Showing 1–10 of 10 results for author: Kermani, M M

An Interactive Framework for Implementing Privacy-Preserving Federated Learning: Experiments on Large Language Models

Authors: Kasra Ahmadi, Rouzbeh Behnia, Reza Ebrahimi, Mehran Mozaffari Kermani, Jeremiah Birrell, Jason Pacheco, Attila A Yavuz

Abstract: Federated learning (FL) enhances privacy by keeping user data on local devices. However, emerging attacks have demonstrated that the updates shared by users during training can reveal significant information about their data. This has greatly thwart the adoption of FL methods for training robust AI models in sensitive applications. Differential Privacy (DP) is considered the gold standard for safe… ▽ More Federated learning (FL) enhances privacy by keeping user data on local devices. However, emerging attacks have demonstrated that the updates shared by users during training can reveal significant information about their data. This has greatly thwart the adoption of FL methods for training robust AI models in sensitive applications. Differential Privacy (DP) is considered the gold standard for safeguarding user data. However, DP guarantees are highly conservative, providing worst-case privacy guarantees. This can result in overestimating privacy needs, which may compromise the model's accuracy. Additionally, interpretations of these privacy guarantees have proven to be challenging in different contexts. This is further exacerbated when other factors, such as the number of training iterations, data distribution, and specific application requirements, can add further complexity to this problem. In this work, we proposed a framework that integrates a human entity as a privacy practitioner to determine an optimal trade-off between the model's privacy and utility. Our framework is the first to address the variable memory requirement of existing DP methods in FL settings, where resource-limited devices (e.g., cell phones) can participate. To support such settings, we adopt a recent DP method with fixed memory usage to ensure scalable private FL. We evaluated our proposed framework by fine-tuning a BERT-based LLM model using the GLUE dataset (a common approach in literature), leveraging the new accountant, and employing diverse data partitioning strategies to mimic real-world conditions. As a result, we achieved stable memory usage, with an average accuracy reduction of 1.33% for $ε= 10$ and 1.9% for $ε= 6$, when compared to the state-of-the-art DP accountant which does not support fixed memory usage. △ Less

Submitted 14 February, 2025; v1 submitted 11 February, 2025; originally announced February 2025.

Efficient Algorithm Level Error Detection for Number-Theoretic Transform used for Kyber Assessed on FPGAs and ARM

Authors: Kasra Ahmadi, Saeed Aghapour, Mehran Mozaffari Kermani, Reza Azarderakhsh

Abstract: Polynomial multiplication stands out as a highly demanding arithmetic process in the development of post-quantum cryptosystems. The importance of the number-theoretic transform (NTT) extends beyond post-quantum cryptosystems, proving valuable in enhancing existing security protocols such as digital signature schemes and hash functions. CRYSTALS-KYBER stands out as the sole public key encryption (P… ▽ More Polynomial multiplication stands out as a highly demanding arithmetic process in the development of post-quantum cryptosystems. The importance of the number-theoretic transform (NTT) extends beyond post-quantum cryptosystems, proving valuable in enhancing existing security protocols such as digital signature schemes and hash functions. CRYSTALS-KYBER stands out as the sole public key encryption (PKE) algorithm chosen by the National Institute of Standards and Technology (NIST) in its third round selection, making it highly regarded as a leading post-quantum cryptography (PQC) solution. Due to the potential for errors to significantly disrupt the operation of secure, cryptographically-protected systems, compromising data integrity, and safeguarding against side-channel attacks initiated through faults it is essential to incorporate mitigating error detection schemes. This paper introduces algorithm level fault detection schemes in the NTT multiplication using Negative Wrapped Convolution and the NTT tailored for Kyber Round 3, representing a significant enhancement compared to previous research. We evaluate this through the simulation of a fault model, ensuring that the conducted assessments accurately mirror the obtained results. Consequently, we attain a notably comprehensive coverage of errors. Furthermore, we assess the performance of our efficient error detection scheme for Negative Wrapped Convolution on FPGAs to showcase its implementation and resource requirements. Through implementation of our error detection approach on Xilinx/AMD Zynq Ultrascale+ and Artix-7, we achieve a comparable throughput with just a 9% increase in area and 13% increase in latency compared to the original hardware implementations. Finally, we attained an error detection ratio of nearly 100% for the NTT operation in Kyber Round 3, with a clock cycle overhead of 16% on the Cortex-A72 processor. △ Less

Submitted 18 September, 2024; v1 submitted 2 March, 2024; originally announced March 2024.

