Showing total 60 results

1. Code-based signatures from new proofs of knowledge for the syndrome decoding problem

Author

Loïc Bidoux, Philippe Gaborit, Mukul Kulkarni, and Victor Mateu

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Applied Mathematics, Cryptography and Security (cs.CR), Computer Science Applications

Abstract

In this paper, we study code-based signatures constructed from Proof of Knowledge (PoK). This line of work can be traced back to Stern who introduces the first efficient PoK for the syndrome decoding problem in 1993. Afterward, different variations were proposed in order to reduce signature's size. In practice, obtaining a smaller signature size relies on the interaction of two main considerations: (i) the underlying protocol and its soundness error and (ii) the type of optimizations which are compatible with a given protocol. Over the years, different variations were proposed to improve the Stern scheme such as the Veron scheme (with public key a noisy codeword rather than a syndrome), the AGS scheme which is a 5-pass protocol with cheating probability asymptotically equal to 1/2 and more recently the FJR approach which permits to decrease the cheating probability to 1/N but induces a performance overhead. Overall the length of the signature depends on a trade-off between: the scheme in itself, the possible optimizations and the cost of the implementation. The recent approaches which increase the cost of the implementation opens the door to many different type of trade-offs. In this paper we propose three new schemes and different trade-offs, which are all interesting in themselves, since depending on potential future optimizations a scheme may eventually become more efficient than another. All the schemes we propose use a trusted helper: a first scheme permits to get a 1/2 cheating probability, a second scheme permits to decrease the cheating probability in 1/N but with a different approach than the recent FJR scheme and at last a third scheme propose a Veron-like adaptation of the FJR scheme in which the public key is a noisy codeword rather than a syndrome. We provide an extensive comparison table which lists various trade-offs between our schemes and previous ones.

Published

2022

2. Two Standard Decks of Playing Cards are Sufficient for a ZKP for Sudoku

Author

Suthee Ruangwises

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, Hardware and Architecture, Cryptography and Security (cs.CR), Software, Theoretical Computer Science

Abstract

Sudoku is a famous logic puzzle where the player has to fill a number between 1 and 9 into each empty cell of a $9 \times 9$ grid such that every number appears exactly once in each row, each column, and each $3 \times 3$ block. In 2020, Sasaki et al. developed a physical card-based protocol of zero-knowledge proof (ZKP) for Sudoku, which enables a prover to convince a verifier that he/she knows a solution of the puzzle without revealing it. Their protocol uses 90 cards, but requires nine identical copies of some cards, which cannot be found in a standard deck of playing cards (consisting of 52 different cards and two jokers). Hence, nine identical standard decks are required to perform that protocol, making the protocol not very practical. In this paper, we propose a new ZKP protocol for Sudoku that can be performed using only two standard decks of playing cards, regardless of whether the two decks are identical or different. In general, we also develop the first ZKP protocol for a generalized $n \times n$ Sudoku that can be performed using a deck of all different cards., Comment: A shortened version of this paper has appeared at COCOON 2021

Published

2022

3. Statistical inference attack against PHY-layer key extraction and countermeasures

Author

Tao Shu, Huirong Fu, and Rui Zhu

Subjects

FOS: Computer and information sciences, 021110 strategic, defence & security studies, Computer Science - Cryptography and Security, Computer Networks and Communications, business.industry, Computer science, 0211 other engineering and technologies, Physical layer, Inference, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Information security, computer.software_genre, Least significant bit, 0202 electrical engineering, electronic engineering, information engineering, Statistical inference, Wireless, Data mining, Electrical and Electronic Engineering, business, Cryptography and Security (cs.CR), computer, Information Systems, Communication channel

Abstract

The establishment of secure secret keys ahead of transmissions is one of the key issues in the field of information security. The security of traditional cryptographic secret key establishment mechanisms is seriously challenged by computing-intensive attacks, with the fast growth of high-performance computing. As an alternative, considerable efforts have been made to develop physical (PHY) layer security measures in recent years, such as link-signature-based (LSB) secret key extraction techniques. Those mechanisms have been believed secure, based on the fundamental assumption that wireless signals received at two locations are uncorrelated when separated by more than half a wavelength. However, this assumption does not hold in some circumstances under latest observations, rendering LSB key extraction mechanisms vulnerable to attacks. To address this problem, the formal theoretical analysis on channel correlations in both real indoor and outdoor environments is provided in this paper. Moreover, this paper proposes empirical statistical inference attacks (SIA) against LSB key extraction, whereby an adversary infers the signature of a target link. Consequently, the secret key extracted from that signature has been recovered by observing the surrounding links. In contrast to prior literature that assumes theoretical link-correlation models for the inference, our study does not make any assumption on link correlation. Instead, we employ machine learning (ML) methods for link inference based on empirically measured link signatures. We further propose a countermeasure against the SIAs, called forward-backward cooperative key extraction protocol with helpers (FBCH). In the FBCH, helpers (other trusted wireless nodes) are introduced to provide more randomness in the key extraction. Our experimental results have shown that the proposed inference methods are still quite effective even without making assumptions on link correlation. Furthermore, the effectiveness of the proposed FBCH protocol is validated by our experiment results.

Published

2021

4. Real-time monitoring as a supplementary security component of vigilantism in modern network environments

Author

Richard Adeyemi Ikuesan, Nickson M. Karie, and Victor R. Kebande

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, Computer science, 02 engineering and technology, Plan (drawing), Real-time monitoring, Electrical Engineering, Electronic Engineering, Information Engineering, Cyber security, Computer security, computer.software_genre, 03 medical and health sciences, 0302 clinical medicine, Vigilantism, Artificial Intelligence, Component (UML), 0202 electrical engineering, electronic engineering, information engineering, Network environments, Concrete security, Relevance (information retrieval), Issues and challenges, 030216 legal & forensic medicine, Electrical and Electronic Engineering, Elektroteknik och elektronik, Set (psychology), Scope (project management), Applied Mathematics, Complex network, Computer Science Applications, Computational Theory and Mathematics, Implementation, Preparedness, 020201 artificial intelligence & image processing, Cryptography and Security (cs.CR), computer, Information Systems

Abstract

The phenomenon of network vigilantism is autonomously attributed to how anomalies and obscure activities from adversaries can be tracked in realtime. Needless to say, in today dynamic, virtualized, and complex network environments, it has become undeniably necessary for network administrators, analysts as well as engineers to practice network vigilantism, on traffic as well as other network events in real-time. The reason is to understand the exact security posture of an organization network environment at any given time. This is driven by the fact that modern network environments do, not only present new opportunities to organizations but also a different set of new and complex cybersecurity challenges that need to be resolved daily. The growing size, scope, complexity, and volume of networked devices in our modern network environments also makes it hard even for the most experienced network administrators to independently provide the breadth and depth of knowledge needed to oversee or diagnose complex network problems. Besides, with the growing number of Cyber Security Threats in the world today, many organizations have been forced to change the way they plan, develop and implement cybersecurity strategies as a way to reinforce their ability to respond to cybersecurity incidents. This paper, therefore, examines the relevance of RealTime Monitoring (RTM) as a supplementary security component of vigilantism in modern network environments, more especially for proper planning, preparedness, and mitigation in case of a cybersecurity incident. Additionally, this paper also investigates some of the key issues and challenges surrounding the implementation of RTM for security vigilantism in our modern network environments., 13 pages

Published

2020

5. CoSec-RPL: detection of copycat attacks in RPL based 6LoWPANs using outlier analysis

Author

Virender Ranga and Abhishek Verma

Subjects

Networking and Internet Architecture (cs.NI), FOS: Computer and information sciences, Routing protocol, Computer Science - Cryptography and Security, business.industry, Network packet, Computer science, Node (networking), ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020302 automobile design & engineering, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Intrusion detection system, IPv6, Computer Science - Networking and Internet Architecture, 0203 mechanical engineering, 0202 electrical engineering, electronic engineering, information engineering, Overhead (computing), Anomaly detection, Electrical and Electronic Engineering, business, Cryptography and Security (cs.CR), Computer network

Abstract

The IPv6 routing protocol for low-power and lossy networks (RPL) is the standard routing protocol for IPv6 based low-power wireless personal area networks (6LoWPANs). In RPL protocol, DODAG information object (DIO) messages are used to disseminate routing information to other nodes in the network. A malicious node may eavesdrop DIO messages of its neighbor nodes and later replay the captured DIO many times with fixed intervals. In this paper, we present and investigate one of the severe attacks named as a non-spoofed copycat attack, a type of replay based DoS attack against RPL protocol. It is shown that the non-spoofed copycat attack increases the average end-to-end delay (AE2ED) and packet delivery ratio of the network. Thus, to address this problem, an intrusion detection system (IDS) named CoSec-RPL is proposed in this paper. The attack detection logic of CoSec-RPL is primarily based on the idea of outlier detection (OD). CoSec-RPL significantly mitigates the effects of the non-spoofed copycat attack on the network's performance. The effectiveness of the proposed IDS is compared with the standard RPL protocol. The experimental results indicate that CoSec-RPL detects and mitigates non-spoofed copycat attack efficiently in both static and mobile network scenarios without adding any significant overhead to the nodes. To the best of our knowledge, CoSec-RPL is the first RPL specific IDS that utilizes OD for intrusion detection in 6LoWPANs.

Published

2020

6. A blockchain-based secure storage scheme for medical information

Author

Zhijie Sun, Dezhi Han, Dun Li, Xiangsheng Wang, Chin-Chen Chang, and Zhongdai Wu

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, Signal Processing, Cryptography and Security (cs.CR), Computer Science Applications

Abstract

Medical data involves a large amount of personal information and is highly privacy sensitive. In the age of big data, the increasing informatization of healthcare makes it vital that medical information is stored securely and accurately. However, current medical information is subject to the risk of privacy leakage and difficult to share. To address these issues, this paper proposes a healthcare information security storage solution based on Hyperledger Fabric and the Attribute-Based Access Control (ABAC) framework. The scheme first utilizes attributebased access control, which allows dynamic and fine-grained access to medical information, and then stores the medical information in the blockchain, which can be secured and tamperproof by formulating corresponding smart contracts. In addition, this solution also incorporates IPFS technology to relieve the storage pressure of the blockchain. Experiments show that the proposed scheme combining access control of attributes and blockchain technology in this paper can not only ensure the secure storage and integrity of medical information but also has a high throughput when accessing medical information.

