Membership Inference Attacks (MIAs) infer whether a data point is in the training data of a machine learning model, posing privacy risks to sensitive data like medical records or financial data. Intuitively, data points that MIA accurately detects are vulnerable. Those data points may exist in the data of different target models, each susceptible to multiple MIAs. As such, the vulnerability of data points under multiple MIAs and target models represents a significant challenge. This article defines several metrics reflecting data points’ vulnerability and capturing vulnerable data points under multiple MIAs and target models. We implement 77 MIAs, with an average attack accuracy over target models ranging from 0.5 to 0.9, to support our analysis with our scalable and flexible platform, Various Membership Inference Attacks Platform (VMIAP). Based on the results, we observe that MIA has an inference tendency to some data points despite a low overall inference performance. Furthermore, previous approaches are unsuitable for finding vulnerable data points under multiple MIAs and target models. Finally, we explore the impact of retraining target, shadow, and attack models separately on the vulnerability of data points.

Decentralised learning has recently gained traction as an alternative to federated learning in which both data and coordination are distributed over its users. To preserve the confidentiality of users' data, decentralised learning relies on differential privacy, multi-party computation, or a combination thereof. However, running multiple privacy-preserving summations in sequence may allow adversaries to perform reconstruction attacks. Unfortunately, current reconstruction countermeasures either cannot trivially be adapted to the distributed setting, or add excessive amounts of noise.

In this work, we first show that passive honest-but-curious adversaries can infer other users' private data after several privacy-preserving summations. For example, in subgraphs with 18 users, we show that only three passive honest-but-curious adversaries succeed at reconstructing private data 11.0% of the time, requiring an average of 8.8 summations per adversary. The success rate depends only on the adversaries' direct neighbourhood, and is independent of the size of the full network. We consider weak adversaries that do not control the graph topology, cannot exploit the inner workings of the summation protocol, and do not have auxiliary knowledge; and show that these adversaries can still infer private data.

We develop a mathematical understanding of how reconstruction relates to topology and propose the first topology-based decentralised defence against reconstruction attacks. Specifically, we show that reconstruction requires a number of adversaries linear in the length of the network's shortest cycle. Consequently, exact reconstruction attacks over privacy-preserving summations are impossible in acyclic networks.

Our work is a stepping stone for a formal theory of topology-based decentralised reconstruction defences. Such a theory would generalise our countermeasure beyond summation, define confidentiality in terms of entropy, and describe the interactions with (topology-aware) differential privacy.

The performance of distributed averaging depends heavily on the underlying topology. In various fields, including compressed sensing, multi-party computation, and abstract graph theory, graphs may be expected to be free of short cycles, i.e. to have high girth. Though extensive analyses and heuristics exist for optimising the performance of distributed averaging in general networks, these studies do not consider girth. As such, it is not clear what happens to convergence time when a graph is stretched to a higher girth.

In this work, we introduce the optimal graph stretching problem, wherein we are interested in finding the set of edges for a particular graph that ensures optimal convergence time under constraint of a minimal girth. We compare various methods for choosing which edges to remove, and use various convergence heuristics to speed up the searching process. We generate many graphs with varying parameters, stretch and optimise them, and measure the duration of distributed averaging. We find that stretching by itself significantly increases convergence time. This decrease can be counteracted with a subsequent repair phase, guided by a convergence time heuristic. Existing heuristics are capable, but may be suboptimal.

Leader-based BFT systems face potential disruption and performance degradation from malicious leaders, with current solutions often lacking scalability or greatly increasing complexity. In this paper, we introduce ABSE, an Adaptive Baseline Score-based Election approach to mitigate the negative impact of malicious leaders on leader-based BFT systems. ABSE is fully localized and proposes to accumulate scores for processes based on their contribution to consensus advancement, aiming to bypass less reliable participants when electing leaders. We present a formal treatment of ABSE, addressing the primary design and implementation challenges, defining its generic components and rules for adherence to ensure global consistency. We also apply ABSE to two different BFT protocols, demonstrating its scalability and negligible impact on protocol complexity. Finally, by building a system prototype and conducting experiments on it, we demonstrate that ABSE-enhanced protocols can effectively minimize the disruptions caused by malicious leaders, whilst incurring minimal additional resource overhead and maintaining base performance.

