Papers
Topics
Authors
Recent
Detailed Answer
Quick Answer
Concise responses based on abstracts only
Detailed Answer
Well-researched responses based on abstracts and relevant paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses
Gemini 2.5 Flash
Gemini 2.5 Flash 54 tok/s
Gemini 2.5 Pro 50 tok/s Pro
GPT-5 Medium 18 tok/s Pro
GPT-5 High 31 tok/s Pro
GPT-4o 105 tok/s Pro
Kimi K2 182 tok/s Pro
GPT OSS 120B 466 tok/s Pro
Claude Sonnet 4 40 tok/s Pro
2000 character limit reached

Poisoning Prevention in Federated Learning and Differential Privacy via Stateful Proofs of Execution (2404.06721v4)

Published 10 Apr 2024 in cs.CR

Abstract: The rise in IoT-driven distributed data analytics, coupled with increasing privacy concerns, has led to a demand for effective privacy-preserving and federated data collection/model training mechanisms. In response, approaches such as Federated Learning (FL) and Local Differential Privacy (LDP) have been proposed and attracted much attention over the past few years. However, they still share the common limitation of being vulnerable to poisoning attacks wherein adversaries compromising edge devices feed forged (a.k.a. poisoned) data to aggregation back-ends, undermining the integrity of FL/LDP results. In this work, we propose a system-level approach to remedy this issue based on a novel security notion of Proofs of Stateful Execution (PoSX) for IoT/embedded devices' software. To realize the PoSX concept, we design SLAPP: a System-Level Approach for Poisoning Prevention. SLAPP leverages commodity security features of embedded devices - in particular ARM TrustZoneM security extensions - to verifiably bind raw sensed data to their correct usage as part of FL/LDP edge device routines. As a consequence, it offers robust security guarantees against poisoning. Our evaluation, based on real-world prototypes featuring multiple cryptographic primitives and data collection schemes, showcases SLAPP's security and low overhead.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (60)
  1. C-flat: control-flow attestation for embedded systems software. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 743–754, 2016.
  2. Zahir Alsulaimawi. Securing federated learning with control-flow attestation: A novel framework for enhanced integrity and resilience against adversarial attacks. arXiv preprint arXiv:2403.10005, 2024.
  3. Anonymous Authors. Slapp repo. https://github.com/norrathep/SLAPP.
  4. A secure and reliable bootstrap architecture. In Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No. 97CB36097), pages 65–71. IEEE, 1997.
  5. Tytan: Tiny trust anchor for tiny devices. In DAC. ACM, 2015.
  6. Understanding distributed poisoning attack in federated learning. In 2019 IEEE 25th International Conference on Parallel and Distributed Systems (ICPADS), pages 233–239. IEEE, 2019.
  7. Data poisoning attacks to local differential privacy protocols. In 30th USENIX Security Symposium (USENIX Security 21), pages 947–964, 2021.
  8. Asap: Reconciling asynchronous real-time operations and proofs of execution in simple embedded systems. In DAC (to appear), 2022.
  9. Acfa: Secure runtime auditing & guaranteed device healing via active control flow attestation. In 32nd USENIX Security Symposium (USENIX Security 23), 2023.
  10. Soteria: Automated {{\{{IoT}}\}} safety and security analysis. In 2018 USENIX Annual Technical Conference (USENIX ATC 18), pages 147–158, 2018.
  11. A training-integrity privacy-preserving federated learning scheme with trusted execution environment. Information Sciences, 522:69–79, 2020.
  12. VRASED: A verified hardware/software co-design for remote attestation. In 28th USENIX Security Symposium (USENIX Security 19), pages 1429–1446, 2019.
  13. APEX: A verified architecture for proofs of execution on remote devices under full software compromise. In 29th USENIX Security Symposium (USENIX Security 20), 2020.
  14. Tiny-cfa: Minimalistic control-flow attestation using verified proofs of execution. In 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE), pages 641–646. IEEE, 2021.
  15. Dialed: Data integrity attestation for low-end embedded devices. In 2021 58th ACM/IEEE Design Automation Conference (DAC), pages 313–318. IEEE, 2021.
  16. Piet De Vaere. Fine-Grained Access Control For Sensors, Actuators, and Automation Networks. PhD thesis, ETH Zurich, 2023.
  17. Litehax: lightweight hardware-assisted attestation of program execution. In 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pages 1–8. IEEE, 2018.
  18. Lo-fat: Low-overhead control flow attestation in hardware. In Proceedings of the 54th Annual Design Automation Conference 2017, pages 1–6, 2017.
  19. Collecting telemetry data privately. Advances in Neural Information Processing Systems, 30, 2017.
  20. Hydra: hybrid design for remote attestation (using a formally verified microkernel). In Proceedings of the 10th ACM Conference on Security and Privacy in wireless and Mobile Networks, pages 99–110. ACM, 2017.
  21. SMART: Secure and minimal architecture for (establishing dynamic) root of trust. In NDSS, volume 12, pages 1–15, 2012.
  22. Rappor: Randomized aggregatable privacy-preserving ordinal response. In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, pages 1054–1067, 2014.
  23. Local model poisoning attacks to {{\{{Byzantine-Robust}}\}} federated learning. In 29th USENIX security symposium (USENIX Security 20), pages 1605–1622, 2020.
