1,720,983 research outputs found

    Modeling Rational Adversaries: Predicting Behavior and Developing Deterrents

    No full text
    In the field of cybersecurity, it is often not possible to construct systems that are resistant to all attacks. For example, even a well-designed password authentication system will be vulnerable to password cracking attacks because users tend to select low-entropy passwords. In the field of cryptography, we often model attackers as powerful and malicious and say that a system is broken if any such attacker can violate the desired security properties. While this approach is useful in some settings, such a high bar is unachievable in many security applications e.g., password authentication. However, even when the system is imperfectly secure, it may be possible to deter a rational attacker who seeks to maximize their utility. In particular, if a rational adversary finds that the cost of running an attack is higher than their expected rewards, they will not run that particular attack. In this dissertation we argue in support of the following statement: Modeling adversaries as rational actors can be used to better model the security of imperfect systems and develop stronger defenses. We present several results in support of this thesis. First, we develop models for the behavior of rational adversaries in the context of password cracking and quantum key-recovery attacks. These models allow us to quantify the damage caused by password breaches, quantify the damage caused by (widespread) password length leakage, and identify imperfectly secure settings where a rational adversary is unlikely to run any attacks i.e. quantum key-recovery attacks. Second, we develop several tools to deter rational attackers by ensuring the utilityoptimizing attack is either less severe or nonexistent. Specifically, we develop tools that increase the cost of offline password cracking attacks by strengthening password hashing algorithms, strategically signaling user password strength, and using dedicated ApplicationSpecific Integrated Circuits (ASICs) to store passwords

    Exploring the Composition of Coding Theory and Cryptography Through Secure Computation, Succinct Arguments, and Local Codes

    No full text
    We examine new ways in which coding theory and cryptography continue to be composed together, and show that the composition of these two fields yield new constructions in the areas of Secure Computation Protocols, Succinct Interactive Arguments, and Locally Decodable Codes. This dissertation is a continuation of several decades of research in composing coding theory and cryptography; examples include secret sharing, encryption schemes, randomness extraction, pseudo-random number generation, and the PCP theorem, to name a few.In Part I of this dissertation, we examine the composition of coding theory with cryptography, explicitly and implicitly. On the explicit side, we construct a new family of linear error-correcting codes, based on algebraic geometric codes, and use this family to construct new correlation extractors (Ishai et al., FOCS 2009). Correlation extractors are two-party secure computation protocols for distilling samples of a leaky correlation (e.g., pre-processed secret shares that have been exposed to side-channel attacks) into secure and fresh shares of another correlation (e.g., shares of oblivious transfer). Our correlation extractors are (nearly) optimal in all parameters. On the implicit side, we use coding theoretic arguments to show the security of succinct interactive arguments(Micali, FOCS 1994). Succinct interactive arguments are a restriction of interactive proofs (Goldwasser, Micali, Rackoff, STOC 1985) for which security only holds against computationally bounded provers (i.e., probabilistic polynomial time), and where the proofs are sub-linear in the size of the statement being proven. Our new succinct interactive arguments are the first public-coin, zero-knowledge arguments with time and space efficient provers: we give two protocols where any NP statement that is verifiable by a time-T space-S RAM program in is provable time O˜︁(T) and space S · polylog(T).In Part II of this dissertation, we examine the composition of cryptography with coding theory, again explicitly and implicitly, focusing specifically on locally decodable codes (Katz and Trevisan, STOC 2000). Locally decodable codes, or LDCs, are error-correcting codes with super-efficient probabilistic decoding procedures that allow for decoding individual symbols of the encoded message, without decoding the entire codeword. On the implicit side, we utilize cryptographic analysis tools to give a conceptually simpler proof of the so-called “Hamming-to-InsDel” compiler (Ostrovsky and Paskin-Cherniavsky, ITS 2015). This compiler transforms any Hamming LDC (i.e., a code that is resilient to bit-flip errors) to another LDC that is resilient to the broad class of insertion-deletion errors, approximately preserving the rate and error-tolerance of the code at the cost of a poly-logarithmic increase in the query complexity. We further extend this compiler to both the private LDC setting (Ostrovsky, Pandey, and Sahai, ICALP 2007), where the encoder and decoder are assumed to share a secret key unknown to the adversarial channel, and the resource-bounded LDC setting (Blocki, Kulkarni, and Zhou, ITC 2020), where the adversarial channel is assumed to be resource constrained. On the explicit side, we utilize two cryptographic primitives to give new constructions of alternative notions of LDCs. First, we use cryptographic puzzles(Bitansky et al., ITCS 2016) to construct resource-bounded Hamming LDCs in the standard model without random oracles, answering an open question of Blocki, Kulkarni, and Zhou (ITC 2020); we then naturally extend these LDCs to the InsDel setting via our previously mentioned compiler

