Computer Science - Cryptography and Security Publications (50)


Computer Science - Cryptography and Security Publications

The Internet of Things (IoT) being a promising technology of the future is expected to connect billions of devices. The increased number of communication is expected to generate mountains of data and the security of data can be a threat. The devices in the architecture are essentially smaller in size and low powered. Read More

De, Trevisan and Tulsiani [CRYPTO 2010] show that every distribution over $n$-bit strings which has constant statistical distance to uniform (e.g., the output of a pseudorandom generator mapping $n-1$ to $n$ bit strings), can be distinguished from the uniform distribution with advantage $\epsilon$ by a circuit of size $O( 2^n\epsilon^2)$. Read More

We consider the privacy implications of public release of a de-identified dataset of Opal card transactions. The data was recently published at https://opendata.transport. Read More

Web-based single sign-on (SSO) services such as Google Sign-In and Log In with Paypal are based on the OpenID Connect protocol. This protocol enables so-called relying parties to delegate user authentication to so-called identity providers. OpenID Connect is one of the newest and most widely deployed single sign-on protocols on the web. Read More

Energy efficiency is one of the most important parameters for designing and building a computing system nowadays. Introduction of new transistor and memory technologies to the integrated circuits design have brought hope for low energy very large scale integration (VLSI) circuit design. This excellency is pleasant if the computing system is secure and the energy is not wasted through execution of malicious actions. Read More

Reversible logic has two main properties. First, the number of inputs is equal to the number of outputs. Second, it implements a one-to-one mapping; i. Read More

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems. Read More

Deep neural networks (DNNs) play a key role in many applications. Current studies focus on crafting adversarial samples against DNN-based image classifiers by introducing some imperceptible perturbations to the input. However, DNNs for natural language processing have not got the attention they deserve. Read More

Most of the codes that have an algebraic decoding algorithm are derived from the Reed Solomon codes. They are obtained by taking equivalent codes, for example the generalized Reed Solomon codes, or by using the so-called subfield subcode method, which leads to Alternant codes and Goppa codes over the underlying prime field, or over some intermediate subfield. The main advantages of these constructions is to preserve both the minimum distance and the decoding algorithm of the underlying Reed Solomon code. Read More

Security and energy are considered as the most important parameters for designing and building a computing system nowadays. Today's attacks target different layers of the computing system (i.e. Read More

Transversality is a simple and effective method for implementing quantum computation fault-tolerantly. However, no quantum error-correcting code (QECC) can transversally implement a quantum universal gate set (Eastin and Knill, Phys. Rev. Read More

Computational notions of entropy have many applications in cryptography and complexity theory. These notions measure how much (min-)entropy a source $X$ has from the eyes of a computationally bounded party who may hold certain "leakage information" $B$ that is correlated with $X$. In this work, we initiate the study of computational entropy in the quantum setting, where $X$ and/or $B$ may become quantum states and the computationally bounded observer is modeled as a small quantum circuit. Read More

Currently there is an active Post-Quantum Cryptography (PQC) solutions search, which attempts to find cryptographic protocols resistant to attacks by means of for instance Shor polynomial time algorithm for numerical field problems like integer factorization (IFP) or the discrete logarithm (DLP). The use of non-commutative or non-associative structures are, among others, valid choices for these kinds of protocols. In our case, we focus on a permutation subgroup of high order and belonging to the symmetric group S381. Read More

Research on vehicular networking (V2X) security has produced a range of security mechanisms and protocols tailored for this domain, addressing both security and privacy. Typically, the security analysis of these proposals has largely been informal. However, formal analysis can be used to expose flaws and ultimately provide a higher level of assurance in the protocols. Read More

We present quasi-linear time systematic encoding algorithms for multiplicity codes. The algorithms have their origins in the fast multivariate interpolation and evaluation algorithms of van der Hoeven and Schost (2013), which we generalise to address certain Hermite-type interpolation and evaluation problems. By providing fast encoding algorithms for multiplicity codes, we remove an obstruction on the road to the practical application of the private information retrieval protocol of Augot, Levy-dit-Vehel and Shikfa (2014). Read More

Spatial crowdsourcing (SC) is a new platform that engages individuals in collecting and analyzing environmental, social and other spatiotemporal information. With SC, requesters outsource their spatiotemporal tasks to a set of workers, who will perform the tasks by physically traveling to the tasks' locations. This chapter identifies privacy threats toward both workers and requesters during the two main phases of spatial crowdsourcing, tasking and reporting. Read More

We consider a cloud based multiserver system, that may be cloud based, consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We address cloud-side proactive and reactive defenses to combat DDoS attacks that may target this system. DDoS attacks are endemic with some notable attacks occurring just this past fall. Read More

