159 research outputs found
k-fingerprinting: a Robust Scalable Website Fingerprinting Technique
Website fingerprinting enables an attacker to infer which web page a client
is browsing through encrypted or anonymized network connections. We present a
new website fingerprinting technique based on random decision forests and
evaluate performance over standard web pages as well as Tor hidden services, on
a larger scale than previous works. Our technique, k-fingerprinting, performs
better than current state-of-the-art attacks even against website
fingerprinting defenses, and we show that it is possible to launch a website
fingerprinting attack in the face of a large amount of noisy data. We can
correctly determine which of 30 monitored hidden services a client is visiting
with 85% true positive rate (TPR), a false positive rate (FPR) as low as 0.02%,
from a world size of 100,000 unmonitored web pages. We further show that error
rates vary widely between web resources, and thus some patterns of use will be
predictably more vulnerable to attack than others.Comment: 17 page
Learning Universal Adversarial Perturbations with Generative Models
Neural networks are known to be vulnerable to adversarial examples, inputs
that have been intentionally perturbed to remain visually similar to the source
input, but cause a misclassification. It was recently shown that given a
dataset and classifier, there exists so called universal adversarial
perturbations, a single perturbation that causes a misclassification when
applied to any input. In this work, we introduce universal adversarial
networks, a generative network that is capable of fooling a target classifier
when it's generated output is added to a clean sample from a dataset. We show
that this technique improves on known universal adversarial attacks
Centrally Banked Cryptocurrencies
Current cryptocurrencies, starting with Bitcoin, build a decentralized
blockchain-based transaction ledger, maintained through proofs-of-work that
also generate a monetary supply. Such decentralization has benefits, such as
independence from national political control, but also significant limitations
in terms of scalability and computational cost. We introduce RSCoin, a
cryptocurrency framework in which central banks maintain complete control over
the monetary supply, but rely on a distributed set of authorities, or
mintettes, to prevent double-spending. While monetary policy is centralized,
RSCoin still provides strong transparency and auditability guarantees. We
demonstrate, both theoretically and experimentally, the benefits of a modest
degree of centralization, such as the elimination of wasteful hashing and a
scalable system for avoiding double-spending attacks.Comment: 15 pages, 4 figures, 2 tables in Proceedings of NDSS 201
FastPay: High-Performance Byzantine Fault Tolerant Settlement
FastPay allows a set of distributed authorities, some of which are Byzantine,
to maintain a high-integrity and availability settlement system for pre-funded
payments. It can be used to settle payments in a native unit of value
(crypto-currency), or as a financial side-infrastructure to support retail
payments in fiat currencies. FastPay is based on Byzantine Consistent Broadcast
as its core primitive, foregoing the expenses of full atomic commit channels
(consensus). The resulting system has low-latency for both confirmation and
payment finality. Remarkably, each authority can be sharded across many
machines to allow unbounded horizontal scalability. Our experiments demonstrate
intra-continental confirmation latency of less than 100ms, making FastPay
applicable to point of sale payments. In laboratory environments, we achieve
over 80,000 transactions per second with 20 authorities---surpassing the
requirements of current retail card payment networks, while significantly
increasing their robustness
Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments
Decentralized systems are a subset of distributed systems where multiple
authorities control different components and no authority is fully trusted by
all. This implies that any component in a decentralized system is potentially
adversarial. We revise fifteen years of research on decentralization and
privacy, and provide an overview of key systems, as well as key insights for
designers of future systems. We show that decentralized designs can enhance
privacy, integrity, and availability but also require careful trade-offs in
terms of system complexity, properties provided, and degree of
decentralization. These trade-offs need to be understood and navigated by
designers. We argue that a combination of insights from cryptography,
distributed systems, and mechanism design, aligned with the development of
adequate incentives, are necessary to build scalable and successful
privacy-preserving decentralized systems
- …