Crypto'Graph: Leveraging Privacy-Preserving Distributed Link Prediction for Robust Graph Learning

Graphs are a widely used data structure for collecting and analyzing relational data. However, when the graph structure is distributed across several parties, its analysis is particularly challenging. In particular, due to the sensitivity of the data each party might want to keep their partial knowledge of the graph private, while still willing to collaborate with the other parties for tasks of mutual benefit, such as data curation or the removal of poisoned data. To address this challenge, we propose Crypto'Graph, an efficient protocol for privacy-preserving link prediction on distributed graphs. More precisely, it allows parties partially sharing a graph with distributed links to infer the likelihood of formation of new links in the future. Through the use of cryptographic primitives, Crypto'Graph is able to compute the likelihood of these new links on the joint network without revealing the structure of the private individual graph of each party, even though they know the number of nodes they have, since they share the same graph but not the same links. Crypto'Graph improves on previous works by enabling the computation of a certain number of similarity metrics without any additional cost. The use of Crypto'Graph is illustrated for defense against graph poisoning attacks, in which it is possible to identify potential adversarial links without compromising the privacy of the graphs of individual parties. The effectiveness of Crypto'Graph in mitigating graph poisoning attacks and achieving high prediction accuracy on a graph neural network node classification task is demonstrated through extensive experimentation on a real-world dataset

Oblivious Turing Machine

In the ever-evolving landscape of Information Technologies, private decentralized computing on an honest yet curious server has emerged as a prominent paradigm. While numerous schemes exist to safeguard data during computation, the focus has primarily been on protecting the confidentiality of the data itself, often overlooking the potential information leakage arising from the function evaluated by the server. Recognizing this gap, this article aims to address the issue by presenting and implementing an innovative solution for ensuring the privacy of both the data and the program. We introduce a novel approach that combines the power of Fully Homomorphic Encryption with the concept of the Turing Machine model, resulting in the first fully secure practical, non-interactive oblivious Turing Machine. Our Oblivious Turing Machine construction is based on only three hypothesis, the hardness of the Ring Learning With Error problem, the ability to homomorphically evaluate non-linear functions and the capacity to blindly rotate elements of a data structure. Only based on those three assumptions, we propose an implementation of an Oblivious Turing Machine relying on the TFHE cryptosystem and present some implementation results

NFLlib: NTT-based Fast Lattice Library

International audienceRecent years have witnessed an increased interest in lattice cryptography. Besides its strong security guarantees, its simplicity and versatility make this powerful theoretical tool a promising competitive alternative to classical cryptographic schemes. In this paper, we introduce NFLlib, an efficient and open-source C++ library dedicated to ideal lattice cryptography in the widely-spread polynomial ring Zp[x]/(x n + 1) for n a power of 2. The library combines al-gorithmic optimizations (Chinese Remainder Theorem, optimized Number Theoretic Transform) together with programming optimization techniques (SSE and AVX2 specializations, C++ expression templates, etc.), and will be fully available under the GPL license. The library compares very favorably to other libraries used in ideal lattice cryptography implementations (namely the generic number theory libraries NTL and flint implementing polynomial arithmetic, and the optimized library for lattice homomorphic encryption HElib): restricting the library to the aforementioned polynomial ring allows to gain several orders of magnitude in efficiency

PROBONITE : PRivate One-Branch-Only Non-Interactive decision Tree Evaluation

Decision trees are among the most widespread machine learning model used for data classification, in particular due to their interpretability that makes it easy to explain their prediction. In this paper, we propose a novel solution for the private classification of a client request in a non-interactive manner. In contrast to existing solutions to this problem, which are either interactive or require evaluating all the branches of the decision tree, our approach only evaluates a single branch of the tree. Our protocol is based on two primitives that we also introduce in this paper and that maybe of independent interest : Blind Node Selection and Blind Array Access. Those contributions are based on recent advances in homomorphic cryptography, such as the functional bootstrapping mechanism recently proposed for the Fully Homomorphic Encryption over the Torus scheme TFHE. Our private decision tree evaluation algorithm is highly efficient as it requires only one round of communication and $d$ comparisons, with $d$ being the depth of the tree, while other state-of-the-art non-interactive protocols need $2^d$ comparisons

