Dr. Gergely Ács
Associate Professor
acs (at) crysys.hu
web: www.crysys.hu/~acs/
twitter: @gergelyacs
office: I.E. 430
tel: +36 1 463 2080
Current courses | Student projects | Publications
Short Bio
Gergely ÁCS received the M.Sc. and Ph.D. degree in Computer Science from the Budapest University of Technology and Economics (BME), where he conducted research in the Laboratory of Cryptography and System Security (CrySyS). Currently, he is an assistant professor at Budapest University of Technology and Economics (BME), in Hungary. Before that, he was a post-doc and then research engineer in Privatics Team at INRIA, in France. His general research interests include data privacy and security.
Current Courses
IT Security (VIHIAC01)
This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.
IT Security (in English) (VIHIAC01)
This BSc course gives an overview of the different areas of IT security with the aim of increasing the security awareness of computer science students and shaping their attitude towards designing and using secure computing systems. The course prepares BSc students for security challenges that they may encounter during their professional career, and at the same time, it provides a basis for those students who want to continue their studies at MSc level (taking, for instance, our IT Security minor specialization). We put special emphasis on software security and the practical aspects of developing secure programs.
Software Security (VIHIMA21)
This course introduces security problems in software development: students will learn the most common mistakes in software development and how attackers exploit those mistakes (offensive security). Then, students get to know how to mitigate attacks and write secure applications.
Software Security Laboratory (VIHIMA22)
This laboratory extends and deepens the knowledge and skills obtained in the Software Security course by solving practical, hands-on exercises in real, or close-to-real environments.
Security in Machine Learning (VIHIAV45)
This elective course gives an overview of the different areas of Machine Learning security by processing state-of-the-art and cutting-edge research papers in related fields. The course is interactive, where each student presents a selected topic, i.e., it also focuses on developing "soft skills" such as a scientific presentation.
Privacy-Preserving Technologies (VIHIAV35)
This course provides a detailed overview of data privacy. It focuses on different privacy problems of web tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the essential (technical) background knowledge needed to identify and protect personal data. These skills are becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive data, and are also required by the European General Data Protection Regulation.
Student Project Proposals
Privacy & Anonymization
The word privacy is derived from the Latin word "privatus" which means set apart from what is public, personal and belonging to oneself, and not to the state. There are multiple angles of privacy and multiple techniques to improve them to varying extent. Students can work on the following topics:
-
(De-)Anonymization of Medical Data:
ECG (Electrocardiogram) and CTG (Cardiotocography), diagnostic images (MRI, X-ray), are very sensitive datasets containing the medical records of individuals.The task is to (de-)anonymize such datasets (or some aggregates computed over such data) for data sharing with strong, preferably provable privacy guarantees which are also GDPR compliant.
(Contact: Gergely Ács) -
Poisoning Differential Privacy:
Differential Privacy is the de facto privacy model used to anonymize datasets (see US-Census data). Small noise is added to the data which hides the participation of any single individual in the dataset, but not the general statistics of the population as a whole. The noise is calibrated to the influence of any record. However, if the data is coming from untrusted sources, the attacker can inject fake records into the dataset in order to increase the added noise that eventually degrades the utility of the anonymized data. The task is to design and implement such an attack.
(Contact: Gergely Ács) -
Differential Privacy Amplification:
Nowadays, the standard privacy-preserving mechanism is Differential Privacy. It aims to hide the presence or the absence of a data point in the final result by adding noise to the original query, making the two outcomes (one with and one without a single data point) statistically indistinguishable (up to the privacy- parameter). For example, the average salary of BME last year's graduates are published with added noise, so even if an adversary knows all alums' salaries except its target, it cannot deduce that with certainty.
Besides the size of the added noise, privacy protection can further be increased by so-called amplification techniques, such as sampling from the data (instead of utilizing all). For instance, only half of the alums are considered for this statistic.
The student's task is to learn and experiment with these amplification techniques and to find the optimal setting (amplification mechanisms and its parameters) to obtain a desirable trade-off between the provided privacy protection and the obtained accuracy.
(Contact: Balázs Pejó) -
Own idea:
If you have any own project idea related to data privacy, and we find it interesting, you can work on that under our guidance.
(Contact: Gergely Ács or Balázs Pejó)
Required skills: none
Preferred skills: basic programming skills (e.g., python)
Machine Learning & Security & Privacy
Machine Learning (Artificial Intelligence) has become undisputedly popular in recent years. The number of security critical applications of machine learning has been steadily increasing over the years (self-driving cars, user authentication, decision support, profiling, risk assessment, etc.). However, there are still many open security problems of machine learning. Students can work on the following topics:
-
Security of Machine learning based Malware Detection:
Adversarial examples are maliciously modified program code where the modification is hard to detect yet the prediction of the model on this slightly modified code is very different compared to the unmodified code. For example, the malware developer modifies a few bytes in the malware binary which causes the malware detector to misclassify the malware as benign. A potential task can be to develop solutions to detect adversarial examples, develop robust training algorithms for malware detection, or design backdoor and membership attacks.
(Contact: Gergely Ács) - Robustness of Large Language Models: Large Language Models (LLMs) are a new class of machine learning models that are trained on large text corpora. They are capable of generating text that is indistinguishable from human-written text. The increasing reliance on Large Language Models (LLMs) across academia and industry necessitates a comprehensive understanding of their robustness to prompts. The task is to study and test different adversarial prompts against LLMs (such as adversarial attacks, or prompt injection, or any other adversarial prompts). (Contact: Gergely Ács)
-
Application of Large Language Models to solve Security/Privacy Problems:
It has been shown that Large Language Models (LLMs) can also solve simple classification problems with few shot learning.
The task is to study the application of Large Language Models (LLMs) to solve security/privacy problems, such as anomaly detection, malware detection, or anonymization.
(Contact: Gergely Ács) -
Testing Data Inference:
In Machine Learning, the underlying data is separated into training and testing, where the model is trained on the former to make an accurate prediction. Yet, besides general patterns, the model could learn explicit information corresponding to specific training data points, which could lead to privacy leakage. For instance, it is possible to determine whether a particular sample was used for training via a Membership Inference Attack. It takes advantage of the confidence values of the prediction: a model predicts more confidently on samples it was trained than on samples it has never seen before.
The student's task is to learn about state-of-the-art privacy attacks, which single-mindedly aim at the training data. Inspired by them, it is desired to adopt or create novel techniques to infer details about the dataset used for testing (if possible).
(Contact: Balázs Pejó) -
Meta Learning:
In online media, there is legit news as well as fake news. While the former is usually of higher quality, the latter is often associated with low-quality writing. Several machine learning models focus on classifying these two in the scientific literature. Moreover, in the scientific literature itself, there are lower and higher-quality publications as well.
The student's task is to get familiar with these models and experiment with their applicability to differentiate non-peer-reviewed scientific papers (e.g., on ArXiv) from articles that appeared in well-established venues (such as S&P, CCS, etc.).
