Zhi Lu (Huazhong university of Science and Technology), Yongquan Cui (Huazhong university of Science and Technology), Songfeng Lu (Huazhong university of Science and Technology)

With the advancement of artificial intelligence and the increasing digitalization of various sectors, the scale of personal data collection and analysis continues to grow, leading to heightened demands for privacy protection of personal data and identity. However, existing secure aggregation methods, such as ACORN (USENIX 2023), while ensuring the privacy and compliance of input data, fail to meet the requirements for client anonymity. Simply applying anonymous credentials allows previously identified malicious clients (e.g., those using non-compliant data) to re-enter aggregation rounds by updating their credentials, thus evading accountability. To address this issue, we propose WhiteCloak, the first secure aggregation solution that ensures accountability under client anonymity. WhiteCloak requires each client $i$ to participate in round $tau$ using an anonymous credential $tilde{i}_{tau}$. Before participation, each client must submit a zero-knowledge proof verifying that they have not been blacklisted, preventing malicious clients from evading accountability by changing their credentials. WhiteCloak can be seamlessly integrated into existing frameworks. In federated learning experiments on the SHAKESPEARE dataset, WhiteCloak adds only 1.77s of additional processing time and 35.68KB of communication overhead, accounting for 0.34% and 0.1% of ACORN's total overhead, respectively.

View More Papers

UDIM: Formal User-Device Interaction Model for Approximating Artifact Coverage...

Maximilian Eichhorn (Friedrich-Alexander-Universitat Erlangen-Nurnberg), Andreas Hammer (Friedrich-Alexander-Universitat Erlangen-Nurnberg), Gaston Pugliese (Friedrich-Alexander-Universitat Erlangen-Nurnberg), Felix Freiling (Friedrich-Alexander-Universitat Erlangen-Nurnberg)

Read More

Towards Bridging the Telemetry Gap for Security Applications in...

Haohuang Wen (The Ohio State University and SE-RAN.ai), Vinod Yegneswaran (SRI and SE-RAN.ai), Phillip Porras (SRI and SE-RAN.ai), Ashish Gehani (SRI and SE-RAN.ai), Prakhar Sharma (SRI and SE-RAN.ai), Zhiqiang Lin (The Ohio State University and SE-RAN.ai)

Read More

Demystifying RPKI-Invalid Prefixes: Hidden Causes and Security Risks

Weitong Li (Virginia Tech), Tao Wan (CableLabs), Tijay Chung (Virginia Tech)

Read More