Your search keyword '"Danilo Gligoroski"' showing total 49 results

1. Non-Interactive VDF Client Puzzle for DoS Mitigation

Author

Danilo Gligoroski and Mayank Raikwar

Subjects

Resource (project management), Computer science, media_common.quotation_subject, MathematicsofComputing_GENERAL, Denial-of-service attack, Verifiable secret sharing, Client-side, Computer security, computer.software_genre, Function (engineering), computer, Protocol (object-oriented programming), media_common

Abstract

Denial of Service (DoS) attacks pose a growing threat to network services. Client puzzles have been proposed to mitigate DoS attacks by requiring a client to prove legitimate intentions. Since its introduction, there have been several constructions of client puzzles. Nevertheless, most of the existing client puzzles are interactive, where a server constructs a puzzle for a client request and asks the client to solve it before giving access to a resource. Additionally, most existing client puzzles do not provide desirable properties such as fairness, non-parallelizability, or non-interactivity. In this work, we propose a non-interactive client puzzle that achieves all these desired properties through a verifiable delay function (VDF). In a non-interactive puzzle, the client generates a puzzle and sends its solution along with the puzzle to access a resource of the server. We present different methods to generate verifiable client puzzles to prevent puzzle forgery and attacks from the client side. Further, we exhibit a transformation of the client puzzle into a DoS-resistant protocol. We also demonstrate the applicability of the DoS-resistant protocol in different contexts of the blockchain ecosystem.

Published

2021

2. R3V: Robust Round Robin VDF-based Consensus

Author

Mayank Raikwar and Danilo Gligoroski

Subjects

Protocol (science), Computer science, media_common.quotation_subject, Computer security, computer.software_genre, Proof-of-stake, Proof-of-work system, Verifiable secret sharing, Resilience (network), Communication complexity, Function (engineering), computer, Block (data storage), media_common

Abstract

Proof of Stake (PoS) based consensus provides a better mechanism than Proof of Work (PoW) consensus for extending the blockchain without significant energy waste. Most of the PoS consensus protocols derive or use some randomness to elect a leader candidate. This makes the consensus weaker and attracts more attackers to mount different attacks, e.g., long-range attacks and block withholding attacks. In PoS consensus, having more stakes gives more chances to be a leader among participating stakeholders. Therefore, most PoS protocols do not provide better fairness for the stakeholders participating in the consensus protocol. Moreover, these protocols suffer from high communication complexity for selecting a leader candidate in each consensus round. In this work, we propose a novel consensus protocol “R3V” that selects a set of leader candidates in a round-robin manner according to age. Finally, these leader candidates compete to be the block leader by solving a Verifiable Delay Function (VDF) based puzzle. We propose different methods to generate verifiable identities for the stakeholders. The identities are enrolled in the blockchain, which provides the age norm needed for the consensus. Compared with the other PoS consensus protocols, our protocol shows better resilience against most of the common attacks on PoS protocols. Additionally, it proclaims low energy consumption, less communication complexity, and better fairness.

Published

2021

3. Efficient Novel Privacy Preserving PoS Protocol Proof-of-concept with Algorand

Author

Danilo Gligoroski, Kamilla Stevenson, Oda Skoglund, and Mayank Raikwar

Subjects

Protocol (science), Proof-of-stake, Lottery, Computer science, Proof of concept, Proof-of-work system, Homomorphic encryption, Zero-knowledge proof, Computer security, computer.software_genre, computer, Block (data storage)

Abstract

Proof of Stake (PoS) emerged to replace and tackle the problem of vast energy consumption in Proof of Work (PoW) consensus. PoS is based on the assumption that the majority of the stake is owned by honest participants. Consequently, instead of solving a computationally hard puzzle to propose the next block in the blockchain, PoS selects a participant with probability proportional to its stake in the network. In contrast to the solution to the puzzle, the proof of selection in PoS has inherent privacy issues. The identity of the selected participant is revealed to other participants to verify the proof, and the stake of the selected can be deducted by frequency analysis. Therefore, Private Proof of Stake (PPoS) emerged to provide a valid alternative to PoW, aiming to tackle the energy consumption in PoW while preserving the privacy of the selected participant in a consensus round. Recent PPoS protocols by Baldimtsi et al. and Ganesh et al., rely on an anonymous broadcast channel and have a large proof size that hinders the practical implementation of the protocols. In this paper, we identify issues and areas of improvement within the current PPoS protocols. We built our privacy-preserving PoS scheme upon the anonymous lottery by Baldimtsi et al. with an instantiation of Algorand as the underlying PoS protocol. We apply fully homomorphic encryption along with zero-knowledge proof techniques to reduce the proof size and to achieve privacy of selected participant’s stake and identity. In comparison with the original anonymous lottery scheme, our scheme achieves better efficiency and complexity.

Published

2021

4. Blockchain for Increased Trust in Virtual Health Care: Proof-of-Concept Study

Author

Danilo Gligoroski, Anton Hasselgren, Arild Faxvaag, Jens-Andreas Hanssen Rensaa, and Katina Kralevska

Subjects

blockchain, Service (systems architecture), Process management, Non-functional requirement, decentralization, Computer science, Health Informatics, Health informatics, Proof of Concept Study, 03 medical and health sciences, Patient safety, 0302 clinical medicine, Artificial Intelligence, Health care, ethereum, Healthcare 4.0, Humans, 030212 general & internal medicine, Original Paper, Requirements engineering, business.industry, 030503 health policy & services, Digital transformation, trust, Information security, virtualization, 0305 other medical science, business, Delivery of Health Care

Abstract

Background Health care systems are currently undergoing a digital transformation that has been primarily triggered by emerging technologies, such as artificial intelligence, the Internet of Things, 5G, blockchain, and the digital representation of patients using (mobile) sensor devices. One of the results of this transformation is the gradual virtualization of care. Irrespective of the care environment, trust between caregivers and patients is essential for achieving favorable health outcomes. Given the many breaches of information security and patient safety, today’s health information system portfolios do not suffice as infrastructure for establishing and maintaining trust in virtual care environments. Objective This study aims to establish a theoretical foundation for a complex health care system intervention that aims to exploit a cryptographically secured infrastructure for establishing and maintaining trust in virtualized care environments and, based on this theoretical foundation, present a proof of concept that fulfills the necessary requirements. Methods This work applies the following framework for the design and evaluation of complex intervention research within health care: a review of the literature and expert consultation for technology forecasting. A proof of concept was developed by following the principles of design science and requirements engineering. Results This study determined and defined the crucial functional and nonfunctional requirements and principles for enhancing trust between caregivers and patients within a virtualized health care environment. The cornerstone of our architecture is an approach that uses blockchain technology. The proposed decentralized system offers an innovative governance structure for a novel trust model. The presented theoretical design principles are supported by a concrete implementation of an Ethereum-based platform called VerifyMed. Conclusions A service for enhancing trust in a virtualized health care environment that is built on a public blockchain has a high fit for purpose in Healthcare 4.0.

Published

2021

5. The Meshwork Ledger, its Consensus and Reward Mechanisms

Author

Danilo Gligoroski and Mayank Raikwar

Subjects

050101 languages & linguistics, business.industry, Computer science, 05 social sciences, 02 engineering and technology, Core (game theory), Digital signature, Validator, Scalability, Ledger, Node (computer science), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, business, Database transaction, Computer network, Block (data storage)

Abstract

We propose a new blockchain ledger concept called “Meshwork ledger” and a corresponding consensus algorithm. Meshwork is a network of coequal client nodes that contribute to the endorsement of the transactions by providing digital signatures to a validator node that collects them in an aggregate signature scheme. The essential sustainability component of the ledger is the reward mechanism for the meshwork client nodes. The prime design objective is the coequality of all client nodes, meaning there is no advantage for getting rewards if the client is an early adopter, if the client has collected a significant stake of rewards or if the client just joined the meshwork. The consensus algorithm is based on aggregate multisignatures. A joint aggregate signature on a block of transactions is constructed with the signatures collected from the mesh client nodes in a multi-signature scheme. A signature provided on the block by a client node is acknowledged as approval. The core idea of the consensus is to race for the maximum number of signatures (approvals) on a block from the mesh clients, in order to append the block in the blockchain. The race in the consensus is among particular types of nodes called validator nodes that try to collect a maximum number of approvals (signatures) from the mesh clients. Clients that participated in the aggregate signature organized by the winner validator node get some reward as a small share of the total transaction fee. These reward transactions are performed in an off-chain manner, using a commit-chain. Compared with other blockchain consensus algorithms, the meshwork consensus algorithm is faster, significantly more energy-efficient and scalable.