Android operating system restricts access to data by enabling data control flow and permission systems to reduce the risk of information theft. Therefore, attackers are constantly looking for alternative and stealthy approaches to exfiltrate private data from a targeted device. This paper presents CovertPower, a covert channel attack that exfiltrates user data by actively inducing power consumption on Android devices. At the transmitting end, our CovertPower app modulates binary data into a timed resource workload (e.g., processor, write-on-memory), producing power consumption bursts. On the receiving end, we acquire power consumption traces via a low-cost hardware tool that can be easily concealed in USB wall-socket adapters or powerbanks. Therefore, a signal processing-based decoder analyzes such traces and retrieves the exfiltrated information. We demonstrate the feasibility of our attack with a thorough experimental evaluation on 14 mobile devices and various real-world settings such as display state, ongoing activities, and charging technologies. Our attack achieves a transfer speed of up to 10bps with a high bit sequence similarity on most devices and settings considered.

Over the past three decades, standardizing organizations (e.g., the National Institute of Standards and Technology and Internet Engineering Task Force) have investigated the efficiency of cryptographic algorithms and provided (technical) guidelines for practitioners. For example, the (Datagram) Transport Layer Security “(D)TLS” 1.2/1.3 was designed to help industries implement and integrate such methods through underpinning infrastructures of Internet of Everything (IoE) environments with efficiency and efficacy in mind. The main goal underpinning such protocols is to protect the Internet connections between IoE machines from malicious activities such as unauthorized eavesdropping, monitoring, and tampering with messages. In theory, these protocols are supposed to be secure. Still, most existing implementations partially follow the standard features of (D)TLS 1.2/3, leaving them vulnerable to risks such as side-channel and network attacks. In this paper, we critically review the standard protocols deployed for the security management of data and connected machines, and also examine the recently discovered vulnerabilities that lead to successful zero-day attacks in IoE environments. Then, we discuss various potential countermeasures in the form of organizational policy enforcement strategies and mitigation approaches that can be used by cybersecurity practitioners, decision- and policy-makers. Finally, we identify both proactive and reactive solutions for further consideration and study, as well as propose alternative mechanisms and e-governance policies for standardizing organizations and engineers in future solution designs.

Federated Learning is an approach that enables multiple devices to collectively train a shared model without sharing raw data, thereby preserving data privacy. However, federated learning systems are vulnerable to data-poisoning attacks during the training and updating stages. Three data-poisoning attacks-label flipping, feature poisoning, and VagueGAN-are tested on FL models across one out of ten clients using the CIC and UNSW datasets. For label flipping, we randomly modify labels of benign data; for feature poisoning, we alter highly influential features identified by the Random Forest technique; and for VagueGAN, we generate adversarial examples using Generative Adversarial Networks. Adversarial samples constitute a small portion of each dataset. In this study, we vary the percentages by which adversaries can modify datasets to observe their impact on the Client and Server sides. Experimental findings indicate that label flipping and VagueGAN attacks do not significantly affect server accuracy, as they are easily detectable by the Server. In contrast, feature poisoning attacks subtly undermine model performance while maintaining high accuracy and attack success rates, highlighting their subtlety and effectiveness. Therefore, feature poisoning attacks manipulate the server without causing a significant decrease in model accuracy, underscoring the vulnerability of federated learning systems to such sophisticated attacks. To mitigate these vulnerabilities, we explore a recent defensive approach known as Random Deep Feature Selection, which randomizes server features with varying sizes (e.g., 50 and 400) during training. This strategy has proven highly effective in minimizing the impact of such attacks, particularly on feature poisoning.

The Internet of Medical Things (IoMT) is getting extreme attraction as it motivates unprecedented growth in the healthcare industry. Security breaches in IoMT can lead to threatening patients’ lives. For IoMT, existing medical remote attestation techniques (EMRATs) have limitations such as neglecting operational symptoms of compromised systems, like inconsistent medical sensor readings. Moreover, EMRATs do not enable medical-forensic-based attestation history and are inefficient for mutual attestation between a doctor network and a sensor network monitoring a patient. This mutual attestation guarantees safe remote surgeries. In this paper for IoMT, we present a novel remote attestation protocol, BDMFA (Blockchain-supported and Deep learning Medical Forensic-enabling Attestation), to overcome the limitations of EMRATs. BDMFA utilizes deep learning and Blockchain to learn from sensor readings and store attestation history. We prove that BDMFA is resilient to a higher number of attacks than that resisted by EMRATs. Moreover, we present a proof-of-concept implementation for BDMFA using SMART (Secure and Minimal Architecture for Root of Trust). We proved the practical feasibility of BDMFA by implementing it using Omnetpp equipped with Castalia. For a system with 50 patient-sensors and 25 doctor-terminals, BDMFA needed only 2.6 s to complete attestation and less communication cost than that needed for related state-of-the-art protocols by 28.4%. For larger systems, we carried comparative analysis confirming that our proposed protocol BDMFA requires less cost and is more scalable and efficient than related protocols.

The growing integration of vehicles with external networks has led to a surge in attacks targeting their Controller Area Network (CAN) internal bus. As a countermeasure, various Intrusion Detection Systems (IDSs) have been suggested in the literature to prevent and mitigate these threats. With the increasing volume of data facilitated by the integration of Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) communication networks, most of these systems rely on data-driven approaches such as Machine Learning (ML) and Deep Learning (DL) models. However, these systems are susceptible to adversarial evasion attacks. While many researchers have explored this vulnerability, their studies often involve unrealistic assumptions, lack consideration for a realistic threat model, and fail to provide effective solutions. In this paper, we present CANEDERLI (CAN Evasion Detection ResiLIence), a novel framework for securing CAN-based IDSs. Our system considers a realistic threat model and addresses the impact of adversarial attacks on DL-based detection systems. Our findings highlight strong transferability properties among diverse attack methodologies by considering multiple state-of-the-art attacks and model architectures. We analyze the impact of adversarial training in addressing this threat and propose an adaptive online adversarial training technique outclassing traditional fine-tuning methodologies with F1 scores up to 0.941. By making our framework publicly available, we aid practitioners and researchers in assessing the resilience of IDSs to a varied adversarial landscape.

Autonomous driving is a research direction that has gained enormous traction in the last few years thanks to advancements in Artificial Intelligence (AI). Depending on the level of independence from the human driver, several studies show that Autonomous Vehicles (AVs) can reduce the number of on-road crashes and decrease overall fuel emissions by improving efficiency. However, security research on this topic is mixed and presents some gaps. On one hand, these studies often neglect the intrinsic vulnerabilities of AI algorithms, which are known to compromise the security of these systems. On the other, the most prevalent attacks towards AI rely on unrealistic assumptions, such as access to the model parameters or the training dataset. As such, it is unclear if autonomous driving can still claim several advantages over human driving in real-world applications. This paper evaluates the inherent risks in autonomous driving by examining the current landscape of AV sand establishing a pragmatic threat model. Through our analysis, we develop specific claims highlighting the delicate balance between the advantages of AVs and potential security challenges in real-world scenarios. Our evaluation serves as a foundation for providing essential takeaway messages, guiding both researchers and practitioners at various stages of the automation pipeline. In doing so, we contribute valuable insights to advance the discourse on the security and viability of autonomous driving in real-world applications.

In the past decade, tens of homomorphic encryption compilers have been released, and there are good reasons for these compilers to exist. Firstly, homomorphic encryption is a powerful secure computation technique in that it is relatively easy for parties to switch from plaintext computation to secure computations when compared to techniques like secret sharing. However, the technique is mathematically involved and requires expert knowledge to express computations as homomorphic encryption operations. So, these compilers support users who might otherwise not have the time or expertise to optimize the computation manually. Another reason is that homomorphic encryption is still computationally expensive, so compilers allow users to optimize their secure computation tasks. One major shortcoming of these compilers is that they often do not allow users to use high-level primitives, such as equality checks, comparisons, and AND and OR operations between many operands. The compilers that do are either based on TFHE, requiring large bootstrapping keys that must be sent to the evaluator, or they only work in the Boolean domain, excluding many potentially more performant circuits. Moreover, compilers must reduce the multiplicative depth of the circuits they generate to minimize the noise growth inherent to these homomorphic encryption schemes. However, many compilers only consider reducing the depth as an afterthought. We propose the Oraqle compiler, which solves both problems at once by implementing depth-aware arithmetization, a technique for expressing high-level primitives as arithmetic operations that are executable by homomorphic encryption libraries. Instead of generating one possible circuit, the compiler generates multiple circuits that trade off the number of multiplications with the multiplicative depth. If the depth of the resulting circuits is low enough, they may be evaluated using a BFV or BGV library that does not require bootstrapping keys. We demonstrate that our compiler allows for significant performance gains.