(Contact: Balázs Pejó) -
Improving Machine Learning by Preclassification:
In a classical Machine Learning scenario, data (e.g., traffic signs) is fed in random order into the model (e.g., traffic sign predictor) for every training iteration. While the model would eventually learn the difference between each data class (e.g., traffic sign type), randomly feeding the data into the model might slow the learning process: one would think it would be faster to differentiate between the very distinct data classes (e.g., the Stop sign has a unique shape) first (i.e., early training rounds) and latter (i.e., later training rounds) focus on the more similar classes (e.g., the Speed Limit 100 and 120).
On the other hand, the model does not know which classes are similar or distinct before training. In fact, this is what it aims to learn in the first place.
The student's task is to review the previous research efforts toward solving this chicken-egg problem and to propose and implement a novel speed-up solution.
(Contact: Balázs Pejó) -
Own idea:
If you have any own project idea related to the security/privacy of machine learning, and we find it interesting, you can work on that under our guidance.
(Contact: Gergely Ács or Balázs Pejó)
Required skills: none
Preferred skills: basic programming skills (e.g., python), machine learning (not required)
Federated Learning - Security & Privacy & Contribution Scores
Federated learning enables multiple actors to build a common, robust machine learning model without sharing data, thus allowing to address critical issues such as data privacy, data security, data access rights and access to heterogeneous data. Its applications are spread over a number of industries including defense, telecommunications, IoT, and pharmaceutics. Students can work on the following topics:
-
Security and Privacy of Federated Learning:
Federated learning allows multiple parties to collaborate in order to train a common model, by only sharing model updates instead of their training data (e.g., mobile devices train a common model for input text prediction, or hospitals train a better model for tumor classification). Even if this architecture seems more privacy-preserving at first sight, recent works have highlighted numerous privacy and security attacks to infer private and sensitive information. The task is to develop privacy and/or security attacks against federated learning (data poisoning, backdoors, reconstruction attacks), and/or mitigate these attacks.
(Contact: Gergely Ács) -
Federated Learning Framework for Medical Data:
Federated learning is going to be adopted in health care, where different organizations want to train a common model for different purposes (tumor/disease classification, prediction of survival time, finding an explainable pattern of Covid on whole slide images of livers, etc.) but organizations lack of sufficient training data individually. The task is to develop federated learning framework for such tasks.
(Contact: Gergely Ács) -
Robust Federated Learning:
In a classical Machine Learning scenario, data (e.g., textual) is fed into the model (e.g., next-word predictor) for training. The larger this dataset, the greater the prediction power of the trained model. However, in many real-world applications, no central dataset is available for training, but smaller pieces are scattered among various entities (e.g., on mobile phones). A model trained on small local datasets might be biased or have low accuracy. Hence, it is desired to train a joint model collaboratively.
Due to various privacy regulations, directly sharing sensitive data (e.g., text messages) is not feasible. Federated Learning tackles such a distributed setup where multiple entities (e.g., mobile devices) train a single machine learning model together (e.g., next-word predictor) based on their overall dataset, which is never shared with other participants.
On the other hand, the participants could be malicious. Their goal could vary from performance degradation to increasing/decreasing the occurrence of desired strings (e.g., Adidas). There are several techniques to mitigate the effect of the malicious participants in Federated Learning; some work in the client selection phase, while others work in the aggregation phase.
The student's task is to explore these techniques, experiment with them and propose an optimal solution that combines several.
(Contact: Balázs Pejó) -
Free RIder Detection using Attacks (FRIDA):
In Machine Learning, the model is designed to learn patterns from a dataset based on which it should make its prediction. However, besides general patterns, the model could learn explicit information corresponding to specific data points, which could lead to privacy leakage. Such leakage could be revealed with Membership Inference Attack, which determines whether a particular data sample was used for training.
In Federated Learning, multiple individuals train a single model together in a privacy-friendly way, i.e., their underlying datasets remain hidden from the other participants. As a consequence of this distributed setup, dishonest participants might behave maliciously by free-riding (enjoying the commonly trained model while not contributing to it).
The student's interdisciplinary task is to read about the Membership Inference Attacks and the free-riding problem in Federated Learning. Furthermore, to propose a framework that connects the two, i.e., use Membership Inference Attack to determine whether the participant used actual data or just random noise during training.
(Contact: Balázs Pejó) -
Capture the Fairness/Robustness/Accuracy/Privacy Trade-Off (FRAP):
The chief goal of today's Machine Learning models is Accuracy: the higher this value, the better the model. This is a vast overlook, as there are several other objectives a Machine Learning model should be optimized for, such as Robustness, Fairness, and Privacy.
Robustness captures how resistant the model is towards hostile behavior, e.g., injecting malicious samples in the training set. For instance, misclassifying 1% of the Stop signs as Give Way in autonomous driving is more desirable than only misclassifying 0.1% as Speed Limit 100.
Fairness considers the model's behavior on different subgroups of the population. For example, a face recognition software with 99% accuracy over the whole population could be more desirable than another with 99.9% accuracy overall but with 50% on a small ethnic group.
Finally, Privacy deals with undesired information leakage: a model with superior performance might leak a severe portion of its training data. In contrast, another with decent performance only reveals a negligible amount.
As highlighted above, there are clear connections between Accuracy and the three mentioned aspects. Additionally, there are initial research papers on any triad with Accuracy. Yet, other combinations are unexplored. The student's task is to select two (from Robustness, Privacy, and Fairness) and measure their effect on each other. A Game-theoretic model is desired to determine the optimal setting based on some predefined incentives.
(Contact: Balázs Pejó ot (Contact: Gergely Biczók) -
Fairness of Shapley Approximations:
In any distributed setting with a single common product, such as in Federated Learning (where multiple participants train a Machine Learning model together in a privacy-friendly way), the contribution of the individuals is a crucial question. For instance, when several pharmaceutical companies train a model together, which leads to a huge breakthrough, how should they split the pay-off corresponding to the model?
Equal distribution is as unfair as the one based on the dataset sizes, as neither considers the data quality. What does fair mean in the first place? Shapley defined four fundamental fairness properties and proved that his reward allocation scheme is the only one that satisfies all. On the other hand, it is exponentially hard to compute, so it is standard practice to approximate it in real life.
The student's task is to study existing approximation methods and verify (theoretically or empirically) to what extent these methods respect the four desired properties.
(Contact: Balázs Pejó or Gergely Biczók) -
Own idea:
If you have any own project idea related to the security/privacy of federated learning, and we find it interesting, you can work on that under our guidance.
(Contact: Gergely Ács or Balázs Pejó or Gergely Biczók)
Required skills: none
Preferred skills: basic programming skills (e.g., python), machine learning (not required)
Publications
2023
Industry-Scale Orchestrated Federated Learning for Drug Discovery
M. Oldenhof and G. Ács and B. Pejo and A. Schuffenhauer and N. Holway and N. Sturm and A. Dieckmann and O. Fortmeier and E. Boniface and C. Mayer and A. Gohier and P. Schmidtke and R. Niwayama and D. Kopecky and L. Mervin and P. C. Rathi and L. Friedrich and A. Formanek and P. Antal and J. Rahaman and A. Zalewski and W. Heyndrickx and E. Oluoch and M. Stößel and M. Van?o and D. Endico and F. Gelus and T. de Boisfossé and A. Darbier and A. Nicollet and M. Blottière and M. Telenczuk and V. T. Nguyen and T. Martinez and C. Boillet and K. Moutet and A. Picosson and A. Gasser and I. Djafar and A. Simon and Ádám Arany and J. Simm and Y. Moreau and O. Engkvist and H. Ceulemans and C. Marini and M. Galtier
Proceedings of the AAAI Conference on Artificial Intelligence, 2023.
