attracting students to this expanding field. In this paper, we examined 101 study programs across 24 countries. Based on their analysis, we argue that top-ranked universities have not yet fully implemented the guidelines and offer programs that have "cyber" in their name but lack some essential elements of a cybersecurity program. In particular, most programs do not sufficiently cover non-technical components, such as law, policies, or risk management. Also, most programs teach knowledge and skills but do not expose students to experiential learning outside the traditional classroom (such as internships) to develop their competencies. As a result, graduates of these programs may not meet employer expectations and may require additional training. To help program directors and educators improve their programs and courses, this paper offers examples of effective practices from cybersecurity programs around the world and our teaching practice.

[5] arXiv:2411.09287 [pdf, html, other]

Title: The Communication-Friendly Privacy-Preserving Machine Learning against Malicious Adversaries

Tianpei Lu, Bingsheng Zhang, Lichun Li, Kui Ren

Subjects: Cryptography and Security (cs.CR)

With the increasing emphasis on privacy regulations, such as GDPR, protecting individual privacy and ensuring compliance have become critical concerns for both individuals and organizations. Privacy-preserving machine learning (PPML) is an innovative approach that allows for secure data analysis while safeguarding sensitive information. It enables organizations to extract valuable insights from data without compromising privacy. Secure multi-party computation (MPC) is a key tool in PPML, as it allows multiple parties to jointly compute functions without revealing their private inputs, making it essential in multi-server environments. We address the performance overhead of existing maliciously secure protocols, particularly in finite rings like $\mathbb{Z}_{2^\ell}$, by introducing an efficient protocol for secure linear function evaluation. We implement our maliciously secure MPC protocol on GPUs, significantly improving its efficiency and scalability. We extend the protocol to handle linear and non-linear layers, ensuring compatibility with a wide range of machine-learning models. Finally, we comprehensively evaluate machine learning models by integrating our protocol into the workflow, enabling secure and efficient inference across simple and complex models, such as convolutional neural networks (CNNs).

[6] arXiv:2411.09359 [pdf, html, other]

Title: Your Fixed Watermark is Fragile: Towards Semantic-Aware Watermark for EaaS Copyright Protection

Zekun Fei, Biao Yi, Jianing Geng, Ruiqi He, Lihai Nie, Zheli Liu

Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI)

Embedding-as-a-Service (EaaS) has emerged as a successful business pattern but faces significant challenges related to various forms of copyright infringement, including API misuse and different attacks. Various studies have proposed backdoor-based watermarking schemes to protect the copyright of EaaS services. In this paper, we reveal that previous watermarking schemes possess semantic-independent characteristics and propose the Semantic Perturbation Attack (SPA). Our theoretical and experimental analyses demonstrate that this semantic-independent nature makes current watermarking schemes vulnerable to adaptive attacks that exploit semantic perturbations test to bypass watermark verification. To address this vulnerability, we propose the Semantic Aware Watermarking (SAW) scheme, a robust defense mechanism designed to resist SPA, by injecting a watermark that adapts to the text semantics. Extensive experimental results across multiple datasets demonstrate that the True Positive Rate (TPR) for detecting watermarked samples under SPA can reach up to more than 95%, rendering previous watermarks ineffective. Meanwhile, our watermarking scheme can resist such attack while ensuring the watermark verification capability. Our code is available at this https URL.

[7] arXiv:2411.09552 [pdf, html, other]

Title: Faster Differentially Private Top-$k$ Selection: A Joint Exponential Mechanism with Pruning

Hao WU, Hanwen Zhang

Comments: NeurIPS 2024

Subjects: Cryptography and Security (cs.CR)

We study the differentially private top-$k$ selection problem, aiming to identify a sequence of $k$ items with approximately the highest scores from $d$ items. Recent work by Gillenwater et al. (ICML '22) employs a direct sampling approach from the vast collection of $d^{\,\Theta(k)}$ possible length-$k$ sequences, showing superior empirical accuracy compared to previous pure or approximate differentially private methods. Their algorithm has a time and space complexity of $\tilde{O}(dk)$.
In this paper, we present an improved algorithm with time and space complexity $O(d + k^2 / \epsilon \cdot \ln d)$, where $\epsilon$ denotes the privacy parameter. Experimental results show that our algorithm runs orders of magnitude faster than their approach, while achieving similar empirical accuracy.