Apart from creating a billion-dollar worth of cryptocurrency ecosystem, Bitcoin revolutionized the whole domain of cryptocurrencies, and it largely influenced many other application areas (e.g., healthcare, supply-chain management, real estate) with its underlying technologies such as blockchain, consensus algorithms, and decentralized data management. Due to the reasons mentioned above, Bitcoin has attracted massive attention from the research community. Since its launch in 2009, the Bitcoin market capital has grown significantly, and it is now worth approximately 887 billion dollars. This huge and rapid growth is one of the key motivations for malicious entities to identify and exploit weaknesses to disrupt its normal functionality for financial reasons, and the same is also a reason for the researchers to discover and provide patches or solutions for the identified security- and privacy-related vulnerabilities in the system. Most of these security and privacy threats are on the critical underlying technologies of Bitcoin; thus, they are also valid for other Bitcoin-like cryptocurrencies. This chapter starts with an overview of the Bitcoin system by explaining the working methodology and interactions between its various building blocks. In the process, we conclude Bitcoin’s fundamental features and underlying structures and provide insights at the core of the Bitcoin protocol and its networking infrastructure. We also discuss the significant security and privacy threats to the Bitcoin system and the countermeasures proposed in the state of the art.

Recently, attackers have targeted machine learning systems, introducing various attacks. The backdoor attack is popular in this field and is usually realized through data poisoning. To the best of our knowledge, we are the first to investigate whether the backdoor attacks remain effective when manifold learning algorithms are applied to the poisoned dataset. We conducted our experiments using two manifold learning techniques (Autoencoder and UMAP) on two benchmark datasets (MNIST and CIFAR10) and two backdoor strategies (clean and dirty label). We performed an array of experiments using different parameters, finding that we could reach an attack success rate of 95% and 75% even after reducing our data to two dimensions using Autoencoders and UMAP, respectively.

Web Vulnerability Assessment and Penetration Testing (Web VAPT) is a comprehensive cybersecurity process that uncovers a range of vulnerabilities which, if exploited, could compromise the integrity of web applications. In a VAPT, it is common to perform a Directory brute-forcing Attack, aiming at the identification of accessible directories of a target website. Current commercial solutions are inefficient as they are based on brute-forcing strategies that use wordlists, resulting in enormous quantities of trials for a small amount of success.

Offensive AI is a recent paradigm that integrates AI-based technologies in cyber attacks. In this work, we explore whether AI can enhance the directory enumeration process and propose a novel Language Model-based framework. Our experiments -- conducted in a testbed consisting of 1 million URLs from different web application domains (universities, hospitals, government, companies) -- demonstrate the superiority of the LM-based attack, with an average performance increase of 969%.

The Internet of Things rapid growth poses privacy and security challenges for the traditional key storage methods. Physical Unclonable Functions offer a potential solution but require secure fuzzy extractors to ensure reliable replication. This paper introduces X-Lock, a novel and secure computational fuzzy extractor that addresses the limitations faced by traditional solutions in resource-constrained IoT devices. X-Lock offers a reusable and robust solution, effectively mitigating the impacts of bias and correlation through its design. Leveraging the preferred state of a noisy source, X-Lock encrypts a random string of bits that can be later used as seed to generate multiple secret keys. To prove our claims, we provide a comprehensive theoretical analysis, addressing security considerations, and implement the proposed model. To evaluate the effectiveness and superiority of our proposal, we also provide practical experiments and compare the results with existing approaches. The experimental findings demonstrate the efficacy of our algorithm, showing comparable memory cost (≈2.4 KB for storing 5 keys of 128 bits) while being 3 orders of magnitude faster with respect to the state-of-the-art solution (0.086 ms against 15.51 s).

Smart Parking Services (SPSs) enable cruising drivers to find the nearest parking lot with available spots, reducing the traveling time, gas, and traffic congestion. However, drivers risk the exposure of sensitive location data during parking query to an untrusted Smart Parking Service Provider (SPSP). Our motivation arises from a repetitive query to an updated database, i.e., how a driver can be repetitively paired with a previously-matched-but-forgotten lot. Meanwhile, we aim to achieve repetitive query in an oblivious and unlinkable manner. In this work, we present Mnemosyne2 : decentralized and privacy-preserving smart parking with secure repetition and full verifiability. Specifically, we design repetitive, oblivious, and unlinkable Secure k Nearest Neighbor (SkNN) with basic verifiability (correctness and completeness) for encrypted-andupdated databases. We build a local Ethereum blockchain to perform driver-lot matching via smart contracts. To adapt to the lot count update, we resort to the immutable blockchain for advanced verifiability (truthfulness). Last, we utilize decentralized blacklistable anonymous credentials to guarantee identity privacy. Finally, we formally define and prove privacy and security. We conduct extensive experiments over a real-world dataset and compare Mnemosyne2 with existing work. The results show that a query only needs 8 seconds (175 ms) on average for service waiting (verification) among 500 drivers.

