Thien Duc Nguyen scite author profile

Thien Duc Nguyen

4Publications

64Citation Statements Received

97Citation Statements Given

How they've been cited

How they cite others

Affiliations

Technical University of Darmstadt

Publications

Order By: Most citations

DeepSight: Mitigating Backdoor Attacks in Federated Learning Through Deep Model Inspection

Rieger¹,

Nguyen²,

Miettinen³

et al. 2022

View full text Add to dashboard Cite

Federated Learning (FL) allows multiple clients to collaboratively train a Neural Network (NN) model on their private data without revealing the data. Recently, several targeted poisoning attacks against FL have been introduced. These attacks inject a backdoor into the resulting model that allows adversarycontrolled inputs to be misclassified. Existing countermeasures against backdoor attacks are inefficient and often merely aim to exclude deviating models from the aggregation. However, this approach also removes benign models of clients with deviating data distributions, causing the aggregated model to perform poorly for such clients.To address this problem, we propose DeepSight, a novel model filtering approach for mitigating backdoor attacks. It is based on three novel techniques that allow to characterize the distribution of data used to train model updates and seek to measure finegrained differences in the internal structure and outputs of NNs. Using these techniques, DeepSight can identify suspicious model updates. We also develop a scheme that can accurately cluster model updates. Combining the results of both components, DeepSight is able to identify and eliminate model clusters containing poisoned models with high attack impact. We also show that the backdoor contributions of possibly undetected poisoned models can be effectively mitigated with existing weight clippingbased defenses. We evaluate the performance and effectiveness of DeepSight and show that it can mitigate state-of-the-art backdoor attacks with a negligible impact on the model's performance on benign data.

show abstract

Mind the GAP: Security & Privacy Risks of Contact Tracing Apps

Baumgärtner¹,

Dmitrienko²,

Freisleben³

et al. 2020

Preprint

View full text Add to dashboard Cite

Contact tracing apps running on mobile devices promise to reduce the manual effort required for identifying infection chains and to increase the tracing accuracy in the presence of COVID-19. Since the beginning of the pandemic, several contract tracing apps have been proposed or deployed in practice by academia or academic-industrial consortia. While some of them rely on centralized approaches and bear high privacy risks, others are based on decentralized approaches aimed at addressing user privacy aspects. Google and Apple announced their joint effort of providing an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy, the so-called "Google/Apple Proposal", which we abbreviate by "GAP". The contact tracing feature seems to become an opt-in feature in mobile devices running iOS or Android. Some countries have already decided or are planning to base their contact tracing apps on GAP 1 .Several researchers have pointed out potential privacy and security risks related to most of the contact tracing approaches proposed until now, including those that claim privacy protection and are based on GAP. However, the question remains as how realistic these risks are. This report makes a first attempt towards providing empirical evidence in real-world scenarios for two such risks discussed in the literature: one concerning privacy, and the other one concerning security. In particular, we focus on a practical analysis of GAP, given that it is the foundation of several tracing apps, including apps such as the Swiss SwissCOVID, the Italian Immuni, and the German Corona-Warn-App. We demonstrate that in real-world scenarios the current GAP design is vulnerable to (i) profiling and possibly de-anonymizing infected persons, and (ii) relay-based wormhole attacks that principally can generate fake contacts with the potential of significantly affecting the accuracy of an app-based contact tracing system. For both types of attack, we have built tools that can be easily used on mobile phones or Raspberry Pis (e.g., Bluetooth sniffers). We hope that our findings provide valuable input in the process of testing and certifying contact tracing apps, e.g., as planned for the German Corona-Warn-App, ultimately guiding improvements for secure and privacypreserving design and implementation of digital contact tracing systems.

show abstract

Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges

Nguyen

Miettinen

Dmitrienko³

et al. 2024

IEEE Trans. Emerg. Topics Comput.

View full text Add to dashboard Cite

Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges

Nguyen¹,

Miettinen²,

Dmitrienko³

et al. 2022

Preprint

View full text Add to dashboard Cite

The COVID-19 pandemic has caused many countries to deploy novel digital contact tracing (DCT) systems to boost the efficiency of manual tracing of infection chains. In this paper, we systematically analyze DCT solutions and categorize them based on their design approaches and architectures. We analyze them with regard to effectiveness, security, privacy and ethical aspects and compare prominent solutions with regard to these requirements. In particular, we discuss shortcomings of the Google and Apple Exposure Notification API (GAEN) that is currently widely adopted all over the world. We find that the security and privacy of GAEN has considerable deficiencies as it can be compromised by severe large-scale attacks.We also discuss other proposed approaches for contact tracing, including our proposal TRACECORONA, that are based on Diffie-Hellman (DH) key exchange and aim at tackling shortcomings of existing solutions. Our extensive analysis shows that TRACECORONA fulfills the above security requirements better than deployed state-of-the-art approaches. We have implemented TRACECORONA and its beta test version has been used by more than 2000 users without any major functional problems 1 , demonstrating that there are no technical reasons requiring to make compromises with regard to the requirements of DCT approaches.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Thien Duc Nguyen

DeepSight: Mitigating Backdoor Attacks in Federated Learning Through Deep Model Inspection

Mind the GAP: Security & Privacy Risks of Contact Tracing Apps

Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges

Digital Contact Tracing Solutions: Promises, Pitfalls and Challenges

Contact Info

Product

Resources

About