CONTRIBUTIONS À LA RÉSILIENCE ET AU RESPECT DE LA VIE PRIVÉE DES SYSTÈMES MOBIQUITAIRES

The works presented in this dissertation are representative of my activities in the field of resilience and privacy for ubiquitous mobile systems. They are organized according to three research areas : the use of reflection for the construction of dependable architectures, resilient mobiquitous systems (architectures, algorithms and evaluation) and geo-privacy. The first research area concerns fault tolerance for distributed systems, from an architectural and language viewpoint. In this work, I have investigated the use of compile-time reflection to facilitate the implementation of fault tolerance mechanisms independently of the application. The use of reflection has been studied in the context of both theoretical work on multi-level reflexivity, and more practical work on the implementation of reflective off-the-shelf components in embedded software architectures. The second research area concerns fault tolerance in mobile systems. My angle of attack was to consider mobility as an asset and not as a potential difficulty. This approach led me to explore the concept of geographical communication groups : how to define a group of communicating entities according to their respective location or as a function of their proximity. Then, I proposed a cooperative backup service, where the participating nodes offer a p2p secure storage service that they can use to back up their critical data. This approach was also followed to provide a virtual black box service for cars. These works were treated from both algorithmic and architectural viewpoints, and also in terms of analytical and experimental dependability assessment. As part of my research on the resilience of mobiquitous systems, ethical issues were raised : how to exploit mobility data of individuals, while preserving their privacy ? This raised my interest in what can be called geo-privacy. This third area is now the major focus of my research, both in terms of attacks and protection. We propose a Markov mobility model as a compact, accurate, understandable and easily adaptable tool to represent the mobility of an individual. Based on this mobility model, we propose several attacks that target, e.g., prediction of future mobility, and de-anonymisation. Regarding the protection of geo-privacy, we are currently working on middleware-level abstractions, such as locanyms and location proofs to provide a secure and private architecture for location-based systems. These works were linked with each other through a mixture of chance and serendipity, and the pursuit of a common goal : providing means for architectural and algorithmic resilience of current computer systems, namely distributed, mobile, ubiquitous systems. Many avenues of research are still open and are discussed.Les travaux présentés dans ce mémoire résument l'ensemble de mes activités dans le domaine de la résilience et du respect de la vie privée dans les systèmes ubiquitaires mobiles. Ils s'orientent sur trois axes principaux : l'utilisation de la réfléxivité pour la construction d'architectures sûres, la résilience des systèmes mobiquitaires (architectures, algorithmes et leur évalution), et la geoprivacy. Le premier axe concerne la tolérance aux fautes pour les systèmes distribués, sous un angle architecture et langage. Dans ces travaux, j' ai étudié l'utilisation de la réflexivité à la compilation et à l'exécution afin de faciliter l'implémentation de mécanismes de tolérance aux fautes indépendemment de l'application. L'utilisation de la réflexivité a été étudiée dans le cadre de travaux théoriques, concernant la réflexivité multi-niveaux, ou plus pratiques, comme la mise en oeuvre de la réflexivité sur des composants sur étagères, dans une architecture logicielle embarquée, ou pour permettre l'adaptation de mécanismes de tolérance aux fautes à l'exécution. Le chapitre 1 présente ces différents travaux. Le deuxième axe concerne la tolérance aux fautes dans les systèmes mobiles. Mon approche a été d'aborder la mobilité comme un atout et non pas comme une difficulté. Cette approche m'a mené à étudier la notion de communication de groupes géographiques : comment définir un groupe d'entités communicantes en fonction de leur localisation respective ou en fonction de leur proximité. J'ai ensuite, sous l'angle du pair-à-pair, proposé un système de sauvegarde coopérative de données, où les noeuds mobiles participants offrent un service de stockage sécurisé qu'ils peuvent utiliser afin de sauvegarder leurs données critiques. Cette solution a été également déclinée pour offrir un système de boîte noire virtuelle pour l'automobile. Ces travaux ont été traités sous des angles algorithmique et architecturaux, mais également sous l'angle de l'évaluation de la sûreté de fonctionnement, à la fois analytique et expérimentale. Ces travaux font l'objet du chapitre 2. Dans le cadre de mes recherches sur la résilience des systèmes mobiquitaires, des questions d'ordre déontologique ont été soulevées : comment exploiter des données de mobilité individuelles tout en préservant la vie privée des individus ? C'est à cette occasion que je me suis intéressé à ce que l'on peut nommer la geoprivacy. Ce domaine représente maintenant la majeure partie de mes travaux, tant sous l'angle des attaques que sous celui de la protection. Nous proposons un modèle Markovien de mobilité individuelle, outil à la fois compact, précis, intelligible et facilement adaptable pour représenter la mobilité d'un individu. Sur la base de ce modèle de mobilité, nous proposons plusieurs attaques qui ciblent par exemple la prédiction des déplacements futurs, ou encore la des-anonymisation. En ce qui concerne la protection de la geoprivacy, nous travaillons actuellement sur des abstractions de niveau intergiciel, tel les locanymes ou les localisation vérifiées, afin de proposer une architecture sûre et respectueuse de la vie privée pour les systèmes géolocalisés. Le chapitre 3 aborde ces aspects de ma recherche. Ces différents travaux se sont enchaînés dans un mélange de hasard, de sérendipité et de poursuite d'un objectif commun : fournir des moyens algorithmiques et architecturaux pour la résilience des systèmes informatiques actuels, à savoir distribués, mobiles, ubiquitaires. Les techniques et outils que j'utilise pour aborder cette problématique large auront été divers et variés, cela participe à mon expérience, sans cesse renouvelée. De nombreuses pistes de recherche sont encore ouvertes et sont exposées dans le chapitre 4