[8] arXiv:2411.09585 [pdf, html, other]

Title: Backdoor Mitigation by Distance-Driven Detoxification

Shaokui Wei, Jiayin Liu, Hongyuan Zha

Comments: Preprint version

Subjects: Cryptography and Security (cs.CR)

Backdoor attacks undermine the integrity of machine learning models by allowing attackers to manipulate predictions using poisoned training data. Such attacks lead to targeted misclassification when specific triggers are present, while the model behaves normally under other conditions. This paper considers a post-training backdoor defense task, aiming to detoxify the backdoors in pre-trained models. We begin by analyzing the underlying issues of vanilla fine-tuning and observe that it is often trapped in regions with low loss for both clean and poisoned samples. Motivated by such observations, we propose Distance-Driven Detoxification (D3), an innovative approach that reformulates backdoor defense as a constrained optimization problem. Specifically, D3 promotes the model's departure from the vicinity of its initial weights, effectively reducing the influence of backdoors. Extensive experiments on state-of-the-art (SOTA) backdoor attacks across various model architectures and datasets demonstrate that D3 not only matches but often surpasses the performance of existing SOTA post-training defense techniques.

Cross submissions (showing 9 of 9 entries)

[9] arXiv:2411.08916 (cross-list from cs.IT) [pdf, html, other]

Title: Enhanced Secure Transmission of Medical Images through OFDM using Hyperchaotic Systems

Nada Bouchekout, Abdelkrim Boukabou, Morad Grimes

Comments: Fourth International Conference on Technological Advances in Electrical Engineering (ICTAEE 23), May 23-34 2023

Subjects: Information Theory (cs.IT); Cryptography and Security (cs.CR); Image and Video Processing (eess.IV)

Orthogonal Frequency Division Multiplexing (OFDM) is a popular modulation technique for transmitting digital data over wireless radio channels, including medical images due to its high transmission capacity, low interference, bandwidth efficiency, and scalability. However, the security of medical images is a major concern, and combining OFDM with encryption techniques such as chaos-based image encryption can enhance security measures. This study proposes a secure medical image transmission system that combines OFDM, 6D hyperchaotic system, and Fibonacci Q-matrix and analyzes its impact on image transmission quality using simulation results obtained through MATLAB. The study examines the Q-PSK constellation diagram, fast Fourier transform (IFFT) signal, cyclic prefix (CP) techniques, NIST, signal noise ratio (SNR), and bit error rate (BER). The results provide insights into the effectiveness of OFDM in securely transmitting high-quality medical images.

[10] arXiv:2411.08933 (cross-list from cs.CV) [pdf, html, other]

Title: Confidence-aware Denoised Fine-tuning of Off-the-shelf Models for Certified Robustness

Suhyeok Jang, Seojin Kim, Jinwoo Shin, Jongheon Jeong

Comments: 26 pages; TMLR 2024; Code is available at this https URL

Subjects: Computer Vision and Pattern Recognition (cs.CV); Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR); Machine Learning (cs.LG)

The remarkable advances in deep learning have led to the emergence of many off-the-shelf classifiers, e.g., large pre-trained models. However, since they are typically trained on clean data, they remain vulnerable to adversarial attacks. Despite this vulnerability, their superior performance and transferability make off-the-shelf classifiers still valuable in practice, demanding further work to provide adversarial robustness for them in a post-hoc manner. A recently proposed method, denoised smoothing, leverages a denoiser model in front of the classifier to obtain provable robustness without additional training. However, the denoiser often creates hallucination, i.e., images that have lost the semantics of their originally assigned class, leading to a drop in robustness. Furthermore, its noise-and-denoise procedure introduces a significant distribution shift from the original distribution, causing the denoised smoothing framework to achieve sub-optimal robustness. In this paper, we introduce Fine-Tuning with Confidence-Aware Denoised Image Selection (FT-CADIS), a novel fine-tuning scheme to enhance the certified robustness of off-the-shelf classifiers. FT-CADIS is inspired by the observation that the confidence of off-the-shelf classifiers can effectively identify hallucinated images during denoised smoothing. Based on this, we develop a confidence-aware training objective to handle such hallucinated images and improve the stability of fine-tuning from denoised images. In this way, the classifier can be fine-tuned using only images that are beneficial for adversarial robustness. We also find that such a fine-tuning can be done by updating a small fraction of parameters of the classifier. Extensive experiments demonstrate that FT-CADIS has established the state-of-the-art certified robustness among denoised smoothing methods across all $\ell_2$-adversary radius in various benchmarks.