Published

2021

6. Vulnerability Analysis of 2500 Docker Hub Images

Author

Malene Helsem, Danilo Gligoroski, and Katrine Wist

Subjects

World Wide Web, Vulnerability assessment, Virtual machine, Scripting language, Computer science, Vulnerability, Python (programming language), JavaScript, computer.software_genre, computer, computer.programming_language

Abstract

The use of container technology has skyrocketed during the last few years, with Docker as the leading container platform. Docker’s online repository for publicly available container images, called Docker Hub, hosts over 3.5 million images at the time of writing, making it the world’s largest community of container images. We perform an extensive vulnerability analysis of 2500 Docker images. It is of particular interest to perform this type of analysis because the vulnerability landscape is a rapidly changing category, the vulnerability scanners are constantly developed and updated, new vulnerabilities are discovered, and the volume of images on Docker Hub is increasing every day. Our main findings reveal that (1) the number of newly introduced vulnerabilities on Docker Hub is rapidly increasing; (2) certified images are the most vulnerable; (3) official images are the least vulnerable; (4) there is no correlation between the number of vulnerabilities and image features (i.e., number of pulls, number of stars, and days since the last update); (5) the most severe vulnerabilities originate from two of the most popular scripting languages, JavaScript and Python; and (6) Python 2.x packages and jackson-databind packages contain the highest number of severe vulnerabilities. We perceive our study as the most extensive vulnerability analysis published in the open literature in the last couple of years.

Published

2021

7. Micro - GAGE: A Low-power Compact GAGE Hash Function Processor for IoT Applications

Author

Sergiu Mosanu, Jinjun Xiong, Danilo Gligoroski, Wen-mei W. Hwu, Martin Margala, and Mohamed El-Hadedy

Subjects

Read-only memory, business.industry, Computer science, Hash function, Automotive industry, 020206 networking & telecommunications, 02 engineering and technology, Power (physics), Smart city, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Range (statistics), 020201 artificial intelligence & image processing, Sensitivity (control systems), Field-programmable gate array, business

Abstract

The emergence of Internet of Things (IoT) applications presents a wide range of opportunities in areas such as automotive, consumer, energy, smart city and many others. Since many of these systems operate in environments with heightened sensitivity and privacy, they require trusted level of security. In addition, the implemented security measures must fit within strict power and area budgets, yet deliver maximum performance mandated by the application. In this paper, we propose and evaluate the area, power and performance of a novel compact low-power GAGE hash function processor (MICRO-GAGE). The results show Micro- Gageis 28× more power-efficient than the reported implementation of GAGE hash function on AVR ATMEGA 328p micro-controller. Micro- Gageneeds approximately 2.6 times less power than several comparable LWC designs. In addition, the proposed processor performs approximately 2.6 times longer than the other LWC designs when powered by typical Ni-Cd battery.

Published

2020

8. 5G Network Slice Isolation with WireGuard and Open Source MANO: A VPNaaS Proof-of-Concept

Author

Simen Haga, Danilo Gligoroski, Katina Kralevska, and Ali Esmaeily

Subjects

Networking and Internet Architecture (cs.NI), FOS: Computer and information sciences, Computer Science - Cryptography and Security, Computer science, business.industry, Throughput, Context (language use), Tunneling protocol, Computer Science - Networking and Internet Architecture, Proof of concept, Isolation (database systems), Software-defined networking, business, Host (network), Protocol (object-oriented programming), Cryptography and Security (cs.CR), Computer network

Abstract

The fifth-generation (5G) mobile networks aim to host different types of services on the same physical infrastructure. Network slicing is considered as the key enabler for achieving this goal. Although there is some progress in applying and implementing network slicing in the context of 5G, the security and performance of network slicing still have many open research questions. In this paper, we propose the first OSM-WireGuard framework and its lifecycle. We implement the WireGuard secure network tunneling protocol in a 5G network to provide a VPN-as-a-Service (VPNaaS) functionality for virtualized network functions. We demonstrate that OSM instantiates WireGuard-enabled services up and running in 4 min 26 sec, with potential the initialization time to go down to 2 min 44 sec if the operator prepares images with a pre-installed and up-to-date version of WireGuard before the on-boarding process. We also show that the OSM-WireGuard framework provides considerable enhancement of up to 5.3 times higher network throughput and up to 41% lower latency compared to OpenVPN. The reported results show that the proposed framework is a promising solution for providing traffic isolation with strict latency and throughput requirements., Accepted for presentation at IEEE NFV-SDN 2020

Published

2020

9. A Cloud-based SDN/NFV Testbed for End-to-End Network Slicing in 4G/5G

Author

Danilo Gligoroski, Ali Esmaeily, and Katina Kralevska

Subjects

Networking and Internet Architecture (cs.NI), FOS: Computer and information sciences, Computer science, business.industry, Distributed computing, 020208 electrical & electronic engineering, Testbed, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, Subset and superset, Slicing, Computer Science - Networking and Internet Architecture, End-to-end principle, Scalability, 0202 electrical engineering, electronic engineering, information engineering, Orchestration, business, 5G

Abstract

Network slicing aims to shape 5G as a flexible, scalable, and demand-oriented network. Research communities deploy small-scale and cost-efficient testbeds in order to evaluate network slicing functionalities. We introduce a novel testbed, called 5GIIK, that provides implementation, management, and orchestration of network slices across all network domains and different access technologies. Our methodology identifies design criteria that are a superset of the features present in other state-of-the-art testbeds and determines appropriate open-source tools for implementing them. 5GIIK is one of the most comprehensive testbeds because it provides additional features and capabilities such as slice provision dynamicity, real-time monitoring of VMs, and VNF-onboarding to different VIMs. We illustrate the potentials of the proposed testbed and present initial results., Comment: This paper has been accepted for publication at IEEE NetSoft 2020

Published

2020

10. Trends in Development of Databases and Blockchain

Author

Danilo Gligoroski, Mayank Raikwar, and Goran Velinov

Subjects

FOS: Computer and information sciences, Atomicity, Blockchain, Computer Science - Cryptography and Security, Database, Computer science, business.industry, Databases (cs.DB), computer.software_genre, Partition (database), CAP theorem, Consistency (database systems), Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Databases, Analytics, Scalability, Isolation (database systems), Distributed, Parallel, and Cluster Computing (cs.DC), business, computer, Cryptography and Security (cs.CR)

Abstract

This work is about the mutual influence between two technologies: Databases and Blockchain. It addresses two questions: 1. How the database technology has influenced the development of blockchain technology?, and 2. How blockchain technology has influenced the introduction of new functionalities in some modern databases? For the first question, we explain how database technology contributes to blockchain technology by unlocking different features such as ACID (Atomicity, Consistency, Isolation, and Durability) transactional consistency, rich queries, real-time analytics, and low latency. We explain how the CAP (Consistency, Availability, Partition tolerance) theorem known for databases influenced the DCS (Decentralization, Consistency, Scalability) theorem for the blockchain systems. By using an analogous relaxation approach as it was used for the proof of the CAP theorem, we postulate a "DCS-satisfiability conjecture." For the second question, we review different databases that are designed specifically for blockchain and provide most of the blockchain functionality like immutability, privacy, censorship resistance, along with database features., Comment: Accepted in The Second International Workshop on Blockchain Applications and Theory (BAT 2020)

Published

2020

11. GDPR Compliance for Blockchain Applications in Healthcare

Author

Arild Faxvaag, Katina Kralevska, Anton Hasselgren, Paul Kengfai Wan, Danilo Gligoroski, and Margareth Horn