Today, with the continued growth in using information and communication technologies (ICT) for business purposes, business organizations become increasingly dependent on their information systems. Thus, they need to protect them from the different attacks exploiting their vulnerabilities. To do so, the organization has to use security technologies, which may be proactive or reactive ones. Read More

Grids allow users flexible on-demand usage of computing resources through remote communication networks. A remarkable example of a Grid in High Energy Physics (HEP) research is used in the ALICE experiment at European Organization for Nuclear Research CERN. Physicists can submit jobs used to process the huge amount of particle collision data produced by the Large Hadron Collider (LHC). Read More

The apps installed on a smartphone can reveal much information about a user, such as their medical conditions, sexual orientation, or religious beliefs. Additionally, the presence or absence of particular apps on a smartphone can inform an adversary who is intent on attacking the device. In this paper, we show that a passive eavesdropper can feasibly identify smartphone apps by fingerprinting the network traffic that they send. Read More

A growing number of threats to Android phones creates challenges for malware detection. Manually labeling the samples into benign or different malicious families requires tremendous human efforts, while it is comparably easy and cheap to obtain a large amount of unlabeled APKs from various sources. Moreover, the fast-paced evolution of Android malware continuously generates derivative malware families. Read More

This technical report describes the derivation of the asymptotic eigenvalue distribution for causal 2D-AR models under an upscaling scenario. Specifically, it tackles the analytical derivation of the asymptotic eigenvalue distribution of the sample autocorrelation matrix corresponding to genuine and upscaled images. It also includes the pseudocode of the derived approaches for resampling detection and resampling factor estimation that are based on this analysis. Read More

We show how any party can encrypt data for an e-passport holder such that only with physical possession of the e-passport decryption is possible. The same is possible for electronic identity cards and driver licenses. We also indicate possible applications. Read More

The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make it smarter. A variety of applications now run simultaneously on an ARM-based processor. For example, devices on the edge of the Internet are provided with higher horsepower to be entrusted with storing, processing and analyzing data collected from IoT devices. Read More

The paper addresses the problem of emulating a regular register in a synchronous distributed system where clients invoking ${\sf read}()$ and ${\sf write}()$ operations are anonymous while server processes maintaining the state of the register may be compromised by rational adversaries (i.e., a server might behave as \emph{rational malicious Byzantine} process). Read More

A honeypot is a type of security facility deliberately created to be probed, attacked and compromised. It is often used for protecting production systems by detecting and deflecting unauthorized accesses. It is also useful for investigating the behaviour of attackers, and in particular, unknown attacks. Read More

Although many anti-theft technologies are implemented, auto-theft is still increasing. Also, security vulnerabilities of cars can be used for auto-theft by neutralizing anti-theft system. This keyless auto-theft attack will be increased as cars adopt computerized electronic devices more. Read More

Morpheo is a transparent and secure machine learning platform collecting and analysing large datasets. It aims at building state-of-the art prediction models in various fields where data are sensitive. Indeed, it offers strong privacy of data and algorithm, by preventing anyone to read the data, apart from the owner and the chosen algorithms. Read More

Memory corruption vulnerabilities in C/C++ applications enable attackers to execute code, change data, and leak information. Current memory sanitizers do no provide comprehensive coverage of a program's data. In particular, existing tools focus primarily on heap allocations with limited support for stack allocations and globals. Read More

Browsers can detect malicious websites that are provisioned with forged or fake TLS/SSL certificates. However, they are not so good at detecting malicious websites if they are provisioned with mistakenly issued certificates or certificates that have been issued by a compromised certificate authority. Google proposed certificate transparency which is an open framework to monitor and audit certificates in real time. Read More

Symmetric encryption has been a standout amongst the most reliable option by which security is accomplished. In modern block symmetric ciphers, the substitution-boxes have been playing a critical role of nonlinear components that drives the actual security of ciphers. In this paper, the travelling salesman problem and piecewise linear chaotic map are explored to synthesize an efficient configuration of 8x8 substitution-box. Read More

High Energy Physics (HEP) distributed computing infrastructures require automatic tools to monitor, analyze and react to potential security incidents. These tools should collect and inspect data such as resource consumption, logs and sequence of system calls for detecting anomalies that indicate the presence of a malicious agent. They should also be able to perform automated reactions to attacks without administrator intervention. Read More

All mobile devices are energy-constrained. They use batteries that allows using the device for a limited amount of time. In general, energy attacks on mobile devices are denial of service (DoS) type of attacks. Read More

Monero is a privacy-centric cryptocurrency that allows users to obscure their transaction graph by including chaff coins, called "mixins," along with the actual coins they spend. In this report, we empirically evaluate two weak- nesses in Monero's mixin sampling strategy. First, about 62% of transaction inputs with one or more mixins are vulnerable to "chain-reaction" analysis -- that is, the real input can be deduced by elimination, e. Read More