Bibtex | Abstract | PDF | Link
@inproceedings {
author = {Martijn Oldenhof and Gergely Ács and Balazs Pejo and A. Schuffenhauer and N. Holway and N. Sturm and A. Dieckmann and O. Fortmeier and E. Boniface and C. Mayer and A. Gohier and P. Schmidtke and R. Niwayama and D. Kopecky and L. Mervin and P. C. Rathi and L. Friedrich and A. Formanek and P. Antal and J. Rahaman and A. Zalewski and W. Heyndrickx and E. Oluoch and M. Stößel and M. Van?o and D. Endico and F. Gelus and T. de Boisfossé and A. Darbier and A. Nicollet and M. Blottière and M. Telenczuk and V. T. Nguyen and T. Martinez and C. Boillet and K. Moutet and A. Picosson and A. Gasser and I. Djafar and A. Simon and Ádám Arany and J. Simm and Y. Moreau and O. Engkvist and H. Ceulemans and C. Marini and M. Galtier},
title = {Industry-Scale Orchestrated Federated Learning for Drug Discovery},
booktitle = {Proceedings of the AAAI Conference on Artificial Intelligence},
year = {2023},
howpublished = "\url{https://ojs.aaai.org/index.php/AAAI/article/view/26847}"
}
Keywords
Federated Learning, Drug Discovery, Privacy Preserving, Industry-scaleAbstract
To apply federated learning to drug discovery we developed a novel platform in the context of European Innovative Medicines Initiative (IMI) project MELLODDY (grant n°831472), which was comprised of 10 pharmaceutical companies, academic research labs, large industrial companies and startups. The MELLODDY platform was the first industry-scale platform to enable the creation of a global federated model for drug discovery without sharing the confidential data sets of the individual partners. The federated model was trained on the platform by aggregating the gradients of all contributing partners in a cryptographic, secure way following each training iteration. The platform was deployed on an Amazon Web Services (AWS) multi-account architecture running Kubernetes clusters in private subnets. Organisationally, the roles of the different partners were codified as different rights and permissions on the platform and administrated in a decentralized way. The MELLODDY platform generated new scientific discoveries which are described in a companion paper.MELLODDY: Cross-pharma Federated Learning at Unprecedented Scale Unlocks Benefits in QSAR without Compromising Proprietary Information
W. Heyndrickx and L. Mervin and T. Morawietz and N. Sturm and L. Friedrich and A. Zalewski and A. Pentina and L. Humbeck and M. Oldenhof and R. Niwayama and P. Schmidtke and N. Fechner and J. Simm and A. Arany and N. Drizard and R. Jabal and A. Afanasyeva and R. Loeb and S. Verma and S. Harnqvist and M. Holmes and B. Pejo and M. Telenczuk and N. Holway and A. Dieckmann and N. Rieke and F. Zumsande and D.-A. Clevert and M. Krug and C. Luscombe and D. Green and P. Ertl and P. Antal and D. Marcus and N. D. Huu and H. Fuji and S. Pickett and G. Ács and E. Boniface and B. Beck and Y. Sun and A. Gohier and F. Rippmann and O. Engkvist and A. H. Göller and Y. Moreau and M. N. Galtier and A. Schuffenhauer and H. Ceulemans
Machine Learning in Bio-cheminformatics, 2023.
Bibtex | Abstract | PDF | Link
@article {
author = {Wouter Heyndrickx and Lewis Mervin and Tobias Morawietz and Noé Sturm and Lukas Friedrich and Adam Zalewski and Anastasia Pentina and Lina Humbeck and Martijn Oldenhof and Ritsuya Niwayama and Peter Schmidtke and Nikolas Fechner and Jaak Simm and Adam Arany and Nicolas Drizard and Rama Jabal and Arina Afanasyeva and Regis Loeb and Shlok Verma and Simon Harnqvist and Matthew Holmes and Balazs Pejo and Maria Telenczuk and Nicholas Holway and Arne Dieckmann and Nicola Rieke and Friederike Zumsande and Djork-Arné Clevert and Michael Krug and Christopher Luscombe and Darren Green and Peter Ertl and Peter Antal and David Marcus and Nicolas Do Huu and Hideyoshi Fuji and Stephen Pickett and Gergely Ács and Eric Boniface and Bernd Beck and Yax Sun and Arnaud Gohier and Friedrich Rippmann and Ola Engkvist and Andreas H. Göller and Yves Moreau and Mathieu N. Galtier and Ansgar Schuffenhauer and Hugo Ceulemans},
title = {MELLODDY: Cross-pharma Federated Learning at Unprecedented Scale Unlocks Benefits in QSAR without Compromising Proprietary Information},
journal = {Machine Learning in Bio-cheminformatics},
year = {2023},
howpublished = "\url{https://pubs.acs.org/doi/10.1021/acs.jcim.3c00799}"
}
Abstract
Federated multipartner machine learning has been touted as an appealing and efficient method to increase the effective training data volume and thereby the predictivity of models, particularly when the generation of training data is resource- intensive. In the landmark MELLODDY project, indeed, each of ten pharmaceutical companies realized aggregated improvements on its own classification or regression models through federated learning. To this end, they leveraged a novel implementation extending multitask learning across partners, on a platform audited for privacy and security. The experiments involved an unprecedented cross-pharma data set of 2.6+ billion confidential experimental activity data points, documenting 21+ million physical small molecules and 40+ thousand assays in on-target and secondary pharmacodynamics and pharmacokinetics. Appropriate complementary metrics were developed to evaluate the predictive performance in the federated setting. In addition to predictive performance increases in labeled space, the results point toward an extended applicability domain in federated learning. Increases in collective training data volume, including by means of auxiliary data resulting from single concentration high-throughput and imaging assays, continued to boost predictive performance, albeit with a saturating return. Markedly higher improvements were observed for the pharmacokinetics and safety panel assay-based task subsets.Privacy pitfalls of releasing in-vehicle network data
A. Gazdag and Sz. Lestyán and M. Remeli and G. Ács and T. Holczer and G. Biczók
Vehicular Communications, 2023.
