-
Demo: A Practical Testbed for Decentralized Federated Learning on Physical Edge Devices
Authors:
Chao Feng,
Nicolas Huber,
Alberto Huertas Celdran,
Gerome Bovet,
Burkhard Stiller
Abstract:
Federated Learning (FL) enables collaborative model training without sharing raw data, preserving participant privacy. Decentralized FL (DFL) eliminates reliance on a central server, mitigating the single point of failure inherent in the traditional FL paradigm, while introducing deployment challenges on resource-constrained devices. To evaluate real-world applicability, this work designs and depl…
▽ More
Federated Learning (FL) enables collaborative model training without sharing raw data, preserving participant privacy. Decentralized FL (DFL) eliminates reliance on a central server, mitigating the single point of failure inherent in the traditional FL paradigm, while introducing deployment challenges on resource-constrained devices. To evaluate real-world applicability, this work designs and deploys a physical testbed using edge devices such as Raspberry Pi and Jetson Nano. The testbed is built upon a DFL training platform, NEBULA, and extends it with a power monitoring module to measure energy consumption during training. Experiments across multiple datasets show that model performance is influenced by the communication topology, with denser topologies leading to better outcomes in DFL settings.
△ Less
Submitted 12 May, 2025;
originally announced May 2025.
-
AugMixCloak: A Defense against Membership Inference Attacks via Image Transformation
Authors:
Heqing Ren,
Chao Feng,
Alberto Huertas,
Burkhard Stiller
Abstract:
Traditional machine learning (ML) raises serious privacy concerns, while federated learning (FL) mitigates the risk of data leakage by keeping data on local devices. However, the training process of FL can still leak sensitive information, which adversaries may exploit to infer private data. One of the most prominent threats is the membership inference attack (MIA), where the adversary aims to det…
▽ More
Traditional machine learning (ML) raises serious privacy concerns, while federated learning (FL) mitigates the risk of data leakage by keeping data on local devices. However, the training process of FL can still leak sensitive information, which adversaries may exploit to infer private data. One of the most prominent threats is the membership inference attack (MIA), where the adversary aims to determine whether a particular data record was part of the training set.
This paper addresses this problem through a two-stage defense called AugMixCloak. The core idea is to apply data augmentation and principal component analysis (PCA)-based information fusion to query images, which are detected by perceptual hashing (pHash) as either identical to or highly similar to images in the training set. Experimental results show that AugMixCloak successfully defends against both binary classifier-based MIA and metric-based MIA across five datasets and various decentralized FL (DFL) topologies. Compared with regularization-based defenses, AugMixCloak demonstrates stronger protection. Compared with confidence score masking, AugMixCloak exhibits better generalization.
△ Less
Submitted 11 May, 2025;
originally announced May 2025.
-
QUIC-Exfil: Exploiting QUIC's Server Preferred Address Feature to Perform Data Exfiltration Attacks
Authors:
Thomas Grübl,
Weijie Niu,
Jan von der Assen,
Burkhard Stiller
Abstract:
The QUIC protocol is now widely adopted by major tech companies and accounts for a significant fraction of today's Internet traffic. QUIC's multiplexing capabilities, encrypted headers, dynamic IP address changes, and encrypted parameter negotiations make the protocol not only more efficient, secure, and censorship-resistant, but also practically unmanageable by firewalls. This opens doors for att…
▽ More
The QUIC protocol is now widely adopted by major tech companies and accounts for a significant fraction of today's Internet traffic. QUIC's multiplexing capabilities, encrypted headers, dynamic IP address changes, and encrypted parameter negotiations make the protocol not only more efficient, secure, and censorship-resistant, but also practically unmanageable by firewalls. This opens doors for attackers who may exploit certain traits of the QUIC protocol to perform targeted attacks, such as data exfiltration attacks. Whereas existing data exfiltration techniques, such as TLS and DNS-based exfiltration, can be detected on a firewall level, QUIC-based data exfiltration is more difficult to detect, since changes in IP addresses and ports are inherent to the protocol's normal behavior. To show the feasibility of a QUIC-based data exfiltration attack, we introduce a novel method leveraging the server preferred address feature of the QUIC protocol and, thus, allows an attacker to exfiltrate sensitive data from an infected machine to a malicious server, disguised as a server-side connection migration. The attack is implemented as a proof of concept tool in Rust. We evaluated the performance of five anomaly detection classifiers - Random Forest, Multi-Layer Perceptron, Support Vector Machine, Autoencoder, and Isolation Forest - trained on datasets collected from three network traffic scenarios. The classifiers were trained on over 700K benign and malicious QUIC packets and 786 connection migration events, but were unable to detect the data exfiltration attempts. Furthermore, post-analysis of the traffic captures did not reveal any identifiable fingerprint. As part of our evaluation, we also interviewed five leading firewall vendors and found that, as of today, no major firewall vendor implements functionality capable of distinguishing between benign and malicious QUIC connection migrations.
△ Less
Submitted 8 May, 2025;
originally announced May 2025.
-
Are We There Yet? A Study of Decentralized Identity Applications
Authors:
Daria Schumm,
Katharina O. E. Müller,
Burkhard Stiller
Abstract:
The development of Decentralized Identities (DI) and Self-Sovereign Identities (SSI) has seen significant growth in recent years. This is accompanied by a numerous academic and commercial contributions to the development of principles, standards, and systems. While several comprehensive reviews have been produced, they predominantly focus on academic literature, with few considering grey literatur…
▽ More
The development of Decentralized Identities (DI) and Self-Sovereign Identities (SSI) has seen significant growth in recent years. This is accompanied by a numerous academic and commercial contributions to the development of principles, standards, and systems. While several comprehensive reviews have been produced, they predominantly focus on academic literature, with few considering grey literature to provide a holistic view of technological advancements. Furthermore, no existing surveys have thoroughly analyzed real-world deployments to understand the barriers to the widespread adoption of decentralized identity models. This paper addresses the gap by exploring both academic and grey literature and examining commercial and governmental initiatives, to present a comprehensive landscape of decentralized identity technologies and their adoption in real-world. Additionally, it identifies the practical challenges and limitations that slowdown the transition from centralized to decentralized identity management systems. By shifting the focus from purely technological constraints to real-world deployment issues, this survey identifies the underlying reasons preventing the adoption of decentralized identities despite their evident benefits to the data owner.
△ Less
Submitted 20 March, 2025;
originally announced March 2025.
-
GreenDFL: a Framework for Assessing the Sustainability of Decentralized Federated Learning Systems
Authors:
Chao Feng,
Alberto Huertas Celdrán,
Xi Cheng,
Gérôme Bovet,
Burkhard Stiller
Abstract:
Decentralized Federated Learning (DFL) is an emerging paradigm that enables collaborative model training without centralized data and model aggregation, enhancing privacy and resilience. However, its sustainability remains underexplored, as energy consumption and carbon emissions vary across different system configurations. Understanding the environmental impact of DFL is crucial for optimizing it…
▽ More
Decentralized Federated Learning (DFL) is an emerging paradigm that enables collaborative model training without centralized data and model aggregation, enhancing privacy and resilience. However, its sustainability remains underexplored, as energy consumption and carbon emissions vary across different system configurations. Understanding the environmental impact of DFL is crucial for optimizing its design and deployment. This work aims to develop a comprehensive and operational framework for assessing the sustainability of DFL systems. To address it, this work provides a systematic method for quantifying energy consumption and carbon emissions, offering insights into improving the sustainability of DFL. This work proposes GreenDFL, a fully implementable framework that has been integrated into a real-world DFL platform. GreenDFL systematically analyzes the impact of various factors, including hardware accelerators, model architecture, communication medium, data distribution, network topology, and federation size, on the sustainability of DFL systems. Besides, a sustainability-aware aggregation algorithm (GreenDFL-SA) and a node selection algorithm (GreenDFL-SN) are developed to optimize energy efficiency and reduce carbon emissions in DFL training. Empirical experiments are conducted on multiple datasets, measuring energy consumption and carbon emissions at different phases of the DFL lifecycle. The proposed GreenDFL provides a comprehensive and practical approach for assessing the sustainability of DFL systems. Furthermore, it offers best practices for improving environmental efficiency in DFL, making sustainability considerations more actionable in real-world deployments.
△ Less
Submitted 7 March, 2025; v1 submitted 27 February, 2025;
originally announced February 2025.
-
DMPA: Model Poisoning Attacks on Decentralized Federated Learning for Model Differences
Authors:
Chao Feng,
Yunlong Li,
Yuanzhe Gao,
Alberto Huertas Celdrán,
Jan von der Assen,
Gérôme Bovet,
Burkhard Stiller
Abstract:
Federated learning (FL) has garnered significant attention as a prominent privacy-preserving Machine Learning (ML) paradigm. Decentralized FL (DFL) eschews traditional FL's centralized server architecture, enhancing the system's robustness and scalability. However, these advantages of DFL also create new vulnerabilities for malicious participants to execute adversarial attacks, especially model po…
▽ More
Federated learning (FL) has garnered significant attention as a prominent privacy-preserving Machine Learning (ML) paradigm. Decentralized FL (DFL) eschews traditional FL's centralized server architecture, enhancing the system's robustness and scalability. However, these advantages of DFL also create new vulnerabilities for malicious participants to execute adversarial attacks, especially model poisoning attacks. In model poisoning attacks, malicious participants aim to diminish the performance of benign models by creating and disseminating the compromised model. Existing research on model poisoning attacks has predominantly concentrated on undermining global models within the Centralized FL (CFL) paradigm, while there needs to be more research in DFL. To fill the research gap, this paper proposes an innovative model poisoning attack called DMPA. This attack calculates the differential characteristics of multiple malicious client models and obtains the most effective poisoning strategy, thereby orchestrating a collusive attack by multiple participants. The effectiveness of this attack is validated across multiple datasets, with results indicating that the DMPA approach consistently surpasses existing state-of-the-art FL model poisoning attack strategies.
△ Less
Submitted 7 February, 2025;
originally announced February 2025.
-
ColNet: Collaborative Optimization in Decentralized Federated Multi-task Learning Systems
Authors:
Chao Feng,
Nicolas Fazli Kohler,
Alberto Huertas Celdran,
Gerome Bovet,
Burkhard Stiller
Abstract:
The integration of Federated Learning (FL) and Multi-Task Learning (MTL) has been explored to address client heterogeneity, with Federated Multi-Task Learning (FMTL) treating each client as a distinct task. However, most existing research focuses on data heterogeneity (e.g., addressing non-IID data) rather than task heterogeneity, where clients solve fundamentally different tasks. Additionally, mu…
▽ More
The integration of Federated Learning (FL) and Multi-Task Learning (MTL) has been explored to address client heterogeneity, with Federated Multi-Task Learning (FMTL) treating each client as a distinct task. However, most existing research focuses on data heterogeneity (e.g., addressing non-IID data) rather than task heterogeneity, where clients solve fundamentally different tasks. Additionally, much of the work relies on centralized settings with a server managing the federation, leaving the more challenging domain of decentralized FMTL largely unexplored. Thus, this work bridges this gap by proposing ColNet, a framework designed for heterogeneous tasks in decentralized federated environments. ColNet divides models into the backbone and task-specific layers, forming groups of similar clients, with group leaders performing conflict-averse cross-group aggregation. A pool of experiments with different federations demonstrated ColNet outperforms the compared aggregation schemes in decentralized settings with label and task heterogeneity scenarios.
△ Less
Submitted 17 January, 2025;
originally announced January 2025.
-
Roadmap on Neuromorphic Photonics
Authors:
Daniel Brunner,
Bhavin J. Shastri,
Mohammed A. Al Qadasi,
H. Ballani,
Sylvain Barbay,
Stefano Biasi,
Peter Bienstman,
Simon Bilodeau,
Wim Bogaerts,
Fabian Böhm,
G. Brennan,
Sonia Buckley,
Xinlun Cai,
Marcello Calvanese Strinati,
B. Canakci,
Benoit Charbonnier,
Mario Chemnitz,
Yitong Chen,
Stanley Cheung,
Jeff Chiles,
Suyeon Choi,
Demetrios N. Christodoulides,
Lukas Chrostowski,
J. Chu,
J. H. Clegg
, et al. (125 additional authors not shown)
Abstract:
This roadmap consolidates recent advances while exploring emerging applications, reflecting the remarkable diversity of hardware platforms, neuromorphic concepts, and implementation philosophies reported in the field. It emphasizes the critical role of cross-disciplinary collaboration in this rapidly evolving field.
This roadmap consolidates recent advances while exploring emerging applications, reflecting the remarkable diversity of hardware platforms, neuromorphic concepts, and implementation philosophies reported in the field. It emphasizes the critical role of cross-disciplinary collaboration in this rapidly evolving field.
△ Less
Submitted 16 January, 2025; v1 submitted 14 January, 2025;
originally announced January 2025.
-
From Models to Network Topologies: A Topology Inference Attack in Decentralized Federated Learning
Authors:
Chao Feng,
Yuanzhe Gao,
Alberto Huertas Celdran,
Gerome Bovet,
Burkhard Stiller
Abstract:
Federated Learning (FL) is widely recognized as a privacy-preserving machine learning paradigm due to its model-sharing mechanism that avoids direct data exchange. Nevertheless, model training leaves exploitable traces that can be used to infer sensitive information. In Decentralized FL (DFL), the topology, defining how participants are connected, plays a crucial role in shaping the model's privac…
▽ More
Federated Learning (FL) is widely recognized as a privacy-preserving machine learning paradigm due to its model-sharing mechanism that avoids direct data exchange. Nevertheless, model training leaves exploitable traces that can be used to infer sensitive information. In Decentralized FL (DFL), the topology, defining how participants are connected, plays a crucial role in shaping the model's privacy, robustness, and convergence. However, the topology introduces an unexplored vulnerability: attackers can exploit it to infer participant relationships and launch targeted attacks. This work uncovers the hidden risks of DFL topologies by proposing a novel Topology Inference Attack that infers the topology solely from model behavior. A taxonomy of topology inference attacks is introduced, categorizing them by the attacker's capabilities and knowledge. Practical attack strategies are designed for various scenarios, and experiments are conducted to identify key factors influencing attack success. The results demonstrate that analyzing only the model of each node can accurately infer the DFL topology, highlighting a critical privacy risk in DFL systems. These findings offer valuable insights for improving privacy preservation in DFL environments.
△ Less
Submitted 9 May, 2025; v1 submitted 6 January, 2025;
originally announced January 2025.
-
FedEP: Tailoring Attention to Heterogeneous Data Distribution with Entropy Pooling for Decentralized Federated Learning
Authors:
Chao Feng,
Hongjie Guan,
Alberto Huertas Celdrán,
Jan von der Assen,
Gérôme Bovet,
Burkhard Stiller
Abstract:
Non-Independent and Identically Distributed (non-IID) data in Federated Learning (FL) causes client drift issues, leading to slower convergence and reduced model performance. While existing approaches mitigate this issue in Centralized FL (CFL) using a central server, Decentralized FL (DFL) remains underexplored. In DFL, the absence of a central entity results in nodes accessing a global view of t…
▽ More
Non-Independent and Identically Distributed (non-IID) data in Federated Learning (FL) causes client drift issues, leading to slower convergence and reduced model performance. While existing approaches mitigate this issue in Centralized FL (CFL) using a central server, Decentralized FL (DFL) remains underexplored. In DFL, the absence of a central entity results in nodes accessing a global view of the federation, further intensifying the challenges of non-IID data. Drawing on the entropy pooling algorithm employed in financial contexts to synthesize diverse investment opinions, this work proposes the Federated Entropy Pooling (FedEP) algorithm to mitigate the non-IID challenge in DFL. FedEP leverages Gaussian Mixture Models (GMM) to fit local data distributions, sharing statistical parameters among neighboring nodes to estimate the global distribution. Aggregation weights are determined using the entropy pooling approach between local and global distributions. By sharing only synthetic distribution information, FedEP preserves data privacy while minimizing communication overhead. Experimental results demonstrate that FedEP achieves faster convergence and outperforms state-of-the-art methods in various non-IID settings.
△ Less
Submitted 6 January, 2025; v1 submitted 10 October, 2024;
originally announced October 2024.
-
De-VertiFL: A Solution for Decentralized Vertical Federated Learning
Authors:
Alberto Huertas Celdrán,
Chao Feng,
Sabyasachi Banik,
Gerome Bovet,
Gregorio Martinez Perez,
Burkhard Stiller
Abstract:
Federated Learning (FL), introduced in 2016, was designed to enhance data privacy in collaborative model training environments. Among the FL paradigm, horizontal FL, where clients share the same set of features but different data samples, has been extensively studied in both centralized and decentralized settings. In contrast, Vertical Federated Learning (VFL), which is crucial in real-world decen…
▽ More
Federated Learning (FL), introduced in 2016, was designed to enhance data privacy in collaborative model training environments. Among the FL paradigm, horizontal FL, where clients share the same set of features but different data samples, has been extensively studied in both centralized and decentralized settings. In contrast, Vertical Federated Learning (VFL), which is crucial in real-world decentralized scenarios where clients possess different, yet sensitive, data about the same entity, remains underexplored. Thus, this work introduces De-VertiFL, a novel solution for training models in a decentralized VFL setting. De-VertiFL contributes by introducing a new network architecture distribution, an innovative knowledge exchange scheme, and a distributed federated training process. Specifically, De-VertiFL enables the sharing of hidden layer outputs among federation clients, allowing participants to benefit from intermediate computations, thereby improving learning efficiency. De-VertiFL has been evaluated using a variety of well-known datasets, including both image and tabular data, across binary and multiclass classification tasks. The results demonstrate that De-VertiFL generally surpasses state-of-the-art methods in F1-score performance, while maintaining a decentralized and privacy-preserving framework.
