79 research outputs found
Reliable Communication in Hybrid Authentication and Trust Models
Reliable communication is a fundamental distributed communication abstraction that allows any two nodes within a network to communicate with each other. It is necessary for more powerful communication primitives, such as broadcast and consensus. Using different authentication models, two classical protocols implement reliable communication in unknown and sufficiently connected networks. In the former, network links are authenticated, and processes rely on dissemination paths to authenticate messages. In the latter, processes generate digital signatures that are flooded throughout the network. This work considers the hybrid system model that combines authenticated links and authenticated processes. Additionally, we aim to leverage the possible presence of trusted nodes (e.g., network gateways) and trusted components (e.g., Intel SGX enclaves). We first extend the two classical reliable communication protocols to leverage trusted nodes. Then we propose DualRC, our most generic algorithm that considers the hybrid authentication model by manipulating dissemination paths and digital signatures, and leverages the possible presence of trusted nodes and trusted components. We describe and prove methods that establish whether our algorithms implement reliable communication on a given network.<br/
Practical Byzantine Reliable Broadcast on Partially Connected Networks (Extended version)
In this paper, we consider the Byzantine reliable broadcast problem on
authenticated and partially connected networks. The state-of-the-art method to
solve this problem consists in combining two algorithms from the literature.
Handling asynchrony and faulty senders is typically done thanks to Gabriel
Bracha's authenticated double-echo broadcast protocol, which assumes an
asynchronous fully connected network. Danny Dolev's algorithm can then be used
to provide reliable communications between processes in the global fault model,
where up to f processes among N can be faulty in a communication network that
is at least 2f+1-connected. Following recent works that showed that Dolev's
protocol can be made more practical thanks to several optimizations, we show
that the state-of-the-art methods to solve our problem can be optimized thanks
to layer-specific and cross-layer optimizations. Our simulations with the
Omnet++ network simulator show that these optimizations can be efficiently
combined to decrease the total amount of information transmitted or the
protocol's latency (e.g., respectively, -25% and -50% with a 16B payload, N=31
and f=4) compared to the state-of-the-art combination of Bracha's and Dolev's
protocols.Comment: This is an extended version of a paper that appeared at the IEEE
ICDCS 2021 conferenc
Distributed Attestation Revocation in Self-Sovereign Identity
Self-Sovereign Identity (SSI) aspires to create a standardised identity layer for the Internet by placing citizens at the centre of their data, thereby weakening the grip of big tech on current digital identities. However, as millions of both physical and digital identities are lost annually, it is also necessary for SSIs to possibly be revoked to prevent misuse. Previous attempts at designing a revocation mechanism typically violate the principles of SSI by relying on central trusted components. This lack of a distributed revocation mechanism hampers the development of SSI. In this paper, we address this limitation and present the first fully distributed SSI revocation mechanism that does not rely on specialised trusted nodes. Our novel gossip-based propagation algorithm disseminates revocations throughout the network and provides nodes with a proof of revocation that enables offline verification of revocations. We demonstrate through simulations that our protocol adequately scales to national levels.Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.Data-Intensive System
Security, privacy, and trust management in DNA computing
DNA computing is an emerging field that aims at enabling more efficient data storage and processing. One principle of DNA computing is to encode some information (e.g., image, video, programming scripts) into a digital DNA-like sequence and then synthesize the corresponding DNA molecule. Synthesizing this molecule using digital or real human genomic fragments theoretically opens the possibility for privacy attacks, which have been demonstrated on a large array of human genomic data. These privacy attacks aim at breaching the privacy of DNA samples, allowing an attacker to discover privacy-critical information from the partial or complete DNA information of an individual. In the context of DNA computing, novel privacy attacks will certainly emerge and could consist in discovering a part of a particular script or video that is privacy-critical. It is therefore important to consider whether privacy attacks and defense mechanisms can be used when manipulating genomic data. First, this chapter provides the background about genomic data, and its modern generation and processing. It then provides a survey on known genomic privacy attacks, and presents the privacy-enhancing technologies that have been designed to protect genomic data. Later, this chapter also introduces the current trust management methods one can rely on to further secure DNA storage and processing methods, before discussing how DNA computing currently relates to those attacks and privacy-preserving technologies. Finally, this chapter presents future research avenues.Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.Data-Intensive System
Unstoppable DAOs for web3 disruption
Decentralised Autonomous Organisations (DAOs) have the capability of being a disruptive Web3 technology. Their usage of cryptographically secure distributed ledgers shows promise of replacing existing technical and financial intermediaries. However, this promise has not been fully materialised yet: existing attempts typically rely on centralisation as the required decentralised components do not exist or are not mature enough. We present our Web3 Deployment Experiment around a robust decentralised economy to address these issues. Our economy is unique due to the removal of all centralised components and governance. It is resilient against legal and economic attacks as no individual or organisation can compromise its functioning. We dub this characteristic extreme decentralisation. Similar to BitTorrent and Bitcoin, our extreme decentralisation DAOs carefully avoid single points of failure and are effectively unstoppable. Within our experiment around a music economy, we bypass all intermediaries in finance, technology, and the music industry itself with a direct donation to musicians. We demonstrate the viability of collective decision-making within our decentralised economy and present a set of principles for Web3 DAOs. Our implementation shows that the DAO ecosystem is fully deployable on smartphones, allowing anyone to create a DAO without reliance on central authorities or components. Data-Intensive System
Privacy-Preserving Data Aggregation with Public Verifiability Against Internal Adversaries