[11] arXiv:2411.09055 (cross-list from cs.LG) [pdf, other]

Title: SAFELOC: Overcoming Data Poisoning Attacks in Heterogeneous Federated Machine Learning for Indoor Localization

Akhil Singampalli, Danish Gufran, Sudeep Pasricha

Subjects: Machine Learning (cs.LG); Artificial Intelligence (cs.AI); Cryptography and Security (cs.CR)

Machine learning (ML) based indoor localization solutions are critical for many emerging applications, yet their efficacy is often compromised by hardware/software variations across mobile devices (i.e., device heterogeneity) and the threat of ML data poisoning attacks. Conventional methods aimed at countering these challenges show limited resilience to the uncertainties created by these phenomena. In response, in this paper, we introduce SAFELOC, a novel framework that not only minimizes localization errors under these challenging conditions but also ensures model compactness for efficient mobile device deployment. Our framework targets a distributed and co-operative learning environment that uses federated learning (FL) to preserve user data privacy and assumes heterogeneous mobile devices carried by users (just like in most real-world scenarios). Within this heterogeneous FL context, SAFELOC introduces a novel fused neural network architecture that performs data poisoning detection and localization, with a low model footprint. Additionally, a dynamic saliency map-based aggregation strategy is designed to adapt based on the severity of the detected data poisoning scenario. Experimental evaluations demonstrate that SAFELOC achieves improvements of up to 5.9x in mean localization error, 7.8x in worst-case localization error, and a 2.1x reduction in model inference latency compared to state-of-the-art indoor localization frameworks, across diverse building floorplans, mobile devices, and ML data poisoning attack scenarios.

[12] arXiv:2411.09064 (cross-list from stat.ML) [pdf, html, other]

Title: Minimax Optimal Two-Sample Testing under Local Differential Privacy

Jongmin Mun, Seungwoo Kwak, Ilmun Kim

Comments: 59 pages, 5 figures

Subjects: Machine Learning (stat.ML); Cryptography and Security (cs.CR); Machine Learning (cs.LG)

We explore the trade-off between privacy and statistical utility in private two-sample testing under local differential privacy (LDP) for both multinomial and continuous data. We begin by addressing the multinomial case, where we introduce private permutation tests using practical privacy mechanisms such as Laplace, discrete Laplace, and Google's RAPPOR. We then extend our multinomial approach to continuous data via binning and study its uniform separation rates under LDP over Hölder and Besov smoothness classes. The proposed tests for both discrete and continuous cases rigorously control the type I error for any finite sample size, strictly adhere to LDP constraints, and achieve minimax separation rates under LDP. The attained minimax rates reveal inherent privacy-utility trade-offs that are unavoidable in private testing. To address scenarios with unknown smoothness parameters in density testing, we propose an adaptive test based on a Bonferroni-type approach that ensures robust performance without prior knowledge of the smoothness parameters. We validate our theoretical findings with extensive numerical experiments and demonstrate the practical relevance and effectiveness of our proposed methods.