    Mechanism Design in Defense Against Offline Password Attacks

    No full text
    The prevalence of offline password attacks, resulting from attackers breaching authentication servers and stealing cryptographic password hashes, poses a significant threat. Users’ tendency to select weak passwords and reuse passwords across multiple accounts, coupled with computation advancement, further exacerbate the danger.This dissertation addresses this issue by proposing password authentication mechanisms that aim to minimize the number of compromised passwords in the event of offline attacks, while ensuring that the server’s workload remains manageable. Specifically, we present three mechanisms: (1) DAHash: This mechanism adjusts password hashing costs based on the strength of the underlying password. Through appropriate tuning of hashing cost parameters, the DAHash mechanism effectively reduces the fraction of passwords that can be cracked by an offline password cracker. (2) Password Strength Signaling: We explore the application of Bayesian Persuasion to password authentication. The key idea is to have the authentication server store a noisy signal about the strength of each user password for an offline attacker to find. We demonstrate that by appropriately tuning the noise distribution for the signal, a rational attacker will crack fewer passwords. (3) Cost-Asymmetric Memory Hard Password Hashing: We extend the concept of password peppering to modern Memory Hard password hashing algorithms. We identify limitations in naive extensions and introduce the concept of cost-even breakpoints as a solution. This approach allows us to overcome these limitations and achieve cost-asymmetry, wherein the expected cost of validating a correct password is significantly smaller than the cost of rejecting an incorrect password.When analyzing the behavior of a rational attacker it is important to understand the attacker’s guessing curve i.e., the percentage of passwords that the attacker could crack within a guessing budget B. Dell’Amico and Filippone [1] introduced a Monte Carlo algorithm to estimate the guessing number of a password as well as an estimate for the guessing curve. While the estimated guessing number is accurate in expectation the variance can be large and the method does not guarantee that the estimates are accurate with high probability. Thus, we introduce Confident Monte Carlo as a tool to provide confidence intervals for guessing number estimates and upper/lower bound the attacker’s guessing curves.Moreover, we extend our focus beyond classical attackers to include quantum attackers. We present a decision-theoretic framework that models the rational behavior of attackers equipped with quantum computers. The objective is to quantify the capabilities of a rational quantum attacker and the potential damage they could inflict, assuming optimal decision-making. Our framework can potentially contribute to the development of effective countermeasures against a wide range of quantum pre-image attacks in the future

    Going Beyond Counting First Authors in Author Co-citation Analysis

    Full text link
    The present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed

    Variations on the Author

    Full text link
    “Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship

    Appropriate Similarity Measures for Author Cocitation Analysis

    Full text link
    We provide a number of new insights into the methodological discussion about author cocitation analysis. We first argue that the use of the Pearson correlation for measuring the similarity between authors’ cocitation profiles is not very satisfactory. We then discuss what kind of similarity measures may be used as an alternative to the Pearson correlation. We consider three similarity measures in particular. One is the well-known cosine. The other two similarity measures have not been used before in the bibliometric literature. Finally, we show by means of an example that our findings have a high practical relevance.information science;Pearson correlation;cosine;similarity measure;author cocitation analysis

    Dispelling the Myths Behind First-author Citation Counts

    Full text link
    We conducted a full-scale evaluative citation analysis study of scholars in the XML research field to explore just how different from each other author rankings resulting from different citation counting methods actually are, and to demonstrate the capability of emerging data and tools on the Web in supporting more realistic citation counting methods. Our results contest some common arguments for the continued use of first-author citation counts in the evaluation of scholars, such as high correlations between author rankings by first-author citation counts and other citation counting methods, and high costs of using more realistic citation counting methods that are not well-supported by the ISI databases. It is argued that increasingly available digital full text research papers make it possible for citation analysis studies to go beyond what the ISI databases have directly supported and to employ more sophisticated methods

    Author Index

    No full text
    Nao informado

    koamabayili/VECTRON-author-checklist: VECTRON author checklist

    No full text
    We have done our best to complete the author checklist relating to the use of animals in the hut study. Note that the objective for the hut study was to evaluate the IRS treatment applications for residual efficacy against Anopheles mosquitoes, including the local An. coluzzii mosquito population. Cows were only used to attract mosquitoes into the huts and no tests were carried out directly on the cows. The author checklist is intended for use with studies where experiments are carried out on animals, which is why we have had such difficulty in completing this for the hut study, as many of the questions do not relate to how the cows were used
    corecore