Tolérance aux fautes sur CORBA par protocole à métaobjets et langages réflexifs

The goal of this dissertation is to design and implement a metaobject protocol adapted to fault-tolerance in Corba applications. No currently available metaobject protocol is satisfying in this context. We define a protocol that enables dynamic control of both the behaviour and internal state of Corba objects and of clients/servers and objects/metaobjects links. The implementation we propose is well adapted to a standard Corba platform thanks to the use of open languages and compile-time reflection: these tools allow the compilation process to be customized in order to obtain information that is necessary to fault-tolerance mechanisms. Another benefit of compile-time reflection is to enable, in a simple way, to enforce programming conventions thanks to the filtering of application source code. This protocol, well integrated with Corba, can also benefit from reflective properties of the underlying language runtime, such as the limited reflection provided by Java for object serialization. When the language runtime is not reflective, as for C++, compile-time reflection can be used to implement methods for saving or restoring the internal state of objects; both complete or partial state can be controlled by metaobjects. The various properties of this metaobject protocol are illustrated in an architecture proposal which allows fault-tolerance mechanisms to be integrated to the application in a flexible manner. This approach offers useful properties such as separation of concerns between the application and the non-functional mechanisms implemented as metaobjects, dynamicity of links between objects and metaobjects, composability and reuse of mechanisms and user transparency. Finally, this metaobject protocol is sufficiently generic to take advantage of any openness, in a reflective sense, of the platform's underlying software (operating system and middleware).L'objectif de cette thèse est la conception et l'implémentation d'un protocole à métaobjets adapté à la tolérance aux fautes d'objets Corba. En effet, il n'existe pas, à ce jour, de protocole à métaobjets satisfaisant dans ce contexte. Le protocole que nous définissons permet, d'une part, le contrôle du comportement et de l'état interne des objets Corba, et d'autre part, le contrôle des liens entre clients et serveur ainsi qu'entre objets et métaobjets, le tout de façon dynamique. L' implémentation proposée est adaptée à l'utilisation d'une plateforme Corba standard grâce à l'utilisation de langages ouverts et de réflexivité à la compilation : ces outils permettent de personnaliser le processus de compilation afin d'exhiber à l'exécution les informations nécessaires aux mécanismes de tolérance aux fautes. Un autre avantage de la réflexivité à la compilation est de permettre, de façon simple, d'assurer le respect de conventions de programmation grâce au filtrage du code source des applications. Ce protocole, bien intégré à Corba, tire également profit, lorsque c'est possible, des éléments réflexifs fournis par le support d'exécution du langage. C'est le cas avec Java, par exemple, qui permet la sérialisation des objets, grâce à ses aspects réflexifs limités. Lorsque le support du langage n'est pas réflexif, comme pour C++ par exemple, la réflexivité à la compilation permet également de mettre en ¿uvre des techniques de sauvegarde et de restauration de l'état des objets ; état complet et état partiels peuvent être contrôlés par les métaobjets. Les différentes propriétés de ce protocole à métaobjets sont illustrées par une proposition d'architecture Corba permettant d'intégrer à l'application des mécansimes de tolérance aux fautes de manière très flexible. Les propriétés de cette approche sont une bonne séparation entre l'application et les mécanismes non-fonctionnels implémentés dans les métaobjets, l'aspect dynamique du lien entre objets et métaobjets, la composabilité et la réutilisation des mécanismes ainsi que la transparence pour l'utilisateur. Enfin, ce protocole à métaobjets est suffisamment générique pour tirer parti de l' ouverture, au sens de la réflexivité, des logiciels de base (système d'exploitation et middleware) de la plateforme

Safecomp FastAbstract 25th September 2013

Books of the Safecomp FastAbstract, 25th of september 2013, Toulouse, France. Marc-olivier Killijian, EditorEach FastAbstract will have a 60 seconds short presentation on the 25th from 16:00. Then the posters will be presented until 17:30

Portable Serialization of CORBA Objects: a Reflective Approach

The objective of this work is to define, implement and illustrate a portable serialization technique for CORBA objects. We propose an approach based on reflection: through open compilers facilities the internal state of CORBA objects is obtained and transformed into a language independent format using CORBA mechanisms. This state can be restored and used by objects developed using different languages and running on different software platforms. A tool was developed and applied to a Chat application as a case study. The proposed technique is used to exchange state information between a C++ and a Java incarnation of this CORBA service. An observer tool enables the object state to be displayed and analyzed by the user. The applicability of this technique to various domains is discussed. Beyond the interest of language reflection, we finally advocate that operating system and middleware reflection would also be powerful concepts to extend the work presented in this paper