Published

2022

7. On the near prime-order MNT curves

Author

Duc-Phong Le, Nadia El Mrabet, Safia Haloui, and Chik How Tan

Subjects

FOS: Computer and information sciences, Discrete mathematics, Computer Science - Cryptography and Security, Algebra and Number Theory, Degree (graph theory), Applied Mathematics, 020206 networking & telecommunications, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Elliptic curve, 010201 computation theory & mathematics, Theory of computation, 0202 electrical engineering, electronic engineering, information engineering, Embedding, Cryptography and Security (cs.CR), SIMPLE algorithm, Mathematics

Abstract

In their seminar paper, Miyaji, Nakabayashi and Takano introduced the first method to construct families of prime-order elliptic curves with small embedding degrees, namely k = 3, 4, and 6. These curves, so-called MNT curves, were then extended by Scott and Barreto, and also Galbraith, McKee and Valenca to near prime-order curves with the same embedding degrees. In this paper, we extend the method of Scott and Barreto to introduce an explicit and simple algorithm that is able to generate all families of MNT curves with any given cofactor. Furthermore, we analyze the number of potential families of these curves that could be obtained for a given embedding degree $k$ and a cofactor h. We then discuss the generalized Pell equations that allow us to construct particular curves. Finally, we provide statistics of the near prime-order MNT curves., Comment: 15 pages

Published

2018

8. Cooperative distributed state estimation: resilient topologies against smart spoofers

Author

Safi, Mostafa

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Control and Optimization, Control and Systems Engineering, FOS: Electrical engineering, electronic engineering, information engineering, Aerospace Engineering, Systems and Control (eess.SY), Cryptography and Security (cs.CR), Electrical Engineering and Systems Science - Systems and Control, Computer Science::Cryptography and Security

Abstract

A network of observers is considered, where through asynchronous (with bounded delay) communications, they cooperatively estimate the states of a Linear Time-Invariant (LTI) system. In such a setting, a new type of adversary might affect the observation process by impersonating the identity of the regular node, which is a violation of communication authenticity. These adversaries also inherit the capabilities of Byzantine nodes, making them more powerful threats called smart spoofers. We show how asynchronous networks are vulnerable to smart spoofing attack. In the estimation scheme considered in this paper, information flows from the sets of source nodes, which can detect a portion of the state variables each, to the other follower nodes. The regular nodes, to avoid being misguided by the threats, distributively filter the extreme values received from the nodes in their neighborhood. Topological conditions based on strong robustness are proposed to guarantee the convergence. Two simulation scenarios are provided to verify the results.

Published

2022

9. The $$k$$ -error linear complexity distribution for $$2^n$$ -periodic binary sequences

Author

Jianqin Zhou and Wanquan Liu

Subjects

FOS: Computer and information sciences, Discrete mathematics, Sequence, Linear complexity, Computer Science - Cryptography and Security, business.industry, Applied Mathematics, Sieve (category theory), Periodic sequence, Binary number, Cryptography, Computer Science Applications, Combinatorics, Distribution (mathematics), Key (cryptography), business, Cryptography and Security (cs.CR), Mathematics

Abstract

The linear complexity and the $k$-error linear complexity of a sequence have been used as important security measures for key stream sequence strength in linear feedback shift register design. By studying the linear complexity of binary sequences with period $2^n$, one could convert the computation of $k$-error linear complexity into finding error sequences with minimal Hamming weight. Based on Games-Chan algorithm, the $k$-error linear complexity distribution of $2^n$-periodic binary sequences is investigated in this paper. First, for $k=2,3$, the complete counting functions on the $k$-error linear complexity of $2^n$-periodic balanced binary sequences (with linear complexity less than $2^n$) are characterized. Second, for $k=3,4$, the complete counting functions on the $k$-error linear complexity of $2^n$-periodic binary sequences with linear complexity $2^n$ are presented. Third, as a consequence of these results, the counting functions for the number of $2^n$-periodic binary sequences with the $k$-error linear complexity for $k = 2$ and 3 are obtained. Further more, an important result in a recent paper is proved to be not completely correct.

Published

2013

10. AFIA: ATPG-Guided Fault Injection Attack on Secure Logic Locking

Author

Yadi Zhong, Ayush Jain, M. Tanjidur Rahman, Navid Asadizanjani, Jiafeng Xie, and Ujjwal Guin

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Hardware_PERFORMANCEANDRELIABILITY, Electrical and Electronic Engineering, Cryptography and Security (cs.CR)

Abstract

The outsourcing of the design and manufacturing of integrated circuits has raised severe concerns about the piracy of Intellectual Properties and illegal overproduction. Logic locking has emerged as an obfuscation technique to protect outsourced chip designs, where the circuit netlist is locked and can only be functional once a secure key is programmed. However, Boolean Satisfiability-based attacks have shown to break logic locking, simultaneously motivating researchers to develop more secure countermeasures. In this paper, we present a novel fault injection attack to break any locking technique that relies on a stored secret key, and denote this attack as AFIA, ATPG-guided Fault Injection Attack. The proposed attack is based on sensitizing a key bit to the primary output while injecting faults at a few other key lines that block the propagation of the targeted key bit. AIFA is very effective in determining a key bit as there exists a stuck-at fault pattern that detects a stuck-at 1 (or stuck-at 0) fault at any key line. The average complexity of number of injected faults for AFIA is linear with the key size and requires only |K| test patterns to determine a secret key, K. AFIA requires a fewer number of injected faults to sensitize a bit to the primary output, compared to 2|K|-1 faults for the differential fault analysis attack [26]., arXiv admin note: text overlap with arXiv:2007.10512

Published

2022

11. DHSA: efficient doubly homomorphic secure aggregation for cross-silo federated learning

Author

Zizhen Liu, Si Chen, Jing Ye, Junfeng Fan, Huawei Li, and Xiaowei Li

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Hardware and Architecture, Cryptography and Security (cs.CR), Software, Information Systems, Theoretical Computer Science

Abstract

Secure aggregation is widely used in horizontal Federated Learning (FL), to prevent leakage of training data when model updates from data owners are aggregated. Secure aggregation protocols based on Homomorphic Encryption (HE) have been utilized in industrial cross-silo FL systems, one of the settings involved with privacy-sensitive organizations such as financial or medical, presenting more stringent requirements on privacy security. However, existing HE-based solutions have limitations in efficiency and security guarantees against colluding adversaries without a Trust Third Party. This paper proposes an efficient Doubly Homomorphic Secure Aggregation (DHSA) scheme for cross-silo FL, which utilizes multi-key Homomorphic Encryption (MKHE) and seed homomorphic pseudorandom generator (SHPRG) as cryptographic primitives. The application of MKHE provides strong security guarantees against up to $N-2$ participates colluding with the aggregator, with no TTP required. To mitigate the large computation and communication cost of MKHE, we leverage the homomorphic property of SHPRG to replace the majority of MKHE computation by computationally-friendly mask generation from SHPRG, while preserving the security. Overall, the resulting scheme satisfies the stringent security requirements of typical cross-silo FL scenarios, at the same time providing high computation and communication efficiency for practical usage. We experimentally demonstrate our scheme brings a speedup to 20$\times$ over the state-of-the-art HE-based secure aggregation, and reduces the traffic volume to approximately 1.5$\times$ inflation over the plain learning setting., 34 pages, 6 figures

Published

2022

12. IPatch: a remote adversarial patch

Author

Yisroel Mirsky

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Networks and Communications, Computer Vision and Pattern Recognition (cs.CV), Computer Science - Computer Vision and Pattern Recognition, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, Machine Learning (cs.LG), Artificial Intelligence (cs.AI), Artificial Intelligence, Cryptography and Security (cs.CR), Software, Information Systems

Abstract

Applications such as autonomous vehicles and medical screening use deep learning models to localize and identify hundreds of objects in a single frame. In the past, it has been shown how an attacker can fool these models by placing an adversarial patch within a scene. However, these patches must be placed in the target location and do not explicitly alter the semantics elsewhere in the image. In this paper, we introduce a new type of adversarial patch which alters a model’s perception of an image’s semantics. These patches can be placed anywhere within an image to change the classification or semantics of locations far from the patch. We call this new class of adversarial examples ‘remote adversarial patches’ (RAP). We implement our own RAP called IPatch and perform an in-depth analysis on without pixel clipping on image segmentation RAP attacks using five state-of-the-art architectures with eight different encoders on the CamVid street view dataset. Moreover, we demonstrate that the attack can be extended to object recognition models with preliminary results on the popular YOLOv3 model. We found that the patch can change the classification of a remote target region with a success rate of up to 93% on average.