△ Less
Submitted 4 February, 2025; v1 submitted 8 October, 2024;
originally announced October 2024.
-
Leveraging MTD to Mitigate Poisoning Attacks in Decentralized FL with Non-IID Data
Authors:
Chao Feng,
Alberto Huertas Celdrán,
Zien Zeng,
Zi Ye,
Jan von der Assen,
Gerome Bovet,
Burkhard Stiller
Abstract:
Decentralized Federated Learning (DFL), a paradigm for managing big data in a privacy-preserved manner, is still vulnerable to poisoning attacks where malicious clients tamper with data or models. Current defense methods often assume Independently and Identically Distributed (IID) data, which is unrealistic in real-world applications. In non-IID contexts, existing defensive strategies face challen…
▽ More
Decentralized Federated Learning (DFL), a paradigm for managing big data in a privacy-preserved manner, is still vulnerable to poisoning attacks where malicious clients tamper with data or models. Current defense methods often assume Independently and Identically Distributed (IID) data, which is unrealistic in real-world applications. In non-IID contexts, existing defensive strategies face challenges in distinguishing between models that have been compromised and those that have been trained on heterogeneous data distributions, leading to diminished efficacy. In response, this paper proposes a framework that employs the Moving Target Defense (MTD) approach to bolster the robustness of DFL models. By continuously modifying the attack surface of the DFL system, this framework aims to mitigate poisoning attacks effectively. The proposed MTD framework includes both proactive and reactive modes, utilizing a reputation system that combines metrics of model similarity and loss, alongside various defensive techniques. Comprehensive experimental evaluations indicate that the MTD-based mechanism significantly mitigates a range of poisoning attack types across multiple datasets with different topologies.
△ Less
Submitted 12 November, 2024; v1 submitted 28 September, 2024;
originally announced September 2024.
-
Towards Threat Modelling of IoT Context-Sharing Platforms
Authors:
Mohammad Goudarzi,
Arash Shaghaghi,
Simon Finn,
Burkhard Stiller,
Sanjay Jha
Abstract:
The Internet of Things (IoT) involves complex, interconnected systems and devices that depend on context-sharing platforms for interoperability and information exchange. These platforms are, therefore, critical components of real-world IoT deployments, making their security essential to ensure the resilience and reliability of these 'systems of systems'. In this paper, we take the first steps towa…
▽ More
The Internet of Things (IoT) involves complex, interconnected systems and devices that depend on context-sharing platforms for interoperability and information exchange. These platforms are, therefore, critical components of real-world IoT deployments, making their security essential to ensure the resilience and reliability of these 'systems of systems'. In this paper, we take the first steps toward systematically and comprehensively addressing the security of IoT context-sharing platforms. We propose a framework for threat modelling and security analysis of a generic IoT context-sharing solution, employing the MITRE ATT&CK framework. Through an evaluation of various industry-funded projects and academic research, we identify significant security challenges in the design of IoT context-sharing platforms. Our threat modelling provides an in-depth analysis of the techniques and sub-techniques adversaries may use to exploit these systems, offering valuable insights for future research aimed at developing resilient solutions. Additionally, we have developed an open-source threat analysis tool that incorporates our detailed threat modelling, which can be used to evaluate and enhance the security of existing context-sharing platforms.
△ Less
Submitted 21 August, 2024;
originally announced August 2024.
-
PACCOR4ESP: Embedded Device Security Attestation using Platform Attribute Certificates
Authors:
Thomas Grübl,
Jan von der Assen,
Markus Knecht,
Burkhard Stiller
Abstract:
Verifying the integrity of embedded device characteristics is required to ensure secure operation of a device. One central challenge is to securely extract and store device-specific configurations for future verification. Existing device attestation schemes suffer from notable limitations, including a lack of standardization and a failure to encompass all hardware and software aspects inherent to…
▽ More
Verifying the integrity of embedded device characteristics is required to ensure secure operation of a device. One central challenge is to securely extract and store device-specific configurations for future verification. Existing device attestation schemes suffer from notable limitations, including a lack of standardization and a failure to encompass all hardware and software aspects inherent to a platform. This paper proposes an extension of the NSA Cybersecurity Directorate's Platform Attribute Certificate Creator (PACCOR) for the ESP32, a widely-used microcontroller series. Platform Attribute Certificates store device characteristics as per the Trusted Computing Group's Platform Certificate Profile. As of today, there is little research on hybrid attestation schemes utilizing Platform Attribute Certificates on embedded devices, which this work addresses.
This paper presents a collection of attacks that can be detected using PACCOR4ESP. The toolkit extracts security-relevant information from an ESP32-S3, such as the firmware hash, bootloader hash, GPIO pin configuration, and a reference to the endorsement key of the secure element, and automatically embeds it into a Platform Attribute Certificate. Lastly, this work shows how PACCOR4ESP can be integrated with existing embedded device attestation frameworks, such as RAS, CRAFT, and SEDA.
△ Less
Submitted 19 July, 2024;
originally announced July 2024.
-
DART: A Solution for Decentralized Federated Learning Model Robustness Analysis
Authors:
Chao Feng,
Alberto Huertas Celdrán,
Jan von der Assen,
Enrique Tomás Martínez Beltrán,
Gérôme Bovet,
Burkhard Stiller
Abstract:
Federated Learning (FL) has emerged as a promising approach to address privacy concerns inherent in Machine Learning (ML) practices. However, conventional FL methods, particularly those following the Centralized FL (CFL) paradigm, utilize a central server for global aggregation, which exhibits limitations such as bottleneck and single point of failure. To address these issues, the Decentralized FL…
▽ More
Federated Learning (FL) has emerged as a promising approach to address privacy concerns inherent in Machine Learning (ML) practices. However, conventional FL methods, particularly those following the Centralized FL (CFL) paradigm, utilize a central server for global aggregation, which exhibits limitations such as bottleneck and single point of failure. To address these issues, the Decentralized FL (DFL) paradigm has been proposed, which removes the client-server boundary and enables all participants to engage in model training and aggregation tasks. Nevertheless, as CFL, DFL remains vulnerable to adversarial attacks, notably poisoning attacks that undermine model performance. While existing research on model robustness has predominantly focused on CFL, there is a noteworthy gap in understanding the model robustness of the DFL paradigm. In this paper, a thorough review of poisoning attacks targeting the model robustness in DFL systems, as well as their corresponding countermeasures, are presented. Additionally, a solution called DART is proposed to evaluate the robustness of DFL models, which is implemented and integrated into a DFL platform. Through extensive experiments, this paper compares the behavior of CFL and DFL under diverse poisoning attacks, pinpointing key factors affecting attack spread and effectiveness within the DFL. It also evaluates the performance of different defense mechanisms and investigates whether defense mechanisms designed for CFL are compatible with DFL. The empirical results provide insights into research challenges and suggest ways to improve the robustness of DFL models for future research.
△ Less
Submitted 11 July, 2024;
originally announced July 2024.
-
The Danger Within: Insider Threat Modeling Using Business Process Models
Authors:
Jan von der Assen,
Jasmin Hochuli,
Thomas Grübl,
Burkhard Stiller
Abstract:
Threat modeling has been successfully applied to model technical threats within information systems. However, a lack of methods focusing on non-technical assets and their representation can be observed in theory and practice. Following the voices of industry practitioners, this paper explored how to model insider threats based on business process models. Hence, this study developed a novel insider…
▽ More
Threat modeling has been successfully applied to model technical threats within information systems. However, a lack of methods focusing on non-technical assets and their representation can be observed in theory and practice. Following the voices of industry practitioners, this paper explored how to model insider threats based on business process models. Hence, this study developed a novel insider threat knowledge base and a threat modeling application that leverages Business Process Modeling and Notation (BPMN). Finally, to understand how well the theoretic knowledge and its prototype translate into practice, the study conducted a real-world case study of an IT provider's business process and an experimental deployment for a real voting process. The results indicate that even without annotation, BPMN diagrams can be leveraged to automatically identify insider threats in an organization.
△ Less
Submitted 3 September, 2024; v1 submitted 3 June, 2024;
originally announced June 2024.