[13] arXiv:2411.09142 (cross-list from cs.LG) [pdf, html, other]

Title: Laplace Transform Interpretation of Differential Privacy

Rishav Chourasia, Uzair Javaid, Biplap Sikdar

Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR)

We introduce a set of useful expressions of Differential Privacy (DP) notions in terms of the Laplace transform of the privacy loss distribution. Its bare form expression appears in several related works on analyzing DP, either as an integral or an expectation. We show that recognizing the expression as a Laplace transform unlocks a new way to reason about DP properties by exploiting the duality between time and frequency domains. Leveraging our interpretation, we connect the $(q, \rho(q))$-Rényi DP curve and the $(\epsilon, \delta(\epsilon))$-DP curve as being the Laplace and inverse-Laplace transforms of one another. This connection shows that the Rényi divergence is well-defined for complex orders $q = \gamma + i \omega$. Using our Laplace transform-based analysis, we also prove an adaptive composition theorem for $(\epsilon, \delta)$-DP guarantees that is exactly tight (i.e., matches even in constants) for all values of $\epsilon$. Additionally, we resolve an issue regarding symmetry of $f$-DP on subsampling that prevented equivalence across all functional DP notions.

[14] arXiv:2411.09167 (cross-list from cs.SD) [pdf, html, other]

Title: Robust AI-Synthesized Speech Detection Using Feature Decomposition Learning and Synthesizer Feature Augmentation

Kuiyuan Zhang, Zhongyun Hua, Yushu Zhang, Yifang Guo, Tao Xiang

Subjects: Sound (cs.SD); Cryptography and Security (cs.CR); Audio and Speech Processing (eess.AS)

AI-synthesized speech, also known as deepfake speech, has recently raised significant concerns due to the rapid advancement of speech synthesis and speech conversion techniques. Previous works often rely on distinguishing synthesizer artifacts to identify deepfake speech. However, excessive reliance on these specific synthesizer artifacts may result in unsatisfactory performance when addressing speech signals created by unseen synthesizers. In this paper, we propose a robust deepfake speech detection method that employs feature decomposition to learn synthesizer-independent content features as complementary for detection. Specifically, we propose a dual-stream feature decomposition learning strategy that decomposes the learned speech representation using a synthesizer stream and a content stream. The synthesizer stream specializes in learning synthesizer features through supervised training with synthesizer labels. Meanwhile, the content stream focuses on learning synthesizer-independent content features, enabled by a pseudo-labeling-based supervised learning method. This method randomly transforms speech to generate speed and compression labels for training. Additionally, we employ an adversarial learning technique to reduce the synthesizer-related components in the content stream. The final classification is determined by concatenating the synthesizer and content features. To enhance the model's robustness to different synthesizer characteristics, we further propose a synthesizer feature augmentation strategy that randomly blends the characteristic styles within real and fake audio features and randomly shuffles the synthesizer features with the content features. This strategy effectively enhances the feature diversity and simulates more feature combinations.

[15] arXiv:2411.09178 (cross-list from cs.LG) [pdf, html, other]

Title: SAFES: Sequential Privacy and Fairness Enhancing Data Synthesis for Responsible AI

Spencer Giddens, Fang Liu

Subjects: Machine Learning (cs.LG); Cryptography and Security (cs.CR)

As data-driven and AI-based decision making gains widespread adoption in most disciplines, it is crucial that both data privacy and decision fairness are appropriately addressed. While differential privacy (DP) provides a robust framework for guaranteeing privacy and several widely accepted methods have been proposed for improving fairness, the vast majority of existing literature treats the two concerns independently. For methods that do consider privacy and fairness simultaneously, they often only apply to a specific machine learning task, limiting their generalizability. In response, we introduce SAFES, a Sequential PrivAcy and Fairness Enhancing data Synthesis procedure that sequentially combines DP data synthesis with a fairness-aware data transformation. SAFES allows full control over the privacy-fairness-utility trade-off via tunable privacy and fairness parameters. We illustrate SAFES by combining AIM, a graphical model-based DP data synthesizer, with a popular fairness-aware data pre-processing transformation. Empirical evaluations on the Adult and COMPAS datasets demonstrate that for reasonable privacy loss, SAFES-generated synthetic data achieve significantly improved fairness metrics with relatively low utility loss.