Published

2023

13. Reliable detection of compressed and encrypted data

Author

Fabio De Gaspari, Dorjan Hitaj, Giulio Pagnotta, Lorenzo De Carli, and Luigi V. Mancini

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, Computer Science - Cryptography and Security, Artificial Intelligence, Cryptography and Security (cs.CR), Software, Machine Learning (cs.LG)

Abstract

Several cybersecurity domains, such as ransomware detection, forensics and data analysis, require methods to reliably identify encrypted data fragments. Typically, current approaches employ statistics derived from byte-level distribution, such as entropy estimation, to identify encrypted fragments. However, modern content types use compression techniques which alter data distribution pushing it closer to the uniform distribution. The result is that current approaches exhibit unreliable encryption detection performance when compressed data appears in the dataset. Furthermore, proposed approaches are typically evaluated over few data types and fragment sizes, making it hard to assess their practical applicability. This paper compares existing statistical tests on a large, standardized dataset and shows that current approaches consistently fail to distinguish encrypted and compressed data on both small and large fragment sizes. We address these shortcomings and design EnCoD, a learning-based classifier which can reliably distinguish compressed and encrypted data. We evaluate EnCoD on a dataset of 16 different file types and fragment sizes ranging from 512B to 8KB. Our results highlight that EnCoD outperforms current approaches by a wide margin, with accuracy ranging from ~82 for 512B fragments up to ~92 for 8KB data fragments. Moreover, EnCoD can pinpoint the exact format of a given data fragment, rather than performing only binary classification like previous approaches., Comment: 12 pages, 8 figures. arXiv admin note: substantial text overlap with arXiv:2010.07754

Published

2022

14. The sum of its parts: Analysis of federated byzantine agreement systems

Author

Martin Florian, Sebastian Henningsen, Charmaine Ndolo, and Björn Scheuermann

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing, Computational Theory and Mathematics, Computer Networks and Communications, Hardware and Architecture, Distributed, Parallel, and Cluster Computing (cs.DC), Cryptography and Security (cs.CR), Theoretical Computer Science

Abstract

Federated Byzantine Agreement Systems (FBASs) are a fascinating new paradigm in the context of consensus protocols. Originally proposed for powering the Stellar payment network, FBASs can instantiate Byzantine quorum systems without requiring out-of-band agreement on a common set of validators; every node is free to decide for itself with whom it requires agreement. Sybil-resistant and yet energy-efficient consensus protocols can therefore be built upon FBASs, and the “decentrality” possible with the FBAS paradigm might be sufficient to reduce the use of environmentally unsustainable proof-of-work protocols. In this paper, we first demonstrate how the robustness of individual FBASs can be determined, by precisely determining their safety and liveness buffers and therefore enabling a comparison with threshold-based quorum systems. Using simulations and example node configuration strategies, we then empirically investigate the hypothesis that while FBASs can be bootstrapped in a bottom-up fashion from individual preferences, strategic considerations should additionally be applied by node operators in order to arrive at FBASs that are robust and amenable to monitoring. Finally, we investigate the reported “open-membership” property of FBASs. We observe that an often small group of nodes is exclusively relevant for determining liveness buffers and prove that membership in this top tier is conditional on the approval by current top tier nodes if maintaining safety is a core requirement.

Published

2022

15. A privacy-preserving model based on differential approach for sensitive data in cloud environment

Author

Singh, Ashutosh Kumar and Gupta, Rishabh

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, Hardware and Architecture, Media Technology, Cryptography and Security (cs.CR), Software

Abstract

A large amount of data and applications need to be shared with various parties and stakeholders in the cloud environment for storage, computation, and data utilization. Since a third party operates the cloud platform, owners cannot fully trust this environment. However, it has become a challenge to ensure privacy preservation when sharing data effectively among different parties. This paper proposes a novel model that partitions data into sensitive and non-sensitive parts, injects the noise into sensitive data, and performs classification tasks using k-anonymization, differential privacy, and machine learning approaches. It allows multiple owners to share their data in the cloud environment for various purposes. The model specifies communication protocol among involved multiple untrusted parties to process owners data. The proposed model preserves actual data by providing a robust mechanism. The experiments are performed over Heart Disease, Arrhythmia, Hepatitis, Indian-liver-patient, and Framingham datasets for Support Vector Machine, K-Nearest Neighbor, Random Forest, Naive Bayes, and Artificial Neural Network classifiers to compute the efficiency in terms of accuracy, precision, recall, and F1-score of the proposed model. The achieved results provide high accuracy, precision, recall, and F1-score up to 93.75%, 94.11%, 100%, and 87.99% and improvement up to 16%, 29%, 12%, and 11%, respectively, compared to previous works.

Published

2022

16. Student assessment in cybersecurity training automated by pattern mining and clustering

Author

Valdemar Švábenský, Jan Vykopal, Pavel Čeleda, Kristián Tkáčik, and Daniel Popovič

Subjects

FOS: Computer and information sciences, Computer Science - Computers and Society, Computer Science - Machine Learning, Computer Science - Cryptography and Security, K.3, Computers and Society (cs.CY), Library and Information Sciences, Cryptography and Security (cs.CR), Machine Learning (cs.LG), cybersecurity education, security training, data science, educational data mining, learning analytics, Education

Abstract

Hands-on cybersecurity training allows students and professionals to practice various tools and improve their technical skills. The training occurs in an interactive learning environment that enables completing sophisticated tasks in full-fledged operating systems, networks, and applications. During the training, the learning environment allows collecting data about trainees' interactions with the environment, such as their usage of command-line tools. These data contain patterns indicative of trainees' learning processes, and revealing them allows to assess the trainees and provide feedback to help them learn. However, automated analysis of these data is challenging. The training tasks feature complex problem-solving, and many different solution approaches are possible. Moreover, the trainees generate vast amounts of interaction data. This paper explores a dataset from 18 cybersecurity training sessions using data mining and machine learning techniques. We employed pattern mining and clustering to analyze 8834 commands collected from 113 trainees, revealing their typical behavior, mistakes, solution strategies, and difficult training stages. Pattern mining proved suitable in capturing timing information and tool usage frequency. Clustering underlined that many trainees often face the same issues, which can be addressed by targeted scaffolding. Our results show that data mining methods are suitable for analyzing cybersecurity training data. Educational researchers and practitioners can apply these methods in their contexts to assess trainees, support them, and improve the training design. Artifacts associated with this research are publicly available., Published in Springer Education and Information Technologies, see https://link.springer.com/article/10.1007/s10639-022-10954-4

Published

2022

17. Free gap estimates from the exponential mechanism, sparse vector, noisy max and related algorithms

Author

Zeyu Ding, Yuxin Wang, Yingtai Xiao, Guanhong Wang, Danfeng Zhang, and Daniel Kifer

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Science - Databases, Hardware and Architecture, Databases (cs.DB), Cryptography and Security (cs.CR), Information Systems

Abstract

Private selection algorithms, such as the Exponential Mechanism, Noisy Max and Sparse Vector, are used to select items (such as queries with large answers) from a set of candidates, while controlling privacy leakage in the underlying data. Such algorithms serve as building blocks for more complex differentially private algorithms. In this paper we show that these algorithms can release additional information related to the gaps between the selected items and the other candidates for free (i.e., at no additional privacy cost). This free gap information can improve the accuracy of certain follow-up counting queries by up to 66%. We obtain these results from a careful privacy analysis of these algorithms. Based on this analysis, we further propose novel hybrid algorithms that can dynamically save additional privacy budget., Comment: arXiv admin note: substantial text overlap with arXiv:1904.12773

Published

2022

18. A post-quantum key exchange protocol from the intersection of quadric surfaces

Author

Daniele Di Tullio and Manoj Gyawali

Subjects

FOS: Computer and information sciences, Mathematics - Algebraic Geometry, Mathematics::Algebraic Geometry, Computer Science - Cryptography and Security, Hardware and Architecture, FOS: Mathematics, Cryptography and Security (cs.CR), Algebraic Geometry (math.AG), Software, Computer Science::Cryptography and Security, Information Systems, Theoretical Computer Science

Abstract

In this paper we present a key exchange protocol in which Alice and Bob have secret keys given by quadric surfaces embedded in a large ambient space by means of the Veronese embedding and public keys given by hyperplanes containing the embedded quadrics. Both of them reconstruct the isomorphism class of the intersection which is a curve of genus 1, which is uniquely determined by the $j$-invariant. An eavesdropper, to find this $j$-invariant, has to solve problems which are conjecturally quantum resistant., 20 pages, no figures

Published

2023

19. Generative adversarial networks and image-based malware classification

Author

Huy Nguyen, Fabio Di Troia, Genya Ishigaki, and Mark Stamp

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, ComputingMethodologies_PATTERNRECOGNITION, Computer Science - Cryptography and Security, Computational Theory and Mathematics, Hardware and Architecture, Computer Science (miscellaneous), Cryptography and Security (cs.CR), Software, Machine Learning (cs.LG)

Abstract

For efficient malware removal, determination of malware threat levels, and damage estimation, malware family classification plays a critical role. In this paper, we extract features from malware executable files and represent them as images using various approaches. We then focus on Generative Adversarial Networks (GAN) for multiclass classification and compare our GAN results to other popular machine learning techniques, including Support Vector Machine (SVM), XGBoost, and Restricted Boltzmann Machines (RBM). We find that the AC-GAN discriminator is generally competitive with other machine learning techniques. We also evaluate the utility of the GAN generative model for adversarial attacks on image-based malware detection. While AC-GAN generated images are visually impressive, we find that they are easily distinguished from real malware images using any of several learning techniques. This result indicates that our GAN generated images would be of little value in adversarial attacks.

Published

2023

20. Adversarial example detection for DNN models: a review and experimental comparison

Author

Ahmed Aldahdooh, Wassim Hamidouche, Sid Ahmed Fezza, Olivier Déforges, Institut d'Electronique et de Télécommunications de Rennes (IETR), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Ecole Supérieure d'Electricité - SUPELEC (FRANCE)-Centre National de la Recherche Scientifique (CNRS), National Institute of Telecommunications and ICT, and The Project is funded by both Région Bretagne (Brittany region), France, and direction générale de l’armement (DGA).