Bibtex | Abstract | PDF | Link
@article {
author = {András Gazdag and Szilvia Lestyan and Mina Remeli and Gergely Ács and Tamas Holczer and Gergely Biczók},
title = {Privacy pitfalls of releasing in-vehicle network data},
journal = {Vehicular Communications},
year = {2023},
howpublished = "\url{https://www.sciencedirect.com/science/article/pii/S2214209622001127?via%3Dihub}"
}
Keywords
In-vehicle network data; Privacy attacks; Driver re-identification; Trajectory reconstruction; Anonymization; Differential privacyAbstract
The ever-increasing volume of vehicular data has enabled different service providers to access and monetize in-vehicle network data of millions of drivers. However, such data often carry personal or even potentially sensitive information, and therefore service providers either need to ask for drivers\' consent or anonymize such data in order to comply with data protection regulations. In this paper, we show that both fine-grained consent control as well as the adequate anonymization of in-network vehicular data are very challenging. First, by exploiting that in-vehicle sensor measurements are inherently interdependent, we are able to effectively i) re-identify a driver even from the raw, unprocessed CAN data with 97% accuracy, and ii) reconstruct the vehicle's complete location trajectory knowing only its speed and steering wheel position. Since such signal interdependencies are hard to identify even for data controllers, drivers' consent will arguably not be informed and hence may become invalid. Second, we show that the non-systematic application of different standard anonymization techniques (e.g., aggregation, suppression, signal distortion) often results in volatile, empirical privacy guarantees to the population as a whole but fails to provide a strong, worst-case privacy guarantee to every single individual. Therefore, we advocate the application of principled privacy models (such as Differential Privacy) to anonymize data with strong worst-case guarantee.2022
Collaborative Drug Discovery: Inference-level Privacy Perspective
B. Pejo and M. Remeli and Á. Arany and M. Galtier and G. Ács
Transactions on Data Privacy (TDP), vol. 15, 2022.
Bibtex | Abstract | PDF | Link
@article {
author = {Balazs Pejo and Mina Remeli and Ádám Arany and Mathieu Galtier and Gergely Ács},
title = {Collaborative Drug Discovery: Inference-level Privacy Perspective},
journal = {Transactions on Data Privacy (TDP)},
volume = {15},
year = {2022},
howpublished = "\url{http://www.tdp.cat/issues21/abs.a449a21.php}"
}
Abstract
Pharmaceutical industry can better leverage its data assets to virtualize drug discovery through a collaborative machine learning platform. On the other hand, there are non-negligible risks stemming from the unintended leakage of participants' training data, hence, it is essential for such a platform to be secure and privacy-preserving. This paper describes a privacy risk assessment for collaborative modeling in the preclinical phase of drug discovery to accelerate the selection of promising drug candidates. After a short taxonomy of state-of-the-art inference attacks we adopt and customize several to the underlying scenario. Finally we describe and experiments with a handful of relevant privacy protection techniques to mitigate such attacks.In search of lost utility: private location data
Sz. Lestyán and G. Ács and G. Biczók
Privacy Enhancing Technologies Symposium (PETS), 2022.
Bibtex | Abstract | PDF | Link
@conference {
author = {Szilvia Lestyan and Gergely Ács and Gergely Biczók},
title = {In search of lost utility: private location data},
booktitle = {Privacy Enhancing Technologies Symposium (PETS)},
year = {2022},
howpublished = "\url{https://arxiv.org/pdf/2008.01665.pdf}"
}
Keywords
Location data anonymization, Differential Privacy, Generative ModelsAbstract
The unavailability of training data is a permanent source of much frustration in research, especially when it is due to privacy concerns. This is particularly true for location data since previous techniques all suffer from the inherent sparseness and high dimensionality of location trajectories which render most techniques impractical, resulting in unrealistic traces and unscalable methods. Moreover, time information of location visits is usually dropped, or its resolution is drastically reduced. In this paper we present a novel technique for privately releasing a composite generative model and whole high-dimensional location datasets with detailed time information. To generate high-fidelity synthetic data, we leverage several peculiarities of vehicular mobility such as its language-like characteristics ("you should know a location by the company it keeps") or how humans plan their trips from one point to the other. We model the generator distribution of the dataset by first constructing a variational autoencoder to generate the source and destination locations, and the corresponding timing of trajectories. Next, we compute transition probabilities between locations with a feed forward network, and build a transition graph from the output of this model, which approximates the distribution of all paths between the source and destination (at a given time). Finally, a path is sampled from this distribution with a Markov Chain Monte Carlo method. The generated synthetic dataset is highly realistic, scalable, provides good utility and, nonetheless, provably private. We evaluate our model against two state-of-the-art methods and three real-life datasets demonstrating the benefits of our approach.SIMBIoTA-ML: Light-weight, Machine Learning-based Malware Detection for Embedded IoT Devices
D. Papp and G. Ács and R. Nagy and L. Buttyán
International Conference on Internet of Things, Big Data and Security (IoTBDS), 2022.
@conference {
author = {Dorottya Papp and Gergely Ács and Roland Nagy and Levente Buttyán},
title = {SIMBIoTA-ML: Light-weight, Machine Learning-based Malware Detection for Embedded IoT Devices},
booktitle = {International Conference on Internet of Things, Big Data and Security (IoTBDS)},
year = {2022}
}
Keywords
IoT, embedded systems, malware detection, machine learningAbstract
Embedded devices are increasingly connected to the Internet to provide new and innovative applications in many domains. However, these devices can also contain security vulnerabilities, which allow attackers to compromise them using malware. In this paper, we present SIMBIoTA-ML, a light-weight antivirus solution that enables embedded IoT devices to take advantage of machine learning-based malware detection. We show that SIMBIoTA-ML can respect the resource constraints of embedded IoT devices, and it has a true positive malware detection rate of ca. 95%, while having a low false positive detection rate at the same time. In addition, the detection process of SIMBIoTA-ML has a near-constant running time, which allows IoT developers to better estimate the delay introduced by scanning a file for malware, a property that is advantageous in real-time applications, notably in the domain of cyber-physical systems.2021
Compression Boosts Differentially Private Federated Learning
R. Kerkouche and G. Ács and C. Castelluccia and P. Geneves
IEEE European Symposium on Security and Privacy (Euro S&P), 2021, IEEE, 2021.
@inproceedings {
author = {Raouf Kerkouche and Gergely Ács and Claude Castelluccia and Pierre Geneves},
title = {Compression Boosts Differentially Private Federated Learning},
booktitle = {IEEE European Symposium on Security and Privacy (Euro S&P), 2021},
publisher = {IEEE},
year = {2021}
}
Abstract
Federated Learning allows distributed entities to train a common model collaboratively without sharing their own data. Although it prevents data collection and aggre- gation by exchanging only parameter updates, it remains vulnerable to various inference and reconstruction attacks where a malicious entity can learn private information about the participants’ training data from the captured gradients. Differential Privacy is used to obtain theoretically sound privacy guarantees against such inference attacks by noising the exchanged update vectors. However, the added noise is proportional to the model size which can be very large with modern neural networks. This can result in poor model quality. In this paper, compressive sensing is used to reduce the model size and hence increase model quality without sacrificing privacy. We show experimentally, using 2 datasets, that our privacy-preserving proposal can reduce the communication costs by up to 95% with only a negligible performance penalty compared to traditional non-private federated learning schemes.Constrained Differentially Private Federated Learning for Low-bandwidth Devices
R. Kerkouche and G. Ács and C. Castelluccia and P. Geneves
Conference on Uncertainty in Artificial Intellgience (UAI), 2021, 2021.