Subjects

Social and Information Networks (cs.SI), FOS: Computer and information sciences, Sikkerhet og sårbarhet: 424 [VDP], Blockchain, Computer Science - Cryptography and Security, business.industry, Computer science, Interoperability, Internet privacy, Access control, Computer Science - Social and Information Networks, Compliance (psychology), Highly sensitive, Health data, Security and vulnerability: 424 [VDP], Computer Science - Computers and Society, Blockchain-based Governance, Work (electrical), Computers and Society (cs.CY), Health care, business, Cryptography and Security (cs.CR)

Abstract

The transparent and decentralized characteristics associated with blockchain can be both appealing and problematic when applied to a healthcare use-case. As health data is highly sensitive, it is therefore, highly regulated to ensure the privacy of patients. At the same time, access to health data and interoperability are in high demand. Regulatory frameworks such as GDPR and HIPAA are, amongst other objectives, meant to contribute to mitigating the risk of privacy violations of health data. Blockchain features can likely improve interoperability and access control to health data, and at the same time, preserve or even increase, the privacy of patients. Blockchain applications should address compliance with the current regulatory framework to increase real-world feasibility. This exploratory work indicates that published proof-of-concepts in the healthcare domain comply with GDPR, to an extent. Blockchain developers need to make design choices to be compliant with GDPR since currently, none available blockchain platform can show compliance out of the box. (c) 2020 by Academy & Industry Research Collaboration Center (AIRCC) Dubai, UAE

Published

2020

12. VerifyMed -- A blockchain platform for transparent trust in virtualized healthcare: Proof-of-concept

Author

Jens-Andreas Hanssen Rensaa, Arild Faxvaag, Anton Hasselgren, Danilo Gligoroski, and Katina Kralevska

Subjects

Networking and Internet Architecture (cs.NI), FOS: Computer and information sciences, Knowledge management, Computer Science - Cryptography and Security, Smart contract, Computer science, business.industry, computer.software_genre, Work experience, Computer Science - Networking and Internet Architecture, Videoconferencing, Proof of concept, Health care, business, Competence (human resources), License, computer, Cryptography and Security (cs.CR), Average cost

Abstract

Patients living in a digitized world can now interact with medical professionals through online services such as chat applications, video conferencing or indirectly through consulting services. These applications need to tackle several fundamental trust issues: 1. Checking and confirming that the person they are interacting with is a real person; 2. Validating that the healthcare professional has competence within the field in question; and 3. Confirming that the healthcare professional has a valid license to practice. In this paper, we present VerifyMed -- the first proof-of-concept platform, built on Ethereum, for transparently validating the authorization and competence of medical professionals using blockchain technology. Our platform models trust relationships within the healthcare industry to validate professional clinical authorization. Furthermore, it enables a healthcare professional to build a portfolio of real-life work experience and further validates the competence by storing outcome metrics reported by the patients. The extensive realistic simulations show that with our platform, an average cost for creating a smart contract for a treatment and getting it approved is around 1 USD, and the cost for evaluating a treatment is around 50 cents., Comment: Accepted for publication at Blockchain and Internet of Things Conference (BIOTC 2020)

Published

2020

13. Towards 5G Intrusion Detection Scenarios with OMNeT++

Author

Danilo Gligoroski, Katina Kralevska, Michele Garau, and Mathias Kjolleberg Forland

Subjects

Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Real-time computing, Intrusion detection system, 5G

Abstract

We implement an intrusion detection application to investigate the security capabilities of Software Defined Networking (SDN) in a 5G-like environment under Distributed Denial- of-Service (DDoS) attacks. The simulation environment is created in OMNeT++ with a novel integration of two OMNeT++ extension libraries, SimuLTE and OpenFlow OM- NeT++ Suite. The 5G-like environment enables vast and diverse testing of 5G topologies, as well as performance analysis of SDN security applications with various detection and mitigation methods. We analyze distributed synchronize (SYN) flood attack performed by compromised nodes. We report our findings about the sensitivity and the specificity of detection and mitigation of SYN flood for different number of attack and benign nodes.

Published

2019

14. Preventing DDoS with SDN in 5G

Author

Danilo Gligoroski, Katina Kralevska, Michele Garau, and Mathias Kjolleberg Forland

Subjects

OpenFlow, Computer science, Event (computing), business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Control theory, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, SYN flood, Timeout, business, Computer network

Abstract

In this paper we set a 5G-like environment using the OMNeT++ Discrete Event Simulator with integrated extension libraries INET, SimuLTE, and OpenFlow OMNeT++ Suite, and we develop a Software- Defined Networking (SDN) Distributed Denial-of-Service (DDoS) defense controller application for detecting and mitigating distributed SYN flood attack. The developed application serves as a Proof of Concept for the potentials of using SDN as a security component in 5G. The performance of the controller application is evaluated by a sensitivity and specificity analysis, and it is validated through numerous experiments where parameters such as attack rate, detection threshold, flow entry timeout, and the number of malicious and benign nodes are varied. The results show that SDN developed applications can be indeed used as security components in 5G.

Published

2019

15. SoK of Used Cryptography in Blockchain

Author

Mayank Raikwar, Katina Kralevska, and Danilo Gligoroski

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, Blockchain, General Computer Science, Computer science, Computer Science - Information Theory, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, proof-of-work, Domain (software engineering), Computer Science - Networking and Internet Architecture, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, Networking and Internet Architecture (cs.NI), cryptography, business.industry, Information Theory (cs.IT), General Engineering, 020206 networking & telecommunications, Information security, consensus, 020201 artificial intelligence & image processing, hash function, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, Cryptography and Security (cs.CR), computer, lcsh:TK1-9971, signature

Abstract

The underlying fundaments of blockchain are cryptography and cryptographic concepts that provide reliable and secure decentralized solutions. Although many recent papers study the use-cases of blockchain in different industrial areas, such as finance, health care, legal relations, IoT, information security, and consensus building systems, only few studies scrutinize the cryptographic concepts used in blockchain. To the best of our knowledge, there is no Systematization of Knowledge (SoK) that gives a complete picture of the existing cryptographic concepts which have been deployed or have the potential to be deployed in blockchain. In this paper, we thoroughly review and systematize all cryptographic concepts which are already used in blockchain. Additionally, we give a list of cryptographic concepts which have not yet been applied but have big potentials to improve the current blockchain solutions. We also include possible instantiations of these cryptographic concepts in the blockchain domain. Last but not least, we explicitly postulate 21 challenging problems that cryptographers interested in blockchain can work on. This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see http://creativecommons.org/licenses/by/4.0

Published

2019

16. Blockchain in healthcare and health sciences—A scoping review

Author

Arild Faxvaag, Anton Hasselgren, Sindre Andre Pedersen, Danilo Gligoroski, and Katina Kralevska

Subjects

Health Information Exchange, Blockchain, 020205 medical informatics, Computer science, Interoperability, Health Informatics, Access control, 02 engineering and technology, Field (computer science), Domain (software engineering), 03 medical and health sciences, 0302 clinical medicine, Data integrity, Health care, 0202 electrical engineering, electronic engineering, information engineering, Electronic Health Records, Humans, 030212 general & internal medicine, business.industry, Quality Improvement, Data science, Health Records, Personal, Health education, business, Delivery of Health Care

Abstract

Background Blockchain can be described as an immutable ledger, logging data entries in a decentralized manner. This new technology has been suggested to disrupt a wide range of data-driven domains, including the health domain. Objective The purpose of this study was to systematically review, assess and synthesize peer-reviewed publications utilizing/proposing to utilize blockchain to improve processes and services in healthcare, health sciences and health education. Method A structured literature search on the topic was conducted in October 2018 relevant bibliographic databases. Result 39 publications fulfilled the inclusion criteria. The result indicates that Electronic Health Records and Personal Health Records are the most targeted areas using blockchain technology. Access control, interoperability, provenance and data integrity are all issues that are meant to be improved by blockchain technology in this field. Ethereum and Hyperledger fabric seem to be the most used platforms/frameworks in this domain. Conclusion This study shows that the endeavors of using blockchain technology in the health domain are increasing exponentially. There are areas within the health domain that potentially could be highly impacted by blockchain technology. © 2019 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/BY-NC-ND/4.0/).