Subjects

FOS: Computer and information sciences, Linguistics and Language, Computer Science - Cryptography and Security, Artificial Intelligence, Computer Vision and Pattern Recognition (cs.CV), Computer Science - Computer Vision and Pattern Recognition, Cryptography and Security (cs.CR), Language and Linguistics, [INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI]

Abstract

Deep learning (DL) has shown great success in many human-related tasks, which has led to its adoption in many computer vision based applications, such as security surveillance systems, autonomous vehicles and healthcare. Such safety-critical applications have to draw their path to success deployment once they have the capability to overcome safety-critical challenges. Among these challenges are the defense against or/and the detection of the adversarial examples (AEs). Adversaries can carefully craft small, often imperceptible, noise called perturbations to be added to the clean image to generate the AE. The aim of AE is to fool the DL model which makes it a potential risk for DL applications. Many test-time evasion attacks and countermeasures,i.e., defense or detection methods, are proposed in the literature. Moreover, few reviews and surveys were published and theoretically showed the taxonomy of the threats and the countermeasure methods with little focus in AE detection methods. In this paper, we focus on image classification task and attempt to provide a survey for detection methods of test-time evasion attacks on neural network classifiers. A detailed discussion for such methods is provided with experimental results for eight state-of-the-art detectors under different scenarios on four datasets. We also provide potential challenges and future perspectives for this research direction., Comment: Accepted and published in Artificial Intelligence Review journal

Published

2022

21. Enumeration of maximal cycles generated by orthogonal cellular automata

Author

Luca Mariot

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, FOS: Mathematics, Mathematics - Combinatorics, Combinatorics (math.CO), Cryptography and Security (cs.CR), Computer Science Applications

Abstract

Cellular Automata (CA) are an interesting computational model for designing Pseudorandom Number Generators (PRNG), due to the complex dynamical behavior they can exhibit depending on the underlying local rule. Most of the CA-based PRNGs proposed in the literature, however, suffer from poor diffusion since a change in a single cell can propagate only within its neighborhood during a single time step. This might pose a problem especially when such PRNGs are used for cryptographic purposes. In this paper, we consider an alternative approach to generate pseudorandom sequences through \emph{orthogonal CA} (OCA), which guarantees a better amount of diffusion. After defining the related PRNG, we perform an empirical investigation of the maximal cycles in OCA pairs up to diameter $d=8$. Next, we focus on OCA induced by linear rules, giving a characterization of their cycle structure based on the rational canonical form of the associated Sylvester matrix. Finally, we devise an algorithm to enumerate all linear OCA pairs characterized by a single maximal cycle, and apply it up to diameter $d=16$ and $d=13$ for OCA respectively over the binary and ternary alphabets., Comment: 28 pages, 7 figures, 2 tables. Preprint submitted at Natural Computing

Published

2022

22. The elliptic net algorithm revisited

Author

Shiping Cai, Zhi Hu, Zheng-An Yao, and Chang-An Zhao

Subjects

FOS: Computer and information sciences, Mathematics - Algebraic Geometry, Computer Science - Cryptography and Security, Mathematics - Number Theory, Computer Networks and Communications, FOS: Mathematics, Number Theory (math.NT), Cryptography and Security (cs.CR), Algebraic Geometry (math.AG), Software, Computer Science::Cryptography and Security

Abstract

Pairings have been widely used since their introduction to cryptography. They can be applied to identity-based encryption, tripartite Diffie-Hellman key agreement, blockchain and other cryptographic schemes. The Acceleration of pairing computations is crucial for these cryptographic schemes or protocols. In this paper, we will focus on the Elliptic Net algorithm which can compute pairings in polynomial time, but it requires more storage than Miller's algorithm. We use several methods to speed up the Elliptic Net algorithm. Firstly, we eliminate the inverse operation in the improved Elliptic Net algorithm. In some circumstance, this finding can achieve further improvements. Secondly, we apply lazy reduction technique to the Elliptic Net algorithm, which helps us achieve a faster implementation. Finally, we propose a new derivation of the formulas for the computation of the Optimal Ate pairing on the twisted curve. Results show that the Elliptic Net algorithm can be significantly accelerated especially on the twisted curve. The algorithm can be $80\%$ faster than the previous ones on the twisted 381-bit BLS12 curve and $71.5\%$ faster on the twisted 676-bit KSS18 curve respectively.

Published

2022

23. The Effect of Fatigue on the Performance of Online Writer Recognition

Author

Marcos Faundez-Zanuy, Manuel-Vicente Garnacho-Castaño, and Enric Sesa-Nogueras

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, Dynamic time warping, Computer Science - Cryptography and Security, Modalities, Biometrics, Computer science, Computer Vision and Pattern Recognition (cs.CV), Cognitive Neuroscience, Speech recognition, Computer Science - Computer Vision and Pattern Recognition, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, Vector quantization, Affect (psychology), Signature (logic), Machine Learning (cs.LG), Computer Science Applications, Identification (information), ComputingMethodologies_PATTERNRECOGNITION, Handwriting, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, Computer Vision and Pattern Recognition, Cryptography and Security (cs.CR)

Abstract

Background: The performance of biometric modalities based on things done by the subject, like signature and text-based recognition, may be affected by the subject state. Fatigue is one of the conditions that can significantly affect the outcome of handwriting tasks. Recent research has already shown that physical fatigue produces measurable differences in some features extracted from common writing and drawing tasks. It is important to establish to which extent physical fatigue contributes to the intra-person variability observed in these biometric modalities and also to know whether the performance of recognition methods is affected by fatigue. Goal: In this paper we assess the impact of fatigue on intra-user variability and on the performance of signature-based and text-based writer recognition approaches encompassing both identification and verification. Methods: Several signature and text recognition methods are considered and applied to samples gathered after different levels of induced fatigue, measured by metabolic and mechanical assessment and, also by subjective perception. The recognition methods are Dynamic Time Warping and Multi Section Vector Quantization, for signatures, and Allographic Text-Dependent Recognition for text in capital letters. For each fatigue level, the identification and verification performance of these methods is measured. Results: Signature shows no statistically significant intra-user impact, but text does. On the other hand, performance of signature-based recognition approaches is negatively impacted by fatigue whereas the impact is not noticeable in text-based recognition, provided long enough sequences are considered.

Published

2021

24. Serverless computing: a security perspective

Author

Marin, Eduard, Perino, Diego, and Di Pietro, Roberto

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, Cryptography and Security (cs.CR), Software

Abstract

Serverless Computing is a virtualisation-related paradigm that promises to simplify application management and to solve the last challenges in the field: scale down and easy to use. The implied cost reduction, coupled with a simplified management of underlying applications, are expected to further push the adoption of virtualisation-based solutions, including cloud-computing or telco-cloud solutions. However, in this quest for efficiency, security is not ranked among the top priorities, also because of the (misleading) belief that current solutions developed for virtualised environments could be applied (as is) to this new paradigm. Unfortunately, this is not the case, due to the highlighted idiosyncratic features of serverless computing. In this paper, we review the current serverless architectures, abstract and categorise their founding principles, and provide an in depth analyse of them from the point of view of security, referring to principles and practices of the cybersecurity domain. In particular, we show the security shortcomings of the analysed serverless architectural paradigms, point to possible countermeasures, and highlight a few research directions.

Published

2022

25. Privacy and data balkanization: circumventing the barriers

Author

Bernardo A. Huberman and Tad Hogg

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer science, Mechanical Engineering, media_common.quotation_subject, Energy Engineering and Power Technology, Management Science and Operations Research, Cryptographic protocol, Computer security, computer.software_genre, Quantum technology, Computer Science - Computers and Society, Negotiation, Computers and Society (cs.CY), Overhead (computing), Cryptography and Security (cs.CR), computer, Private information retrieval, media_common

Abstract

The rapid growth in digital data forms the basis for a wide range of new services and research, e.g, large-scale medical studies. At the same time, increasingly restrictive privacy concerns and laws are leading to significant overhead in arranging for sharing or combining different data sets to obtain these benefits. For new applications, where the benefit of combined data is not yet clear, this overhead can inhibit organizations from even trying to determine whether they can mutually benefit from sharing their data. In this paper, we discuss techniques to overcome this difficulty by employing private information transfer to determine whether there is a benefit from sharing data, and whether there is room to negotiate acceptable prices. These techniques involve cryptographic protocols. While currently considered secure, these protocols are potentially vulnerable to the development of quantum technology, particularly for ensuring privacy over significant periods of time into the future. To mitigate this concern, we describe how developments in practical quantum technology can improve the security of these protocols.

Published

2021

26. File fragment recognition based on content and statistical features

Author

Ahmad Keshavarz, Reza Fotohi, and Marzieh Masoumi

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, business.industry, Computer science, Computer file, 020207 software engineering, Pattern recognition, 02 engineering and technology, File format, Multimedia (cs.MM), Fragment (logic), Hardware and Architecture, Data_FILES, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, Feature (machine learning), Artificial intelligence, business, Cryptography and Security (cs.CR), Computer Science - Multimedia, Software

Abstract

Nowadays, the speed up development and use of digital devices such as smartphones have put people at risk of internet crimes. The evidence of present crimes in a computer file can be easily unreachable by changing the prefix of a file or other algorithms. In more complex cases, either file divided into different parts or the parts of a file that has information about the file type are deleted, where the file fragment recognition issue is discussed. The known files are divided into different fragments, and different classification algorithms are used to solve the problems of file fragment recognition. The issue of identifying the type of file fragment due to its importance in cybercrime issues as well as antivirus has been highly emphasized and has been addressed in many articles. Increasing the accuracy in this field on the types of widely used files due to the sensitivity of the subject of recognizing the type of file under study is the main goal of researchers in this field. Failure to identify the correct type of file will lead to deviations of the results and evidence from the main issue or failure to conclude. In this paper, first, the file is divided into different fragments. Then, the file fragment features, which are obtained from Binary Frequency Distribution, are reduced by 2 feature reduction algorithms; Sequential Forward Selection algorithm as well as Sequential Floating Forward Selection algorithm to delete sparse features that result in increased accuracy and speed. Finally, the reduced features are given to 3 Multiclass classifier algorithms, Multilayer Perceptron, Support Vector Machines, and K-Nearest Neighbor for classification and comparison of the results. The proposed recognition algorithm can recognize 6 types of useful files and may distinguish a type of file fragments with higher accuracy than the similar works done., Comment: 16 pages, 7 figures, 8 tables. Multimed Tools Appl (2021)