[16] arXiv:2411.09217 (cross-list from cs.SE) [pdf, html, other]

Title: SmartInv: Multimodal Learning for Smart Contract Invariant Inference

Sally Junsong Wang, Kexin Pei, Junfeng Yang

Subjects: Software Engineering (cs.SE); Cryptography and Security (cs.CR); Programming Languages (cs.PL)

Smart contracts are software programs that enable diverse business activities on the blockchain. Recent research has identified new classes of "machine un-auditable" bugs that arise from both transactional contexts and source code. Existing detection methods require human understanding of underlying transaction logic and manual reasoning across different sources of context (i.e. modalities), such as code, dynamic transaction executions, and natural language specifying the expected transaction behavior.
To automate the detection of ``machine un-auditable'' bugs, we present SmartInv, an accurate and fast smart contract invariant inference framework. Our key insight is that the expected behavior of smart contracts, as specified by invariants, relies on understanding and reasoning across multimodal information, such as source code and natural language. We propose a new prompting strategy to foundation models, Tier of Thought (ToT), to reason across multiple modalities of smart contracts and ultimately to generate invariants. By checking the violation of these generated invariants, SmartInv can identify potential vulnerabilities.
We evaluate SmartInv on real-world contracts and re-discover bugs that resulted in multi-million dollar losses over the past 2.5 years (from January 1, 2021 to May 31, 2023). Our extensive evaluation shows that SmartInv generates (3.5X) more bug-critical invariants and detects (4$\times$) more critical bugs compared to the state-of-the-art tools in significantly (150X) less time. \sys uncovers 119 zero-day vulnerabilities from the 89,621 real-world contracts. Among them, five are critical zero-day bugs confirmed by developers as ``high severity.''

[17] arXiv:2411.09252 (cross-list from cs.NI) [pdf, html, other]

Title: Implementing an Optimized and Secured Multimedia Streaming Protocol in a Participatory Sensing Scenario

Andrea Vaiuso, Federico Concone, Marco Morana, Giuseppe Lo Re

Subjects: Networking and Internet Architecture (cs.NI); Cryptography and Security (cs.CR)

Multimedia streaming protocols are becoming increasingly popular in Crowdsensing due to their ability to deliver high-quality video content over the internet in real-time. Streaming multimedia content, as in the context of live video streaming, requires high bandwidth and large storage capacity to ensure a sufficient throughput. Crowdsensing can distribute information about shared video contents among multiple users in network, reducing storage capacity and computational and bandwidth requirements. However, Crowdsensing introduces several security constraints that must be taken into account to ensure the confidentiality, integrity, and availability of the data. In the specific case of video streaming, commonly named as visual crowdsensing (VCS) within this context, data is transmitted over wireless networks, making it vulnerable to security breaches and susceptible to eavesdropping and interception by attackers. Multimedias often contains sensitive user data and may be subject to various privacy laws, including data protection laws and laws related to photography and video recording, based on local GDPR (General Data Protection Regulation). For this reason the realization of a secure protocol optimized for a distributed data streaming in real-time becomes increasingly important in crowdsensing and smart-enviroment context. In this article, we will discuss the use of a symmetric AES-CTR encryption based protocol for securing data streaming over a crowd-sensed network.

Replacement submissions (showing 10 of 10 entries)

[18] arXiv:2404.06815 (replaced) [pdf, html, other]

Title: Security Assessment of the LG Cryptosystem

Étienne Burle, Hervé Talé Kalachi, Freddy Lende Metouke, Ayoub Otmani

Comments: Accepted for publication to the journal AAECC

Subjects: Cryptography and Security (cs.CR)

The LG cryptosystem is a public-key encryption scheme in the rank metric using the recent family of $\lambdav-$Gabidulin codes and introduced in 2019 by Lau and Tan. In this paper, we present a cryptanalysis showing that the security of several parameters of the scheme have been overestimated. We also show the existence of some weak keys allowing an attacker to find in polynomial time an alternative private key.