-
SoK: Decentralized Finance (DeFi) -- Fundamentals, Taxonomy and Risks
Authors:
Krzysztof Gogol,
Christian Killer,
Malte Schlosser,
Thomas Bocek,
Burkhard Stiller,
Claudio Tessone
Abstract:
Decentralized Finance (DeFi) refers to financial services that are not necessarily related to crypto-currencies. By employing blockchain for security and integrity, DeFi creates new possibilities that attract retail and institution users, including central banks. Given its novel applications and sophisticated designs, the distinction between DeFi services and understanding the risk involved is oft…
▽ More
Decentralized Finance (DeFi) refers to financial services that are not necessarily related to crypto-currencies. By employing blockchain for security and integrity, DeFi creates new possibilities that attract retail and institution users, including central banks. Given its novel applications and sophisticated designs, the distinction between DeFi services and understanding the risk involved is often complex. This work systematically presents the major categories of DeFi protocols that cover over 90\% of total value locked (TVL) in DeFi. It establishes a structured methodology to differentiate between DeFi protocols based on their design and architecture. Every DeFi protocol is classified into one of three groups: liquidity pools, pegged and synthetic tokens, and aggregator protocols, followed by risk analysis. In particular, we classify stablecoins, liquid staking tokens, and bridged (wrapped) assets as pegged tokens resembling similar risks. The full risk exposure of DeFi users is derived not only from the DeFi protocol design but also from how it is used and with which tokens.
△ Less
Submitted 17 April, 2024;
originally announced April 2024.
-
Performance Analysis of Decentralized Physical Infrastructure Networks and Centralized Clouds
Authors:
Jan von der Assen,
Christian Killer,
Alessandro De Carli,
Burkhard Stiller
Abstract:
The advent of Decentralized Physical Infrastructure Networks (DePIN) represents a shift in the digital infrastructure of today's Internet. While Centralized Service Providers (CSP) monopolize cloud computing, DePINs aim to enhance data sovereignty and confidentiality and increase resilience against a single point of failure. Due to the novelty of the emerging field of DePIN, this work focuses on t…
▽ More
The advent of Decentralized Physical Infrastructure Networks (DePIN) represents a shift in the digital infrastructure of today's Internet. While Centralized Service Providers (CSP) monopolize cloud computing, DePINs aim to enhance data sovereignty and confidentiality and increase resilience against a single point of failure. Due to the novelty of the emerging field of DePIN, this work focuses on the potential of DePINs to disrupt traditional centralized architectures by taking advantage of the Internet of Things (IoT) devices and crypto-economic design in combination with blockchains. This combination yields Acurast, a more distributed, resilient, and user-centric physical infrastructure deployment. Through comparative analysis with centralized systems, particularly in serverless computing contexts, this work seeks to lay the first steps in scientifically evaluating DePINs and quantitatively comparing them in terms of efficiency and effectiveness in real-world applications. The findings suggest DePINs' potential to (i) reduce trust assumptions and physically decentralized infrastructure, (ii) increase efficiency and performance simultaneously while improving the computation's (iii) confidentiality and verifiability.
△ Less
Submitted 12 April, 2024;
originally announced April 2024.
-
Asset-centric Threat Modeling for AI-based Systems
Authors:
Jan von der Assen,
Jamo Sharif,
Chao Feng,
Christian Killer,
Gérôme Bovet,
Burkhard Stiller
Abstract:
Threat modeling is a popular method to securely develop systems by achieving awareness of potential areas of future damage caused by adversaries. However, threat modeling for systems relying on Artificial Intelligence is still not well explored. While conventional threat modeling methods and tools did not address AI-related threats, research on this amalgamation still lacks solutions capable of gu…
▽ More
Threat modeling is a popular method to securely develop systems by achieving awareness of potential areas of future damage caused by adversaries. However, threat modeling for systems relying on Artificial Intelligence is still not well explored. While conventional threat modeling methods and tools did not address AI-related threats, research on this amalgamation still lacks solutions capable of guiding and automating the process, as well as providing evidence that the methods hold up in practice. Consequently, this paper presents ThreatFinderAI, an approach and tool providing guidance and automation to model AI-related assets, threats, countermeasures, and quantify residual risks. To evaluate the practicality of the approach, participants were tasked to recreate a threat model developed by cybersecurity experts of an AI-based healthcare platform. Secondly, the approach was used to identify and discuss strategic risks in an LLM-based application through a case study. Overall, the solution's usability was well-perceived and effectively supports threat identification and risk discussion.
△ Less
Submitted 3 June, 2024; v1 submitted 11 March, 2024;
originally announced March 2024.
-
QuantTM: Business-Centric Threat Quantification for Risk Management and Cyber Resilience
Authors:
Jan von der Assen,
Muriel F. Franco,
Muyao Dong,
Burkhard Stiller
Abstract:
Threat modeling has emerged as a key process for understanding relevant threats within businesses. However, understanding the importance of threat events is rarely driven by the business incorporating the system. Furthermore, prioritization of threat events often occurs based on abstract and qualitative scoring. While such scores enable prioritization, they do not allow the results to be easily in…
▽ More
Threat modeling has emerged as a key process for understanding relevant threats within businesses. However, understanding the importance of threat events is rarely driven by the business incorporating the system. Furthermore, prioritization of threat events often occurs based on abstract and qualitative scoring. While such scores enable prioritization, they do not allow the results to be easily interpreted by decision-makers. This can hinder downstream activities, such as discussing security investments and a security control's economic applicability. This article introduces QuantTM, an approach that incorporates views from operational and strategic business representatives to collect threat information during the threat modeling process to measure potential financial loss incurred by a specific threat event. It empowers the analysis of threats' impacts and the applicability of security controls, thus supporting the threat analysis and prioritization from an economic perspective. QuantTM comprises an overarching process for data collection and aggregation and a method for business impact analysis. The performance and feasibility of the QuantTM approach are demonstrated in a real-world case study conducted in a Swiss SME to analyze the impacts of threats and economic benefits of security controls. Secondly, it is shown that employing business impact analysis is feasible and that the supporting prototype exhibits great usability.
△ Less
Submitted 21 February, 2024;
originally announced February 2024.
-
GuardFS: a File System for Integrated Detection and Mitigation of Linux-based Ransomware
Authors:
Jan von der Assen,
Chao Feng,
Alberto Huertas Celdrán,
Róbert Oleš,
Gérôme Bovet,
Burkhard Stiller
Abstract:
Although ransomware has received broad attention in media and research, this evolving threat vector still poses a systematic threat. Related literature has explored their detection using various approaches leveraging Machine and Deep Learning. While these approaches are effective in detecting malware, they do not answer how to use this intelligence to protect against threats, raising concerns abou…
▽ More
Although ransomware has received broad attention in media and research, this evolving threat vector still poses a systematic threat. Related literature has explored their detection using various approaches leveraging Machine and Deep Learning. While these approaches are effective in detecting malware, they do not answer how to use this intelligence to protect against threats, raising concerns about their applicability in a hostile environment. Solutions that focus on mitigation rarely explore how to prevent and not just alert or halt its execution, especially when considering Linux-based samples. This paper presents GuardFS, a file system-based approach to investigate the integration of detection and mitigation of ransomware. Using a bespoke overlay file system, data is extracted before files are accessed. Models trained on this data are used by three novel defense configurations that obfuscate, delay, or track access to the file system. The experiments on GuardFS test the configurations in a reactive setting. The results demonstrate that although data loss cannot be completely prevented, it can be significantly reduced. Usability and performance analysis demonstrate that the defense effectiveness of the configurations relates to their impact on resource consumption and usability.
△ Less
Submitted 31 January, 2024;
originally announced January 2024.
-
Empirical and Theoretical Analysis of Liquid Staking Protocols
Authors:
Krzysztof Gogol,
Benjamin Kraner,
Malte Schlosser,
Tao Yan,
Claudio Tessone,
Burkhard Stiller
Abstract:
Liquid staking has become the largest category of decentralized finance protocols in terms of total value locked. However, few studies exist on its implementation designs or underlying risks. The liquid staking protocols allow for earning staking rewards without the disadvantage of locking the capital at the validators. Yet, they are seen by some as a threat to the Proof-of-Stake blockchain securi…
▽ More
Liquid staking has become the largest category of decentralized finance protocols in terms of total value locked. However, few studies exist on its implementation designs or underlying risks. The liquid staking protocols allow for earning staking rewards without the disadvantage of locking the capital at the validators. Yet, they are seen by some as a threat to the Proof-of-Stake blockchain security.
This paper is the first work that classifies liquid staking implementations. It analyzes the historical performance of major liquid staking tokens in comparison to the traditional staking for the largest Proof-of-Stake blockchains. Furthermore, the research investigates the impact of centralization, maximum extractable value and the migration of Ethereum from Proof-of-Work to Proof-of-Stake on the tokens' performance. Examining the tracking error of the liquid stacking providers to the staking rewards shows that they are persistent and cannot be explained by macro-variables of the currency, such as the variance or return.
△ Less
Submitted 29 January, 2024;
originally announced January 2024.