Efficient Fault Detection Architectures for Modular Exponentiation Targeting Cryptographic Applications Benchmarked on FPGAs

Authors: Saeed Aghapour, Kasra Ahmadi, Mehran Mozaffari Kermani, Reza Azarderakhsh

Abstract: Whether stemming from malicious intent or natural occurrences, faults and errors can significantly undermine the reliability of any architecture. In response to this challenge, fault detection assumes a pivotal role in ensuring the secure deployment of cryptosystems. Even when a cryptosystem boasts mathematical security, its practical implementation may remain susceptible to exploitation through s… ▽ More Whether stemming from malicious intent or natural occurrences, faults and errors can significantly undermine the reliability of any architecture. In response to this challenge, fault detection assumes a pivotal role in ensuring the secure deployment of cryptosystems. Even when a cryptosystem boasts mathematical security, its practical implementation may remain susceptible to exploitation through side-channel attacks. In this paper, we propose a lightweight fault detection architecture tailored for modular exponentiation, a building block of numerous cryptographic applications spanning from classical cryptography to post quantum cryptography. Based on our simulation and implementation results on ARM Cortex-A72 processor, and AMD/Xilinx Zynq Ultrascale+, and Artix-7 FPGAs, our approach achieves an error detection rate close to 100%, all while introducing a modest computational overhead of approximately 7% and area overhead of less than 1% compared to the unprotected architecture. To the best of our knowledge, such an approach benchmarked on ARM processor and FPGA has not been proposed and assessed to date. △ Less

Submitted 27 February, 2024; originally announced February 2024.

Comments: 5 pages, 2 figures

Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities

Authors: Saleh Darzi, Kasra Ahmadi, Saeed Aghapour, Attila Altay Yavuz, Mehran Mozaffari Kermani

Abstract: The rise of quantum computers exposes vulnerabilities in current public key cryptographic protocols, necessitating the development of secure post-quantum (PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches, covering the constructional design, structural vulnerabilities, and offer security assessments, implementation evaluations, and a particular focus on side-channel att… ▽ More The rise of quantum computers exposes vulnerabilities in current public key cryptographic protocols, necessitating the development of secure post-quantum (PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches, covering the constructional design, structural vulnerabilities, and offer security assessments, implementation evaluations, and a particular focus on side-channel attacks. We analyze global standardization processes, evaluate their metrics in relation to real-world applications, and primarily focus on standardized PQ schemes, selected additional signature competition candidates, and PQ-secure cutting-edge schemes beyond standardization. Finally, we present visions and potential future directions for a seamless transition to the PQ era. △ Less

Submitted 18 October, 2023; originally announced October 2023.

Algorithmic Security is Insufficient: A Comprehensive Survey on Implementation Attacks Haunting Post-Quantum Security

Authors: Alvaro Cintas Canto, Jasmin Kaur, Mehran Mozaffari Kermani, Reza Azarderakhsh

Abstract: This survey is on forward-looking, emerging security concerns in post-quantum era, i.e., the implementation attacks for 2022 winners of NIST post-quantum cryptography (PQC) competition and thus the visions, insights, and discussions can be used as a step forward towards scrutinizing the new standards for applications ranging from Metaverse, Web 3.0 to deeply-embedded systems. The rapid advances in… ▽ More This survey is on forward-looking, emerging security concerns in post-quantum era, i.e., the implementation attacks for 2022 winners of NIST post-quantum cryptography (PQC) competition and thus the visions, insights, and discussions can be used as a step forward towards scrutinizing the new standards for applications ranging from Metaverse, Web 3.0 to deeply-embedded systems. The rapid advances in quantum computing have brought immense opportunities for scientific discovery and technological progress; however, it poses a major risk to today's security since advanced quantum computers are believed to break all traditional public-key cryptographic algorithms. This has led to active research on PQC algorithms that are believed to be secure against classical and powerful quantum computers. However, algorithmic security is unfortunately insufficient, and many cryptographic algorithms are vulnerable to side-channel attacks (SCA), where an attacker passively or actively gets side-channel data to compromise the security properties that are assumed to be safe theoretically. In this survey, we explore such imminent threats and their countermeasures with respect to PQC. We provide the respective, latest advancements in PQC research, as well as assessments and providing visions on the different types of SCAs. △ Less

Submitted 22 May, 2023; originally announced May 2023.