Published

2020

17. Network Traffic Driven Storage Repair

Author

Rune Erlend Jensen, Danilo Gligoroski, Katina Kralevska, and Per Simonsen

Subjects

FOS: Computer and information sciences, Computer science, business.industry, Information Theory (cs.IT), Node (networking), Computer Science - Information Theory, Duality (mathematics), Bandwidth (signal processing), Computer Science - Distributed, Parallel, and Cluster Computing, Code (cryptography), Distributed, Parallel, and Cluster Computing (cs.DC), business, Access time, Computer network

Abstract

Recently we constructed an explicit family of locally repairable and locally regenerating codes. Their existence was proven by Kamath et al. but no explicit construction was given. Our design is based on HashTag codes that can have different sub-packetization levels. In this work we emphasize the importance of having two ways to repair a node: repair only with local parity nodes or repair with both local and global parity nodes. We say that the repair strategy is network traffic driven since it is in connection with the concrete system and code parameters: the repair bandwidth of the code, the number of I/O operations, the access time for the contacted parts and the size of the stored file. We show the benefits of having repair duality in one practical example implemented in Hadoop. We also give algorithms for efficient repair of the global parity nodes., arXiv admin note: text overlap with arXiv:1701.06664

Published

2018

18. Repair Duality with Locally Repairable and Locally Regenerating Codes

Author

Per Simonsen, Rune Erlend Jensen, Katina Kralevska, and Danilo Gligoroski

Subjects

FOS: Computer and information sciences, Discrete mathematics, Computer science, Computer Science - Information Theory, Information Theory (cs.IT), Bandwidth (signal processing), Duality (mathematics), 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Construct (python library), Upper and lower bounds, Finite field, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), Node (circuits), Euclidean vector

Abstract

We construct an explicit family of locally repairable and locally regenerating codes whose existence was proven in a recent work by Kamath et al. about codes with local regeneration but no explicit construction was given. This explicit family of codes is based on HashTag codes. HashTag codes are recently defined vector codes with different vector length $\alpha$ (also called a sub-packetization level) that achieve the optimal repair bandwidth of MSR codes or near-optimal repair bandwidth depending on the sub-packetization level. We applied the technique of parity-splitting code construction. We show that the lower bound on the size of the finite field for the presented explicit code constructions can be lower than the one given in the work of Kamath et al. Finally, we discuss the importance of having two ways for node repair with locally regenerating HashTag codes: repair only with local parity nodes or repair with both local and global parity nodes. To the best of the authors' knowledge, this is the first work where this duality in repair process is discussed. We give a practical example and experimental results in Hadoop where we show the benefits of having this repair duality., Comment: Accepted as a full paper for publication at IEEE DataCom 2017

Published

2017

19. CARIBE: Cascaded IBE for Maximum Flexibility and User-Side Control

Author

Britta Hale, Christopher Carr, and Danilo Gligoroski

Subjects

business.industry, Computer science, Control engineering, Context (language use), Public key infrastructure, Plaintext, Computer security, computer.software_genre, Encryption, Multiple encryption, Certificate authority, Ciphertext, business, computer, Key escrow

Abstract

Mass surveillance and a lack of end-user encryption, coupled with a growing demand for key escrow under legal oversight and certificate authority security concerns, raise the question of the appropriateness of continued general dependency on PKI. Under this context, we examine Identity-Based Encryption (IBE) as an alternative to public-key encryption. Cascade encryption, or sequential multiple encryption, is the concept of layering encryption such that the ciphertext from one encryption step is the plaintext of the next. We describe CARIBE, a cascaded IBE scheme, for which we also provide a cascaded CCA security experiment, IND-ID-C.CCA, and prove its security in the computational model. CARIBE combines the ease-of-use of IBE with key escrow, limited to the case when the entire set of participating PKGs collaborate. Furthermore, we describe a particular CARIBE scheme, CARIBE-S, where the receiver is a self-PKG – one of the several PKGs included in the cascade. CARIBE-S inherits IND-ID-C.CCA from CARIBE, and avoids key escrow entirely. In essence, CARIBE-S offers the maximum flexibility of the IBE paradigm and gives the users complete control without the key escrow problem.

Published

2017

20. HashTag Erasure Codes: From Theory to Practice

Author

Rune Erlend Jensen, Danilo Gligoroski, Harald Øverby, and Katina Kralevska

Subjects

FOS: Computer and information sciences, Discrete mathematics, Information Systems and Management, Computer science, Information Theory (cs.IT), Reliability (computer networking), Computer Science - Information Theory, 020206 networking & telecommunications, 02 engineering and technology, 020202 computer hardware & architecture, Computer Science - Distributed, Parallel, and Cluster Computing, Encoding (memory), Distributed data store, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), Bandwidth (computing), Overhead (computing), Distributed, Parallel, and Cluster Computing (cs.DC), Erasure code, Information Systems, Sign (mathematics)

Abstract

Minimum-Storage Regenerating (MSR) codes have emerged as a viable alternative to Reed-Solomon (RS) codes as they minimize the repair bandwidth while they are still optimal in terms of reliability and storage overhead. Although several MSR constructions exist, so far they have not been practically implemented mainly due to the big number of I/O operations. In this paper, we analyze high-rate MDS codes that are simultaneously optimized in terms of storage, reliability, I/O operations, and repair-bandwidth for single and multiple failures of the systematic nodes. The codes were recently introduced in \cite{7463553} without any specific name. Due to the resemblance between the hashtag sign \# and the procedure of the code construction, we call them in this paper \emph{HashTag Erasure Codes (HTECs)}. HTECs provide the lowest data-read and data-transfer, and thus the lowest repair time for an arbitrary sub-packetization level $\alpha$, where $\alpha \leq r^{\lceil \sfrac{k}{r} \rceil}$, among all existing MDS codes for distributed storage including MSR codes. The repair process is linear and highly parallel. Additionally, we show that HTECs are the first high-rate MDS codes that reduce the repair bandwidth for more than one failure. Practical implementations of HTECs in Hadoop release 3.0.0-alpha2 demonstrate their great potentials., Comment: Submitted to IEEE Transactions on Big Data

Published

2016

21. Balanced locally repairable codes

Author

Danilo Gligoroski, Katina Kralevska, and Harald Øverby

Subjects

FOS: Computer and information sciences, Discrete mathematics, Computer science, Computer Science - Information Theory, Information Theory (cs.IT), Open problem, Locality, Bandwidth (signal processing), Markov process, 020206 networking & telecommunications, Fault tolerance, 02 engineering and technology, Construct (python library), Maintenance engineering, symbols.namesake, Computer Science - Distributed, Parallel, and Cluster Computing, 0202 electrical engineering, electronic engineering, information engineering, symbols, Overhead (computing), 020201 artificial intelligence & image processing, Distributed, Parallel, and Cluster Computing (cs.DC)

Abstract

We introduce a family of balanced locally repairable codes (BLRCs) $[n, k, d]$ for arbitrary values of $n$, $k$ and $d$. Similar to other locally repairable codes (LRCs), the presented codes are suitable for applications that require a low repair locality. The novelty that we introduce in our construction is that we relax the strict requirement the repair locality to be a fixed small number $l$, and we allow the repair locality to be either $l$ or $l+1$. This gives us the flexibility to construct BLRCs for arbitrary values of $n$ and $k$ which partially solves the open problem of finding a general construction of LRCs. Additionally, the relaxed locality criteria gives us an opportunity to search for BLRCs that have a low repair locality even when double failures occur. We use metrics such as a storage overhead, an average repair bandwidth, a Mean Time To Data Loss (MTTDL) and an update complexity to compare the performance of BLRCs with existing LRCs., Comment: Accepted for presentation at International Symposium on Turbo Codes and Iterative Information Processing 2016

Published

2016

22. A 16-Bit Reconfigurable Encryption Processor for p-Cipher

Author

Hristina Mihajloska, Kevin Skadron, Amit Kulkarni, Mohamed El-Hadedy, Dirk Stroobandt, and Danilo Gligoroski

Subjects

Authenticated encryption, Technology and Engineering, Speedup, π-Cipher, business.industry, Computer science, CAESAR, micro-reconfiguration, 02 engineering and technology, Encryption, parameterized configuration, Cryptographic competitions, 020202 computer hardware & architecture, 16-bit, Cipher, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, TLUT, 020201 artificial intelligence & image processing, Hardware_ARITHMETICANDLOGICSTRUCTURES, Field-programmable gate array, business, FPGA, Cryptographic nonce

Abstract

This paper presents an improved hardware implementation of a 16-bit ARX (Add, Rotate, and Xor) engine for one of the CAESAR second-round competition candidates, Pi-Cipher, implemented on an FPGA. Pi-Cipher is a nonce-based authenticated encryption cipher with associated data. The security of the Pi-Cipher relies on an ARX based permutation function, which is denoted as a Pi-function. The proposed ARX engine has been implemented in just 266 slices, which includes the buffers of the input and the output. It can be clocked at 347 MHz. Also, in this paper, a message processor based on the proposed ARX engine is introduced. The message processor has been implemented in 1114 slices and it can be clocked at 250 MHz. The functionality of the proposed ARX engine was verified on the Xilinx Virtex-7. The new design of the ARX engine allows for almost four times speedup in performance while consuming only 17% larger area than previously published work. We extend our message processor implementation by using parametrized reconfiguration technique after which an area reduction of 27 slices is observed.