-
Assessing the Sustainability and Trustworthiness of Federated Learning Models
Authors:
Chao Feng,
Alberto Huertas Celdran,
Pedro Miguel Sanchez Sanchez,
Lynn Zumtaugwald,
Gerome Bovet,
Burkhard Stiller
Abstract:
Artificial intelligence is widely used in various sectors and significantly impacts decision-making processes. Novel AI paradigms, such as Federated Learning (FL), focus on training AI models collaboratively while preserving data privacy. In such a context, the European Commission's AI-HLEG group has highlighted the importance of sustainable AI for trustworthy AI. While existing literature offers…
▽ More
Artificial intelligence is widely used in various sectors and significantly impacts decision-making processes. Novel AI paradigms, such as Federated Learning (FL), focus on training AI models collaboratively while preserving data privacy. In such a context, the European Commission's AI-HLEG group has highlighted the importance of sustainable AI for trustworthy AI. While existing literature offers several solutions for assessing the trustworthiness of FL models, a significant gap exists in considering sustainability associated with FL. Thus, this work introduces the sustainability pillar to the trustworthy FL taxonomy, making this work the first to address all AI-HLEG requirements. The sustainability pillar assesses the FL system's environmental impact, incorporating notions and metrics for hardware efficiency, federation complexity, and energy grid carbon intensity. An algorithm is developed to evaluate the trustworthiness of FL models, incorporating sustainability considerations. Extensive evaluations with the FederatedScope framework and various scenarios demonstrate the effectiveness of the proposed solution.
△ Less
Submitted 11 February, 2025; v1 submitted 31 October, 2023;
originally announced October 2023.
-
Voyager: MTD-Based Aggregation Protocol for Mitigating Poisoning Attacks on DFL
Authors:
Chao Feng,
Alberto Huertas Celdran,
Michael Vuong,
Gerome Bovet,
Burkhard Stiller
Abstract:
The growing concern over malicious attacks targeting the robustness of both Centralized and Decentralized Federated Learning (FL) necessitates novel defensive strategies. In contrast to the centralized approach, Decentralized FL (DFL) has the advantage of utilizing network topology and local dataset information, enabling the exploration of Moving Target Defense (MTD) based approaches.
This work…
▽ More
The growing concern over malicious attacks targeting the robustness of both Centralized and Decentralized Federated Learning (FL) necessitates novel defensive strategies. In contrast to the centralized approach, Decentralized FL (DFL) has the advantage of utilizing network topology and local dataset information, enabling the exploration of Moving Target Defense (MTD) based approaches.
This work presents a theoretical analysis of the influence of network topology on the robustness of DFL models. Drawing inspiration from these findings, a three-stage MTD-based aggregation protocol, called Voyager, is proposed to improve the robustness of DFL models against poisoning attacks by manipulating network topology connectivity. Voyager has three main components: an anomaly detector, a network topology explorer, and a connection deployer. When an abnormal model is detected in the network, the topology explorer responds strategically by forming connections with more trustworthy participants to secure the model. Experimental evaluations show that Voyager effectively mitigates various poisoning attacks without imposing significant resource and computational burdens on participants. These findings highlight the proposed reactive MTD as a potent defense mechanism in the context of DFL.
△ Less
Submitted 14 February, 2024; v1 submitted 12 October, 2023;
originally announced October 2023.
-
Sentinel: An Aggregation Function to Secure Decentralized Federated Learning
Authors:
Chao Feng,
Alberto Huertas Celdrán,
Janosch Baltensperger,
Enrique Tomás Martínez Beltrán,
Pedro Miguel Sánchez Sánchez,
Gérôme Bovet,
Burkhard Stiller
Abstract:
Decentralized Federated Learning (DFL) emerges as an innovative paradigm to train collaborative models, addressing the single point of failure limitation. However, the security and trustworthiness of FL and DFL are compromised by poisoning attacks, negatively impacting its performance. Existing defense mechanisms have been designed for centralized FL and they do not adequately exploit the particul…
▽ More
Decentralized Federated Learning (DFL) emerges as an innovative paradigm to train collaborative models, addressing the single point of failure limitation. However, the security and trustworthiness of FL and DFL are compromised by poisoning attacks, negatively impacting its performance. Existing defense mechanisms have been designed for centralized FL and they do not adequately exploit the particularities of DFL. Thus, this work introduces Sentinel, a defense strategy to counteract poisoning attacks in DFL. Sentinel leverages the accessibility of local data and defines a three-step aggregation protocol consisting of similarity filtering, bootstrap validation, and normalization to safeguard against malicious model updates. Sentinel has been evaluated with diverse datasets and data distributions. Besides, various poisoning attack types and threat levels have been verified. The results improve the state-of-the-art performance against both untargeted and targeted poisoning attacks when data follows an IID (Independent and Identically Distributed) configuration. Besides, under non-IID configuration, it is analyzed how performance degrades both for Sentinel and other state-of-the-art robust aggregation methods.
△ Less
Submitted 4 September, 2024; v1 submitted 12 October, 2023;
originally announced October 2023.
-
CyberForce: A Federated Reinforcement Learning Framework for Malware Mitigation
Authors:
Chao Feng,
Alberto Huertas Celdran,
Pedro Miguel Sanchez Sanchez,
Jan Kreischer,
Jan von der Assen,
Gerome Bovet,
Gregorio Martinez Perez,
Burkhard Stiller
Abstract:
Recent research has shown that the integration of Reinforcement Learning (RL) with Moving Target Defense (MTD) can enhance cybersecurity in Internet-of-Things (IoT) devices. Nevertheless, the practicality of existing work is hindered by data privacy concerns associated with centralized data processing in RL, and the unsatisfactory time needed to learn right MTD techniques that are effective agains…
▽ More
Recent research has shown that the integration of Reinforcement Learning (RL) with Moving Target Defense (MTD) can enhance cybersecurity in Internet-of-Things (IoT) devices. Nevertheless, the practicality of existing work is hindered by data privacy concerns associated with centralized data processing in RL, and the unsatisfactory time needed to learn right MTD techniques that are effective against a rising number of heterogeneous zero-day attacks. Thus, this work presents CyberForce, a framework that combines Federated and Reinforcement Learning (FRL) to collaboratively and privately learn suitable MTD techniques for mitigating zero-day attacks. CyberForce integrates device fingerprinting and anomaly detection to reward or penalize MTD mechanisms chosen by an FRL-based agent. The framework has been deployed and evaluated in a scenario consisting of ten physical devices of a real IoT platform affected by heterogeneous malware samples. A pool of experiments has demonstrated that CyberForce learns the MTD technique mitigating each attack faster than existing RL-based centralized approaches. In addition, when various devices are exposed to different attacks, CyberForce benefits from knowledge transfer, leading to enhanced performance and reduced learning time in comparison to recent works. Finally, different aggregation algorithms used during the agent learning process provide CyberForce with notable robustness to malicious attacks.
△ Less
Submitted 30 September, 2024; v1 submitted 11 August, 2023;
originally announced August 2023.
-
RCVaR: an Economic Approach to Estimate Cyberattacks Costs using Data from Industry Reports
Authors:
Muriel Figueredo Franco,
Fabian Künzler,
Jan von der Assen,
Chao Feng,
Burkhard Stiller
Abstract:
Digitization increases business opportunities and the risk of companies being victims of devastating cyberattacks. Therefore, managing risk exposure and cybersecurity strategies is essential for digitized companies that want to survive in competitive markets. However, understanding company-specific risks and quantifying their associated costs is not trivial. Current approaches fail to provide indi…
▽ More
Digitization increases business opportunities and the risk of companies being victims of devastating cyberattacks. Therefore, managing risk exposure and cybersecurity strategies is essential for digitized companies that want to survive in competitive markets. However, understanding company-specific risks and quantifying their associated costs is not trivial. Current approaches fail to provide individualized and quantitative monetary estimations of cybersecurity impacts. Due to limited resources and technical expertise, SMEs and even large companies are affected and struggle to quantify their cyberattack exposure. Therefore, novel approaches must be placed to support the understanding of the financial loss due to cyberattacks. This article introduces the Real Cyber Value at Risk (RCVaR), an economical approach for estimating cybersecurity costs using real-world information from public cybersecurity reports. RCVaR identifies the most significant cyber risk factors from various sources and combines their quantitative results to estimate specific cyberattacks costs for companies. Furthermore, RCVaR extends current methods to achieve cost and risk estimations based on historical real-world data instead of only probability-based simulations. The evaluation of the approach on unseen data shows the accuracy and efficiency of the RCVaR in predicting and managing cyber risks. Thus, it shows that the RCVaR is a valuable addition to cybersecurity planning and risk management processes.
△ Less
Submitted 20 July, 2023;
originally announced July 2023.
