1,721,073 research outputs found
Cryptology and network security
No full textThis book constitutes the refereed proceedings of the 11th International Conference on Cryptology and Network Security, CANS 2012, held in Darmstadt, Germany, in December 2012. The 22 revised full papers, presented were carefully reviewed and selected from 99 submissions. The papers are organized in topical sections on cryptanalysis; network security; cryptographic protocols; encryption; and s-box theory
Attacking Single-Cycle Ciphers on Modern FPGAs : Featuring Explainable Deep Learning
No full textIn this paper, we revisit the question of key recovery using side-channel analysis for unrolled, single-cycle block ciphers. In particular, we study the Princev2 cipher. While it has been shown vulnerable in multiple previous studies, those studies were performed on side-channel friendly ASICs or older FPGAs (e.g., Xilinx Virtex II on the SASEBO-G board), and using mostly expensive equipment. We start with the goal of exploiting a cheap modern FPGA and board using power traces from a cheap oscilloscope. Particularly, we use Xilinx Artix 7 on the Chipwhisperer CW305 board and PicoScope 5000A, respectively. We split our study into three parts. First, we show that the new set-up still exhibits easily detectable leakage, using a non-specific t-test. Second, we replicate attacks from older FPGAs. Namely, we start with the attack by Yli-Mäyry et al., which is a simple chosen plaintext correlation power analysis attack using divide and conquer. However, we demonstrate that even this simple, powerful attack does not work, demonstrating a peculiar behavior. We study this behavior using a stochastic attack that attempts to extract the leakage model, and we show that models over a small part of the state are inconsistent and depend on more key bits than what is expected. We also attempt classical template attacks and get similar results. To further exploit the leakage, we employ deep learning techniques and succeed in key recovery, albeit using a large number of traces. We perform the explainability technique called Key Guessing Occlusion (KGO) to detect which points the neural networks exploit. When we use these points as features for the classical template attack, although it did not recover the secret key, its performance improves compared to other feature selection techniques
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Hierarchical Attribute-based Signatures
Full text link"Attribute-based Signatures (ABS) are a powerful tool allowing users with attributes issued by authorities to sign messages while also proving that their attributes satisfy some policy. ABS schemes provide a flexible and privacy-preserving approach to authentication since the signer's identity and attributes remain hidden within the set of users sharing policy-conform attributes. Current ABS schemes exhibit some limitations when it comes to the management and issuance of attributes. In this thesis we address the lack of support for hierarchical attribute management, a property that is prevalent in traditional PKIs where certification authorities are organised into hierarchies and signatures are verified along roots of trust.Hierarchical Attribute-based Signatures (HABS) introduced in this work support delegation of attributes along paths from a top-level authority down to the users while also ensuring that signatures produced by these users do not leak their delegation paths, thus extending the original privacy guarantees of ABS schemes. Our HABS security properties ensure unforgeability of signatures in the presence of collusion attacks and contains an extended traceability property allowing a dedicated tracing authority to identify the signer and reveal its attribute delegation paths. We include a public verification procedure for the accountability of the tracing authority. We propose two HABS constructions in the bilinear group setting, the first is generic utilising standard cryptographic building blocks and the latter is a direct construction. We formally prove their security in the standard and generic group model respectively.An important yet challenging property for privacy-preserving ABS is revocation, which may be applied to signers or some of the attributes they possess. Existing ABS schemes lack efficient revocation of either signers or their attributes, relying on generic costly proofs. Moreover, in HABS there is a further need to support efficient revocation of authorities on the delegation paths, which is not provided by our previous HABS constructions.Our final chapter proposes a HABS construction with a Verifier-Local Revocation (VLR) property. We extend the original HABS security model to address revocation and develop a new attribute delegation technique with appropriate VLR mechanism, which also implies the first non-hierarchical ABS scheme to support VLR. Moreover, our scheme supports inner-product signing policies, offering a wider class of attribute relations than previous HABS schemes, and is the first to be based on lattices, which are thought to offer post-quantum security.We anticipate that HABS will be useful for privacy-preserving authentication in applications requiring hierarchical delegation of attribute-issuing rights and where knowledge of delegation paths might leak information about signers and their attributes, e.g., in intelligent transport systems where vehicles may require certain attributes to authenticate themselves to the infrastructure but remain untrackable by the latter.
Transparent Mobile Storage Protection in Trusted Virtual Domains
Full text linkMobile Storage Devices, such as USB flash drives, offer a flexible solution for the transport and exchange of data. Nevertheless, in order to prevent unauthorized access to sensitive data, many enterprises require strict security policies for the use of such devices with the effect of rendering their advantages rather unfruitful.
Trusted Virtual Domains (TVDs) provide a secure IT infrastructure offering a homogeneous and transparent enforcement of access control policies on data and network resources, however, the current model does not specifically deal with Mobile Storage Devices.