@inproceedings {
author = {Raouf Kerkouche and Gergely Ács and Claude Castelluccia and Pierre Geneves},
title = {Constrained Differentially Private Federated Learning for Low-bandwidth Devices},
booktitle = {Conference on Uncertainty in Artificial Intellgience (UAI), 2021},
year = {2021}
}
Abstract
Federated learning becomes a prominent approach when different entities want to learn collaboratively a common model without sharing their training data. However, Federated learning has two main drawbacks. First, it is quite bandwidth inefficient as it involves a lot of message exchanges between the aggregating server and the participating enti- ties. This bandwidth and corresponding processing costs could be prohibitive if the participating enti- ties are, for example, mobile devices. Furthermore, although federated learning improves privacy by not sharing data, recent attacks have shown that it still leaks information about the training data. This paper presents a novel privacy-preserving fed- erated learning scheme. The proposed scheme pro- vides theoretical privacy guarantees, as it is based on Differential Privacy. Furthermore, it optimizes the model accuracy by constraining the model learning phase on few selected weights. Finally, as shown experimentally, it reduces the upstream and downstream bandwidth by up to 99.9% compared to standard federated learning, making it practical for mobile systems.Measuring Contributions in Privacy-Preserving Federated Learning
G. Ács and G. Biczók and B. Pejo
ERCIM NEWS, vol. 126, 2021, pp. 35-36.
@article {
author = {Gergely Ács and Gergely Biczók and Balazs Pejo},
title = {Measuring Contributions in Privacy-Preserving Federated Learning},
journal = {ERCIM NEWS},
volume = {126},
year = {2021},
pages = {35-36},
howpublished = "\url{https://ercim-news.ercim.eu/en126/special/measuring-contributions-in-privacy-preserving-federated-learning}"
}
Abstract
How vital is each participant’s contribution to a collaboratively trained machine learning model? This is a challenging question to answer, especially if the learning is carried out in a privacy-preserving manner with the aim of concealing individual actions.Privacy of Aggregated Mobility Data
G. Ács and Sz. Lestyán and G. Biczók
Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg., Springer, 2021.
@inproceedings {
author = {Gergely Ács and Szilvia Lestyan and Gergely Biczók},
title = {Privacy of Aggregated Mobility Data},
booktitle = {Jajodia S., Samarati P., Yung M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg.},
publisher = {Springer},
year = {2021},
howpublished = "\url{https://doi.org/10.1007/978-3-642-27739-9_1575-1}"
}
Abstract
Privacy-Preserving and Bandwidth-Efficient Federated Learning: An Application to In-Hospital Mortality Prediction
R. Kerkouche and G. Ács and C. Castelluccia and P. Geneves
ACM Conference on Health, Inference, and Learning (CHIL), 2021, ACM, 2021.
@inproceedings {
author = {Raouf Kerkouche and Gergely Ács and Claude Castelluccia and Pierre Geneves},
title = {Privacy-Preserving and Bandwidth-Efficient Federated Learning: An Application to In-Hospital Mortality Prediction},
booktitle = {ACM Conference on Health, Inference, and Learning (CHIL), 2021},
publisher = {ACM},
year = {2021}
}
Abstract
Machine Learning, and in particular Federated Machine Learning, opens new perspectives in terms of medical research and patient care. Although Federated Machine Learning improves over central- ized Machine Learning in terms of privacy, it does not provide prov- able privacy guarantees. Furthermore, Federated Machine Learning is quite expensive in term of bandwidth consumption as it requires participant nodes to regularly exchange large updates. This pa- per proposes a bandwidth-efficient privacy-preserving Federated Learning that provides theoretical privacy guarantees based on Differential Privacy. We experimentally evaluate our proposal for in-hospital mortality prediction using a real dataset, containing Electronic Health Records of about one million patients. Our re- sults suggest that strong and provable patient-level privacy can be enforced at the expense of only a moderate loss of prediction accuracy.2019
Automatic Driver Identification from In-Vehicle Network Logs
M. Remeli and Sz. Lestyán and G. Ács and G. Biczók
22th IEEE Intelligent Transportation Systems Conference (ITSC), IEEE, 2019.
@inproceedings {
author = {Mina Remeli and Szilvia Lestyan and Gergely Ács and Gergely Biczók},
title = {Automatic Driver Identification from In-Vehicle Network Logs},
booktitle = {22th IEEE Intelligent Transportation Systems Conference (ITSC)},
publisher = {IEEE},
year = {2019},
howpublished = "\url{https://arxiv.org/pdf/1911.09508.pdf}"
}
Abstract
Differential Inference Testing: A Practical Approach to Evaluate Sanitizations of Datasets
C. Palamidessi and C. Castelluccia and G. Ács and A. Kassem
International Workshop on Privacy Engineering (IWPE), IEEE, 2019.
@inproceedings {
author = {Catuscia Palamidessi and Claude Castelluccia and Gergely Ács and Ali Kassem},
title = {Differential Inference Testing: A Practical Approach to Evaluate Sanitizations of Datasets},
booktitle = {International Workshop on Privacy Engineering (IWPE)},
publisher = {IEEE},
year = {2019}
}
Abstract
In order to protect individuals privacy, data have to be well-sanitized before sharing them, i.e. one has to remove any personal information before data sharing. However, it is not always clear when data shall be deemed well-sanitized. In this paper, we argue that the evaluation of sanitized data should be based on whether the data allows the inference of sensitive information that is specific to an individual in the dataset, instead of being centered around the concept of re-identification as regulations usually suggest. Our intent is not to accurately predict any sensitive attribute but rather to measure the impact of a single record on the inference of sensitive information. We demonstrate our approach by sanitizing two real datasets in different privacy models and evaluate/compare each sanitized dataset in our framework.Extracting vehicle sensor signals from CAN logs for driver re-identification
Sz. Lestyán and G. Ács and G. Biczók and Zs. Szalay
5th International Conference on Information Security and Privacy (ICISSP 2019), SCITEPRESS, 2019, shortlisted for Best Student Paper Award.
@inproceedings {
author = {Szilvia Lestyan and Gergely Ács and Gergely Biczók and Zsolt Szalay},
title = {Extracting vehicle sensor signals from CAN logs for driver re-identification},
booktitle = {5th International Conference on Information Security and Privacy (ICISSP 2019)},
publisher = {SCITEPRESS},
year = {2019},
note = {shortlisted for Best Student Paper Award}
}
Abstract
Data is the new oil for the car industry. Cars generate data about how they are used and who’s behind the wheel which gives rise to a novel way of profiling individuals. Several prior works have successfully demonstrated the feasibility of driver re-identification using the in-vehicle network data captured on the vehicle’s CAN bus. However, all of them used signals (e.g., velocity, brake pedal or accelerator position) that have already been extracted from the CAN log which is itself not a straightforward process. Indeed, car manufacturers intentionally do not reveal the exact signal location within CAN logs. Nevertheless, we show that signals can be efficiently extracted from CAN logs using machine learning techniques. We exploit that signals have several distinguishing statistical features which can be learnt and effectively used to identify them across different vehicles, that is, to quasi ”reverse-engineer” the CAN protocol. We also demonstrate that the extracted signals can be successfully used to re-identify individuals in a dataset of 33 drivers. Therefore, hiding signal locations in CAN logs per se does not prevent them to be regarded as personal data of drivers.2018
Differentially Private Mixture of Generative Neural Networks
G. Ács and L. Melis and C. Castelluccia and E. De Cristofaro
IEEE Transactions on Knowledge and Data Engineering, 2018.