Published

2016

23. Semantic Security and Key-Privacy with Random Split of St-Gen Codes

Author

Danilo Gligoroski and Simona Samardjiska

Subjects

Discrete mathematics, Computer science, business.industry, 020206 networking & telecommunications, Plaintext, 0102 computer and information sciences, 02 engineering and technology, Encryption, 01 natural sciences, Public-key cryptography, 010201 computation theory & mathematics, McEliece cryptosystem, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Chosen-plaintext attack, Semantic security, business, Standard model (cryptography)

Abstract

Recently we have defined Staircase-Generator codes (St-Gen codes) and their variant with a random split of the generator matrix of the codes. One unique property of these codes is that they work with arbitrary error sets. In this paper we analyze the semantic security against chosen plaintext attack (IND-CPA) and key-privacy i.e. indistinguishability of public keys under chosen plaintext attack (IK-CPA) of the encryption scheme with random split of St-Gen codes. In a similar manner as it was done by Nojima et al. and later by Yamakawa et al. we show that padding the plaintext with a random bit-string provides IND-CPA and IK-CPA in the standard model. The difference with McEliece scheme is that with our scheme the length of the padded random string is significantly shorter.

Published

2016

24. Reviving the Idea of Incremental Cryptography for the Zettabyte Era Use Case: Incremental Hash Functions Based on SHA-3

Author

Simona Samardjiska, Danilo Gligoroski, Hristina Mihajloska, Ss. Cyril and Methodius University in Skopje, Norwegian University of Science and Technology [Trondheim] (NTNU), Norwegian University of Science and Technology (NTNU), Jan Camenisch, Doğan Kesdoğan, TC 11, and WG 11.4

Subjects

iSHAKE128, Theoretical computer science, Speedup, Computer science, SHAKE128, Zettabyte, 05 social sciences, Hash function, SHA-3, Byte, SHAKE256, Collision, Tree (data structure), 0502 economics and business, Incremental hashing, NIST, [INFO]Computer Science [cs], 050211 marketing, Zettabyte era, iSHAKE256, 050203 business & management

Abstract

Part 4: Cryptography; International audience; According to several recent studies, the global IP communication and digital storage have already surpassed the zettabyte threshold ($$10^{21}$$ bytes). The Internet entered the zettabyte era in which fast and secure computations are important more than ever. One solution for certain types of computations, that may offer a speedup up to several orders of magnitude, is the incremental cryptography. While the idea of incremental crypto primitives is not new, so far its potential has not been fully exploited. In this paper, we define two incremental hash functions iSHAKE128 and iSHAKE256 based on the recent NIST proposal for SHA-3 Extendable-Output Functions SHAKE128 and SHAKE256. We describe two practical implementation scenarios of the newly introduced hash functions and compare them with the already known tree-based hash scheme. We show the trends of efficiency gains as the amount of data increases in comparison to the standard tree-based incremental schemes. Our proposals iSHAKE128 and iSHAKE256 provide security against collision attacks of 128 and 256 bits, respectively.

Published

2016

25. Coded Packet Transport for Optical Packet/Burst Switched Networks

Author

Katina Kralevska, Harald Øverby, and Danilo Gligoroski

Subjects

FOS: Computer and information sciences, business.industry, Network packet, Computer science, Computer Science - Information Theory, Information Theory (cs.IT), Quality of service, Node (networking), ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Survivability, Packet loss, Overhead (computing), business, Erasure code, Processing delay, Computer network

Abstract

This paper presents the Coded Packet Transport (CPT) scheme, a novel transport mechanism for Optical Packet/Burst Switched (OPS/OBS) networks. The CPT scheme exploits the combined benefits of source coding by erasure codes and path diversity to provide efficient means for recovering from packet loss due to contentions and path failures, and to provide non-cryptographic secrecy. In the CPT scheme, erasure coding is employed at the OPS/OBS ingress node to form coded packets, which are transmitted on disjoint paths from the ingress node to an egress node in the network. The CPT scheme allows for a unified view of Quality of Service (QoS) in OPS/OBS networks by linking the interactions between survivability, performance and secrecy. We provide analytical models that illustrate how QoS aspects of CPT are affected by the number of disjoint paths, packet overhead and processing delay., Comment: IEEE Globecom 2015

Published

2015

26. CryptoCloak protocol and the prototype application

Author

Zoran Djuric, Dijana Vukovic, and Danilo Gligoroski

Subjects

Session Initiation Protocol, Authentication, Computer science, business.industry, computer.internet_protocol, Cryptography, World Wide Web, Off-the-Record Messaging, Authentication protocol, Business correspondence, Universal composability, business, Protocol (object-oriented programming), computer

Abstract

Number of instant messaging (chat) applications grows rapidly, not only in everyday communication of ordinary people, but in business correspondence. Consequently, security and privacy of these kinds of applications are very important. In this paper, CryptoCloak protocol for secure and private chat communication is introduced, together with the prototype IM application implemented in Java programming language that illustrates how the CryptoCloak protocol can be used in practice.

Published

2015

27. Approaching Maximum Embedding Efficiency on Small Covers Using Staircase-Generator Codes

Author

Danilo Gligoroski and Simona Samardjiska

Subjects

FOS: Computer and information sciences, Computer science, Information Theory (cs.IT), Computer Science - Information Theory, Code word, List decoding, 94B05, Stability (probability), Multimedia (cs.MM), Embedding, Algorithm design, Generator matrix, Algorithm, Word (computer architecture), Decoding methods, Computer Science - Multimedia

Abstract

We introduce a new family of binary linear codes suitable for steganographic matrix embedding. The main characteristic of the codes is the staircase random block structure of the generator matrix. We propose an efficient list decoding algorithm for the codes that finds a close codeword to a given random word. We provide both theoretical analysis of the performance and stability of the decoding algorithm, as well as practical results. Used for matrix embedding, these codes achieve almost the upper theoretical bound of the embedding efficiency for covers in the range of 1000 - 1500 bits, which is at least an order of magnitude smaller than the values reported in related works., Extended version of the paper presented at ISIT 2015

Published

2015

28. Joint balanced source and network coding

Author

Harald Øverby, Danilo Gligoroski, and Katina Kralevska

Subjects

Link state packet, Transmission delay, Computer science, business.industry, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, End-to-end delay, Variable-length code, Burst switching, Packet loss, Linear network coding, business, Processing delay, Computer network

Abstract

We introduce a method that combines joint balanced source and network coding in optical packet-switched networks. It is an efficient way to combat packet loss that occurs due to contentions, to recover lost data due to link failures and to provide secure data transmission, i.e., secrecy. By using binary erasure codes and adding redundancy the destination is able to decode the source data when packet loss occurs. Coding at the intermediate node offers protection against single link failure. An eavesdropper cannot reconstruct the source data by eavesdropping a single link, since non-systematic coded packets are sent on disjoint paths.We also show that the proposed method has linear coding complexity, small header overhead and it does not require sending a feedback for each packet.