[19] arXiv:2404.07878 (replaced) [pdf, html, other]

Title: LeapFrog: The Rowhammer Instruction Skip Attack

Andrew Adiletta, M. Caner Tol, Kemal Derya, Berk Sunar, Saad Islam

Comments: Accepted at this http URL 2024

Subjects: Cryptography and Security (cs.CR); Hardware Architecture (cs.AR)

Since its inception, Rowhammer exploits have rapidly evolved into increasingly sophisticated threats compromising data integrity and the control flow integrity of victim processes. Nevertheless, it remains a challenge for an attacker to identify vulnerable targets (i.e., Rowhammer gadgets), understand the outcome of the attempted fault, and formulate an attack that yields useful results.
In this paper, we present a new type of Rowhammer gadget, called a LeapFrog gadget, which, when present in the victim code, allows an adversary to subvert code execution to bypass a critical piece of code (e.g., authentication check logic, encryption rounds, padding in security protocols). The LeapFrog gadget manifests when the victim code stores the Program Counter (PC) value in the user or kernel stack (e.g., a return address during a function call) which, when tampered with, repositions the return address to a location that bypasses a security-critical code pattern.
This research also presents a systematic process to identify LeapFrog gadgets. This methodology enables the automated detection of susceptible targets and the determination of optimal attack parameters. We first show the attack on a decision tree algorithm to show the potential implications. Secondly, we employ the attack on OpenSSL to bypass the encryption and reveal the plaintext. We then use our tools to scan the Open Quantum Safe library and report on the number of LeapFrog gadgets in the code. Lastly, we demonstrate this new attack vector through a practical demonstration in a client/server TLS handshake scenario, successfully inducing an instruction skip in a client application. Our findings extend the impact of Rowhammer attacks on control flow and contribute to developing more robust defenses against these increasingly sophisticated threats.

[20] arXiv:2406.03230 (replaced) [pdf, html, other]

Title: Defending Large Language Models Against Attacks With Residual Stream Activation Analysis

Amelia Kawasaki, Andrew Davis, Houssam Abbas

Subjects: Cryptography and Security (cs.CR); Machine Learning (cs.LG)

The widespread adoption of Large Language Models (LLMs), exemplified by OpenAI's ChatGPT, brings to the forefront the imperative to defend against adversarial threats on these models. These attacks, which manipulate an LLM's output by introducing malicious inputs, undermine the model's integrity and the trust users place in its outputs. In response to this challenge, our paper presents an innovative defensive strategy, given white box access to an LLM, that harnesses residual activation analysis between transformer layers of the LLM. We apply a novel methodology for analyzing distinctive activation patterns in the residual streams for attack prompt classification. We curate multiple datasets to demonstrate how this method of classification has high accuracy across multiple types of attack scenarios, including our newly-created attack dataset. Furthermore, we enhance the model's resilience by integrating safety fine-tuning techniques for LLMs in order to measure its effect on our capability to detect attacks. The results underscore the effectiveness of our approach in enhancing the detection and mitigation of adversarial inputs, advancing the security framework within which LLMs operate.

[21] arXiv:2406.15104 (replaced) [pdf, html, other]

Title: Deciphering the Definition of Adversarial Robustness for post-hoc OOD Detectors

Peter Lorenz, Mario Fernandez, Jens Müller, Ullrich Köthe

Subjects: Cryptography and Security (cs.CR); Computer Vision and Pattern Recognition (cs.CV)

Detecting out-of-distribution (OOD) inputs is critical for safely deploying deep learning models in real-world scenarios. In recent years, many OOD detectors have been developed, and even the benchmarking has been standardized, i.e. OpenOOD. The number of post-hoc detectors is growing fast. They are showing an option to protect a pre-trained classifier against natural distribution shifts and claim to be ready for real-world scenarios. However, its effectiveness in dealing with adversarial examples (AdEx) has been neglected in most studies. In cases where an OOD detector includes AdEx in its experiments, the lack of uniform parameters for AdEx makes it difficult to accurately evaluate the performance of the OOD detector. This paper investigates the adversarial robustness of 16 post-hoc detectors against various evasion attacks. It also discusses a roadmap for adversarial defense in OOD detectors that would help adversarial robustness. We believe that level 1 (AdEx on a unified dataset) should be added to any OOD detector to see the limitations. The last level in the roadmap (defense against adaptive attacks) we added for integrity from an adversarial machine learning (AML) point of view, which we do not believe is the ultimate goal for OOD detectors.