Published

2021

27. A firefly algorithm for power management in wireless sensor networks (WSNs)

Author

Hossein Pakdel and Reza Fotohi

Subjects

Networking and Internet Architecture (cs.NI), FOS: Computer and information sciences, Routing protocol, Computer Science - Cryptography and Security, Fitness function, Computer science, Network packet, Real-time computing, Energy consumption, Network topology, Theoretical Computer Science, Computer Science - Networking and Internet Architecture, Hardware and Architecture, Firefly algorithm, Routing (electronic design automation), Cluster analysis, Cryptography and Security (cs.CR), Wireless sensor network, Software, Information Systems

Abstract

In wireless sensor networks (WSNs), designing a stable, low-power routing protocol is a major challenge because successive changes in links or breakdowns destabilize the network topology. Therefore, choosing the right route in this type of network due to resource constraints and their operating environment is one of the most important challenges in these networks. Therefore, the main purpose of these networks is to collect appropriate routing information about the environment around the network sensors while observing the energy consumption of the sensors. One of the important approaches to reduce energy consumption in sensor networks is the use of the clustering technique, but in most clustering methods, only the criterion of the amount of energy of the cluster or the distance of members to the cluster has been considered. Therefore, in this paper, a method is presented using the firefly algorithm and using the four criteria of residual energy, noise rate, number of hops, and distance. The proposed method called EM-FIREFLY is introduced which selects the best cluster head with high attractiveness and based on the fitness function and transfers the data packets through these cluster head to the sink. The proposed method is evaluated with NS-2 simulator and compared with the algorithm-PSO and optimal clustering methods. The evaluation results show the efficiency of the EM-FIREFLY method in maximum relative load and network lifetime criteria compared to other methods discussed in this article., 7 Figures, 1 Table, J Supercomput (2021)

Published

2021

28. Consensus with preserved privacy against neighbor collusion

Author

Thomas Ohlson Timoudas, Munther A. Dahleh, Silun Zhang, and Massachusetts Institute of Technology. Laboratory for Information and Decision Systems

Subjects

FOS: Computer and information sciences, Scheme (programming language), 0209 industrial biotechnology, Computer Science - Cryptography and Security, Control and Optimization, Computer science, 020208 electrical & electronic engineering, Aerospace Engineering, Computational intelligence, Eavesdropping, 02 engineering and technology, Computer security, computer.software_genre, Secret sharing, 020901 industrial engineering & automation, Control and Systems Engineering, Collusion, 0202 electrical engineering, electronic engineering, information engineering, Cryptography and Security (cs.CR), computer, computer.programming_language

Abstract

This paper proposes a privacy-preserving algorithm to solve the average-consensus problem based on Shamir’s secret sharing scheme, in which a network of agents reach an agreement on their states without exposing their individual states until an agreement is reached. Unlike other methods, the proposed algorithm renders the network resistant to the collusion of any given number of neighbors (even with all neighbors’ colluding). Another virtue of this work is that such a method can protect the network consensus procedure from eavesdropping.

Published

2020

29. Robust Android Malware Detection System Against Adversarial Attacks Using Q-Learning

Author

Mohit Sewak, Hemant Rathore, Sanjay K. Sahay, and Piyush Nikam

Subjects

FOS: Computer and information sciences, Computer Science - Machine Learning, Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Networks and Communications, Computer science, Q-learning, 02 engineering and technology, computer.software_genre, Machine learning, Machine Learning (cs.LG), Theoretical Computer Science, Adversarial system, Robustness (computer science), 020204 information systems, Android malware, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Reinforcement learning, Artificial neural network, business.industry, Deep learning, 05 social sciences, Adversary, Artificial Intelligence (cs.AI), Malware, 050211 marketing, Artificial intelligence, business, Cryptography and Security (cs.CR), computer, Software, Information Systems

Abstract

The current state-of-the-art Android malware detection systems are based on machine learning and deep learning models. Despite having superior performance, these models are susceptible to adversarial attacks. Therefore in this paper, we developed eight Android malware detection models based on machine learning and deep neural network and investigated their robustness against adversarial attacks. For this purpose, we created new variants of malware using Reinforcement Learning, which will be misclassified as benign by the existing Android malware detection models. We propose two novel attack strategies, namely single policy attack and multiple policy attack using reinforcement learning for white-box and grey-box scenario respectively. Putting ourselves in the adversary's shoes, we designed adversarial attacks on the detection models with the goal of maximizing fooling rate, while making minimum modifications to the Android application and ensuring that the app's functionality and behavior do not change. We achieved an average fooling rate of 44.21% and 53.20% across all the eight detection models with a maximum of five modifications using a single policy attack and multiple policy attack, respectively. The highest fooling rate of 86.09% with five changes was attained against the decision tree-based model using the multiple policy approach. Finally, we propose an adversarial defense strategy that reduces the average fooling rate by threefold to 15.22% against a single policy attack, thereby increasing the robustness of the detection models i.e. the proposed model can effectively detect variants (metamorphic) of malware. The experimental analysis shows that our proposed Android malware detection system using reinforcement learning is more robust against adversarial attacks., Comment: Inf Syst Front (2020)

Published

2020

30. Breaking an image encryption scheme based on Arnold map and Lucas series

Author

Imad El Hanouti, Hakim El Fadili, and Khalid Zenkouar

Subjects

FOS: Computer and information sciences, E.3, I.4.9, Computer Science - Cryptography and Security, Computer Networks and Communications, Computer science, Lucas sequence, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, 02 engineering and technology, Encryption, law.invention, Scrambling, Permutation, law, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, Cryptosystem, business.industry, 020207 software engineering, Multimedia (cs.MM), Hardware and Architecture, business, Cryptanalysis, Cryptography and Security (cs.CR), Algorithm, Computer Science - Multimedia, Software

Abstract

Fairly recently, a novel image encryption based on Arnold scrambling and Lucas series has been proposed in the literature. The scheme design is based on permutation-substitution operations, where Arnold map is used to permute pixels for some T rounds, and Lucas sequence is used to mask the image and substitute pixel's values. The authors of the cryptosystem have claimed, after several statistical analyses, that their system is "with high efficiency" and resists chosen and known plaintext attacks. Negatively, in this paper we showed the opposite. The key space of the scheme under study could be reduced considerably after our equivalent keys analysis, and thus the system is breakable under reasonable brute force attack. After all, the design of the scheme has several weaknesses that make it weak against chosen and known plaintext attacks. Consequently, we do not recommend the use of this system for any cryptographic concern or security purpose., 13 pages, 4 figures, 2 tables

Published

2020

31. Covert Computation in Self-Assembled Circuits

Author

Angel A. Cantu, Robert T. Schweller, Austin Luchsinger, and Tim Wylie

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Theoretical computer science, General Computer Science, Computer science, Computation, Computer Science - Emerging Technologies, Cryptography, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Set (abstract data type), 0202 electrical engineering, electronic engineering, information engineering, Structure (mathematical logic), business.industry, Applied Mathematics, Process (computing), 16. Peace & justice, Computer Science Applications, Emerging Technologies (cs.ET), 010201 computation theory & mathematics, Covert, Logic gate, Theory of computation, 020201 artificial intelligence & image processing, business, Cryptography and Security (cs.CR)

Abstract

Traditionally, computation within self-assembly models is hard to conceal because the self-assembly process generates a crystalline assembly whose computational history is inherently part of the structure itself. With no way to remove information from the computation, this computational model offers a unique problem: how can computational input and computation be hidden while still computing and reporting the final output? Designing such systems is inherently motivated by privacy concerns in biomedical computing and applications in cryptography. In this paper we propose the problem of performing ``covert computation'' within tile self-assembly that seeks to design self-assembly systems that ``conceal'' both the input and computational history of performed computations. We achieve these results within the growth-only restricted abstract Tile Assembly Model (aTAM) with positive and negative interactions. We show that general-case covert computation is possible by implementing a set of basic covert logic gates capable of simulating any circuit (functionally complete). To further motivate the study of covert computation, we apply our new framework to resolve an outstanding complexity question; we use our covert circuitry to show that the unique assembly verification problem within the growth-only aTAM with negative interactions is coNP-complete., Short version published at the 46th International Colloquium on Automata, Languages, and Programming (ICALP 2019)

Published

2020

32. A secure and improved multi server authentication protocol using fuzzy commitment

Author

Anwar Ghani, Hafeez Ur Rehman, Narjes Nabipour, Mohammed H. Alsharif, and Shehzad Ashraf Chaudhry

Subjects

FOS: Computer and information sciences, Password, Authentication, Computer Science - Cryptography and Security, Computer Networks and Communications, Computer science, business.industry, Login, Computer security, computer.software_genre, Fuzzy logic, Hardware and Architecture, Server, Authentication protocol, Scalability, Media Technology, Smart card, business, Cryptography and Security (cs.CR), computer, Software, Anonymity

Abstract

Very recently, Barman et al. proposed a multi-server authentication protocol using fuzzy commitment. The authors claimed that their protocol provides anonymity while resisting all known attacks. In this paper, we analyze that Barman et al.'s protocol is still vulnerable to anonymity violation attack and impersonation based on the stolen smart attack; moreover, it has scalability issues. We then propose an improved and enhanced protocol to overcome the security weaknesses of Barman et al.'s scheme. The security of the proposed protocol is verified using BAN logic and widely accepted automated AVISPA tool. The BAN logic and automated AVISPA along with the informal analysis ensures the robustness of the scheme against all known attacks, Comment: 19 Pages, 9 Figures, 3 Tables, 45 References

Published

2020

33. On optimal weak algebraic manipulation detection codes and weighted external difference families

Author

Ying Miao and Minfeng Shao

Subjects

FOS: Computer and information sciences, Discrete mathematics, Computer Science - Cryptography and Security, business.industry, Computer Science - Information Theory, Information Theory (cs.IT), Applied Mathematics, 020206 networking & telecommunications, Algebraic manipulation, Cryptography, 0102 computer and information sciences, 02 engineering and technology, Characterization (mathematics), 01 natural sciences, Upper and lower bounds, Computer Science Applications, 010201 computation theory & mathematics, Bounded function, FOS: Mathematics, 0202 electrical engineering, electronic engineering, information engineering, Mathematics - Combinatorics, Combinatorics (math.CO), business, Cryptography and Security (cs.CR), Mathematics

Abstract

This paper provides a combinatorial characterization of weak algebraic manipulation detection (AMD) codes via a kind of generalized external difference families called bounded standard weighted external difference families (BSWEDFs). By means of this characterization, we improve a known lower bound on the maximum probability of successful tampering for the adversary's all possible strategies in weak AMD codes. We clarify the relationship between weak AMD codes and BSWEDFs with various properties. We also propose several explicit constructions for BSWEDFs, some of which can generate new optimal weak AMD codes.