Published

2014

29. CryptoCloak - improvement proposal implementation

Author

Dijana Vukovic, Danilo Gligoroski, and Zoran Djuric

Subjects

Information privacy, Steganography, Privacy software, Computer science, business.industry, Context (language use), Cryptography, Computer security, computer.software_genre, Electronic mail, The Internet, Everyday life, business, computer

Abstract

In post-Snowden era (after June 2013 and his first revelation) many effort was invested into applications development providing privacy protection in Internet communication area. Secure chat applications, systems for anonymous browsing, steganography applications and similar products became world-wide needed and used in everyday life. CryptoCloak is a secure chat application developed using Java programming language. In this paper, CryptoCloak is presented and its improvement in the context of reducing time overhead is explained.

Published

2014

30. Simulation of some new models of error-detecting codes

Author

Danilo Gligoroski and Natasha Ilievska

Subjects

Mathematics::Group Theory, Theoretical computer science, Mathematics::General Mathematics, Computer science, Quasigroup, Coding (social sciences)

Abstract

We will define two models of error-detecting codes based on quasigroups of arbitrary order. For some special cases of these two models we provide experimental results for the probability of undetected errors if a given quasigroup of order 4 is used for coding. At the end, we will compare the considered special cases.

Published

2014

31. On Privacy Protection in the Internet Surveillance Era

Author

Dijana Vukovic, Zoran Djuric, and Danilo Gligoroski

Subjects

Information privacy, business.industry, Computer science, Privacy software, media_common.quotation_subject, Internet privacy, Cryptography, Computer security, computer.software_genre, Encryption, Key (cryptography), The Internet, Conversation, business, computer, Key exchange, media_common

Abstract

Snowden's whistleblower from the last year made people more aware of the fact that we are living in the Internet surveillance era. Privacy of Internet communication has been disrupted. In this paper, application for privacy protection in chat communication, named CryptoCloak, is presented. CryptoCloak provides privacy protection for chat communication. Encrypted communication is masked with dynamic cheap chat conversation. Communication made this way is not point of interest for mass surveillance spying engines. For implementation of the CryptoCloak, Facebook Messenger API is used. Diffie-Hellman key exchange is done in clandestine manner — instead of sending uniform sequence of numbers, sentences are sent. Current version provides encryption/decryption mechanism for the chat communication using strong symmetric algorithm AES in CBC mode. 256 bits of Diffie-Hellman exchanged key are used for AES-CBC.

Published

2014

32. π-Cipher: Authenticated Encryption for Big Data

Author

Danilo Gligoroski, Rune Erlend Jensen, Simona Samardjiska, Håkon Jacobsen, Mohamed El-Hadedy, and Hristina Mihajloska

Subjects

Block cipher mode of operation, Authenticated encryption, Cryptographic primitive, Computer science, business.industry, Big data, Cryptography, Computer security, computer.software_genre, Cipher, business, computer, Cryptographic nonce, Block cipher

Abstract

In today’s world of big data and rapidly increasing telecommunications, using secure cryptographic primitives that are parallelizable and incremental is becoming ever more important design goal. π-Cipher is parallel, incremental, nonce based authenticated encryption cipher with associated data. It is designed with the special purpose of providing confidentiality and integrity for big data in transit or at rest. It has, as an option, a secret part of the nonce which provides noncemisuse resistance. The design involves operations of several solid cryptographic concepts such as the Encrypt-then-MAC principle, the XOR MAC scheme and the two-pass sponge construction. It contains parameters that can provide the functionality of tweakable block ciphers for authenticated encryption of data at rest. The security of the cipher relies on the core permutation function based on ARX (Addition, Rotation and XOR) operations. π-Cipher offers several security levels ranging from 96 to 256 bits.

Published

2014

33. Personal Threshold in a Small Scale Text-Dependent Speaker Recognition

Author

Erlend Heimark, Yanling Chen, and Danilo Gligoroski

Subjects

Dynamic time warping, Biometrics, business.industry, Computer science, Speech recognition, Feature extraction, Pattern recognition, Modular design, computer.software_genre, Speaker recognition, Speaker diarisation, Artificial intelligence, Android (operating system), Audio signal processing, business, computer

Abstract

In this research, we implement a biometric authentication system on the Android platform, which is based on a text-dependent speaker recognition. The application makes use of the Modular Audio Recognition Framework (MARF), from which some of the algorithms are adapted in the pre-processing and feature extraction. In addition, we employ the Dynamic Time Warping (DTW) algorithm in the training and comparison processes to create reliable feature references and generate countable distance information. In particular, we introduce the personal thresholds to further optimize the system performance for each individual user. Our experimental results confirm that one can significantly improve the system performance in terms of the False Acceptance Rate (FAR) and False Rejection Rate (FRR), through using a collective training procedure and the personal thresholds.

Published

2013

34. On the Strong and Weak Keys in MQQ-SIG

Author

Håkon Jacobsen, Danilo Gligoroski, and Simona Samardjiska

Subjects

Scheme (programming language), Multivariate statistics, Key generation, business.industry, Computer science, computer.software_genre, Signature (logic), Public-key cryptography, Gröbner basis, Data mining, business, computer, Multivariate cryptography, computer.programming_language

Abstract

In this paper we describe a methodology for identifying strong and weak keys in the recently introduced multivariate public-key signature scheme MQQ-SIG. We have conducted a large number of experiments based on Grobner basis attacks, in order to classify the various parameters that determine the keys in MQQ-SIG. Our findings show that there are big differences in the importance of these parameters. The methodology consists of a classification of different parameters in the scheme, together with introduction of concrete criteria on which keys to avoid and which to use. Finally, we propose an enhanced key generation algorithm for MQQ-SIG that generates stronger keys and will be more efficient than the original key generation method.

Published

2013

35. How Lightweight Is the Hardware Implementation of Quasigroup S-Boxes

Author

Tolga Yalcin, Danilo Gligoroski, and Hristina Mihajloska

Subjects

Flexibility (engineering), Set (abstract data type), Computer science, business.industry, Algebraic structure, String (computer science), Lookup table, Reuse, business, Implementation, Quasigroup, Computer hardware

Abstract

In this paper, we present a novel method for realizing S-boxes using non-associative algebraic structures - quasigroups, which - in certain cases - leads to more optimized hardware implementations. We aim to give cryptographers an iterative tool for designing cryptographically strong S-boxes (which we denote as Q-S-boxes) with additional flexibility for hardware implementation. Existence of the set of cryptographically strong 4-bit Q-S-boxes depends on the non-linear quasigroups of order 4 and quasigroup string transformations. The Q-S-boxes offer the option to not only iteratively reuse the same circuit to implement several different strong 4-bit S-boxes, but they can also be serialized down to bit level, leading to S-box implementations below 10 GEs. With Q-S-boxes we can achieve over 40% area reduction with respect to a lookup table based implementation, and also over 16% area reduction in a parallel implementation of Present. We plan to generalize our approach to S-boxes of any size in the future.

Published

2013

36. Towards a Secure Multivariate Identity-Based Encryption

Author

Danilo Gligoroski and Simona Samardjiska

Subjects

Scheme (programming language), Multivariate statistics, Theoretical computer science, business.industry, Computer science, Encryption, Public-key cryptography, Multiple encryption, Quadratic equation, Collusion, Identity (object-oriented programming), business, computer, computer.programming_language

Abstract

We investigate the possibilities of building a Multivariate Identity-Based Encryption (IBE) Scheme, such that for each identity the obtained Public Key Encryption Scheme is Multivariate Quadratic (MQ). The biggest problem in creating an IBE with classical MQ properties is the possibility of collusion of polynomial number of users against the master key or the keys of other users. We present a solution that makes the collusion of polynomial number of users computationally infeasible, although still possible. The proposed solution is a general model for a Multivariate IBE Scheme with exponentially many public-private keys that are instances of an MQ public key encryption scheme.