[22] arXiv:2409.19601 (replaced) [pdf, html, other]

Title: Infighting in the Dark: Multi-Labels Backdoor Attack in Federated Learning

Ye Li, Yanchao Zhao, Chengcheng Zhu, Jiale Zhang

Comments: 11 pages, 7 figures

Subjects: Cryptography and Security (cs.CR)

Federated Learning (FL), a privacy-preserving decentralized machine learning framework, has been shown to be vulnerable to backdoor attacks. Current research primarily focuses on the Single-Label Backdoor Attack (SBA), wherein adversaries share a consistent target. However, a critical fact is overlooked: adversaries may be non-cooperative, have distinct targets, and operate independently, which exhibits a more practical scenario called Multi-Label Backdoor Attack (MBA). Unfortunately, prior works are ineffective in MBA scenario since non-cooperative attackers exclude each other. In this work, we conduct an in-depth investigation to uncover the inherent constraints of the exclusion: similar backdoor mappings are constructed for different targets, resulting in conflicts among backdoor functions. To address this limitation, we propose Mirage, the first non-cooperative MBA strategy in FL that allows attackers to inject effective and persistent backdoors into the global model without collusion by constructing in-distribution (ID) backdoor mapping. Specifically, we introduce an adversarial adaptation method to bridge the backdoor features and the target distribution in an ID manner. Additionally, we further leverage a constrained optimization method to ensure the ID mapping survives in the global training dynamics. Extensive evaluations demonstrate that Mirage outperforms various state-of-the-art attacks and bypasses existing defenses, achieving an average ASR greater than 97\% and maintaining over 90\% after 900 rounds. This work aims to alert researchers to this potential threat and inspire the design of effective defense mechanisms. Code has been made open-source.

[23] arXiv:2411.06493 (replaced) [pdf, html, other]

Title: LProtector: An LLM-driven Vulnerability Detection System

Ze Sheng, Fenghua Wu, Xiangwu Zuo, Chao Li, Yuxin Qiao, Lei Hang

Comments: 5 pages, 4 figures. This is a preprint version of the article. The final version will be published in the proceedings of the IEEE conference

Subjects: Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI)

This paper presents LProtector, an automated vulnerability detection system for C/C++ codebases driven by the large language model (LLM) GPT-4o and Retrieval-Augmented Generation (RAG). As software complexity grows, traditional methods face challenges in detecting vulnerabilities effectively. LProtector leverages GPT-4o's powerful code comprehension and generation capabilities to perform binary classification and identify vulnerabilities within target codebases. We conducted experiments on the Big-Vul dataset, showing that LProtector outperforms two state-of-the-art baselines in terms of F1 score, demonstrating the potential of integrating LLMs with vulnerability detection.

[24] arXiv:2401.01005 (replaced) [pdf, html, other]

Title: Edge AI Empowered Physical Layer Security for 6G NTN: Potential Threats and Future Opportunities

Hong-fu Chou, Sourabh Solanki, Vu Nguyen Ha, Lin Chen, Sean Longyu Ma, Hayder Al-Hraishawi, Geoffrey Eappen, Symeon Chatzinotas

Comments: 7 pages, 6 figures, magazine

Subjects: Networking and Internet Architecture (cs.NI); Cryptography and Security (cs.CR)

Due to the enormous potential for economic profit offered by artificial intelligence (AI) servers, the field of cybersecurity has the potential to emerge as a prominent arena for competition among corporations and governments on a global scale. One of the prospective applications that stands to gain from the utilization of AI technology is the advancement in the field of cybersecurity. To this end, this paper provides an overview of the possible risks that the physical layer may encounter in the context of 6G Non-Terrestrial Networks (NTN). With the objective of showcasing the effectiveness of cutting-edge AI technologies in bolstering physical layer security, this study reviews the most foreseeable design strategies associated with the integration of edge AI in the realm of 6G NTN. The findings of this paper provide some insights and serve as a foundation for future investigations aimed at enhancing the physical layer security of edge servers/devices in the next generation of trustworthy 6G telecommunication networks.