In this paper, we present an extension of the TVD architecture to incorporate the usage of Mobile Storage Devices. Our proposal addresses three major issues: coherent extension of TVD policy enforcement by introducing architectural components that feature identification and management of transitory devices; transparent mandatory encryption of sensitive data stored on mobile devices; and highly dynamic centralized key management service. In particular we address offline scenarios allowing users to access and modify data while being temporarily disconnected from the domain. We also present a prototype implementation based on the Turaya security kernel
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
Appropriate Similarity Measures for Author Cocitation Analysis
Full text linkWe provide a number of new insights into the methodological discussion about author cocitation analysis. We first argue that the use of the Pearson correlation for measuring the similarity between authors’ cocitation profiles is not very satisfactory. We then discuss what kind of similarity measures may be used as an alternative to the Pearson correlation. We consider three similarity measures in particular. One is the well-known cosine. The other two similarity measures have not been used before in the bibliometric literature. Finally, we show by means of an example that our findings have a high practical relevance.information science;Pearson correlation;cosine;similarity measure;author cocitation analysis
Using traditional image kernels and image processing techniques to harden convolutional neural networks against adversarial attacks
Full text linkConvolutional Neural Networks (CNNs) are the primary image classification method, especially in safety-critical physical environments such as autonomous driving and industrial automation. However, CNNs are vulnerable to adversarial attacks in which noise could be added to an image to deceive the classifier. This can lead CNN to make incorrect predictions with high confidence, posing significant threats to physical systems. Although there are various defense mechanisms against adversarial attacks, many are unsuitable for safety-critical applications due to possible image degradation or high computational costs. In this research, we investigate the use of traditional image denoising techniques as a defense against adversarial attacks in environments with limited computational resources. We evaluated three denoising methods: Median filtering, Gaussian filtering, and the Markov chain Monte Carlo (MCMC) method, under “real-world conditions”. The results demonstrate that these three methods not only reduce the impact of adversarial attacks but also surpass the state-of-the-art defense technique, APE-GAN, in speed while preserving prediction accuracy. Our findings show that traditional denoising techniques could provide a practical and efficient defense against adversarial attacks in low-power, safety-critical systems
Distributed protocols for digital signatures and public key encryption.
Full text linkDistributed protocols allow a cryptographic scheme to distribute its operation among a group of participants (servers). This new concept of cryptosystems was introduced
by Desmedt [56]. We consider two different flavours of distributed protocols. One of them considers a distributed model with n parties where all of these parties are honest. The other allows up to t − 1 parties to be faulty. Such cryptosystems are called threshold cryptosystems. The distribution of cryptographic process is based on secret sharing techniques and is usually applicable to public-key cryptosystems. In this thesis we consider distributed protocols for digital signatures and public key encryption schemes.
First we consider two flavours of digital signatures - aggregate signatures and multisignatures - and explore the uniqueness property of these constructions. We show that it gives rise to generic constructions of distributed verifiable unpredictable functions (DVUF), whose outputs can be made pseudorandom in the shared random string model using the techniques from [120]. This gives us the first generic construction of distributed verifiable random functions (DVRF) that do not impose assumptions on trusted generation of secret keys and whose outputs remain pseudorandom even in a presence of up to n − 1 corrupted servers. We provide a DVRF construction which follows immediately from the proof of uniqueness for the multisignature scheme [26].
Then we consider blind signatures as another flavour of digital signatures, and propose the first standard-model construction of (re-randomizable) threshold blind signatures (TBS), where signatures can be obtained in a blind way through interaction with n signers of which t are required to provide their signature shares. The stronger
security notions for TBS schemes formalized in our work extend the definitions from [144] to the threshold setting. We further show how our TBS construction can be used to realize a distributed e-voting protocol following the template from [158] that guarantees privacy, anonymity, democracy, conjectured soundness and individual verifiability in the presence of distributed voting authorities.
The important applications of distributed digital signatures - threshold e-voting and distributed e-cash - motivated us to consider the nowadays meaningful and crucial
cloud data storage techniques. We realize the idea of distributed cloud data storage, which becomes possible as an application of threshold public key encryption with
keyword search. First, we model the concept of Threshold Public Key Encryption with Keyword Search (TPEKS) and define its security properties - indistinguishability
and consistency under chosen-ciphertext attacks. Our definition of indistinguishability includes protection against keyword guessing attacks, to which all single-server-based PEKS constructions were shown to be vulnerable. We provide a transformation for obtaining secure TPEKS constructions from an anonymous Identity-Based Threshold Decryption (IBTD) scheme, following the conceptual idea behind the transformation from [2] for building PEKS from anonymous IBE. A concrete instantiation of a secure TPEKS scheme can be obtained from our direct anonymous IBTD construction, based on the classical Boneh-Franklin IBE [31], for which we prove the security under the
BDH assumption in the random oracle model. Finally we highlight the use of TPEKS schemes for better privacy and availability in distributed cloud storage and provide a
comparison with the dual-server PEKS (DS-PEKS)[50] regarding the functionalities of the both schemes, PEKS and DS-PEKS
- …