  24. “it wouldn’t happen to me”: Privacy concerns and perspectives following the cambridge analytica scandal. International Journal of Human-Computer Studies, 143:102498, 2020.
  25. Enforcing the gdpr. In European Symposium on Research in Computer Security, pages 400–422. Springer, 2023.
  26. Armed sphincs: Computing a 41 kb signature in 16 kb of ram. In Public-Key Cryptography–PKC 2016: 19th IACR International Conference on Practice and Theory in Public-Key Cryptography, Taipei, Taiwan, March 6-9, 2016, Proceedings, Part I, pages 446–470. Springer, 2016.
  27. Distributed anomaly detection in smart grids: a federated learning-based approach. IEEE Access, 11:7157–7179, 2023.
  28. Viceroy: Gdpr-/ccpa-compliant enforcement of verifiable accountless consumer requests. NDSS, 2023.
  29. TrustLite: A security architecture for tiny embedded devices. In EuroSys. ACM, 2014.
  30. Federated learning: Strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492, 2016.
  31. The impact of gdpr on global technology development, 2019.
  32. Fine-grained poisoning attack to local differential privacy protocols for mean and variance estimation. In 32nd USENIX Security Symposium (USENIX Security 23), pages 1739–1756, 2023.
  33. Shieldfl: Mitigating model poisoning attacks in privacy-preserving federated learning. IEEE Transactions on Information Forensics and Security, 17:1639–1654, 2022.
  34. Flicker: An execution infrastructure for tcb minimization. In Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pages 315–328, 2008.
  35. Security and privacy challenges in the smart grid. IEEE security & privacy, 7(3):75–77, 2009.
  36. Microchip Technology Inc. Saml11 xplained pro evaluation kit. https://estore.st.com/en/nucleo-l552ze-q-cpn.html.
  37. Secure key-distribution in iot cloud networks. In 2017 Third International Conference on Sensing, Signal Processing and Security (ICSSS), pages 197–202. IEEE, 2017.
  38. Private memoirs of a smart meter. In Proceedings of the 2nd ACM workshop on embedded sensing systems for energy-efficiency in building, pages 61–66, 2010.
  39. Towards quantifying the cost of a secure iot: Overhead and energy consumption of ecc signatures on an arm-based device. In 2016 IEEE 17th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM), pages 1–6. IEEE, 2016.
  40. Antonio Joia Neto and Ivan De Oliveira Nunes. Isc-flat: On the conflict between control flow attestation and real-time operations. In 2023 IEEE 29th Real-Time and Embedded Technology and Applications Symposium (RTAS), pages 133–146. IEEE, 2023.
  41. Streaming sphincs+ for embedded devices using the example of tpms. In International Conference on Cryptology in Africa, pages 269–291. Springer, 2022.
  42. Sancus 2.0: A low-cost security architecture for iot devices. ACM Transactions on Privacy and Security (TOPS), 20(3):1–33, 2017.
  43. Privacy-from-birth: Protecting sensed data from malicious sensors with versa. In 2022 IEEE Symposium on Security and Privacy (SP), pages 2413–2429. IEEE, 2022.
  44. Towards remotely verifiable software integrity in resource-constrained iot devices. IEEE Communications Magazine, 2024.
  45. Avani Dave Nilanjan Banerjee Chintan Patel. Rares: Runtime attack resilient embedded system design using verified proof-of-execution. arXiv preprint arXiv:2305.03266, 2023.
  46. Demystifying arm trustzone: A comprehensive survey. ACM computing surveys (CSUR), 51(6):1–36, 2019.
  47. Tamper resistance mechanisms for secure embedded systems. In VLSI Design, 2004.
  48. Crowdguard: Federated backdoor detection in federated learning. arXiv preprint arXiv:2210.07714, 2022.
  49. Tjerand Silde. Comparative study of ecc libraries for embedded devices. Norwegian University of Science and Technology, Tech. Rep, 2019.
  50. Fl-wbc: Enhancing robustness against model poisoning attacks in federated learning from a client perspective. Advances in Neural Information Processing Systems, 34:12613–12624, 2021.
  51. Oat: Attesting operation integrity of embedded devices. In IEEE S&P, 2020.
  52. ScaRR: Scalable runtime remote attestation for complex systems. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pages 121–134, 2019.
  53. Data poisoning attacks against federated learning systems. In European Symposium on Research in Computer Security, pages 480–501. Springer, 2020.
  54. Trusted Computing Group. Trusted platform module (tpm), 2017.
  55. Mitigating poisoning attack in federated learning. In 2021 IEEE Symposium Series on Computational Intelligence (SSCI), pages 01–07. IEEE, 2021.
  56. ARI: Attestation of real-time mission execution integrity. In 32nd USENIX Security Symposium (USENIX Security 23), pages 2761–2778, 2023.
  57. Poisoning attacks to local differential privacy protocols for Key-Value data. In 31st USENIX Security Symposium (USENIX Security 22), pages 519–536, 2022.
  58. The effect of the gdpr on privacy policies: Recent progress and future promise. ACM Transactions on Management Information Systems (TMIS), 12(1):1–20, 2020.
  59. Atrium: Runtime attestation resilient under memory attacks. In 2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pages 384–391. IEEE, 2017.
  60. ReCFA: resilient control-flow attestation. In Annual Computer Security Applications Conference, pages 311–322, 2021.
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Follow-Up Questions

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets