216 research outputs found
Causative Cyberattacks on Online Learning-based Automated Demand Response Systems
Power utilities are adopting Automated Demand Response (ADR) to replace the
costly fuel-fired generators and to preempt congestion during peak electricity
demand. Similarly, third-party Demand Response (DR) aggregators are leveraging
controllable small-scale electrical loads to provide on-demand grid support
services to the utilities. Some aggregators and utilities have started
employing Artificial Intelligence (AI) to learn the energy usage patterns of
electricity consumers and use this knowledge to design optimal DR incentives.
Such AI frameworks use open communication channels between the
utility/aggregator and the DR customers, which are vulnerable to
\textit{causative} data integrity cyberattacks. This paper explores
vulnerabilities of AI-based DR learning and designs a data-driven attack
strategy informed by DR data collected from the New York University (NYU)
campus buildings. The case study demonstrates the feasibility and effects of
maliciously tampering with (i) real-time DR incentives, (ii) DR event data sent
to DR customers, and (iii) responses of DR customers to the DR incentives
How to Construct Rational Protocols with Nash Equilibrium Consistency in the UC framework
The inconsistency of Nash equilibrium of rational delegated computation scheme in the UC framework will lead to the lack of strict security proof of the protocols fundamentally. The consistency proof of Nash equilibrium between the ideal world and the real world has always been a challenge in the research field. In this paper, we analyze the Nash equilibrium according to the game model of rational delegated computation, and the ideal functionality for rational delegation of computation based on incentive-driven adversary is proposed, then we construct a rational delegated computation protocol for UC-realizing the ideal functionality. In a word, the proposed rational delegated computing protocol based on incentive-driven adversary has been proven to be secure in the universally composable framework, furthermore, we effectively solve the inconsistency problem of Nash equilibrium between the real world and the ideal world
But Why does it Work? A Rational Protocol Design Treatment of Bitcoin
An exciting recent line of work has focused on formally investigating the core cryptographic assumptions underlying the security of Bitcoin. In a nutshell, these works conclude that Bitcoin is secure if and only if the majority of the mining power is honest. Despite their great impact, however, these works do not address an incisive question asked by positivists and Bitcoin critics, which is fuelled by the fact that Bitcoin indeed works in reality: Why should the real-world system adhere to these assumptions?
In this work we employ the machinery from the Rational Protocol Design (RPD) framework by Garay et al. [FOCS\u2713] to analyze Bitcoin and address questions such as the above. We show assuming a natural class of incentives for the miners\u27 behavior i.e., rewarding them for adding blocks to the blockchain but having them pay for mining here one can reserve the honest majority assumption as a fallback, or even, depending on the application, completely replace it by the assumption that the miners aim to maximize their revenue.
Our results underscore the appropriateness of RPD as a ``rational cryptography\u27\u27 framework for analyzing Bitcoin. Along the way, we devise significant extensions to the original RPD machinery that broaden its applicability to cryptocurrencies, which may be of independent interest
Security and privacy of incentive-driven mechanisms
While cryptographic tools offer practical security and privacy supported by theory and formal
proofs, there are often gaps between the theory and intricacies of the real world. This is especially
apparent in the realm of game theoretic applications where protocol participants are motivated
by incentives and preferences on the protocol outcome. These incentives can lead to additional
requirements or unexpected attack vectors, making standard cryptographic concepts inapplicable.
The goal of this thesis is to bridge some of the gaps between cryptography and incentive-driven mechanisms. The thesis will consist of three main research threads, each studying the
privacy or security of a game-theoretic scenario in non-standard cryptographic frameworks in
order to satisfy the scenario’s unique requirements. Our first scenario is preference aggregation,
where we will analyze the privacy of voting rules while requiring the rules to be deterministic. Then, we will study games, and how to achieve collusion-freeness (and its composable
version, collusion-preservation) in the decentralized setting. Finally, we explore the robustness
of Nakamoto-style proof-of-work blockchains against 51% attacks when the main security
assumption of honest majority fails. Most of the results in this thesis are also published in the
following (in order): Ch. 3: [103], Ch. 4: [47], and Ch. 5: [104].
Our first focus is preference aggregation—in particular voting rules. Specifically, we answer
the crucial question: How private is the voting rule we use and the voting information we
release? This natural and seemingly simple question was sidestepped in previous works, where
randomization was added to voting rules in order to achieve the widely-known notion of
differential privacy (DP). Yet, randomness in an election can be undesirable, and may alter
voter incentives and strategies. In this chapter of our thesis, we expand and improve upon
previous works and study deterministic voting rules. In a similarly well-accepted framework of
distributional differential privacy (DDP), we develop new techniques in analyzing and comparing
the privacy of voting rules—leading to a new measure to contrast different rules in addition to
existing ones in the field of social choice. We learn the positive message that even vote tallies
have very limited privacy leakage that decreases quickly in the number of votes, and a surprising
fact that outputting the winner using different voting rules can result in asymptotically different
privacy leakage.
Having studied privacy in the context of parties with preferences and incentives, we turn our
attention to the secure implementation of games. Specifically, we study the issue of collusion and
how to avoid it. Collusion, or subliminal communication, can introduce undesirable coalitions
in games that allow malicious parties, e.g. cheating poker players, a wider set of strategies.
Standard cryptographic security is insufficient to address the issue, spurring on a line of work that
defined and constructed collusion-free (CF), or its composable version, collusion-preserving (CP)
protocols. Unfortunately, they all required strong assumptions on the communication medium,
such as physical presence of the parties, or a restrictive star-topology network with a trusted
mediator in the center. In fact, CF is impossible without restricted communication, and CP is
conjectured to always require a mediator. Thus, circumventing these impossibilities is necessary
to truly implement games in a decentralized setting. Fortunately, in the rational setting, the
attacker can also be assumed to have utility. By ensuring collusion is only possible by sending
incorrect, penalizable messages, and composing our protocol with a blockchain protocol as the
source of the penalization, we prove our protocol as CP against incentive-driven attackers in a
framework of rational cryptography called rational protocol design (RPD).
Lastly, it is also useful to analyze the security of the blockchain and its associated
cryptocurrencies—cryptographic transaction ledger protocols with embedded monetary value—
using a rational cryptography framework like RPD. Our last chapter studies the incentives of
attackers that perform 51% attacks by breaking the main security assumption of honest majority in proof-of-work (PoW) blockchains such as Bitcoin and Ethereum Classic. Previous works
abstracted the blockchain protocol and the attacker’s actions, analyzing 51% attacks via various
techniques in economics or probability theory. This leads open the question of exploring this
attack in a model closer to standard cryptographic analyses. We answer this question by working in the RPD framework. Improving upon previous analyses that geared towards only mining
rewards, we construct utility functions that model the incentives of 51% attackers. Under the
RPD framework, we are able to determine when an attacker is incentivized to attack a given
instantiation of the blockchain protocol. More importantly, we can make general statements that
indicate changes to protocol parameters to make it secure against all rational attackers under
these incentives
QuickSync: A Quickly Synchronizing PoS-Based Blockchain Protocol
To implement a blockchain, we need a blockchain protocol for all the nodes to
follow. To design a blockchain protocol, we need a block publisher selection
mechanism and a chain selection rule. In Proof-of-Stake (PoS) based blockchain
protocols, block publisher selection mechanism selects the node to publish the
next block based on the relative stake held by the node. However, PoS
protocols, such as Ouroboros v1, may face vulnerability to fully adaptive
corruptions.
In this paper, we propose a novel PoS-based blockchain protocol, QuickSync,
to achieve security against fully adaptive corruptions while improving on
performance. We propose a metric called block power, a value defined for each
block, derived from the output of the verifiable random function based on the
digital signature of the block publisher. With this metric, we compute chain
power, the sum of block powers of all the blocks comprising the chain, for all
the valid chains. These metrics are a function of the block publisher's stake
to enable the PoS aspect of the protocol. The chain selection rule selects the
chain with the highest chain power as the one to extend. This chain selection
rule hence determines the selected block publisher of the previous block. When
we use metrics to define the chain selection rule, it may lead to
vulnerabilities against Sybil attacks. QuickSync uses a Sybil attack resistant
function implemented using histogram matching. We prove that QuickSync
satisfies common prefix, chain growth, and chain quality properties and hence
it is secure. We also show that it is resilient to different types of
adversarial attack strategies. Our analysis demonstrates that QuickSync
performs better than Bitcoin by an order of magnitude on both transactions per
second and time to finality, and better than Ouroboros v1 by a factor of three
on time to finality
Round-Preserving Parallel Composition of Probabilistic-Termination Protocols
An important benchmark for multi-party computation protocols (MPC) is their round complexity. For several important MPC tasks, (tight) lower bounds on the round complexity are known. However, for some of these tasks, such as broadcast, the lower bounds can be circumvented when the termination round of every party is not a priori known, and simultaneous termination is not guaranteed. Protocols with this property are called probabilistic-termination (PT) protocols.
Running PT protocols in parallel affects the round complexity of the resulting protocol in somewhat unexpected ways. For instance, an execution of m protocols with constant expected round complexity might take O(log m) rounds to complete. In a seminal work, Ben-Or and El-Yaniv (Distributed Computing \u2703) developed a technique for parallel execution of arbitrarily many broadcast protocols, while preserving expected round complexity. More recently, Cohen et al. (CRYPTO \u2716) devised a framework for universal composition of PT protocols, and provided the first composable parallel-broadcast protocol with a simulation-based proof. These constructions crucially rely on the fact that broadcast is ``privacy free,\u27\u27 and do not generalize to arbitrary protocols in a straightforward way. This raises the question of whether it is possible to execute arbitrary PT protocols in parallel, without increasing the round complexity.
In this paper we tackle this question and provide both feasibility and infeasibility results. We construct a round-preserving protocol compiler, secure against a dishonest minority of actively corrupted parties, that compiles arbitrary protocols into a protocol realizing their parallel composition, while having a black-box access to the underlying protocols. Furthermore, we prove that the same cannot be achieved, using known techniques, given only black-box access to the functionalities realized by the protocols, unless merely security against semi-honest corruptions is required, for which case we provide a protocol
Cybersecurity in Health Systems: Challenges, And Proposals
The new rise in network safety breaks in medical care organizations has put patients' security at a higher risk of being uncovered. In spite of this danger and the extra danger posed by such incidents to patients' safety, as well as functional and monetary dangers to medical care organizations, few studies have deliberately analysed the cyber security risks in medical care. To establish a strong starting point for medical services organizations and policymakers in better comprehension the intricacy of the issue of cyber security, this study investigates the significant sort of cyber security risks for health care organizations and makes sense of the roles of the four keys (cyber attackers, cyber defenders, developers, and end users) in cyber security. Finally, the paper studies a group of recommendations for the policymakers and health care organizations to reinforce cybersecurity in their organizations
- …