References of "Ryan, Peter 50002965"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailA Security Analysis, and a Fix, of a Code-Corrupted Honeywords System
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Ryan, Peter UL et al

in Proceedings of the 4th International Conference on Information Systems Security and Privacy (2018)

In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together ... [more ▼]

In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together with indistinguishable decoy words so when an intruder steals the file, retrieves the words, and tries to log-in, he does not know which one is the password. By guessing one from the decoy words, he may not be lucky and reveal the leak. Juels and Rivest left a problem open: how to make the system secure even when the intruder corrupted the login server’s code. In this paper we study and solve the problem. However, since “code corruption” is a powerful attack, we first define rigorously the threat and set a few assumptions under which the problem is still solvable, before showing meaningful attacks against the original Honeywords System. Then we elicit a fundamental security requirement, implementing which, we are able to restore the honeywords System’s security despite a corrupted login service. We verify the new protocol’s security formally, using ProVerif for this task. We also implement the protocol and test its performance. Finally, at the light of our findings, we discuss whether it is still worth using a fixed honeywords-based system against such a powerful threat, or whether it is better, in order to be resilient against code corruption attacks, to design afresh a completely different password-based authentication solution. [less ▲]

Detailed reference viewed: 51 (11 UL)
Full Text
Peer Reviewed
See detailSecurity in the Shell : An Optical Physical Unclonable Function made of Shells of Cholesteric Liquid Crystals
Lenzini, Gabriele UL; Samir, Ouchani; Roenne, Peter UL et al

in Proc. of the 9th IEEE Workshop on Information Forensics and Security (2017, October 02)

We describe the application in security of shells of Cholesteric Liquid Crystals (ChLCs). Such shells have a diameter in the microns range and can be gathered in hundreds in a surface area as small as a ... [more ▼]

We describe the application in security of shells of Cholesteric Liquid Crystals (ChLCs). Such shells have a diameter in the microns range and can be gathered in hundreds in a surface area as small as a nail’s head. Because of their structural properties, a bundle of them reflects light, creating colorful patterns that we argue to be unique and computationally hard to predict. We argue also that the bundle itself is unclonable. These are typical properties of Physically Unclonable Functions, a family to which shells of ChLCs belong too. Herein we discuss their physical and security properties and their potential use in object authentication. [less ▲]

Detailed reference viewed: 54 (1 UL)
Full Text
Peer Reviewed
See detailTrustworthy exams without trusted parties
Bella, Giampaolo; Giustolisi, Rosario; Lenzini, Gabriele UL et al

in Computer and Security (2017), 67

Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam ... [more ▼]

Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam scandals confirm, also invigilators and authorities may pose security threats. The introduction of computers into the different phases of an exam, such as candidate registration, brings new security issues that should be addressed with the care normally devoted to security protocols. This paper proposes a protocol that meets a wide set of security requirements and resists threats that may originate from candidates as well as from exam administrators. By relying on a combination of oblivious transfer and visual cryptography schemes, the protocol does not need to rely on any trusted third party. We analyse the protocol formally in ProVerif and prove that it verifies all the stated security requirements. [less ▲]

Detailed reference viewed: 18 (3 UL)
Full Text
Peer Reviewed
See detailUsing Selene to Verify your Vote in JCJ
Iovino, Vincenzo UL; Rial Duran, Alfredo UL; Roenne, Peter UL et al

in Workshop on Advances in Secure Electronic Voting (VOTING'17) (2017, April 07)

Detailed reference viewed: 46 (17 UL)
Full Text
Peer Reviewed
See detailThe Cipher, the Random and the Ransom: A Survey on Current and Future Ransomware
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Ryan, Peter UL

in Advances in Cybersecurity 2017 (2017)

Although conceptually not new, ransomware recently regained attraction in the cybersecurity community: notorious attacks in fact have caused serious damage, proving their disruptive effect. This is likely ... [more ▼]

Although conceptually not new, ransomware recently regained attraction in the cybersecurity community: notorious attacks in fact have caused serious damage, proving their disruptive effect. This is likely just the beginning of a new era. According to a recent intelligence report by Cybersecurity Ventures, the total cost due to ransomware attacks is predicted to exceed $5 billion in 2017. How can this disruptive threat can be contained? Current anti-ransomware solutions are effective only against existing threats, and the worst is yet to come. Cyber criminals will design and deploy more sophisticated strategies, overcoming current defenses and, as it commonly happens in security, defenders and attackers will embrace a competition that will never end. In this arm race, anticipating how current ransomware will evolve may help at least being prepared for some future damage. In this paper, we describe existing techniques to mitigate ransomware and we discuss their limitations. Discussing how current ransomware could become even more disruptive and elusive is crucial to conceive more solid defense and systems that can mitigate zero-day ransomware, yielding higher security levels for information systems, including critical infrastructures such as intelligent transportation networks and health institutions. [less ▲]

Detailed reference viewed: 156 (10 UL)
See detailReal-World Electronic Voting: Design, Analysis and Deployment
Hao, Feng; Ryan, Peter UL

Book published by Auerbach Publications (2016)

Detailed reference viewed: 19 (0 UL)
See detailThe New Codebreakers - Essays Dedicated to David Kahn on the Occasion of His 85th Birthday
Ryan, Peter UL; Naccache, David; Quisquater, Jean-Jacques