Published

2020

34. Indexing structures for the PLS blockchain

Author

Alex Shafarenko

Subjects

FOS: Computer and information sciences, Computer engineering. Computer hardware, Cryptocurrency, Computer Science - Cryptography and Security, Theoretical computer science, Blockchain, C.4, Computer Networks and Communications, Computer science, Guy Fawkes protocol, Merkle tree, TK7885-7895, Public-key cryptography, PLS blockchain, Artificial Intelligence, Tunstall coding, H.3.1, Block (data storage), Data-structure statistics, business.industry, Content-addressable storage, Search engine indexing, QA75.5-76.95, Pseudorandom bijections, Tree (data structure), Electronic computers. Computer science, Bitmap index, business, Cryptography and Security (cs.CR), Software, Information Systems

Abstract

This paper studies known indexing structures from a new point of view: minimisation of data exchange between an IoT device acting as a blockchain client and the blockchain server running a protocol suite that includes two Guy Fawkes protocols, PLS and SLVP. The PLS blockchain is not a cryptocurrency instrument; it is an immutable ledger offering guaranteed non-repudiation to low-power clients without use of public key crypto. The novelty of the situation is in the fact that every PLS client has to obtain a proof of absence in all blocks of the chain to which its counterparty does not contribute, and we show that it is possible without traversing the block's Merkle tree. We obtain weight statistics of a leaf path on a sparse Merkle tree theoretically, as our ground case. Using the theory we quantify the communication cost of a client interacting with the blockchain. We show that large savings can be achieved by providing a bitmap index of the tree compressed using Tunstall's method. We further show that even in the case of correlated access, as in two IoT devices posting messages for each other in consecutive blocks, it is possible to prevent compression degradation by re-randomising the IDs using a pseudorandom bijective function. We propose a low-cost function of this kind and evaluate its quality by simulation, using the avalanche criterion., 28 pages, 10 figures

Published

2021

35. Fixing vulnerabilities potentially hinders maintainability

Author

Sofia Reis, Rui Abreu, and Luis Cruz

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer science, business.industry, Software security, Programming complexity, Maintainability, Software maintenance, Open source software, Pipeline (software), Open-source software, Software Engineering (cs.SE), Computer Science - Software Engineering, Software, Software security assurance, Computer science curriculum, Software engineering, business, Cryptography and Security (cs.CR)

Abstract

Security is a requirement of utmost importance to produce high-quality software. However, there is still a considerable amount of vulnerabilities being discovered and fixed almost weekly. We hypothesize that developers affect the maintainability of their codebases when patching vulnerabilities. This paper evaluates the impact of patches to improve security on the maintainability of open-source software. Maintainability is measured based on the Better Code Hub's model of 10 guidelines on a dataset, including 1300 security-related commits. Results show evidence of a trade-off between security and maintainability for 41.90% of the cases, i.e., developers may hinder software maintainability. Our analysis shows that 38.29% of patches increased software complexity and 37.87% of patches increased the percentage of LOCs per unit. The implications of our study are that changes to codebases while patching vulnerabilities need to be performed with extra care; tools for patch risk assessment should be integrated into the CI/CD pipeline; computer science curricula needs to be updated; and, more secure programming languages are necessary., Comment: Accepted at the Empirical Software Engineering Journal

Published

2021

36. Quantum federated learning through blind quantum computing

Author

Dong-Ling Deng, Weikang Li, and Sirui Lu

Subjects

FOS: Computer and information sciences, Quantum Physics, Computer Science - Machine Learning, Computer Science - Cryptography and Security, Computer science, Distributed computing, FOS: Physical sciences, General Physics and Astronomy, Field (computer science), Machine Learning (cs.LG), Encoding (memory), Server, Benchmark (computing), Differential privacy, Quantum Physics (quant-ph), Cryptography and Security (cs.CR), Protocol (object-oriented programming), Quantum, Quantum computer

Abstract

Private distributed learning studies the problem of how multiple distributed entities collaboratively train a shared deep network with their private data unrevealed. With the security provided by the protocols of blind quantum computation, the cooperation between quantum physics and machine learning may lead to unparalleled prospect for solving private distributed learning tasks. In this paper, we introduce a quantum protocol for distributed learning that is able to utilize the computational power of the remote quantum servers while keeping the private data safe. For concreteness, we first introduce a protocol for private single-party delegated training of variational quantum classifiers based on blind quantum computing and then extend this protocol to multiparty private distributed learning incorporated with differential privacy. We carry out extensive numerical simulations with different real-life datasets and encoding strategies to benchmark the effectiveness of our protocol. We find that our protocol is robust to experimental imperfections and is secure under the gradient attack after the incorporation of differential privacy. Our results show the potential for handling computationally expensive distributed learning tasks with privacy guarantees, thus providing a valuable guide for exploring quantum advantages from the security perspective in the field of machine learning with real-life applications., Comment: 6.5 pages (main text) + 4 pages (supplementary materials), 12 figures

Published

2021

37. Full classification of permutation rational functions and complete rational functions of degree three over finite fields

Author

Andrea Ferraguti, Giacomo Micheli, Ferraguti, Andrea, and Micheli, Giacomo

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Discrete Mathematics (cs.DM), Mathematics::Number Theory, Field (mathematics), 0102 computer and information sciences, 02 engineering and technology, Rational function, 01 natural sciences, Combinatorics, Densities, Finite fields, Permutation polynomials, Permutation polynomial, FOS: Mathematics, 0202 electrical engineering, electronic engineering, information engineering, Number Theory (math.NT), 11T06, 11R32, 11R58, 11R45, Prime power, Mathematics, Polynomial (hyperelastic model), Mathematics - Number Theory, Degree (graph theory), Applied Mathematics, Densitie, Finite field, Order (ring theory), 020206 networking & telecommunications, Computer Science Applications, Number theory, 010201 computation theory & mathematics, Settore MAT/03 - Geometria, Cryptography and Security (cs.CR), Computer Science - Discrete Mathematics

Abstract

Let $q$ be a prime power, $\mathbb F_q$ be the finite field of order $q$ and $\mathbb F_q(x)$ be the field of rational functions over $\mathbb F_q$. In this paper we classify all rational functions $\varphi\in \mathbb F_q(x)$ of degree 3 that induce a permutation of $\mathbb P^1(\mathbb F_q)$. Our methods are constructive and the classification is explicit: we provide equations for the coefficients of the rational functions using Galois theoretical methods and Chebotarev Density Theorem for global function fields. As a corollary, we obtain that a permutation rational function of degree 3 permutes $\mathbb F_q$ if and only if it permutes infinitely many of its extension fields. As another corollary, we derive the well-known classification of permutation polynomials of degree 3. As a consequence of our classification, we can also show that there is no complete permutation rational function of degree $3$ unless $3\mid q$ and $\varphi$ is a polynomial., Comment: Using our results, we now also characterize complete permutation rational functions of degree 3

Published

2020

38. A Survey on Trust Modeling from a Bayesian Perspective

Author

Bin Liu

Subjects

Social and Information Networks (cs.SI), FOS: Computer and information sciences, Computer Science - Cryptography and Security, Point (typography), Computer science, Bayesian probability, Perspective (graphical), Computer Science - Social and Information Networks, 020206 networking & telecommunications, 02 engineering and technology, Data science, Field (computer science), Computer Science Applications, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, Cryptography and Security (cs.CR)

Abstract

In this paper, we are concerned with trust modeling for agents in networked computing systems. As trust is a subjective notion that is invisible, implicit and uncertain in nature, many attempts have been made to model trust with aid of Bayesian probability theory, while the field lacks a global comprehensive analysis for variants of Bayesian trust models. We present a study to fill in this gap by giving a comprehensive review of the literature. A generic Bayesian trust (GBT) modeling perspective is highlighted here. It is shown that all models under survey can cast into a GBT based computing paradigm as special cases. We discuss both capabilities and limitations of the GBT perspective and point out open questions to answer, with a hope to advance GBT to become a pragmatic infrastructure for analyzing intrinsic relationships among variants of trust models and developing novel tools for trust evaluation., Comment: 42 pages

Published

2020

39. An authentication protocol based on chaos and zero knowledge proof

Author

William J Buchanan, Jawad Ahmad, and Will Major

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Port knocking, Computer science, QA75 Electronic computers. Computer science, Aerospace Engineering, Ocean Engineering, 02 engineering and technology, Cyber-security, 01 natural sciences, Firewall (construction), Server, 0103 physical sciences, Centre for Distributed Computing, Networking and Security, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, 010301 acoustics, Password, Stateless protocol, Authentication, business.industry, Applied Mathematics, Mechanical Engineering, 020206 networking & telecommunications, Port (computer networking), AI and Technologies, Computer Science - Distributed, Parallel, and Cluster Computing, 005.8 Data security, Control and Systems Engineering, Authentication protocol, Distributed, Parallel, and Cluster Computing (cs.DC), business, Cryptography and Security (cs.CR), Computer network