Information System (IS) Security threats is still a major concern for many organisations. However, most organisations fall short in achieving a successful adoption and implementation of IS security measures. In this paper, we developed a theoretical model for the adoption process of IS Security innovations in organisations. Read More

We investigate the problem of guessing a discrete random variable $Y$ under a privacy constraint dictated by another correlated discrete random variable $X$, where both guessing efficiency and privacy are assessed in terms of the probability of correct guessing. We define $h(P_{XY}, \epsilon)$ as the maximum probability of correctly guessing $Y$ given an auxiliary random variable $Z$, where the maximization is taken over all $P_{Z|Y}$ ensuring that the probability of correctly guessing $X$ given $Z$ does not exceed $\epsilon$. We show that the map $\epsilon\mapsto h(P_{XY}, \epsilon)$ is strictly increasing, concave, and piecewise linear, which allows us to derive a closed form expression for $h(P_{XY}, \epsilon)$ when $X$ and $Y$ are connected via a binary-input binary-output channel. Read More

Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. The users or service providers with the key have exclusive rights on the data. Read More

In the forensic field of digital technology, there has been a great deal of investigation into the decoding of navigation systems of the brand TomTom. As TomTom is the market leader in navigation systems, a large number of these devices are investigated. These devices can hold an abundance of significant location information. Read More

Adversarial examples are maliciously perturbed inputs designed to mislead machine learning (ML) models at test-time. Adversarial examples are known to transfer across models: a same perturbed input is often misclassified by different models despite being generated to mislead a specific architecture. This phenomenon enables simple yet powerful black-box attacks against deployed ML systems. Read More

Today a lot of digital evidences for crime investigation includes a geospatial component. This data comes from various sources such as smartphones, tablets, navigation systems, digital camera with global positioning system (GPS), etc. The geospatial data plays a crucial role in crime investigation such as helping to tracking suspects, profiling serial offenders, recognizing trends in criminal activities, just a few. Read More

In this paper, we study using Destination Artificial Noise (DAN) besides Source Artificial Noise (SAN) to enhance physical layer secrecy with an outage probability based approach. It is assumed that all nodes in the network (i.e. Read More

Mobile devices are used more and more in everyday life. They are our cameras, wallets, and keys. Basically, they embed most of our private information in our pocket. Read More

We introduce a semantic identification attack, in which an adversary uses semantic signals about the pages visited in one browsing session to identify other browsing sessions launched by the same user. Current user fingerprinting methods fail when a single machine is used by multiple users (e.g. Read More

Voice is envisioned to be a popular way for humans to interact with Internet-of-Things (IoT) devices. We propose a proximity-based user authentication method (called PIANO) for access control on such voice-powered IoT devices. PIANO leverages the built-in speaker, microphone, and Bluetooth that voice-powered IoT devices often already have. Read More

Given that security threats and privacy breaches are com- monplace today, it is an important problem for one to know whether their device(s) are in a "good state of security", or is there a set of high- risk vulnerabilities that need to be addressed. In this paper, we address this simple yet challenging problem. Instead of gaining white-box access to the device, which offers privacy and other system issues, we rely on network logs and events collected offine as well as in realtime. Read More

A pervasive task in the differential privacy literature is to select the $k$ items of "highest quality" out of a set of $d$ items, where the quality of each item depends on a sensitive dataset that must be protected. Variants of this task arise naturally in fundamental problems like feature selection and hypothesis testing, and also as subroutines for many sophisticated differentially private algorithms. The standard approaches to these tasks---repeated use of the exponential mechanism or the sparse vector technique---approximately solve this problem given a dataset of $n = O(\sqrt{k}\log d)$ samples. Read More

It is practically impossible for users to memorize a large portfolio of strong and individual passwords for their online accounts. A solution is to generate passwords randomly and store them. Yet, storing passwords instead of memorizing them bears the risk of loss, e. Read More

For a number of years, many websites have used CAPTCHAs to filter out interactions by bots. However, attackers have found ways to circumvent CAPTCHAs by programming bots to solve or bypass them, or even relay them for humans to solve. In order to reduce the chances of success of such attacks, CAPTCHAs can be strengthened by the addition of certain safeguards. Read More

The Web is replete with tutorial-style content on how to accomplish programming tasks. Unfortunately, even top-ranked tutorials suffer from severe security vulnerabilities, such as cross-site scripting (XSS), and SQL injection (SQLi). Assuming that these tutorials influence real-world software development, we hypothesize that code snippets from popular tutorials can be used to bootstrap vulnerability discovery at scale. Read More