[25] arXiv:2403.04783 (replaced) [pdf, html, other]

Title: AutoDefense: Multi-Agent LLM Defense against Jailbreak Attacks

Yifan Zeng, Yiran Wu, Xiao Zhang, Huazheng Wang, Qingyun Wu

Subjects: Machine Learning (cs.LG); Computation and Language (cs.CL); Cryptography and Security (cs.CR)

Despite extensive pre-training in moral alignment to prevent generating harmful information, large language models (LLMs) remain vulnerable to jailbreak attacks. In this paper, we propose AutoDefense, a multi-agent defense framework that filters harmful responses from LLMs. With the response-filtering mechanism, our framework is robust against different jailbreak attack prompts, and can be used to defend different victim models. AutoDefense assigns different roles to LLM agents and employs them to complete the defense task collaboratively. The division in tasks enhances the overall instruction-following of LLMs and enables the integration of other defense components as tools. With AutoDefense, small open-source LMs can serve as agents and defend larger models against jailbreak attacks. Our experiments show that AutoDefense can effectively defense against different jailbreak attacks, while maintaining the performance at normal user request. For example, we reduce the attack success rate on GPT-3.5 from 55.74% to 7.95% using LLaMA-2-13b with a 3-agent system. Our code and data are publicly available at this https URL.

[26] arXiv:2408.00341 (replaced) [pdf, html, other]

Title: Enhancing Attack Resilience in Real-Time Systems through Variable Control Task Sampling Rates

Arkaprava Sain, Sunandan Adhikary, Ipsita Koley, Soumyajit Dey

Comments: 12 pages including references, Total 10 figures (with 3 having subfigures)

Subjects: Systems and Control (eess.SY); Cryptography and Security (cs.CR); Operating Systems (cs.OS)

Cyber-physical systems (CPSs) in modern real-time applications integrate numerous control units linked through communication networks, each responsible for executing a mix of real-time safety-critical and non-critical tasks. To ensure predictable timing behaviour, most safety-critical tasks are scheduled with fixed sampling periods, which supports rigorous safety and performance analyses. However, this deterministic execution can be exploited by attackers to launch inference-based attacks on safety-critical tasks. This paper addresses the challenge of preventing such timing inference or schedule-based attacks by dynamically adjusting the execution rates of safety-critical tasks while maintaining their performance. We propose a novel schedule vulnerability analysis methodology, enabling runtime switching between valid schedules for various control task sampling rates. Leveraging this approach, we present the Multi-Rate Attack-Aware Randomized Scheduling (MAARS) framework for preemptive fixed-priority schedulers, designed to reduce the success rate of timing inference attacks on real-time systems. To our knowledge, this is the first method that combines attack-aware schedule randomization with preserved control and scheduling integrity. The framework's efficacy in attack prevention is evaluated on automotive benchmarks using a Hardware-in-the-Loop (HiL) setup.

[27] arXiv:2410.17184 (replaced) [pdf, html, other]

Title: Technical Report: Toward Applying Quantum Computing to Network Verification

Kahlil Dozier, Justin Beltran, Kylie Berg, Hugo Matousek, Loqman Salamatian, Ethan Katz-Bassett, Dan Rubenstein

Subjects: Quantum Physics (quant-ph); Cryptography and Security (cs.CR); Networking and Internet Architecture (cs.NI)

Network verification (NWV), broadly defined as the verification of properties of distributed protocols used in network systems, cannot be efficiently solved on classical hardware via brute force. Prior work has developed a variety of methods that scale by observing a structure in the search space and then evaluating classes within the search space instead of individual instances. However, even these classification mechanisms have their limitations. In this paper, we consider a radically different approach: applying quantum computing to more efficiently solve NWV problems. We provide an overview of how to map variants of NWV problems into unstructured search problems that can be solved via quantum computing with quadratic speedup, making the approach feasible in theory to problems that are double in size (of the input). Emerging quantum systems cannot yet tackle problems of practical interest, but rapid advances in hardware and algorithm development make now a great time to start thinking about their application. With this in mind, we explore the limits of scale of the problem for which quantum computing can solve NWV problems as unstructured search.