-
Andrea Agiollo*, Enkeleda Bardhi*, Mauro Conti, Nicolò Dal Fabbro*, and Riccardo Lazzeretti Anonymous Federated Learning via Named-Data Networking. Appeared at Elsevier Future Generation Computer Systems Journal in 2023.
Abstract: Federated Learning (FL) represents the de facto approach for distributed training of machine learning models. Nevertheless, researchers have identified several security and privacy FL issues. Among these, the lack of anonymity exposes FL to linkability attacks, representing a risk for model alteration and worker impersonation, where adversaries can explicitly select the attack target, knowing its identity. Named-Data Networking (NDN) is a novel networking paradigm that decouples the data from its location, anonymising the users. NDN embodies a suitable solution to ensure workers’ privacy in FL, thus fixing the abovementioned issues. However, several issues must be addressed to fit FL logic in NDN semantics, such as missing push-based communication in NDN and anonymous NDN naming convention. To this end, this paper contributes a novel anonymous-by-design FL framework with a customised communication protocol leveraging NDN. The proposed communication scheme encompasses an ad-hoc FL-oriented naming convention and anonymity-driven forwarding and enrollment procedures. The anonymity and privacy requirements considered during the framework definition are fully satisfied through a detailed analysis of the framework’s robustness. Moreover, we compare the proposed mechanism and state-of-the-art anonymity solutions, focusing on the communication efficiency perspective. The simulation results show latency and training time improvements up to 30%, especially when dealing with large models, numerous federations, and complex networks.
Access paper here.
Bibtex:
@article{AGIOLLO2024288,
title = {Anonymous Federated Learning via Named-Data Networking},
journal = {Future Generation Computer Systems},
volume = {152},
pages = {288-303},
year = {2024},
issn = {0167-739X},
doi = {https://doi.org/10.1016/j.future.2023.11.009},
url = {https://www.sciencedirect.com/science/article/pii/S0167739X23004144},
author = {Andrea Agiollo and Enkeleda Bardhi and Mauro Conti and Nicolò {Dal Fabbro} and Riccardo Lazzeretti},
keywords = {Federated learning, Anonymity, Named data networking, Privacy-preserving protocols, Next generation communication},
}
-
Andrea Agiollo*, Enkeleda Bardhi*, Mauro Conti, Riccardo Lazzeretti, Eleonora Losiouk, and Andrea Omicini GNN4IFA: Interest Flooding Attack Detection with Graph Neural Networks. Appeared in the IEEE 8th European Symposium on Security and Privacy (EuroS&P) in 2023.
Abstract: In the context of Information-Centric Networking, Interest Flooding Attacks (IFAs) represent a new and dangerous sort of distributed denial of service. Since existing proposals targeting IFAs mainly focus on local information, in this paper we propose GNN4IFA as the first mechanism exploiting complex non-local knowledge for IFA detection by leveraging Graph Neural Networks (GNNs) handling the overall network topology.In order to test GNN4IFA, we collect SPOTIFAI, a novel dataset filling the current lack of available IFA datasets by covering a variety of IFA setups, including ~40 heterogeneous scenarios over three network topologies. We show that GNN4IFA performs well on all tested topologies and setups, reaching over 99% detection rate along with a negligible false positive rate and small computational costs. Overall, GNN4IFA overcomes state-of-the-art detection mechanisms both in terms of raw detection and flexibility, and – unlike all previous solutions in the literature – also enables the transfer of its detection on network topologies different from the one used in its design phase.
Access paper here.
Bibtex:
@INPROCEEDINGS{10190497,
author={Agiollo, Andrea and Bardhi, Enkeleda and Conti, Mauro and Lazzeretti, Riccardo and Losiouk, Eleonora and Omicini, Andrea},
booktitle={2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)},
title={GNN4IFA: Interest Flooding Attack Detection With Graph Neural Networks},
year={2023},
volume={},
number={},
pages={615-630},
doi={10.1109/EuroSP57164.2023.00043}
}
-
Enkeleda Bardhi, Mauro Conti, Riccardo Lazzeretti, and Eleonora Losiouk Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey. Appeared in the IEEE Communications Surveys and Tutorials (COMST) in 2023
Abstract: Internet usage has changed from its first design. Hence, the current Internet must cope with some limitations, including performance degradation, availability of IP addresses, and multiple security and privacy issues. Nevertheless, to unsettle the current Internet's network layer i.e., Internet Protocol with ICN is a challenging, expensive task. It also requires worldwide coordination among Internet Service Providers , backbone, and Autonomous Services. Additionally, history showed that technology changes e.g., from 3G to 4G, from IPv4 to IPv6 are not immediate, and usually, the replacement includes a long coexistence period between the old and new technology. Similarly, we believe that the process of replacement of the current Internet will surely transition through the coexistence of IP and ICN. Although the tremendous amount of security and privacy issues of the current Internet taught us the importance of securely designing the architectures, only a few of the proposed architectures place the security-by-design. Therefore, this article aims to provide the first comprehensive Security and Privacy analysis of the state-of-the-art coexistence architectures. Additionally, it yields a horizontal comparison of security and privacy among three deployment approaches of IP and ICN protocol i.e., overlay, underlay, and hybrid and a vertical comparison among ten considered security and privacy features. As a result of our analysis, emerges that most of the architectures utterly fail to provide several SP features including data and traffic flow confidentiality, availability and communication anonymity. We believe this article draws a picture of the secure combination of current and future protocol stacks during the coexistence phase that the Internet will definitely walk across.