Abstract

Port Knocking is a method for authenticating clients through a closed stance firewall, and authorising their requested actions, enabling severs to offer services to authenticated clients, without opening ports on the firewall. Advances in port knocking have resulted in an increase in complexity in design, preventing port knocking solutions from realising their potential. This paper proposes a novel port knocking solution, named Crucible, which is a secure method of authentication, with high usability and features of stealth, allowing servers and services to remain hidden and protected. Crucible is a stateless solution, only requiring the client memorise a command, the server's IP and a chosen password. The solution is forwarded as a method for protecting servers against attacks ranging from port scans, to zero-day exploitation. To act as a random oracle for both client and server, cryptographic hashes were generated through chaotic systems., J. Nonlinear Dyn (2020)

Published

2020

40. Multi-level trust-based intelligence schema for securing of internet of things (IoT) against security threats using cryptographic authentication

Author

Reza Fotohi, Mehdi Yusefi, Leili Irankhah, Shahram Zandiyan, and Kobra Mabodi

Subjects

FOS: Computer and information sciences, Authentication, Computer Science - Cryptography and Security, Computer science, business.industry, Network packet, Cryptography, Theoretical Computer Science, Hardware and Architecture, Schema (psychology), Shortest path problem, Internet of Things, business, Cryptography and Security (cs.CR), Gray (horse), Software, Information Systems, Computer network

Abstract

The internet of things (IoT) is able to provide a prediction of linked, universal, and smart nodes that have autonomous interaction when they present services. Because of wide openness, relatively high processing power, and wide distribution of IoT things, they are ideal for attacks of the gray hole. In the gray hole attack, the attacker fakes itself as the shortest path to the destination that is a thing here. This causes the routing packets not to reach the destination. The proposed method is based on the AODV routing protocol and is presented under the MTISS-IoT name which means for the reduction of gray hole attacks using check node information. In this paper, a hybrid approach is proposed based on cryptographic authentication. The proposed approach consists of four phases, such as the verifying node trust in the IoT, testing the routes, gray hole attack discovery, and the malicious attack elimination process in MTISS-IoT. The method is evaluated here via extensive simulations carried out in the NS-3 environment. The experimental results of four scenarios demonstrated that the MTISS-IoT method can achieve a false positive rate of 14.104%, a false negative rate of 17.49%, and a detection rate of 94.5% when gray hole attack was launched., Comment: 23 pages, 11 figures, journal

Published

2020

41. Unicyclic strong permutations

Author

David Thomson, Daniel Panario, and Claude Gravel

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, Structure (category theory), 0102 computer and information sciences, 02 engineering and technology, Algebraic normal form, 01 natural sciences, Combinatorics, Permutation, Integer, FOS: Mathematics, 11T06, 11T71, 0202 electrical engineering, electronic engineering, information engineering, Mathematics - Combinatorics, Algebraic number, Mathematics, Mathematics::Combinatorics, Degree (graph theory), Applied Mathematics, 020206 networking & telecommunications, Function (mathematics), Computational Theory and Mathematics, 010201 computation theory & mathematics, Component (group theory), Combinatorics (math.CO), Cryptography and Security (cs.CR)

Abstract

In this paper, we study some properties of a certain kind of permutation $\sigma$ over $\mathbb{F}_{2}^{n}$, where $n$ is a positive integer. The desired properties for $\sigma$ are: (1) the algebraic degree of each component function is $n-1$; (2) the permutation is unicyclic; (3) the number of terms of the algebraic normal form of each component is at least $2^{n-1}$. We call permutations that satisfy these three properties simultaneously unicyclic strong permutations. We prove that our permutations $\sigma$ always have high algebraic degree and that the average number of terms of each component function tends to $2^{n-1}$. We also give a condition on the cycle structure of $\sigma$. We observe empirically that for $n$ even, our construction does not provide unicylic permutations. For $n$ odd, $n \leq 11$, we conduct an exhaustive search of all $\sigma$ given our construction for specific examples of unicylic strong permutations. We also present some empirical results on the difference tables and linear approximation tables of $\sigma$.

Published

2019

42. Towards security recommendations for public-key infrastructures for production environments in the post-quantum era

Author

N.O. Pozhar, Evgeniy O. Kiktenko, Ekaterina Kolycheva, Mikhail A. Kudinov, Aleksey Fedorov, Alexander Borisov, Denis Nabokov, Anton Guglya, Sergey E. Yunakovsky, and Maxim Kot

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer science, FOS: Physical sciences, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, Public-key cryptography, Computer Science - Computers and Society, 020204 information systems, Computers and Society (cs.CY), 0202 electrical engineering, electronic engineering, information engineering, Production (economics), Electrical and Electronic Engineering, Quantum computer, Quantum Physics, Focus (computing), Post-quantum cryptography, business.industry, Public key infrastructure, Condensed Matter Physics, Viewpoints, Atomic and Molecular Physics, and Optics, Control and Systems Engineering, 020201 artificial intelligence & image processing, Quantum Physics (quant-ph), business, Cryptography and Security (cs.CR), computer

Abstract

Quantum computing technologies pose a significant threat to the currently employed public-key cryptography protocols. In this paper, we discuss the impact of the quantum threat on public key infrastructures (PKIs), which are used as a part of security systems for protecting production environments. We analyze security issues of existing models with a focus on requirements for a fast transition to post-quantum solutions. Although our primary focus is on the attacks with quantum computing, we also discuss some security issues that are not directly related to the used cryptographic algorithms but are essential for the overall security of the PKI. We attempt to provide a set of security recommendations regarding the PKI from the viewpoints of attacks with quantum computers., Comment: 24 pages, 1 figure

Published

2021

43. Optical designs for realization of a set of schemes for quantum cryptography

Author

Anirban Pathak, Kishore Thapliyal, and Mitali Sisodia

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer science, FOS: Physical sciences, Cryptography, 02 engineering and technology, Quantum entanglement, Quantum key distribution, 01 natural sciences, 010309 optics, Secure communication, 0103 physical sciences, Electronic engineering, Electrical and Electronic Engineering, Quantum information science, Quantum, Computer Science::Cryptography and Security, Quantum Physics, business.industry, TheoryofComputation_GENERAL, 021001 nanoscience & nanotechnology, Atomic and Molecular Physics, and Optics, Electronic, Optical and Magnetic Materials, Quantum technology, Quantum cryptography, ComputerSystemsOrganization_MISCELLANEOUS, Quantum Physics (quant-ph), 0210 nano-technology, business, Cryptography and Security (cs.CR), Optics (physics.optics), Physics - Optics

Abstract

Several quantum cryptographic schemes have been proposed and realized experimentally in the past. However, even with an advancement in quantum technology and escalated interest in the designing of direct secure quantum communication schemes there are not many experimental implementations of these cryptographic schemes. In this paper, we have provided a set of optical circuits for such quantum cryptographic schemes, which have not yet been realized experimentally by modifying some of our theoretically proposed secure communication schemes. Specifically, we have proposed optical designs for the implementation of two single photon and one entangled state based controlled quantum dialogue schemes and subsequently reduced our optical designs to yield simpler designs for realizing other secure quantum communication tasks, i.e., controlled deterministic secure quantum communication, quantum dialogue, quantum secure direct communication, quantum key agreement, and quantum key distribution. We have further proposed an optical design for an entanglement swapping based deterministic secure quantum communication and its controlled counterpart., Explicit optical designs for the implementation of secure direct quantum communication are provided

Published

2021

44. Leveraging blockchain for immutable logging and querying across multiple sites

Author

Murat Kantarcioglu, Mustafa Safa Ozdayi, and Bradley A. Malin

Subjects

FOS: Computer and information sciences, lcsh:Internal medicine, Computer Science - Cryptography and Security, Blockchain, lcsh:QH426-470, Relational database, Computer science, Interface (Java), Information Storage and Retrieval, 02 engineering and technology, Query-response, computer.software_genre, Bottleneck, 03 medical and health sciences, Computer Science - Databases, Node (computer science), 0202 electrical engineering, electronic engineering, information engineering, Genetics, Humans, Data deduplication, Leverage (statistics), lcsh:RC31-1245, Genetics (clinical), 030304 developmental biology, 0303 health sciences, Cross-site data sharing, Database, Research, Databases (cs.DB), 020206 networking & telecommunications, Multichain, Data structure, lcsh:Genetics, Computer Science - Distributed, Parallel, and Cluster Computing, Distributed, Parallel, and Cluster Computing (cs.DC), Cryptography and Security (cs.CR), computer, Algorithms

Abstract

Background Blockchain has emerged as a decentralized and distributed framework that enables tamper-resilience and, thus, practical immutability for stored data. This immutability property is important in scenarios where auditability is desired, such as in maintaining access logs for sensitive healthcare and biomedical data. However, the underlying data structure of blockchain, by default, does not provide capabilities to efficiently query the stored data. In this investigation, we show that it is possible to efficiently run complex audit queries over the access log data stored on blockchains by using additional key-value stores. This paper specifically reports on the approach we designed for the blockchain track of iDASH Privacy & Security Workshop 2018 competition. In this track, participants were asked to devise an efficient way to run conjunctive equality and range queries on a genomic dataset access log trail after storing it in a permissioned blockchain network consisting of 4 identical nodes, each representing a different site, created with the Multichain platform. Methods Multichain duplicates and indexes blockchain data locally at each node in a key-value store to support retrieval requests at a later point in time. To efficiently leverage the key-value storage mechanism, we applied various techniques and optimizations, such as bucketization, simple data duplication and batch loading by accounting for the required query types of the competition and the interface provided by Multichain. Particularly, we implemented our solution and compared its loading and query-response performance with SQLite, a commonly used relational database, using the data provided by the iDASH 2018 organizers. Results Depending on the query type and the data size, the run time difference between blockchain based query-response and SQLite based query-response ranged from 0.2 seconds to 6 seconds. A deeper inspection revealed that range queries were the bottleneck of our solution which, nevertheless, scales up linearly. Conclusions This investigation demonstrates that blockchain-based systems can provide reasonable query-response times to complex queries even if they only use simple key-value stores to manage their data. Consequently, we show that blockchains may be useful for maintaining data with auditability and immutability requirements across multiple sites.