A Comprehensive Survey on the Implementations, Attacks, and Countermeasures of the Current NIST Lightweight Cryptography Standard

Authors: Jasmin Kaur, Alvaro Cintas Canto, Mehran Mozaffari Kermani, Reza Azarderakhsh

Abstract: This survey is the first work on the current standard for lightweight cryptography, standardized in 2023. Lightweight cryptography plays a vital role in securing resource-constrained embedded systems such as deeply-embedded systems (implantable and wearable medical devices, smart fabrics, smart homes, and the like), radio frequency identification (RFID) tags, sensor networks, and privacy-constrain… ▽ More This survey is the first work on the current standard for lightweight cryptography, standardized in 2023. Lightweight cryptography plays a vital role in securing resource-constrained embedded systems such as deeply-embedded systems (implantable and wearable medical devices, smart fabrics, smart homes, and the like), radio frequency identification (RFID) tags, sensor networks, and privacy-constrained usage models. National Institute of Standards and Technology (NIST) initiated a standardization process for lightweight cryptography and after a relatively-long multi-year effort, eventually, in Feb. 2023, the competition ended with ASCON as the winner. This lightweight cryptographic standard will be used in deeply-embedded architectures to provide security through confidentiality and integrity/authentication (the dual of the legacy AES-GCM block cipher which is the NIST standard for symmetric key cryptography). ASCON's lightweight design utilizes a 320-bit permutation which is bit-sliced into five 64-bit register words, providing 128-bit level security. This work summarizes the different implementations of ASCON on field-programmable gate array (FPGA) and ASIC hardware platforms on the basis of area, power, throughput, energy, and efficiency overheads. The presented work also reviews various differential and side-channel analysis attacks (SCAs) performed across variants of ASCON cipher suite in terms of algebraic, cube/cube-like, forgery, fault injection, and power analysis attacks as well as the countermeasures for these attacks. We also provide our insights and visions throughout this survey to provide new future directions in different domains. This survey is the first one in its kind and a step forward towards scrutinizing the advantages and future directions of the NIST lightweight cryptography standard introduced in 2023. △ Less

Submitted 12 April, 2023; originally announced April 2023.

A hybrid algorithm based on Community Detection and Multi-Attribute Decision-Making for Influence Maximization

Authors: Masoud Jalayer, Morvarid Azheian, Mehrdad Mohammad Ali Kermani

Abstract: The influence maximization problem is trying to identify a set of K nodes by which the spread of influence, diseases, or information is maximized. The optimization of influence by finding such a set is an NP-hard problem and a key issue in analyzing complex networks. In this paper, a new greedy and hybrid approach based on a community detection algorithm and a MADM technique (TOPSIS) is proposed t… ▽ More The influence maximization problem is trying to identify a set of K nodes by which the spread of influence, diseases, or information is maximized. The optimization of influence by finding such a set is an NP-hard problem and a key issue in analyzing complex networks. In this paper, a new greedy and hybrid approach based on a community detection algorithm and a MADM technique (TOPSIS) is proposed to cope with the problem, called, Greedy TOPSIS and Community-Based (GTaCB) algorithm. The paper concisely introduces community detection and the TOPSIS technique, then it presents the pseudo-code of the proposed algorithm. Afterward, it compares the performance of the solution which is found by GTaCB with some well-known greedy algorithms, based on Degree Centrality, Closeness Centrality, Betweenness Centrality, PageRank as well as TOPSIS, from two aspects: diffusion quality and diffusion speed. In order to evaluate the performance of GTaCB, computational experiments on nine different types of real-world networks are provided. The tests are conducted via one of the renowned epidemic diffusion models, namely, Susceptible-Infected-Recovered (SIR) model. The simulations exhibit that in most of the cases the proposed algorithm significantly outperforms the others, chiefly as the number of initial nodes or probability of infection increases. △ Less

Submitted 20 May, 2021; originally announced May 2021.