Acoustic Side-Channel Attacks (ASCAs) extract sensitive information by using audio emitted from a computing devices and their peripherals. Attacks targeting keyboards are popular and have been explored in the literature. However, similar attacks targeting other human-interface peripherals, such as computer mice, are under-explored. To this end, this paper considers security leakage via acoustic signals emanating from normal mouse usage. We first confirm feasibility of such attacks by showing a proof-of-concept attack that classifies four mouse movements with 97% accuracy in a controlled environment. We then evolve the attack towards discerning twelve unique mouse movements using a smartphone to record the experiment. Using Machine Learning (ML) techniques, the model is trained on an experiment with six participants to be generalizable and discern among twelve movements with 94% accuracy. In addition, we experiment with an attack that detects a user action of closing a full-screen window on a laptop. Achieving an accuracy of 91%, this experiment highlights exploiting audio leakage from computer mouse movements in a realistic scenario.

Recent advancements in Artificial Intelligence, and particularly Large Language Models (LLMs), offer promising prospects for aiding system administrators in managing the complexity of modern networks. However, despite this potential, a significant gap exists in the literature regarding the extent to which LLMs can understand computer networks. Without empirical evidence, system administrators might rely on these models without assurance of their efficacy in performing network-related tasks accurately. In this paper, we are the first to conduct an exhaustive study on LLMs' comprehension of computer networks. We formulate several research questions to determine whether LLMs can provide correct answers when supplied with a network topology and questions on it. To assess them, we developed a thorough framework for evaluating LLMs' capabilities in various network-related tasks. We evaluate our framework on multiple computer networks employing proprietary (e.g., GPT4) and open-source (e.g., Llama2) models. Our findings in general purpose LLMs using a zero-shot scenario demonstrate promising results, with the best model achieving an average accuracy of 79.3%. Proprietary LLMs achieve noteworthy results in small and medium networks, while challenges persist in comprehending complex network topologies, particularly for open-source models. Moreover, we provide insight into how prompt engineering can enhance the accuracy of some tasks.

The smart grid represents a pivotal innovation in modernizing the electricity sector, offering an intelligent, digitalized energy network capable of optimizing energy delivery from source to consumer. It hence represents the backbone of the energy sector of a nation. Due to its central role, the availability of the smart grid is paramount and is hence necessary to have in-depth control of its operations and safety. To this aim, researchers developed multiple solutions to assess the smart grid’s stability and guarantee that it operates in a safe state. Artificial intelligence and Machine learning algorithms have proven to be effective measures to accurately predict the smart grid’s stability. Despite the presence of known adversarial attacks and potential solutions, currently, there exists no standardized measure to protect smart grids against this threat, leaving them open to new adversarial attacks. In this paper, we propose GAN-GRID a novel adversarial attack targeting the stability prediction system of a smart grid tailored to real-world constraints. Our findings reveal that an adversary armed solely with the stability model’s output, devoid of data or model knowledge, can craft data classified as stable with an Attack Success Rate (ASR) of 0.99. Also by manipulating authentic data and sensor values, the attacker can amplify grid issues, potentially undetected due to a compromised stability prediction system. These results underscore the imperative of fortifying smart grid security mechanisms against adversarial manipulation to uphold system stability and reliability.

Digital forensics is crucial to fight crimes around the world. Decentralized Digital Forensics (DDF) promotes it to another level by channeling the power of blockchain into digital investigations. In this work, we focus on the privacy and security of DDF. Our motivations arise from (1) how to track an anonymous- and-malicious data user who leaks only a part of the previously requested data, (2) how to achieve access control while protecting data from untrusted data centers, and (3) how to enable efficient and secure search on the blockchain. To address these issues, we propose Themis: an anonymous and secure DDF scheme with traceable anonymity, private access control, and efficient search. Our framework is boosted by establishing a Trusted Execution Environment in each authority (blockchain node) for securing the uploading, requesting, and searching. To instantiate the framework, we design a secure and robust watermarking scheme in conjunction with decentralized anonymous authentication, a private and fine-grained access control scheme, and an efficient and secure search scheme based on a dynamically updated data structure. We formally define and prove the privacy and security of Themis. We build a prototype with Ethereum and Intel SGX2 to evaluate its performance, which supports processing data from a considerable number of data providers and investigators.