Cryptography and Security (cs.CR)

Abstract: With the massive amount of digital data generated everyday, transactions of digital goods become a trend. One of the essential requirements for such transactions is fairness, which is defined as that both of the seller and the buyer get what they want, or neither. Current fair trade protocols generally involve a trusted third-party (TTP), which achieves fairness by heavily relying on the TTP's behaviors and the two parties' trust in the TTP. With the emergence of Blockchain, its decentralization and transparency make it a very good candidate to replace the TTP. In this work, we attempt to design a secure and fair protocol for digital goods transactions through smart contracts on Blockchain. To ensure security of the digital goods, we propose an advanced passive proxy re-encryption (PRE) scheme, which enables smart contracts to transfer the decryption right to a buyer after receiving his/her payment. Furthermore, based on smart contracts and the proposed passive PRE scheme, a fair trade protocol for digital goods transactions is proposed, whose fairness is guaranteed by the arbitration protocol. The proposed protocol supports Ciphertext publicity and repeatable sale, while involving less number of interactions. Comprehensive experiment results validate the feasibility and effectiveness of the proposed protocol.

Abstract: This paper introduces a novel compatibility attack to detect a steganographic message embedded in the DCT domain of a JPEG image at high-quality factors (close to 100). Because the JPEG compression is not a surjective function, i.e. not every DCT blocks can be mapped from a pixel block, embedding a message in the DCT domain can create incompatible blocks. We propose a method to find such a block, which directly proves that a block has been modified during the embedding. This theoretical method provides many advantages such as being completely independent to Cover Source Mismatch, having good detection power, and perfect reliability since false alarms are impossible as soon as incompatible blocks are found. We show that finding an incompatible block is equivalent to proving the infeasibility of an Integer Linear Programming problem. However, solving such a problem requires considerable computational power and has not been reached for 8x8 blocks. Instead, a timing attack approach is presented to perform steganalysis without potentially any false alarms for large computing power.

Abstract: Federated learning is an emerging privacy-preserving distributed machine learning that enables multiple parties to collaboratively learn a shared model while keeping each party's data private. However, federated learning faces two main problems: semi-honest server privacy inference attacks and malicious client-side model theft. To address privacy inference attacks, parameter-based encrypted federated learning secure aggregation can be used. To address model theft, a watermark-based intellectual property protection scheme can verify model ownership. Although watermark-based intellectual property protection schemes can help verify model ownership, they are not sufficient to address the issue of continuous model theft by uncaught malicious clients in federated learning. Existing IP protection schemes that have the ability to track traitors are also not compatible with federated learning security aggregation. Thus, in this paper, we propose a Federated Client-side Intellectual Property Protection (FedCIP), which is compatible with federated learning security aggregation and has the ability to track traitors. To the best of our knowledge, this is the first IP protection scheme in federated learning that is compatible with secure aggregation and tracking capabilities.

Abstract: GAN-generated image detection now becomes the first line of defense against the malicious uses of machine-synthesized image manipulations such as deepfakes. Although some existing detectors work well in detecting clean, known GAN samples, their success is largely attributable to overfitting unstable features such as frequency artifacts, which will cause failures when facing unknown GANs or perturbation attacks. To overcome the issue, we propose a robust detection framework based on a novel multi-view image completion representation. The framework first learns various view-to-image tasks to model the diverse distributions of genuine images. Frequency-irrelevant features can be represented from the distributional discrepancies characterized by the completion models, which are stable, generalized, and robust for detecting unknown fake patterns. Then, a multi-view classification is devised with elaborated intra- and inter-view learning strategies to enhance view-specific feature representation and cross-view feature aggregation, respectively. We evaluated the generalization ability of our framework across six popular GANs at different resolutions and its robustness against a broad range of perturbation attacks. The results confirm our method's improved effectiveness, generalization, and robustness over various baselines.