Comments: 30 pages, 20 figures

Lightweight Hardware Architectures for Efficient Secure Hash Functions ECHO and Fugue

Authors: Mehran Mozaffari Kermani, Reza Azarderakhsh, Siavash Bayat-Sarmadi

Abstract: In cryptographic engineering, extensive attention has been devoted to ameliorating the performance and security of the algorithms within. Nonetheless, in the state-of-the-art, the approaches for increasing the reliability of the efficient hash functions ECHO and Fugue have not been presented to date. We propose efficient fault detection schemes by presenting closed formulations for the predicted s… ▽ More In cryptographic engineering, extensive attention has been devoted to ameliorating the performance and security of the algorithms within. Nonetheless, in the state-of-the-art, the approaches for increasing the reliability of the efficient hash functions ECHO and Fugue have not been presented to date. We propose efficient fault detection schemes by presenting closed formulations for the predicted signatures of different transformations in these algorithms. These signatures are derived to achieve low overhead for the specific transformations and can be tailored to include byte/word-wide predicted signatures. Through simulations, we show that the proposed fault detection schemes are highly-capable of detecting natural hardware failures and are capable of deteriorating the effectiveness of malicious fault attacks. The proposed reliable hardware architectures are implemented on the application-specific integrated circuit (ASIC) platform using a 65-nm standard technology to benchmark their hardware and timing characteristics. The results of our simulations and implementations show very high error coverage with acceptable overhead for the proposed schemes. △ Less

Submitted 17 April, 2018; originally announced April 2018.

Towards Lightweight Error Detection Schemes for Implementations of MixColumns in Lightweight Cryptography

Authors: Anita Aghaie, Mehran Mozaffari Kermani, Reza Azarderakhsh

Abstract: In this paper, through considering lightweight cryptography, we present a comparative realization of MDS matrices used in the VLSI implementations of lightweight cryptography. We verify the MixColumn/MixNibble transformation using MDS matrices and propose reliability approaches for thwarting natural and malicious faults. We note that one other contribution of this work is to consider not only line… ▽ More In this paper, through considering lightweight cryptography, we present a comparative realization of MDS matrices used in the VLSI implementations of lightweight cryptography. We verify the MixColumn/MixNibble transformation using MDS matrices and propose reliability approaches for thwarting natural and malicious faults. We note that one other contribution of this work is to consider not only linear error detecting codes but also recomputation mechanisms as well as fault space transformation (FST) adoption for lightweight cryptographic algorithms. Our intention in this paper is to propose reliability and error detection mechanisms (through linear codes, recomputations, and FST adopted for lightweight cryptography) to consider the error detection schemes in designing beforehand taking into account such algorithmic security. We also posit that the MDS matrices applied in the MixColumn (or MixNibble) transformation of ciphers to protect ciphers against linear and differential attacks should be incorporated in the cipher design in order to reduce the overhead of the applied error detection schemes. Finally, we present a comparative implementation framework on ASIC to benchmark the VLSI hardware implementation presented in this paper. △ Less

Submitted 17 April, 2018; originally announced April 2018.

Deep RNN-Oriented Paradigm Shift through BOCANet: Broken Obfuscated Circuit Attack

Authors: Fatemeh Tehranipoor, Nima Karimian, Mehran Mozaffari Kermani, Hamid Mahmoodi

Abstract: This is the first work augmenting hardware attacks mounted on obfuscated circuits by incorporating deep recurrent neural network (D-RNN). Logic encryption obfuscation has been used for thwarting counterfeiting, overproduction, and reverse engineering but vulnerable to attacks. There have been efficient schemes, e.g., satisfiability-checking (SAT) based attack, which can potentially compromise hard… ▽ More This is the first work augmenting hardware attacks mounted on obfuscated circuits by incorporating deep recurrent neural network (D-RNN). Logic encryption obfuscation has been used for thwarting counterfeiting, overproduction, and reverse engineering but vulnerable to attacks. There have been efficient schemes, e.g., satisfiability-checking (SAT) based attack, which can potentially compromise hardware obfuscation circuits. Nevertheless, not only there exist countermeasures against such attacks in the state-of-the-art (including the recent delay+logic locking (DLL) scheme in DAC'17), but the sheer amount of time/resources to mount the attack could hinder its efficacy. In this paper, we propose a deep RNN-oriented approach, called BOCANet, to (i) compromise the obfuscated hardware at least an order-of magnitude more efficiently (>20X faster with relatively high success rate) compared to existing attacks; (ii) attack such locked hardware even when the resources to the attacker are only limited to insignificant number of I/O pairs (< 0.5\%) to reconstruct the secret key; and (iii) break a number of experimented benchmarks (ISCAS-85 c423, c1355, c1908, and c7552) successfully. △ Less

Submitted 8 March, 2018; originally announced March 2018.