Large amounts of data are continuously generated by individuals, apps, or dedicated devices. These data can be aggregated to compute useful statistics from multiple sources using data aggregation protocols. However, oftentimes these data contain private information that must be protected from misuse. Privacy-preserving protocols can help to compute the same statistics without revealing the private input data to unauthorized parties. However, most privacy-preserving data aggregation schemes only work in the honest-but-curious model, where participants do not deviate from the protocol. As a result, the computed statistics cannot always be trusted. In particular, the aggregator, which is the party responsible for collecting the data is usually trusted with computing the correct result. However, a compromised aggregator may decide to output any value of its choosing without anyone noticing. Schemes with public verifiability help to counter malicious aggregators who try to falsify the final result by tampering with the inputs of honest users. However, they do not consider cases where both the aggregator and a subset of the users may be malicious, meaning they can deviate from the protocol and collude with each other in order to output results of their choosing. In this work, we develop a privacy-preserving data aggregation protocol to compute the sum of a set of private inputs such that a verifier can efficiently detect tampering even in the face of a malicious aggregator and a subset of malicious users. We also provide two extensions for better performance and for malicious user detection. We show that the scheme achieves the desired properties of confidentiality, integrity, and authenticity. Finally, theoretical and experimental evaluations show that its performance makes it feasible for real-world applications.Computer Science | Cyber Securit
Message efficient Byzantine Reliable Broadcast protocols on known topologies
In this paper, we consider the Reliable Communication and Byzantine Reliable Broadcast problems on partially connected networks with authenticated links. We consider the Reliable Communication (RC) problem on partially connected networks, and the Byzantine Reliable Broadcast (BRB) problem on partially and fully connected networks. Danny Dolev's protocol works on the former, while Gabriel Bracha's authenticated double echo protocol works on the latter in the case of a fully connected network. By layering the two protocols the BRB problem can be solved for partially connected networks. The state-of-the-art protocols for these problems focus on unknown topologies, whereas we focus on known topologies. We show that these protocols can be optimized when processes leverage this knowledge. Our simulations with our profiler show that we can drastically reduce the message complexity and network usage (e.g., a reduction of 71.9% and 79.4% respectively with a 12B payload when N=150 and f=20 for Dolev) compared to naive routing with our optimizations and disjoint path solver.CSE3000 Research ProjectComputer Science and Engineerin
Comment réduire efficacement l'entropie des sources malveillantes d'information
International audienceNous considérons un réseau (modélisé par un graphe) utilisé pour propager des informations. Dans ce contexte, une source d'information diffuse à l'ensemble du réseau un message. Si la source est fiable, c'est à dire qu'elle envoie le même message à tous ses voisins directs, on souhaite qu'un nombre limité de participants malveillants qui tentent de miner sa crédibilité en retransmettant des messages sourcés contradictoires, ne puisse pas berner les participants honnêtes. Si la source est malveillante (et qu'elle cherche à augmenter l'entropie en envoyant tout et son contraire à ses voisins directs), les participants honnêtes doivent diminuer l'entropie des messages issus de la source, soit en les ignorant, soit en délivrant un unique message (le même pour tous). Dans cet article, nous montrons que les méthodes dans la littérature pour résoudre ce problème peuvent être améliorées grâce à des optimisations spécifiques et inter-couches. Nos simulations montrent que ces optimisations peuvent être efficacement combinées pour diminuer la quantité totale d'informations transmises ou la latence du protocole
AGIC: Approximate Gradient Inversion Attack on Federated Learning
Federated learning is a private-by-design distributed learning paradigm where clients train local models on their own data before a central server aggregates their local updates to compute a global model. Depending on the aggregation method used, the local updates are either the gradients or the weights of local learning models, e.g., FedAvg aggregates model weights. Unfortunately, recent reconstruction attacks apply a gradient inversion optimization on the gradient update of a single mini- batch to reconstruct the private data used by clients during training. As the state-of-the-art reconstruction attacks solely focus on single update, realistic adversarial scenarios are over- looked, such as observation across multiple updates and updates trained from multiple mini-batches. A few studies consider a more challenging adversarial scenario where only model updates based on multiple mini-batches are observable, and resort to computationally expensive simulation to untangle the underlying samples for each local step. In this paper, we propose AGIC, a novel Approximate Gradient Inversion Attack that efficiently and effectively reconstructs images from both model or gradient updates, and across multiple epochs. In a nutshell, AGIC (i) approximates gradient updates of used training samples from model updates to avoid costly simulation procedures, (ii) leverages gradient/model updates collected from multiple epochs, and (iii) assigns increasing weights to layers with respect to the neural network structure for reconstruction quality. We extensively evaluate AGIC on three datasets, namely CIFAR-10, CIFAR- 100 and ImageNet. Our results show that AGIC increases the peak signal-to-noise ratio (PSNR) by up to 50% compared to two representative state-of-the-art gradient inversion attacks. Furthermore, AGIC is faster than the state-of-the-art simulation- based attack, e.g., it is 5x faster when attacking FedAvg with 8 local steps in between model updates.Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.Data-Intensive System
Trusted Execution Environments in Byzantine-Tolerant Networks
Achieving consensus in a network is one of the most important performance bottlenecks in distributed computing. This paper takes a look at the existing protocols for achieving Byzantine Reliable Broadcast on asynchronous partially connected networks and how these protocols change to leverage the fact that some nodes have access to Trusted Execution Environments. Modeling some nodes to be completely trusted improves the throughput and reduces latency but the impact changes heavily depending on the placement of these nodes. The second, more realistic approach is having all processes use a local trusted subsystem implemented in a TEE. We show that this reduces the upper bound of faulty nodes from f<N/3 to f<N/2 and reducing the amount of messages sent by up to 64\% (N=30, f=5).CSE3000 Research ProjectComputer Science and Engineerin
- …