Published

2013

37. General Sub-packetized Access-Optimal Regenerating Codes

Author

Harald Øverby, Katina Kralevska, and Danilo Gligoroski

Subjects

FOS: Computer and information sciences, Code (set theory), TheoryofComputation_COMPUTATIONBYABSTRACTDEVICES, Computer science, Information Theory (cs.IT), Computer Science - Information Theory, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Computer Science Applications, Combinatorics, Computer Science - Distributed, Parallel, and Cluster Computing, Integer, Modeling and Simulation, 0202 electrical engineering, electronic engineering, information engineering, Bandwidth (computing), Node (circuits), Distributed, Parallel, and Cluster Computing (cs.DC), Electrical and Electronic Engineering, Algorithm

Abstract

This letter presents a novel construction of $(n,k,d=n-1)$ access-optimal regenerating codes for an arbitrary sub-packetization level $\alpha $ for exact repair of any systematic node. We refer to these codes as general sub-packetized, because we provide an algorithm for constructing codes for any $\alpha $ less than or equal to $\vphantom {^{\int ^\int }}r^{\lceil ({k}/{r}) \rceil }$ , where $({k}/{r})$ is not necessarily an integer. This leads to a flexible construction of codes for different code rates compared with existing approaches. We derive the lower and upper bounds of the repair bandwidth. The repair bandwidth depends on the code parameters and $\alpha $ . The repair process of a failed systematic node is linear and highly parallelized, which means that a set of $\lceil ({\alpha }/{r}) \rceil $ symbols is independently repaired first and used along with the accessed data from other nodes to recover the remaining symbols.

Published

2016

38. Proposal for expansion of STASEC tool

Author

Dijana Vukovic, Danilo Gligoroski, and Zoran Djuric

Subjects

Security bug, Cloud computing security, Source code, business.industry, Computer science, media_common.quotation_subject, Information security, Computer security model, computer.software_genre, Web application security, Security information and event management, Security service, Operating system, Software engineering, business, computer, media_common

Abstract

Priority in the development of Web applications is the implementation of security mechanisms. In order to detect potential security vulnerabilities and implement appropriate security mechanisms, it is necessary to perform a detailed analysis of the application. For the detection of potential failures in the process of applications development, the static analysis of source code is used. STASEC [1] is a tool for static analysis of source code of Web applications that are implemented using the Java programming language. This paper presents a proposal for expansion of this tool with new module for the automatic detection of application vulnerabilities caused by manipulation of the input data on the client.

Published

2012

39. MQQ-SIG

Author

Svein J. Knapskog, Danilo Gligoroski, Rune Erlend Jensen, Smile Markovski, Ludovic Perret, Jean-Charles Faugère, and Rune Steinsmo Ødegård

Subjects

Discrete mathematics, business.industry, Computer science, 010102 general mathematics, Elliptic Curve Digital Signature Algorithm, 02 engineering and technology, 01 natural sciences, Random oracle, Orders of magnitude (bit rate), Public-key cryptography, Quadratic equation, Digital signature, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Smart card, 0101 mathematics, business, Signature (topology), Algorithm

Abstract

We present MQQ-SIG, a signature scheme based on "Multivariate Quadratic Quasigroups". The MQQ-SIG signature scheme has a public key consisting of $\frac{n}{2}$ quadratic polynomials in n variables where n=160, 192, 224 or 256. Under the assumption that solving systems of $\frac{n}{2}$ MQQ's equations in n variables is as hard as solving systems of random quadratic equations, we prove that in the random oracle model our signature scheme is CMA (Chosen-Message Attack) resistant. From efficiency point of view, the signing and verification processes of MQQ-SIG are three orders of magnitude faster than RSA or ECDSA. Compared with other MQ signing schemes, MQQ-SIG has both advantages and disadvantages. Advantages are that it has more than three times smaller private keys (from 401 to 593 bytes), and the signing process is an order of magnitude faster than other MQ schemes. That makes it very suitable for implementation in smart cards and other embedded systems. However, MQQ-SIG has a big public key (from 125 to 512 Kb) and it is not suitable for systems where the size of the public key has to be small.

Published

2012

40. Area efficient processing element architecture for compact hash functions systems on VIRTEX5 FPGA platform

Author

Svein J. Knapskog, Danilo Gligoroski, and Mohamed El-Hadedy

Subjects

Software, Computer science, business.industry, Proof of concept, Embedded system, Hash function, Cryptographic hash function, Cryptography, business, Field-programmable gate array, Throughput (business), Computer hardware, Electronic mail

Abstract

This paper presents the design and analysis of an area efficient processing element structure for use in cryptographic systems especially for implementing hash functions. The proposed architecture achieves significant efficiency improvements based on a reduction in area. We demonstrate a compact processing element on FPGA. As a proof of concept, we employed that compact processing element in the implementation of the Blue Midnight Wish (BMW) hash function which is one of the fastest candidates in the 2nd round SHA-3 hash function competition when implemented in software. With our new processing element, on Xilinx Virtex-5 we implemented BMW-256 in just 51 slices achieving a throughput of 68.71 Mbps and BMW-512 in just 105 slices achieving a throughput of 112.18 Mbps. Our design of the new processing element (PE) require the use of block RAM memory for storing the internal structure of the hash functions as well as for the PE instruction logic.

Published

2011

41. Comparison of the Power Consumption of the 2nd Round SHA-3 Candidates

Author

Benedikt Westermann, Svein J. Knapskog, and Danilo Gligoroski

Subjects

Competition (economics), Computer engineering, Power consumption, Computer science, SHA-3, Hash function, Byte, NIST, Energy (signal processing)

Abstract

In the paper we show that the second round candidates of the NIST hash competition differ up to 22 % in their power consumption. We perform a detailed analysis of the candidates with respect to different performance parameters. Finally, we discuss the time, the power consumption, and the energy per byte as criteria to distinguish the candidates with respect to the performance.

Published

2011

42. Implementing the Blue Midnight Wish Hash Function on Xilinx Virtex-5 FPGA Platform

Author

Mohamed El-Hadedy, Martin Margala, Svein J. Knapskog, and Danilo Gligoroski

Subjects

Virtex, business.industry, Computer science, Hash function, 32-bit, Padding, Memory management, SHA-3, Embedded system, Hardware_ARITHMETICANDLOGICSTRUCTURES, business, Field-programmable gate array, Throughput (business), Computer hardware

Abstract

This paper presents the design and analysis of an area efficient implementation of the SHA-3 candidate Blue Midnight Wish (BMW-256) hash function with digest size of 256 bits on an FPGA platform. Our architecture is based on a 32 bit data-path. The core functionality with finalization implementation without padding stage of BMW on Xilinx Virtex-5 FPGA requires 84 slices and two blocks of memory: one memory block to store the intermediate values and hash constants and the other memory block to store the instruction controls. The proposed implementation achieves a throughput of 56 Mpbs.

Published

2010

43. Resource-efficient implementation of Blue Midnight Wish-256 hash function on Xilinx FPGA platform

Author

Svein J. Knapskog, Danilo Gligoroski, Mohamed El-Hadedy, Martin Margala, Norges teknisk-naturvitenskapelige universitet, Senter for fremragende forskning, Centre for Quantifiable Quality of Service in Communication Systems, and Norges teknisk-naturvitenskapelige universitet, Fakultet for informasjonsteknologi, matematikk og elektroteknikk, Institutt for telematikk

Subjects

Virtex, Speedup, cryptography, business.industry, Computer science, Hash function, Blue Midnight Wish compression function, Cryptography, resource efficient implementation, SHA-2, Embedded system, NIST, hash function, business, Field-programmable gate array, Throughput (business), Xilinx FPGA platform, field programmable gate arrays

Abstract

This paper presents the design and analysis of an area efficient Blue Midnight Wish compression function with digest size of 256 bits (BMW-256) on FPGA platforms. The proposed architecture achieves significant improvements in system throughput with reduced area. We demonstrate the performance of the proposed BMW hash function core using VIRTEX 5 FPGA implementation. The new BMW hash function design allows for 16X speed up in performance while consuming significantly lower area than previously reported (i.e. just 445 slices).