Access paper here.
Bibtex:
@ARTICLE{10182246,
author={Bardhi, Enkeleda and Conti, Mauro and Lazzeretti, Riccardo and Losiouk, Eleonora},
journal={IEEE Communications Surveys & Tutorials},
title={Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey},
year={2023},
volume={},
number={},
pages={1-1},
doi={10.1109/COMST.2023.3295182}
}
-
Enkeleda Bardhi, Mauro Conti, Riccardo Lazzeretti, Eleonora Losiouk, and Ahmed Taffal Sim2Testbed Transfer: NDN Performance Evaluation. Appeared in the International Conference on Availability, Reliability and Security (ARES) in 2022.
Abstract: The Internet model has changed from its first design, rolling from host-centric to information-centric. Consequently, researchers foresee the urge for a new network paradigm that will be more suitable for the need of nowadays users. Named-Data Networking (NDN) adheres to the Information-Centric Networking (ICN) paradigms that have been proposed as possible current Internet substitutes. New proposals concerning NDN-related challenges are released regularly. However, most of these proposals are evaluated using network simulations or theoretical analysis due to lacking a full-stack NDN testbed. Although valid, research has shown that simulation environments or proposed overlay testbeds disturb the experiments and introduce performance mismatches. Motivated by the shreds of evidence mentioned above, we propose a setup of an NDN testbed composed of Raspberry Pi devices. After that, we conduct performance analysis for crucial NDN features such as name-based forwarding, in-network caching, and data packet signing. Our experiments confirm the benefits of enabling caches in intermediate nodes. Furthermore, we compare different signing algorithms based on the producer’s goodput and processing time. Indeed, SHA-256 is confirmed as the most lightweight with 103 Mpbs goodput and 130 μs processing time. Nevertheless, a security and performance trade-off must be met. On the other hand, as research has demonstrated, such features can be exploited to compromise users’ privacy and degrade the network’s performance. Additionally, the attack performance might change while implemented in a real deployment. To validate such effects, we transfer two state-of-the-art privacy attacks from a simulation domain to a physical environment, i.e., our testbed. While one of the transferred attacks preserves the preciseness on the testbed, the other demonstrates result mismatches.
Access paper here.
Bibtex:
@inproceedings{bardhi2022sim2testbed,
title={Sim2Testbed Transfer: NDN Performance Evaluation},
author={Bardhi, Enkeleda and Conti, Mauro and Lazzeretti, Riccardo and Losiouk, Eleonora and Taffal, Ahmed},
booktitle={Proceedings of the 17th International Conference on Availability, Reliability and Security},
pages={1--9},
year={2022}
}
-
Enkeleda Bardhi, Mauro Conti, Riccardo Lazzeretti, and Eleonora Losiouk ICN PATTA: ICN Privacy Attack Thorugh Traffic Analysis. Appeared in the IEEE Conference on Local Computer Network (LCN) in 2021.
Abstract: PATTA is the first privacy attack based on network traffic analysis in Information-Centric Networking. PATTA aims to automatically identify the category of requested content by sniffing the communication towards the first hop router. PATTA applies text processing and machine learning techniques to content names in content-oriented architectures. We evaluate PATTA in a simulated network, achieving an accuracy in determining a real-time content category equal to 96%.
Access paper here.
Bibtex:
@inproceedings{bardhi2021icn,
title={ICN PATTA: ICN Privacy Attack Through Traffic Analysis},
author={Bardhi, Enkeleda and Conti, Mauro and Lazzeretti, Riccardo and Losiouk, Eleonora},
booktitle={2021 IEEE 46th Conference on Local Computer Networks (LCN)},
pages={443--446},
year={2021},
organization={IEEE}
}