@article {
author = {Gergely Ács and Luca Melis and Claude Castelluccia and Emiliano De Cristofaro},
title = {Differentially Private Mixture of Generative Neural Networks},
journal = {IEEE Transactions on Knowledge and Data Engineering},
year = {2018},
howpublished = "\url{https://arxiv.org/pdf/1709.04514.pdf}"
}
Abstract
Generative models are used in a wide range of applications building on large amounts of contextually rich information. Due to possible privacy violations of the individuals whose data is used to train these models, however, publishing or sharing generative models is not always viable. In this paper, we present a novel technique for privately releasing generative models and entire high-dimensional datasets produced by these models. We model the generator distribution of the training data with a mixture of k generative neural networks. These are trained together and collectively learn the generator distribution of a dataset. Data is divided into k clusters, using a novel differentially private kernel k-means, then each cluster is given to separate generative neural networks, such as Restricted Boltzmann Machines or Variational Autoencoders, which are trained only on their own cluster using differentially private gradient descent. We evaluate our approach using the MNIST dataset, as well as call detail records and transit datasets, showing that it produces realistic synthetic samples, which can also be used to accurately compute arbitrary number of counting queries.Privacy-Preserving Release of Spatio-Temporal Density
G. Ács and G. Biczók and C. Castelluccia
A. Gkoulalas-Divanis and Claudio Bettini (Eds.), Handbook of Mobile Data Privacy, pp. 307-335, Springer, 2018.
@inbook {
author = {Gergely Ács and Gergely Biczók and Claude Castelluccia},
editor = {A. Gkoulalas-Divanis and Claudio Bettini (Eds.)},
title = {Privacy-Preserving Release of Spatio-Temporal Density},
chapter = {Handbook of Mobile Data Privacy},
pages = {307-335},
publisher = {Springer},
year = {2018}
}
Abstract
In today’s digital society, increasing amounts of contextually rich spatio-temporal information are collected and used, e.g., for knowledge-based decision making, research purposes, optimizing operational phases of city management, planning infrastructure networks, or developing timetables for public transportation with an increasingly autonomous vehicle fleet. At the same time, however, publishing or sharing spatio-temporal data, even in aggregated form, is not always viable owing to the danger of violating individuals’ privacy, along with the related legal and ethical repercussions. In this chapter, we review some fundamental approaches for anonymizing and releasing spatio-temporal density, i.e., the number of individuals visiting a given set of locations as a function of time. These approaches follow different privacy models providing different privacy guarantees as well as accuracy of the released anonymized data. We demonstrate some sanitization (anonymization) techniques with provable privacy guarantees by releasing the spatio-temporal density of Paris, in France. We conclude that, in order to achieve meaningful accuracy, the sanitization process has to be carefully customized to the application and public characteristics of the spatio-temporal data.2017
Differentially Private Mixture of Generative Neural Networks
E. De Cristofaro and C. Castelluccia and L. Melis and G. Ács
IEEE International Conference on Data Mining (ICDM), IEEE, 2017.
@inproceedings {
author = {Emiliano De Cristofaro and Claude Castelluccia and Luca Melis and Gergely Ács},
title = {Differentially Private Mixture of Generative Neural Networks},
booktitle = {IEEE International Conference on Data Mining (ICDM)},
publisher = {IEEE},
year = {2017}
}
Abstract
Privacy-Aware Caching in Information-Centric Networking
C. Wood and G. Tsudik and C. Ghali and P. Gasti and M. Conti and G. Ács
IEEE Transactions on Dependable Computing (TDSC), 2017.
@article {
author = {Christopher Wood and Gene Tsudik and Cesar Ghali and Paulo Gasti and Mauro Conti and Gergely Ács},
title = {Privacy-Aware Caching in Information-Centric Networking},
journal = {IEEE Transactions on Dependable Computing (TDSC)},
year = {2017}
}
Abstract
2016
Near-Optimal Fingerprinting with Constraints
C. Castelluccia and G. Ács and G. Gy. Gulyás
PET Symposium, ACM, 2016.
@inproceedings {
author = {Claude Castelluccia and Gergely Ács and Gábor György Gulyás},
title = {Near-Optimal Fingerprinting with Constraints},
booktitle = {PET Symposium},
publisher = {ACM},
year = {2016}
}
Abstract
2015
On the Unicity of Smartphone Applications
C. Castelluccia and G. Ács and J. P. Achara
ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2015.
@inproceedings {
author = {Claude Castelluccia and Gergely Ács and Jagdish Prasad Achara},
title = {On the Unicity of Smartphone Applications},
booktitle = {ACM Workshop on Privacy in the Electronic Society (WPES)},
publisher = {ACM},
year = {2015}
}
Abstract
Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)
C. Castelluccia and J. P. Achara and G. Ács
IEEE International Conference on Big Data (Big Data), IEEE, 2015.
@inproceedings {
author = {Claude Castelluccia and Jagdish Prasad Achara and Gergely Ács},
title = {Probabilistic km-anonymity (Efficient Anonymization of Large Set-Valued Datasets)},
booktitle = {IEEE International Conference on Big Data (Big Data)},
publisher = {IEEE},
year = {2015}
}
Abstract
2014
A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris
C. Castelluccia and G. Ács
The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD), ACM, 2014.
@inproceedings {
author = {Claude Castelluccia and Gergely Ács},
title = {A Case Study: Privacy Preserving Release of Spatio-temporal Density in Paris},
booktitle = {The 20th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD)},
publisher = {ACM},
year = {2014}
}
Abstract
Retargeting Without Tracking
C. Castelluccia and G. Ács and M.-D. Tran
INRIA, 2014.
@techreport {
author = {Claude Castelluccia and Gergely Ács and Minh-Dung Tran},
title = {Retargeting Without Tracking},
institution = {INRIA},
year = {2014}
}
Abstract
2013
Cache Privacy in Named-Data Networking
G. Tsudik and C. Ghali and P. Gasti and M. Conti and G. Ács
The 33rd International Conference on Distributed Computing Systems (ICDCS), IEEE, 2013.
@inproceedings {
author = {Gene Tsudik and Cesar Ghali and Paulo Gasti and Mauro Conti and Gergely Ács},
title = {Cache Privacy in Named-Data Networking},
booktitle = {The 33rd International Conference on Distributed Computing Systems (ICDCS)},
publisher = {IEEE},
year = {2013}
}
Abstract
2012
Differentially Private Histogram Publishing through Lossy Compression
C. Castelluccia and R. Chen and G. Ács
IEEE International Conference on Data Mining (ICDM), IEEE, 2012.
@inproceedings {
author = {Claude Castelluccia and Rui Chen and Gergely Ács},
title = {Differentially Private Histogram Publishing through Lossy Compression},
booktitle = {IEEE International Conference on Data Mining (ICDM)},
publisher = {IEEE},
year = {2012}
}
Abstract
Differentially Private Sequential Data Publication via Variable-Length N-Grams
C. Castelluccia and G. Ács and R. Chen
In 19th ACM Conference on Computer and Communications Security (CCS), ACM, 2012.
@inproceedings {
author = {Claude Castelluccia and Gergely Ács and Rui Chen},
title = {Differentially Private Sequential Data Publication via Variable-Length N-Grams},
booktitle = {In 19th ACM Conference on Computer and Communications Security (CCS)},
publisher = {ACM},
year = {2012}
}
Abstract
You Are What You Like! Information Leakage Through Users Interests
M. Ali Kaafar and G. Ács and A. Chaabane
In 19th Annual Network & Distributed System Security Symposium (NDSS), ACM, 2012.
@inproceedings {
author = {Mohamed Ali Kaafar and Gergely Ács and Abdelberi Chaabane},
title = {You Are What You Like! Information Leakage Through Users Interests},
booktitle = {In 19th Annual Network & Distributed System Security Symposium (NDSS)},
publisher = {ACM},
year = {2012}
}
Abstract
2011
I have a DREAM! (DiffeRentially privatE smArt Metering)
C. Castelluccia and G. Ács
The 13th Information Hiding Conference (IH), Springer, 2011.
@inproceedings {
author = {Claude Castelluccia and Gergely Ács},
title = {I have a DREAM! (DiffeRentially privatE smArt Metering)},
booktitle = {The 13th Information Hiding Conference (IH)},
publisher = {Springer},
year = {2011}
}
Abstract
Protecting against Physical Resource Monitoring
W. Lecat and C. Castelluccia and G. Ács
The 10th ACM Workshop on Privacy in the Electronic Society (WPES), ACM, 2011.
@inproceedings {
author = {William Lecat and Claude Castelluccia and Gergely Ács},
title = {Protecting against Physical Resource Monitoring},
booktitle = {The 10th ACM Workshop on Privacy in the Electronic Society (WPES)},
publisher = {ACM},
year = {2011}
}
Abstract
2010
Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks
L. Dóra and L. Buttyán and G. Ács
In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10), Montreal, Canada, June 14-17, 2010.
@inproceedings {
author = {László DÓRA and Levente Buttyán and Gergely Ács},
title = {Misbehaving Router Detection in Link-state Routing for Wireless Mesh Networks},
booktitle = {In Proceedings of the Second IEEE WoWMoM Workshop on Hot Topics in Mesh Networking (HotMESH'10)},
address = {Montreal, Canada},
month = {June 14-17},
year = {2010}
}
Abstract
In this paper, we address the problem of detecting misbehaving routers in wireless mesh networks and avoiding them when selecting routes. We assume that link-state routing is used, and we essentially propose a reputation system, where trusted gateway nodes compute Node Trust Values for the routers, which are fed back into the system and used in the route selection procedure. The computation of the Node Trust Values is based on packet counters maintained in association with each route and reported to the gateways by the routers in a regular manner. The feedback mechanism is based on limited scope flooding. The received Node Trust Values concerning a given router are aggregated, and the aggregate trust value of the router determines the probability with which that router is kept in the topology graph used for route computation. Hence, less trusted routers are excluded from the topology graph with higher probability, while the route selection still runs on a weighted graph (where the weights are determined by the announced link qualities), and it does not need to be changed. We evaluated the performance of our solution by means of simulations. The results show that our proposed mechanism can detect misbehaving routers reliably, and thanks to the feedback and the exclusion of the accused nodes from the route selection, we can decrease the number of packets dropped due to router misbehavior considerably. At the same time, our mechanism only slightly increases the average route length.2007
Secure Routing in Wireless Sensor Networks
G. Ács and L. Buttyán
in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press, 2007.
@inbook {
author = {Gergely Ács and Levente Buttyán},
title = {Secure Routing in Wireless Sensor Networks},
publisher = {in J. Lopez and J. Zhou (eds.): Wireless Sensor Network Security (Cryptology and Information Security Series), IOS Press},
year = {2007}
}
Abstract
In this chapter, we study how sensor network routing protocols can be secured. First, we describe the adversary model, the objectives of attacks against routing, as well as the different attack methods that may be used in wireless sensor networks. All these are illustrated by example attacks on well-known sensor network routing protocols. Then, we describe various countermeasures that can be used in sensor networks to secure the routing protocols. These include link layer security measures, secure neighbor discovery techniques, authenticated broadcast algorithms, and multi-path routing techniques. Finally, we illustrate the application of some of these countermeasures by presenting and explaining the operation of some secured sensor network routing protocols.The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks
I. Vajda and L. Buttyán and G. Ács
October 8-11, In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007), IEEE Press, Pisa, Italy, 2007.
@inproceedings {
author = {István VAJDA and Levente Buttyán and Gergely Ács},
title = {The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks},
editor = {October 8-11},
booktitle = {In Proceedings of the 3rd IEEE Workshop on Wireless and Sensor Networks Security (WSNS 2007)},
organization = {IEEE Press},
address = {Pisa, Italy},
year = {2007}
}
Abstract
In this paper, we present a flexible and mathematically rigorous modeling framework for analyzing the security of sensor network routing protocols. Then, we demonstrate the usage of this framework by formally proving that INSENS (Intrusion-Tolerant Routing in Wireless Sensor Networks), which is a secure sensor network routing protocol proposed in the literature independently of our work, can be proven to be secure in our model.2006
A taxonomy of routing protocols for wireless sensor networks
L. Buttyán and G. Ács
Híradástechnika, December, 2006.
@article {
author = {Levente Buttyán and Gergely Ács},
title = {A taxonomy of routing protocols for wireless sensor networks},
journal = {Híradástechnika},
month = {December},
year = {2006}
}
Abstract
Wireless sensor networks are large scale networks consisting of a large number of tiny sensor nodes and a few base stations, which communicate using multi-hop wireless communications. The design of energy efficient routing protocols for such networks is a challenging task, which has been in the focus of the sensor network research community in the recent past. This effort resulted in a huge number of sensor network routing protocols. The proposed protocols show a high variety, which stems from the diverse requirements of the various envisioned application scenarios. In this work, we propose a taxonomy of sensor network routing protocols, and classify the mainstream protocols proposed in the literature using this taxonomy. We distinguish five families of protocols based on the way the next hop is selected on the route of a message, and briefly describe the operation of a representative member from each group.Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks
G. Ács and L. Buttyán and I. Vajda
In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06), October, 2006.