-
MTFS: a Moving Target Defense-Enabled File System for Malware Mitigation
Authors:
Jan von der Assen,
Alberto Huertas Celdrán,
Rinor Sefa,
Gérôme Bovet,
Burkhard Stiller
Abstract:
Ransomware has remained one of the most notorious threats in the cybersecurity field. Moving Target Defense (MTD) has been proposed as a novel paradigm for proactive defense. Although various approaches leverage MTD, few of them rely on the operating system and, specifically, the file system, thereby making them dependent on other computing devices. Furthermore, existing ransomware defense techniq…
▽ More
Ransomware has remained one of the most notorious threats in the cybersecurity field. Moving Target Defense (MTD) has been proposed as a novel paradigm for proactive defense. Although various approaches leverage MTD, few of them rely on the operating system and, specifically, the file system, thereby making them dependent on other computing devices. Furthermore, existing ransomware defense techniques merely replicate or detect attacks, without preventing them. Thus, this paper introduces the MTFS overlay file system and the design and implementation of three novel MTD techniques implemented on top of it. One delaying attackers, one trapping recursive directory traversal, and another one hiding file types. The effectiveness of the techniques are shown in two experiments. First, it is shown that the techniques can delay and mitigate ransomware on real IoT devices. Secondly, in a broader scope, the solution was confronted with 14 ransomware samples, highlighting that it can save 97% of the files.
△ Less
Submitted 16 November, 2023; v1 submitted 27 June, 2023;
originally announced June 2023.
-
RansomAI: AI-powered Ransomware for Stealthy Encryption
Authors:
Jan von der Assen,
Alberto Huertas Celdrán,
Janik Luechinger,
Pedro Miguel Sánchez Sánchez,
Gérôme Bovet,
Gregorio Martínez Pérez,
Burkhard Stiller
Abstract:
Cybersecurity solutions have shown promising performance when detecting ransomware samples that use fixed algorithms and encryption rates. However, due to the current explosion of Artificial Intelligence (AI), sooner than later, ransomware (and malware in general) will incorporate AI techniques to intelligently and dynamically adapt its encryption behavior to be undetected. It might result in inef…
▽ More
Cybersecurity solutions have shown promising performance when detecting ransomware samples that use fixed algorithms and encryption rates. However, due to the current explosion of Artificial Intelligence (AI), sooner than later, ransomware (and malware in general) will incorporate AI techniques to intelligently and dynamically adapt its encryption behavior to be undetected. It might result in ineffective and obsolete cybersecurity solutions, but the literature lacks AI-powered ransomware to verify it. Thus, this work proposes RansomAI, a Reinforcement Learning-based framework that can be integrated into existing ransomware samples to adapt their encryption behavior and stay stealthy while encrypting files. RansomAI presents an agent that learns the best encryption algorithm, rate, and duration that minimizes its detection (using a reward mechanism and a fingerprinting intelligent detection system) while maximizing its damage function. The proposed framework was validated in a ransomware, Ransomware-PoC, that infected a Raspberry Pi 4, acting as a crowdsensor. A pool of experiments with Deep Q-Learning and Isolation Forest (deployed on the agent and detection system, respectively) has demonstrated that RansomAI evades the detection of Ransomware-PoC affecting the Raspberry Pi 4 in a few minutes with >90% accuracy.
△ Less
Submitted 27 June, 2023;
originally announced June 2023.
-
SECAdvisor: a Tool for Cybersecurity Planning using Economic Models
Authors:
Muriel Figueredo Franco,
Christian Omlin,
Oliver Kamer,
Eder John Scheid,
Burkhard Stiller
Abstract:
Cybersecurity planning is challenging for digitized companies that want adequate protection without overspending money. Currently, the lack of investments and perverse economic incentives are the root cause of cyberattacks, which results in several economic impacts on companies worldwide. Therefore, cybersecurity planning has to consider technical and economic dimensions to help companies achieve…
▽ More
Cybersecurity planning is challenging for digitized companies that want adequate protection without overspending money. Currently, the lack of investments and perverse economic incentives are the root cause of cyberattacks, which results in several economic impacts on companies worldwide. Therefore, cybersecurity planning has to consider technical and economic dimensions to help companies achieve a better cybersecurity strategy. This article introduces SECAdvisor, a tool to support cybersecurity planning using economic models. SECAdvisor allows to (a) understand the risks and valuation of different businesses' information, (b) calculate the optimal investment in cybersecurity for a company, (c) receive a recommendation of protections based on the budget available and demands, and (d) compare protection solutions in terms of cost-efficiency. Furthermore, evaluations on usability and real-world training activities performed using SECAdvisor are discussed.
△ Less
Submitted 16 April, 2023;
originally announced April 2023.
-
Real-time Tracking of Medical Devices: An Analysis of Multilateration and Fingerprinting Approaches
Authors:
Bruno Rodrigues,
Eder J. Scheid,
Katharina O. E. Müller,
Julius Willems,
Burkhard Stiller
Abstract:
Hospital infrastructures are always in evidence in periods of crisis, such as natural disasters or pandemic events, under stress. The recent COVID-19 pandemic exposed several inefficiencies in hospital systems over a relatively long period. Among these inefficiencies are human factors, such as how to manage staff during periods of high demand, and technical factors, including the management of Por…
▽ More
Hospital infrastructures are always in evidence in periods of crisis, such as natural disasters or pandemic events, under stress. The recent COVID-19 pandemic exposed several inefficiencies in hospital systems over a relatively long period. Among these inefficiencies are human factors, such as how to manage staff during periods of high demand, and technical factors, including the management of Portable Medical Devices (PMD), such as mechanical ventilators, capnography monitors, infusion pumps, or pulse oximeters. These devices, which are vital for monitoring patients or performing different procedures, were found to have a high turnover during high-demand, resulting in inefficiencies and more pressure on medical teams.
Thus, the work PMD-Track evaluates in detail two popular indoor tracking approaches concerning their accuracy, placement of beacons, and economic impacts. The key novelty of PMD-Track relies on using smartphones provided to hospital employees, replacing typical stationary gateways spread across a hospital, functioning as mobile gateways with a front-end that assists staff in locating PMDs. As employees approach tagged PMDs, their smartphone automatically updates the location of spotted PMDs in real-time, providing room-level localization data with up to 83% accuracy for fingerprinting and 35% for multilateration. In addition, fingerprinting is 45% cheaper than multilateration over the course of five years. Practical experiments were evaluated based on two locations in Zürich, Switzerland.
△ Less
Submitted 2 March, 2023;
originally announced March 2023.
-
FederatedTrust: A Solution for Trustworthy Federated Learning
Authors:
Pedro Miguel Sánchez Sánchez,
Alberto Huertas Celdrán,
Ning Xie,
Gérôme Bovet,
Gregorio Martínez Pérez,
Burkhard Stiller
Abstract:
The rapid expansion of the Internet of Things (IoT) and Edge Computing has presented challenges for centralized Machine and Deep Learning (ML/DL) methods due to the presence of distributed data silos that hold sensitive information. To address concerns regarding data privacy, collaborative and privacy-preserving ML/DL techniques like Federated Learning (FL) have emerged. However, ensuring data pri…
▽ More
The rapid expansion of the Internet of Things (IoT) and Edge Computing has presented challenges for centralized Machine and Deep Learning (ML/DL) methods due to the presence of distributed data silos that hold sensitive information. To address concerns regarding data privacy, collaborative and privacy-preserving ML/DL techniques like Federated Learning (FL) have emerged. However, ensuring data privacy and performance alone is insufficient since there is a growing need to establish trust in model predictions. Existing literature has proposed various approaches on trustworthy ML/DL (excluding data privacy), identifying robustness, fairness, explainability, and accountability as important pillars. Nevertheless, further research is required to identify trustworthiness pillars and evaluation metrics specifically relevant to FL models, as well as to develop solutions that can compute the trustworthiness level of FL models. This work examines the existing requirements for evaluating trustworthiness in FL and introduces a comprehensive taxonomy consisting of six pillars (privacy, robustness, fairness, explainability, accountability, and federation), along with over 30 metrics for computing the trustworthiness of FL models. Subsequently, an algorithm named FederatedTrust is designed based on the pillars and metrics identified in the taxonomy to compute the trustworthiness score of FL models. A prototype of FederatedTrust is implemented and integrated into the learning process of FederatedScope, a well-established FL framework. Finally, five experiments are conducted using different configurations of FederatedScope to demonstrate the utility of FederatedTrust in computing the trustworthiness of FL models. Three experiments employ the FEMNIST dataset, and two utilize the N-BaIoT dataset considering a real-world IoT security use case.
△ Less
Submitted 6 July, 2023; v1 submitted 20 February, 2023;
originally announced February 2023.
-
RL and Fingerprinting to Select Moving Target Defense Mechanisms for Zero-day Attacks in IoT
Authors:
Alberto Huertas Celdrán,
Pedro Miguel Sánchez Sánchez,
Jan von der Assen,
Timo Schenk,
Gérôme Bovet,
Gregorio Martínez Pérez,
Burkhard Stiller
Abstract:
Cybercriminals are moving towards zero-day attacks affecting resource-constrained devices such as single-board computers (SBC). Assuming that perfect security is unrealistic, Moving Target Defense (MTD) is a promising approach to mitigate attacks by dynamically altering target attack surfaces. Still, selecting suitable MTD techniques for zero-day attacks is an open challenge. Reinforcement Learnin…
▽ More
Cybercriminals are moving towards zero-day attacks affecting resource-constrained devices such as single-board computers (SBC). Assuming that perfect security is unrealistic, Moving Target Defense (MTD) is a promising approach to mitigate attacks by dynamically altering target attack surfaces. Still, selecting suitable MTD techniques for zero-day attacks is an open challenge. Reinforcement Learning (RL) could be an effective approach to optimize the MTD selection through trial and error, but the literature fails when i) evaluating the performance of RL and MTD solutions in real-world scenarios, ii) studying whether behavioral fingerprinting is suitable for representing SBC's states, and iii) calculating the consumption of resources in SBC. To improve these limitations, the work at hand proposes an online RL-based framework to learn the correct MTD mechanisms mitigating heterogeneous zero-day attacks in SBC. The framework considers behavioral fingerprinting to represent SBCs' states and RL to learn MTD techniques that mitigate each malicious state. It has been deployed on a real IoT crowdsensing scenario with a Raspberry Pi acting as a spectrum sensor. More in detail, the Raspberry Pi has been infected with different samples of command and control malware, rootkits, and ransomware to later select between four existing MTD techniques. A set of experiments demonstrated the suitability of the framework to learn proper MTD techniques mitigating all attacks (except a harmfulness rootkit) while consuming <1 MB of storage and utilizing <55% CPU and <80% RAM.
△ Less
Submitted 30 December, 2022;
originally announced December 2022.
-
Analyzing the Robustness of Decentralized Horizontal and Vertical Federated Learning Architectures in a Non-IID Scenario
Authors:
Pedro Miguel Sánchez Sánchez,
Alberto Huertas Celdrán,
Enrique Tomás Martínez Beltrán,
Daniel Demeter,
Gérôme Bovet,
Gregorio Martínez Pérez,
Burkhard Stiller
Abstract:
Federated learning (FL) allows participants to collaboratively train machine and deep learning models while protecting data privacy. However, the FL paradigm still presents drawbacks affecting its trustworthiness since malicious participants could launch adversarial attacks against the training process. Related work has studied the robustness of horizontal FL scenarios under different attacks. How…
▽ More
Federated learning (FL) allows participants to collaboratively train machine and deep learning models while protecting data privacy. However, the FL paradigm still presents drawbacks affecting its trustworthiness since malicious participants could launch adversarial attacks against the training process. Related work has studied the robustness of horizontal FL scenarios under different attacks. However, there is a lack of work evaluating the robustness of decentralized vertical FL and comparing it with horizontal FL architectures affected by adversarial attacks. Thus, this work proposes three decentralized FL architectures, one for horizontal and two for vertical scenarios, namely HoriChain, VertiChain, and VertiComb. These architectures present different neural networks and training protocols suitable for horizontal and vertical scenarios. Then, a decentralized, privacy-preserving, and federated use case with non-IID data to classify handwritten digits is deployed to evaluate the performance of the three architectures. Finally, a set of experiments computes and compares the robustness of the proposed architectures when they are affected by different data poisoning based on image watermarks and gradient poisoning adversarial attacks. The experiments show that even though particular configurations of both attacks can destroy the classification performance of the architectures, HoriChain is the most robust one.
△ Less
Submitted 20 October, 2022;
originally announced October 2022.
-
A Lightweight Moving Target Defense Framework for Multi-purpose Malware Affecting IoT Devices
Authors:
Jan von der Assen,
Alberto Huertas Celdrán,
Pedro Miguel Sánchez Sánchez,
Jordan Cedeño,
Gérôme Bovet,
Gregorio Martínez Pérez,
Burkhard Stiller
Abstract:
Malware affecting Internet of Things (IoT) devices is rapidly growing due to the relevance of this paradigm in real-world scenarios. Specialized literature has also detected a trend towards multi-purpose malware able to execute different malicious actions such as remote control, data leakage, encryption, or code hiding, among others. Protecting IoT devices against this kind of malware is challengi…
▽ More
Malware affecting Internet of Things (IoT) devices is rapidly growing due to the relevance of this paradigm in real-world scenarios. Specialized literature has also detected a trend towards multi-purpose malware able to execute different malicious actions such as remote control, data leakage, encryption, or code hiding, among others. Protecting IoT devices against this kind of malware is challenging due to their well-known vulnerabilities and limitation in terms of CPU, memory, and storage. To improve it, the moving target defense (MTD) paradigm was proposed a decade ago and has shown promising results, but there is a lack of IoT MTD solutions dealing with multi-purpose malware. Thus, this work proposes four MTD mechanisms changing IoT devices' network, data, and runtime environment to mitigate multi-purpose malware. Furthermore, it presents a lightweight and IoT-oriented MTD framework to decide what, when, and how the MTD mechanisms are deployed. Finally, the efficiency and effectiveness of the framework and MTD mechanisms are evaluated in a real-world scenario with one IoT spectrum sensor affected by multi-purpose malware.
△ Less
Submitted 14 October, 2022;
originally announced October 2022.
-
Studying the Robustness of Anti-adversarial Federated Learning Models Detecting Cyberattacks in IoT Spectrum Sensors
Authors:
Pedro Miguel Sánchez Sánchez,
Alberto Huertas Celdrán,
Timo Schenk,
Adrian Lars Benjamin Iten,
Gérôme Bovet,
Gregorio Martínez Pérez,
Burkhard Stiller
Abstract:
Device fingerprinting combined with Machine and Deep Learning (ML/DL) report promising performance when detecting cyberattacks targeting data managed by resource-constrained spectrum sensors. However, the amount of data needed to train models and the privacy concerns of such scenarios limit the applicability of centralized ML/DL-based approaches. Federated learning (FL) addresses these limitations…
▽ More
Device fingerprinting combined with Machine and Deep Learning (ML/DL) report promising performance when detecting cyberattacks targeting data managed by resource-constrained spectrum sensors. However, the amount of data needed to train models and the privacy concerns of such scenarios limit the applicability of centralized ML/DL-based approaches. Federated learning (FL) addresses these limitations by creating federated and privacy-preserving models. However, FL is vulnerable to malicious participants, and the impact of adversarial attacks on federated models detecting spectrum sensing data falsification (SSDF) attacks on spectrum sensors has not been studied. To address this challenge, the first contribution of this work is the creation of a novel dataset suitable for FL and modeling the behavior (usage of CPU, memory, or file system, among others) of resource-constrained spectrum sensors affected by different SSDF attacks. The second contribution is a pool of experiments analyzing and comparing the robustness of federated models according to i) three families of spectrum sensors, ii) eight SSDF attacks, iii) four scenarios dealing with unsupervised (anomaly detection) and supervised (binary classification) federated models, iv) up to 33% of malicious participants implementing data and model poisoning attacks, and v) four aggregation functions acting as anti-adversarial mechanisms to increase the models robustness.
△ Less
Submitted 31 January, 2022;
originally announced February 2022.
-
CyberSpec: Intelligent Behavioral Fingerprinting to Detect Attacks on Crowdsensing Spectrum Sensors
Authors:
Alberto Huertas Celdrán,
Pedro Miguel Sánchez Sánchez,
Gérôme Bovet,
Gregorio Martínez Pérez,
Burkhard Stiller
Abstract:
Integrated sensing and communication (ISAC) is a novel paradigm using crowdsensing spectrum sensors to help with the management of spectrum scarcity. However, well-known vulnerabilities of resource-constrained spectrum sensors and the possibility of being manipulated by users with physical access complicate their protection against spectrum sensing data falsification (SSDF) attacks. Most recent li…
▽ More
Integrated sensing and communication (ISAC) is a novel paradigm using crowdsensing spectrum sensors to help with the management of spectrum scarcity. However, well-known vulnerabilities of resource-constrained spectrum sensors and the possibility of being manipulated by users with physical access complicate their protection against spectrum sensing data falsification (SSDF) attacks. Most recent literature suggests using behavioral fingerprinting and Machine/Deep Learning (ML/DL) for improving similar cybersecurity issues. Nevertheless, the applicability of these techniques in resource-constrained devices, the impact of attacks affecting spectrum data integrity, and the performance and scalability of models suitable for heterogeneous sensors types are still open challenges. To improve limitations, this work presents seven SSDF attacks affecting spectrum sensors and introduces CyberSpec, an ML/DL-oriented framework using device behavioral fingerprinting to detect anomalies produced by SSDF attacks affecting resource-constrained spectrum sensors. CyberSpec has been implemented and validated in ElectroSense, a real crowdsensing RF monitoring platform where several configurations of the proposed SSDF attacks have been executed in different sensors. A pool of experiments with different unsupervised ML/DL-based models has demonstrated the suitability of CyberSpec detecting the previous attacks within an acceptable timeframe.