Abstract: We initiate the study of the network agnostic MPC protocols with statistical security. Network agnostic protocols give the best possible security guarantees irrespective of the underlying network type. We consider the general-adversary model, where the adversary is characterized by an adversary structure which enumerates all possible candidate subsets of corrupt parties. The $\mathcal{Q}^{(k)}$ condition enforces that the union of no $k$ subsets from the adversary structure covers the party set. Given an unconditionally-secure PKI setup, known statistically-secure synchronous MPC protocols are secure against adversary structures satisfying the $\mathcal{Q}^{(2)}$ condition. Known statistically-secure asynchronous MPC protocols can tolerate $\mathcal{Q}^{(3)}$ adversary structures. Fix a set of $n$ parties $\mathcal{P} = \{P_1, ... ,P_n\}$ and adversary structures $\mathcal{Z}_s$ and $\mathcal{Z}_a$, satisfying the $\mathcal{Q}^{(2)}$ and $\mathcal{Q}^{(3)}$ conditions respectively, where $\mathcal{Z}_a \subset \mathcal{Z}_s$. Then, given an unconditionally-secure PKI, we ask whether it is possible to design a statistically-secure MPC protocol resilient against $\mathcal{Z}_s$ and $\mathcal{Z}_a$ in a synchronous and an asynchronous network respectively if the parties in $\mathcal{P}$ are unaware of the network type. We show that it is possible iff $\mathcal{Z}_s$ and $\mathcal{Z}_a$ satisfy the $\mathcal{Q}^{(2,1)}$ condition, meaning that the union of any two subsets from $\mathcal{Z}_s$ and any one subset from $\mathcal{Z}_a$ is a proper subset of $\mathcal{P}$. We design several important network agnostic building blocks with the $\mathcal{Q}^{(2,1)}$ condition, such as Byzantine broadcast, Byzantine agreement, information checking protocol, verifiable secret-sharing and secure multiplication protocol, whose complexity is polynomial in $n$ and $|\mathcal{Z}_s|$.

Abstract: The recently accentuated features of augmenting conventional wireless networks with high altitude platform systems (HAPS) have fueled a plethora of applications, which promise to offer new services to ground users, as well to enhance the efficiency and pervasion of existing applications. Cloud-enabled HAPS, which aims to create HAPS-based datacenters that offer cloud services to users, has particularly emerged as a promising key enabler to provide large-scale equitable services from the sky. Although offering cloud services from the HAPS proves to be efficient, its practical deployment at the stratosphere level still faces many challenges such as high energy requirements, physical maintenance, and is particularly prone to security considerations. Safeguarding the cloud-enabled HAPS against various cyberattacks is a necessity to guarantee its safe operation. This paper proposes a blockchain model to secure cloud-enabled HAPS networks that contain a large number of HAPS stations from recurring cyberattacks within the context of the environment and infrastructure monitoring (EIM) application. To this end, the paper first presents a detailed blockchain framework, and describes the ways of integrating the developed framework into the various system components. We then discuss the details of the system implementation, including the storing and consuming of cloud transactions, the generation of new blocks, and the blockchain consensus protocol that is tailored to the EIM requirements. Finally, we present numerical simulations that illustrate the performance of the system in terms of throughput, latency, and resilience to attacks.

Abstract: As machine learning (ML) classifiers increasingly oversee the automated monitoring of network traffic, studying their resilience against adversarial attacks becomes critical. This paper focuses on poisoning attacks, specifically backdoor attacks, against network traffic flow classifiers. We investigate the challenging scenario of clean-label poisoning where the adversary's capabilities are constrained to tampering only with the training data - without the ability to arbitrarily modify the training labels or any other component of the training process. We describe a trigger crafting strategy that leverages model interpretability techniques to generate trigger patterns that are effective even at very low poisoning rates. Finally, we design novel strategies to generate stealthy triggers, including an approach based on generative Bayesian network models, with the goal of minimizing the conspicuousness of the trigger, and thus making detection of an ongoing poisoning campaign more challenging. Our findings provide significant insights into the feasibility of poisoning attacks on network traffic classifiers used in multiple scenarios, including detecting malicious communication and application classification.