@inproceedings {
author = {Gergely Ács and Levente Buttyán and István VAJDA},
title = {Modelling Adversaries and Security Objectives for Routing Protocols in Wireless Sensor Networks},
booktitle = {In Proceedings of the Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'06)},
month = {October},
year = {2006}
}
Abstract
The literature is very broad considering routing protocols in wireless sensor networks (WSNs). However, security of these routing protocols has fallen beyond the scope so far. Routing is a fundamental functionality in wireless networks, thus hostile interventions aiming to disrupt and degrade the routing service have a serious impact on the overall operation of the entire network. In order to analyze the security of routing protocols in a precise and rigorous way, we propose a formal framework encompassing the definition of an adversary model as well as the "general" definition of secure routingin sensor networks. Both definitions take into account the feasible goals and capabilities of an adversary in sensor environments and the variety of sensor routing protocols. In spirit, our formal model is based on the simulation paradigm that is a successfully used technique to prove the security of various cryptographic protocols. However, we also highlight some differences between our model and other models that have been proposed for wired or wireless networks. Finally, we illustrate the practical usage of our model by presenting the formal description of a simple attack against an authenticated routing protocol, which is based on the well-known TinyOS routing.Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks
I. Vajda and L. Buttyán and G. Ács
IEEE Transactions on Mobile Computing, vol. 5, no. 11, 2006.
@article {
author = {István VAJDA and Levente Buttyán and Gergely Ács},
title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
journal = {IEEE Transactions on Mobile Computing},
volume = {5},
number = {11},
year = {2006}
}
Keywords
Mobile ad hoc networks, secure routing, provable securityAbstract
Routing is one of the most basic networking functions in mobile ad hoc networks. Hence, an adversary can easily paralyze the operation of the network by attacking the routing protocol. This has been realized by many researchers and several "secure" routing protocols have been proposed for ad hoc networks. However, the security of those protocols has mainly been analyzed by informal means only. In this paper, we argue that flaws in ad hoc routing protocols can be very subtle, and we advocate a more systematic way of analysis. We propose a mathematical framework in which security can be precisely defined and routing protocols for mobile ad hoc networks can be proved to be secure in a rigorous manner. Our framework is tailored for on-demand source routing protocols, but the general principles are applicable to other types of protocols too. Our approach is based on the simulation paradigm, which has already been used extensively for the analysis of key establishment protocols, but, to the best of our knowledge, it has not been applied in the context of ad hoc routing so far. We also propose a new on-demand source routing protocol, called endairA, and we demonstrate the use of our framework by proving that it is secure in our model.Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban
L. Buttyán and G. Ács
Híradástecnika, November, 2006.
@article {
author = {Levente Buttyán and Gergely Ács},
title = {Útvonalválasztó protokollok vezeték nélküli szenzorhálózatokban},
journal = {Híradástecnika},
month = {November},
year = {2006}
}
Abstract
A szenzorhálózatok változatos alkalmazásai különbözõ követelményeket támasztanak az útvonalválasztó protokollokkal szemben. A különbözõ követelményeknek köszönhetõen igen sok javasolt protokoll található az irodalomban. Ebben a cikkben rendszerezzük ezeket a vonalválasztó protokollokat, és minden családból bemutatunk egy prominens képviselõt. A cikk újdonsága a rendszerezéshez használt szempontrendszer, mely a protokollok eddigieknél részletesebb taxonómiáját eredményezi.2005
Ad hoc útvonalválasztó protokollok bizonyított biztonsága
G. Ács and L. Buttyán and I. Vajda
Híradástechnika, March, 2005.
@article {
author = {Gergely Ács and Levente Buttyán and István VAJDA},
title = {Ad hoc útvonalválasztó protokollok bizonyított biztonsága},
journal = {Híradástechnika},
month = {March},
year = {2005}
}
Keywords
ad hoc hálózatok, forrás alapú ad hoc útvonalválasztás, biztonságos útvonalválasztás, bizonyított biztonság, szimulációs paradigmaAbstract
Ebben a cikkben egy olyan formális módszert mutatunk be, amivel a vezeték nélküli ad hoc hálózatok számára javasolt, igény szerinti, forrás alapú útvonalválasztó protokollokat (on-demand source routing) lehet biztonsági szempontból elemezni. A módszer alapját a szimulációs paradigma adja, mely egy jól ismert, általános eljárás kriptográfiai protokollok biztonságának bizonyítására. A cikkben bemutatjuk a szimulációs paradigma adaptációját ad hoc útvonalválasztó protokollokra. Formálisan megfogalmazzuk, hogy mit értünk biztonságos útvonalválasztás alatt, melyhez felhasználjuk a statisztikai megkülönböztethetetlenség fogalmát. A módszer gyakorlati alkalmazását egy példán keresztül szemléltetjük, melyben röviden ismertetjük az endairA útvonalválasztó protokoll mûködését, és bebizonyítjuk, hogy a protokoll biztonságos az általunk definiált modellben.Provable Security for Ad Hoc Routing Protocols
G. Ács and L. Buttyán and I. Vajda
Híradástechnika, June, 2005.
@article {
author = {Gergely Ács and Levente Buttyán and István VAJDA},
title = {Provable Security for Ad Hoc Routing Protocols},
journal = {Híradástechnika},
month = {June},
year = {2005}
}
Keywords
ad hoc networks, on-demand ad hoc source routing, secure ad hoc routing, provable security, simulation paradigmAbstract
In this article we present a new formal framework that can be used for analyzing the ecurity of on-demand source routing protocols proposed for wireless mobile ad hoc networks. Our approach is based on the simulation paradigm which is a well-known and general procedure to prove the security of cryptographic protocols. We give the formal definition of secure ad hoc routing in a precise and rigorous manner using the concept of statistical indistinguishability. We present an ad hoc source routing protocol, called endairA, and we illustrate the usage of our approach by proving that this protocol is secure in our model.Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks
G. Ács and L. Buttyán and I. Vajda
In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005, 2005.
@inproceedings {
author = {Gergely Ács and Levente Buttyán and István VAJDA},
title = {Provable Security of On-Demand Distance Vector Routing in Wireless Ad Hoc Networks},
booktitle = {In Proceedings of the Second European Workshop on Security and Privacy in Ad Hoc and Sensor Networks (ESAS 2005), Visegrád, Hungary, July 13-14, 2005},
year = {2005}
}
Abstract
In this paper, we propose a framework for the security analysis of on-demand, distance vector routing protocols for ad hoc networks, such as AODV, SAODV, and ARAN. The proposed approach is an adaptation of the simulation paradigm that is used extensively for the analysis of cryptographic algorithms and protocols, and it provides a rigorous method for proving that a given routing protocol is secure. We demonstrate the approach by representing known and new attacks on SAODV in our framework, and by proving that ARAN is secure in our model.2004
Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks
G. Ács and L. Buttyán and I. Vajda
http://eprint.iacr.org/ under report number 2004/159., March, 2004.
@techreport {
author = {Gergely Ács and Levente Buttyán and István VAJDA},
title = {Provably Secure On-demand Source Routing in Mobile Ad Hoc Networks},
institution = {http://eprint.iacr.org/ under report number 2004/159.},
month = {March},
year = {2004}
}