△ Less
Submitted 14 January, 2022;
originally announced January 2022.
-
On-Chain IoT Data Modification in Blockchains
Authors:
Sina Rafati Niya,
Julius Willems,
Burkhard Stiller
Abstract:
In recent years, the interest growth in the Blockchains (BC) and Internet-of-Things (IoT) integration -- termed as BIoT -- for more trust via decentralization has led to great potentials in various use cases such as health care, supply chain tracking, and smart cities. A key element of BIoT ecosystems is the data transactions (TX) that include the data collected by IoT devices. BIoT applications f…
▽ More
In recent years, the interest growth in the Blockchains (BC) and Internet-of-Things (IoT) integration -- termed as BIoT -- for more trust via decentralization has led to great potentials in various use cases such as health care, supply chain tracking, and smart cities. A key element of BIoT ecosystems is the data transactions (TX) that include the data collected by IoT devices. BIoT applications face many challenges to comply with the European General Data Protection Regulation (GDPR) i.e., enabling users to hold on to their rights for deleting or modifying their data stored on publicly accessible and immutable BCs. In this regard, this paper identifies the requirements of BCs for being GDPR compliant in BIoT use cases. Accordingly, an on-chain solution is proposed that allows fine-grained modification (update and erasure) operations on TXs' data fields within a BC. The proposed solution is based on a cryptographic primitive called Chameleon Hashing. The novelty of this approach is manifold. BC users have the authority to update their data, which are addressed at the TX level with no side-effects on the block or chain. By performing and storing the data updates, all on-chain, traceability and verifiability of the BC are preserved. Moreover, the compatibility with TX aggregation mechanisms that allow the compression of the BC size is maintained.
△ Less
Submitted 19 March, 2021;
originally announced March 2021.
-
Proverum: A Hybrid Public Verifiability and Decentralized Identity Management
Authors:
Christian Killer,
Lucas Thorbecke,
Bruno Rodrigues,
Eder Scheid,
Muriel Franco,
Burkhard Stiller
Abstract:
Trust in electoral processes is fundamental for democracies. Further, the identity management of citizen data is crucial, because final tallies cannot be guaranteed without the assurance that every final vote was cast by an eligible voter. In order to establish a basis for a hybrid public verifiability of voting, this work (1) introduces Proverum, an approach combining a private environment based…
▽ More
Trust in electoral processes is fundamental for democracies. Further, the identity management of citizen data is crucial, because final tallies cannot be guaranteed without the assurance that every final vote was cast by an eligible voter. In order to establish a basis for a hybrid public verifiability of voting, this work (1) introduces Proverum, an approach combining a private environment based on private permissioned Distributed Ledgers with a public environment based on public Blockchains, (2) describes the application of the Proverum architecture to the Swiss Remote Postal Voting system, mitigating threats present in the current system, and (3) addresses successfully the decentralized identity management in a federalistic state.
△ Less
Submitted 22 August, 2020;
originally announced August 2020.
-
WeTrace -- A Privacy-preserving Mobile COVID-19 Tracing Approach and Application
Authors:
A. De Carli,
M. Franco,
A. Gassmann,
C. Killer,
B. Rodrigues,
E. Scheid,
D. Schoenbaechler,
B. Stiller
Abstract:
For the protection of people and society against harm and health threats -- especially for the COVID-19 pandemic -- a variety of different disciplines needs to be involved. The data collection of very basic and health-related data of individuals in today's highly mobile society does help to plan, protect, and identify next steps health authorities and governments can, shall, or need to plan for or…
▽ More
For the protection of people and society against harm and health threats -- especially for the COVID-19 pandemic -- a variety of different disciplines needs to be involved. The data collection of very basic and health-related data of individuals in today's highly mobile society does help to plan, protect, and identify next steps health authorities and governments can, shall, or need to plan for or even implement. Thus, every individual, every human, and every inhabitant of the world is the key player -- very different to many past crises'. And since the individual is involved -- all individuals -- his/her (a) health and (b) privacy shall be considered in a very carefully crafted balance, not overruling one aspect with another one or even prioritizing certain aspects. Privacy remains the key. Thus, the solution of the current pandemic's data collection can be based on a fully privacy-preserving application, which can be used by individuals on their mobile devices, such as smartphones, while maintaining at the same time their privacy. Additionally, respective data collected in such a fully distributed setting does help to confine the pandemic and can be achieved in a democratic and very open, but still and especially privacy-protecting world. Therefore, the WeTrace approach and application as described in this paper utilizes the Bluetooth Low Energy (BTE) communication channel, many modern mobile devices offer, where asymmetric cryptography is being applied to allows for the decyphering of a message for that destination it had been intended for. Since literally every other potential participant only listens to random data, even a brute force attack will not succeed. WeTrace and its Open Source implementation is the only known approach so far, which ensures that any receiver of a message knows that this is for him/her, but does not know who the original sender was.
△ Less
Submitted 19 April, 2020;
originally announced April 2020.
-
Quantum-limited measurements of optical signals from a geostationary satellite
Authors:
Kevin Günthner,
Imran Khan,
Dominique Elser,
Birgit Stiller,
Ömer Bayraktar,
Christian R. Müller,
Karen Saucke,
Daniel Tröndle,
Frank Heine,
Stefan Seel,
Peter Greulich,
Herwig Zech,
Björn Gütlich,
Sabine Philipp-May,
Christoph Marquardt,
Gerd Leuchs
Abstract:
The measurement of quantum signals that traveled through long distances is of fundamental and technological interest. We present quantum-limited coherent measurements of optical signals, sent from a satellite in geostationary Earth orbit to an optical ground station. We bound the excess noise that the quantum states could have acquired after having propagated 38600 km through Earth's gravitational…
▽ More
The measurement of quantum signals that traveled through long distances is of fundamental and technological interest. We present quantum-limited coherent measurements of optical signals, sent from a satellite in geostationary Earth orbit to an optical ground station. We bound the excess noise that the quantum states could have acquired after having propagated 38600 km through Earth's gravitational potential as well as its turbulent atmosphere. Our results indicate that quantum communication is feasible in principle in such a scenario, highlighting the possibility of a global quantum key distribution network for secure communication.
△ Less
Submitted 27 February, 2017; v1 submitted 11 August, 2016;
originally announced August 2016.
-
Satellite Quantum Communication via the Alphasat Laser Communication Terminal
Authors:
Dominique Elser,
Kevin Günthner,
Imran Khan,
Birgit Stiller,
Christoph Marquardt,
Gerd Leuchs,
Karen Saucke,
Daniel Tröndle,
Frank Heine,
Stefan Seel,
Peter Greulich,
Herwig Zech,
Björn Gütlich,
Ines Richter,
Rolf Meyer
Abstract:
By harnessing quantum effects, we nowadays can use encryption that is in principle proven to withstand any conceivable attack. These fascinating quantum features have been implemented in metropolitan quantum networks around the world. In order to interconnect such networks over long distances, optical satellite communication is the method of choice. Standard telecommunication components allow one…
▽ More
By harnessing quantum effects, we nowadays can use encryption that is in principle proven to withstand any conceivable attack. These fascinating quantum features have been implemented in metropolitan quantum networks around the world. In order to interconnect such networks over long distances, optical satellite communication is the method of choice. Standard telecommunication components allow one to efficiently implement quantum communication by measuring field quadratures (continuous variables). This opens the possibility to adapt our Laser Communication Terminals (LCTs) to quantum key distribution (QKD). First satellite measurement campaigns are currently validating our approach.
△ Less
Submitted 15 October, 2015;
originally announced October 2015.
-
Bypassing Cloud Providers' Data Validation to Store Arbitrary Data
Authors:
Guilherme Sperb Machado,
Fabio Hecht,
Martin Waldburger,
Burkhard Stiller
Abstract:
A fundamental Software-as-a-Service (SaaS) characteristic in Cloud Computing is to be application-specific; depending on the application, Cloud Providers (CPs) restrict data formats and attributes allowed into their servers via a data validation process. An ill-defined data validation process may directly impact both security (e.g. application failure, legal issues) and accounting and charging (e.…
▽ More
A fundamental Software-as-a-Service (SaaS) characteristic in Cloud Computing is to be application-specific; depending on the application, Cloud Providers (CPs) restrict data formats and attributes allowed into their servers via a data validation process. An ill-defined data validation process may directly impact both security (e.g. application failure, legal issues) and accounting and charging (e.g. trusting metadata in file headers). Therefore, this paper investigates, evaluates (by means of tests), and discusses data validation processes of popular CPs. A proof of concept system was thus built, implementing encoders carefully crafted to circumvent data validation processes, ultimately demonstrating how large amounts of unaccounted, arbitrary data can be stored into CPs.
△ Less
Submitted 9 April, 2014;
originally announced April 2014.