Ahaan Dabholkar

Joshua C. Zhao, Ahaan Dabholkar, Atul Sharma et al.

Federated learning is a decentralized learning paradigm introduced to preserve privacy of client data. Despite this, prior work has shown that an attacker at the server can still reconstruct the private training data using only the client updates. These attacks are known as data reconstruction attacks and fall into two major categories: gradient inversion (GI) and linear layer leakage attacks (LLL). However, despite demonstrating the effectiveness of these attacks in breaching privacy, prior work has not investigated the usefulness of the reconstructed data for downstream tasks. In this work, we explore data reconstruction attacks through the lens of training and improving models with leaked data. We demonstrate the effectiveness of both GI and LLL attacks in maliciously training models using the leaked data more accurately than a benign federated learning strategy. Counter-intuitively, this bump in training quality can occur despite limited reconstruction quality or a small total number of leaked images. Finally, we show the limitations of these attacks for downstream training, individually for GI attacks and for LLL attacks.

Ahaan Dabholkar, Sourya Kakarla, Dhiman Saha

Numerous studies have shown that streaming is now the most preferred way of consuming multimedia content and this is evidenced by the proliferation in the number of streaming service providers as well as the exponential growth in their subscriber base. Riding on the advancements in low cost electronics, high speed communication and extremely cheap data, Over-The-Top (OTT) music streaming is now the norm in the music industry and is worth millions of dollars. This is especially true in India where major players offer the so called freemium models which have active monthly user bases running in to the millions. These services namely, Gaana, Airtel Wynk and JioSaavn attract a significantly bigger audience than their 100% subscription based peers like Amazon Prime Music, Apple Music etc. Given their ubiquity and market dominance, it is pertinent to do a systematic analysis of these platforms so as to ascertain their potential as hotbeds of piracy. This work investigates the resilience of the content protection systems of the four biggest music streaming services (by subscriber base) from India, namely Airtel Wynk, Ganna, JioSaavn and Hungama. By considering the Digital Rights Management (DRM) system employed by Spotify as a benchmark, we analyse the security of these platforms by attempting to steal the streamed content efficiently. Finally, we present a holistic overview of the flaws in their security mechanisms and discuss possible mitigation strategies. To the best of our knowledge, this work constitutes the first attempt to analyze security of OTT music services from India. Our results further confirm the time tested belief that security through obscurity is not a long term solution and leaves such platforms open to piracy and a subsequent loss of revenue for all the stakeholders.