Published

2020

45. Linear complexity of Ding-Helleseth generalized cyclotomic sequences of order eight

Author

Yana Liang, Shiping Cai, Xingfa Chen, Jiali Cao, and Xiang Fan

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer Networks and Communications, Computation, Gaussian, 11B50, 94A55, 94A60, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Linear span, Measure (mathematics), symbols.namesake, FOS: Mathematics, 0202 electrical engineering, electronic engineering, information engineering, Number Theory (math.NT), Stream cipher, Mathematics, Pseudorandom number generator, Discrete mathematics, Mathematics - Number Theory, Basis (linear algebra), Applied Mathematics, Order (ring theory), 020206 networking & telecommunications, Computational Theory and Mathematics, 010201 computation theory & mathematics, symbols, Cryptography and Security (cs.CR)

Abstract

During the last two decades, many kinds of periodic sequences with good pseudo-random properties have been constructed from classical and generalized cyclotomic classes, and used as keystreams for stream ciphers and secure communications. Among them are a family DH-GCS$_{d}$ of generalized cyclotomic sequences on the basis of Ding and Helleseth's generalized cyclotomy, of length $pq$ and order $d=\mathrm{gcd}(p-1,q-1)$ for distinct odd primes $p$ and $q$. The linear complexity (or linear span), as a valuable measure of unpredictability, is precisely determined for DH-GCS$_{8}$ in this paper. Our approach is based on Edemskiy and Antonova's computation method with the help of explicit expressions of Gaussian classical cyclotomic numbers of order $8$. Our result for $d=8$ is compatible with Yan's low bound $(pq-1)/2$ of the linear complexity for any order $d$, which means high enough to resist security attacks of the Berlekamp-Massey algorithm. Finally, we include SageMath codes to illustrate the validity of our result by examples., 18 pages, 7 tables

Published

2019

46. Cyclic group based mutual authentication protocol for RFID system

Author

Satya Bagchi and Pramod Kumar Maurya

Subjects

FOS: Computer and information sciences, Information privacy, Computer Science - Cryptography and Security, Computer Networks and Communications, Computer science, business.industry, 020206 networking & telecommunications, 020302 automobile design & engineering, 02 engineering and technology, Adversary, 0203 mechanical engineering, Authentication protocol, Metric (mathematics), 0202 electrical engineering, electronic engineering, information engineering, Benchmark (computing), Electrical and Electronic Engineering, business, Cryptography and Security (cs.CR), Server-side, Information Systems, Anonymity, Computer network

Abstract

Widespread deployment of RFID system arises security and privacy concerns of users. There are several proposals are in the literature to avoid these concerns, but most of them provides reasonable privacy at the cost of search complexity on the server side. The search complexity increases linearly with the number of tags in the system. Some schemes use a group based approach to solve the search complexity problem. In this paper, we proposed a group based authentication protocol for RFID system which is based on some characteristics of cyclic groups. The scheme uses only bitwise XOR and mod operation for the computational work. Also, the scheme does not use any pseudo-number generator on the tag-side. We use two benchmark metric based on anonymity set to measure the privacy level of the system when some tags are compromised by an adversary. We present some simulation results which show that the scheme preserves high level of privacy and discloses very less amount of information when some tags are compromised. Furthermore, it's formal and informal analysis shows that our scheme preserves information privacy as well as un-traceability and also withstand against various well known attacks., 11 pages, 3 figures, 3 tables

Published

2018

47. Characterization of Secure Multiparty Computation Without Broadcast

Author

Ran Cohen, Lior Rotem, Iftach Haitner, and Eran Omri

Subjects

FOS: Computer and information sciences, Theoretical computer science, Computer Science - Cryptography and Security, Computer science, Carry (arithmetic), Cryptography, 0102 computer and information sciences, Characterization (mathematics), 01 natural sciences, Set (abstract data type), Atomic broadcast, 03 medical and health sciences, 0302 clinical medicine, Mathematics, Discrete mathematics, Point-to-point, Focus (computing), Coin flipping, business.industry, Applied Mathematics, 16. Peace & justice, Computer Science Applications, Task (computing), 010201 computation theory & mathematics, If and only if, 030220 oncology & carcinogenesis, Secure multi-party computation, business, Cryptography and Security (cs.CR), Software, Computer network

Abstract

A major challenge in the study of cryptography is characterizing the necessary and sufficient assumptions required to carry out a given cryptographic task. The focus of this work is the necessity of a broadcast channel for securely computing symmetric functionalities (where all the parties receive the same output) when one third of the parties, or more, might be corrupted. Assuming all parties are connected via a peer-to-peer network, but no broadcast channel (nor a secure setup phase) is available, we prove the following characterization: 1) A symmetric $n$-party functionality can be securely computed facing $n/3\le t, Comment: This is the final draft of this paper. The full version was published in the Journal of Cryptology 2018. An extended abstract of this work appeared in the Theory of Cryptography Conference (TCC) 2016-A

Published

2017

48. Optimal noise functions for location privacy on continuous regions

Author

Sébastien Gambs and Ehab ElSalamouny

Subjects

FOS: Computer and information sciences, Discrete mathematics, Computer Science - Cryptography and Security, Laplace transform, Computer Networks and Communications, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Function (mathematics), Space (mathematics), Noise, Position (vector), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Limit (mathematics), Safety, Risk, Reliability and Quality, Cryptography and Security (cs.CR), Finite set, Software, Computer Science::Cryptography and Security, Information Systems, Parametric statistics

Abstract

Users of location-based services are highly vulnerable to privacy risks since they need to disclose, at least partially, their locations to benefit from these services. One possibility to limit these risks is to obfuscate the location of a user by adding random noise drawn from a noise function. In this paper, we require the noise functions to satisfy a generic location privacy notion called $$\ell $$ -privacy, which makes the position of the user in a given region $$\mathcal {X}$$ relatively indistinguishable from other points in $$\mathcal {X}$$ . We also aim at minimizing the loss in the service utility due to such obfuscation. While existing optimization frameworks regard the region $$\mathcal {X}$$ restrictively as a finite set of points, we consider the more realistic case in which the region is rather continuous with a nonzero area. In this situation, we demonstrate that circular noise functions are enough to satisfy $$\ell $$ -privacy on $$\mathcal {X}$$ and equivalently on the entire space without any penalty in the utility. Afterward, we describe a large parametric space of noise functions that satisfy $$\ell $$ -privacy on $$\mathcal {X}$$ , and show that this space has always an optimal member, regardless of $$\ell $$ and $$\mathcal {X}$$ . We also investigate the recent notion of $$\epsilon $$ -geo-indistinguishability as an instance of $$\ell $$ -privacy and prove in this case that with respect to any increasing loss function, the planar Laplace noise function is optimal for any region having a nonzero area.

Published

2017

49. Dimensionality distinguishers

Author

Goutam Paul, Nayana Das, and Arpita Maitra

Subjects

FOS: Computer and information sciences, Quantum Physics, Computer Science - Cryptography and Security, Theoretical computer science, Basis (linear algebra), Computer science, Computation, Dimension (graph theory), FOS: Physical sciences, Statistical and Nonlinear Physics, State (functional analysis), Construct (python library), Theoretical Computer Science, Electronic, Optical and Magnetic Materials, Modeling and Simulation, Signal Processing, Electrical and Electronic Engineering, Quantum Physics (quant-ph), Boolean function, Cryptography and Security (cs.CR), Curse of dimensionality

Abstract

The celebrated Clauser, Horne, Shimony and Holt (CHSH) game model helps to perform the security analysis of many two-player quantum protocols. This game specifies two Boolean functions whose outputs have to be computed to determine success or failure. It also specifies the measurement bases used by each player. In this paper, we generalize the CHSH game by considering all possible non-constant Boolean functions and all possible measurement basis (up to certain precision). Based on the success probability computation, we construct several equivalence classes and show how they can be used to generate three classes of dimension distinguishers. In particular, we demonstrate how to distinguish between dimensions 2 and 3 for a special form of maximally entangled state., 14 pages

Published

2019

50. Two Countermeasures Against Hardware Trojans Exploiting Non-Zero Aliasing Probability of BIST

Author

Mats Näslund, Gunnar Carlsson, John Fornehed, Elena Dubrova, and Ben Smeets

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, National security, Test management, Computer science, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, Theoretical Computer Science, Hardware Trojan, 0202 electrical engineering, electronic engineering, information engineering, business.industry, 020202 computer hardware & architecture, Hardware and Architecture, Control and Systems Engineering, Trojan, Modeling and Simulation, Embedded system, Signal Processing, Pattern recognition (psychology), Key (cryptography), 020201 artificial intelligence & image processing, Aliasing (computing), business, Cryptography and Security (cs.CR), computer, Computer hardware, Information Systems

Abstract

The threat of hardware Trojans has been widely recognized by academia, industry, and government agencies. A Trojan can compromise security of a system in spite of cryptographic protection. The damage caused by a Trojan may not be limited to a business or reputation, but could have a severe impact on public safety, national economy, or national security. An extremely stealthy way of implementing hardware Trojans has been presented by Becker et al. at CHES'2012. Their work have shown that it is possible to inject a Trojan in a random number generator compliant with FIPS 140-2 and NIST SP800-90 standards by exploiting non-zero aliasing probability of Logic Built-In-Self-Test (LBIST). In this paper, we present two methods for modifying LBIST to prevent such an attack. The first method makes test patterns dependent on a configurable key which is programed into a chip after the manufacturing stage. The second method uses a remote test management system which can execute LBIST using a different set of test patterns at each test cycle., 16 pages, 5 figures

Published

2016