Published

2010

44. Low area FPGA and ASIC implementations of the hash function 'Blue Midnight Wish-256'

Author

Einar J. Aas, Mohamed El-Hadedy, Svein J. Knapskog, and Danilo Gligoroski

Subjects

Secure Hash Algorithm, business.industry, Computer science, Hash function, MDC-2, computer.software_genre, Hash-based message authentication code, Secure Hash Standard, SHA-2, Embedded system, Hash chain, Cryptographic hash function, Operating system, Hardware_ARITHMETICANDLOGICSTRUCTURES, business, computer

Abstract

Hash functions are widely used in information security and cryptography. They are used in countless applications such as message authentication codes (MAC), Digital Signatures (DS) and mobile trusted modules (MTM). Serious attacks have been reported against cryptographic hash algorithms, including SHA-1. Because the SHA-1 and SHA-2 families share a similar design, the National Institute of Standards and Technology (NIST) in 2007 decided to start a world-wide development process for choosing the next secure hash standard SHA-3. A pivotal part of the process is an open competition for bringing forward new and secure cryptographic hash functions. The Blue Midnight Wish hash function is one of the second round candidates for the SHA-3 competition. In this paper, we describe low area FPGA and ASIC implementations for the Blue Midnight Wish compression function with digest size of 256 bits (BMW-256). Using Xilinx FPGA platform Virtex 5 “XC5VLX30”, we implemented BMW-256 using 1986 slices (including the internal memory), and using only 122 slices for an implementation that uses external memory. By using 0.8 µm CMOS standard cell library the ASIC implementation of BMW-256 takes approximately 13.5 Kgates (including the internal memory), and only 4 Kgates for an implementation that uses external memory.

Published

2009

45. Low Area Implementation of the Hash Function “Blue Midnight Wish 256” for FPGA Platforms

Author

Svein J. Knapskog, Danilo Gligoroski, and Mohamed El-Hadedy

Subjects

Secure Hash Algorithm, Virtex, business.industry, Computer science, Hash function, MDC-2, computer.software_genre, Secure Hash Standard, Fowler–Noll–Vo hash function, SHA-2, Embedded system, Cryptographic hash function, Operating system, Hardware_ARITHMETICANDLOGICSTRUCTURES, business, Hardware_REGISTER-TRANSFER-LEVELIMPLEMENTATION, computer

Abstract

in cryptography and information security, hash functions are considered as the "Swiss army knife" - they are used in countless protocols and algorithms. In 2005, we witnessed a significant theoretical breakthrough in breaking the current cryptographic standard SHA-1. Although there is another family of standardized hash functions called SHA-2, ready to replace SHA-1 hash function, at the end of 2007, the National Institute of Standards and Technology (NIST) decided to start a 4 year world-wide development process, including a competition for the superior algorithm design, for choosing the next cryptographic hash standard SHA-3. Blue Midnight Wish is one of the proposed new designs in the SHA-3 competition that continues in the Second Round of the competition. In this paper, we describe the architecture and an FPGA implementation in several different Xilinx devices for the compression function of the Blue Midnight Wish hash function with a digest size of 256 bits(BMW-256). The main goal of this work is to implement the compression function of BMW-256 with as small as possible area.The proposed design synthesized for Xilinx FPGA Virtex "XCV300pq240" uses 2147 slices including the internal memory and just 1354 slices for the design that uses external memory. For comparison, SHA-256 Xilinx FPGA Virtex "XCV200pq240" design uses 4768 slices.

Published

2009

46. The Altinn Case Study: Proposal for a Large-Scale Public-Key Biometric Infrastructure

Author

Bendik B. Mjaaland, Svein J. Knapskog, and Danilo Gligoroski

Subjects

Minutiae, Key generation, Database, Biometrics, Computer science, business.industry, Public key infrastructure, Sample (statistics), computer.software_genre, Computer security, Public-key cryptography, Fingerprint, State (computer science), business, computer

Abstract

We have developed a method for generation of a large database of public keys based on biometric data extracted from fingerprints of the users, without the need to use stored templates. In this short paper we show the application of our method in a case study for Altinn -- a Norwegian state official web portal, giving services to millions of customers in a 24/7 manner. To cope with variations in the sample, the key generation method allows minutiae points to change slightly without affecting the resulting key. Thus, the database does not only hold one public key for each user, but also keys that are likely (with high probability) to be generated if there is a small sample error in the future. This high probability is based on critical minutiae points.

Published

2009

47. High Performance Implementation of a Public Key Block Cipher - MQQ, for FPGA Platforms

Author

Svein J. Knapskog, Danilo Gligoroski, and Mohamed El-Hadedy

Subjects

Public-key cryptography, business.industry, Computer science, Embedded system, Cryptography, Hardware_ARITHMETICANDLOGICSTRUCTURES, Elliptic curve cryptography, Encryption, business, Field-programmable gate array, Throughput (business), Sequential algorithm, Block cipher

Abstract

This is the first implementation in FPGA of the recently published class of public key algorithms - MQQ, that are based on quasigroup string transformations. Our implementation achieves decryption throughput of 399 Mbps on an Xilinx Virtex-5 FPGA that is running on 249.4 MHz. The encryption throughput of our implementation achieves 44.27 Gbps on an Xilinx Virtex-5 chip that is running on 276.7 MHz. Compared to RSA implementation on the same FPGA platform this implementation of MQQ is 10,000 times faster in decryption, and is more than 17,000 times faster in encryption. The main goal of this work was to build a hardware that can perform operations with the public and the private key that have as high as possible speed. Our main comparison is with RSA with a similar cryptographic strength, because we want to emphasize that RSA being essentially sequential algorithm can not benefit from the parallel capabilities that modern FPGAs offer, while MQQ can.

Published

2008

48. Bypassing Data Execution Prevention on MicrosoftWindows XP SP2

Author

N. Stojanovski, Svein J. Knapskog, Danilo Gligoroski, and Marjan Gusev

Subjects

Windows Vista, Internet Authentication Service, Computer science, Next-Generation Secure Computing Base, Microsoft Windows, Operating system, Windows Rally, Group Policy, computer.software_genre, Computer security, computer, Commit charge, Security and safety features new to Windows Vista

Abstract

The evolution of Microsoft Windows from a desktop operating system into a server operating system has brought attention to and concern of some severe security issues. Attacks that exploited buffer overflows started appearing for the services that were used on the new server operating system. Recently, Microsoft decided to implement a protective measure: data execution prevention - DEP in two of their products: Service Pack 2 for Windows XP and Service Pack 1 for Windows 2003. The measure has been implemented as one of the core security mechanisms with the intention to prevent the attackers from breaking into the system i.e., to prevent the execution of code in non-executable memory regions. In this paper we show that the initial implementation of the software for DEP in Windows XP Service Pack 2 is actually not at all secure and that stack overflow attacks against DEP are as effective as attacks against systems that do not have DEP

Published

2007

49. Unbiased Random Sequences from Quasigroup String Transformations

Author

Smile Markovski, Ljupco Kocarev, and Danilo Gligoroski

Subjects

Discrete mathematics, Pseudorandom number generator, Uniform distribution (continuous), Computer science, Entropy (statistical thermodynamics), Random number generation, String (computer science), Random sequence, Entropy (classical thermodynamics), Fair coin, Stochastic simulation, Entropy (information theory), Randomness tests, Entropy (energy dispersal), Entropy (arrow of time), Algorithm, Quasigroup, Randomness, Entropy (order and disorder)

Abstract

The need of true random number generators for many purposes (ranging from applications in cryptography and stochastic simulation, to search heuristics and game playing) is increasing every day. Many sources of randomness possess the property of stationarity. However, while a biased die may be a good source of entropy, many applications require input in the form of unbiased bits, rather than biased ones. In this paper, we present a new technique for simulating fair coin flips using a biased, stationary source of randomness. Moreover, the same technique can also be used to improve some of the properties of pseudo random number generators. In particular, an improved pseudo random number generator has almost unmeasurable period, uniform distribution of the letters, pairs of letters, triples of letters, and so on, and passes many statistical tests of randomness. Our algorithm for simulating fair coin flips using a biased, stationary source of randomness (or for improving the properties of pseudo random number generators) is designed by using quasigroup string transformations and its properties are mathematically provable. It is very flexible, the input/output strings can be of 2-bits letters, 4-bits letters, bytes, 2-bytes letters, and so on. It is of linear complexity and it needs less than 1Kb memory space in its 2-bits and 4-bits implementations, hence it is suitable for embedded systems as well.

Published

2005