Book published by Springer (2016)

Detailed reference viewed: 12 (0 UL)
Full Text
Peer Reviewed
See detailExpressing Receipt-Freeness and Coercion-Resistance in Logics of Strategic Ability: Preliminary Attempt
Tabatabaei, Masoud UL; Jamroga, Wojciech UL; Ryan, Peter UL

in The International Workshop on AI for Privacy and Security (PrAISe), 2016. (2016)

Voting is a mechanism of utmost importance to social processes. In this paper, we focus on the strategic aspect of information security in voting procedures. We argue that the notions of receipt-freeness ... [more ▼]

Voting is a mechanism of utmost importance to social processes. In this paper, we focus on the strategic aspect of information security in voting procedures. We argue that the notions of receipt-freeness and coercion resistance are underpinned by existence (or nonexistence) of a suitable strategy for some participants of the voting process. In order to back the argument formally, we provide logical ``transcriptions'' of the informal intuitions behind coercion-related properties that can be found in the existing literature. The transcriptions are formulated in the modal game logic ATL*, well known in the area of multi-agent systems. [less ▲]

Detailed reference viewed: 28 (6 UL)
See detailFinancial Cryptography and Data Security - FC 2016 International Workshops, BITCOIN, VOTING, and WAHC
Clark, Jeremy; Sarah; Ryan, Peter UL et al

Book published by Springer (2016)

Detailed reference viewed: 34 (8 UL)
See detail(Universal) Unconditional Verifiability in E-Voting without Trusted Parties
Gallegos-Garcia, Gina; Iovino, Vincenzo UL; Roenne, Peter UL et al

E-print/Working paper (2016)

Detailed reference viewed: 27 (2 UL)
Peer Reviewed
See detailCrypto Santa
Ryan, Peter UL

in The New Codebreakers - Essays Dedicated to David Kahn on the Occasion of His 85th Birthday (2016)

Detailed reference viewed: 24 (4 UL)
Full Text
Peer Reviewed
See detailFormal Security Analysis of Traditional and Electronic Exams
Dreier, Jannik; Giustosi, Rosario; Kassem, Ali et al

in Communications in Computer and Information Science (2015), 554

Nowadays, students can be assessed not only by means of pencil-and-paper tests but also by electronic exams which they take in examination centers or even from home. Electronic exams are appealing as they ... [more ▼]

Nowadays, students can be assessed not only by means of pencil-and-paper tests but also by electronic exams which they take in examination centers or even from home. Electronic exams are appealing as they can reach larger audiences, but they are exposed to new threats that can potentially ruin the whole exam business. These threats are amplified by two issues: the lack of understanding of what security means for electronic exams (except the old concern about students cheating), and the absence of tools to verify whether an exam process is secure. This paper addresses both issues by introducing a formal description of several fundamental authentication and privacy properties, and by establishing the first theoretical framework for an automatic analysis of exam security. It uses the applied π-calculus as a framework and ProVerif as a tool. Three exam protocols are checked in depth: two Internet exam protocols of recent design, and the pencil-and-paper exam used by the University of Grenoble. The analysis highlights several weaknesses. Some invalidate authentication and privacy even when all parties are honest; others show that security depends on the honesty of parties, an often unjustified assumption in modern exams. [less ▲]

Detailed reference viewed: 77 (6 UL)
Full Text
Peer Reviewed
See detailInformation Leakage due to Revealing Randomly Selected Bits
Atashpendar, Arash UL; Roscoe, Bill; Ryan, Peter UL

in Security Protocols XXIII: Lecture Notes in Computer Science, Volume 9379, 2015 (2015, November 25)

This note describes an information theory problem that arose from some analysis of quantum key distribution protocols. The problem seems very natural and is very easy to state but has not to our knowledge ... [more ▼]

This note describes an information theory problem that arose from some analysis of quantum key distribution protocols. The problem seems very natural and is very easy to state but has not to our knowledge been addressed before in the information theory literature: suppose that we have a random bit string y of length n and we reveal k bits at random positions, preserving the order but without revealing the positions, how much information about y is revealed? We show that while the cardinality of the set of compatible y strings depends only on n and k, the amount of leakage does depend on the exact revealed x string. We observe that the maximal leakage, measured as decrease in the Shannon entropy of the space of possible bit strings corresponds to the x string being all zeros or all ones and that the minimum leakage corresponds to the alternating x strings. We derive a formula for the maximum leakage (minimal entropy) in terms of n and k. We discuss the relevance of other measures of information, in particular min-entropy, in a cryptographic context. Finally, we describe a simulation tool to explore these results. [less ▲]

Detailed reference viewed: 309 (43 UL)
Full Text
Peer Reviewed
See detailSelene: Voting with Transparent Verifiability and Coercion-Mitigation
Ryan, Peter UL; Roenne, Peter UL; Iovino, Vincenzo UL

in Abstract book of 1st Workshop on Advances in Secure Electronic Voting (2016), 2015

Detailed reference viewed: 190 (24 UL)
Full Text
Peer Reviewed
See detailA Secure Exam Protocol Without Trusted Parties
Bella, Giampaolo; Giustolisi, Rosario UL; Lenzini, Gabriele UL et al

in ICT Systems Security and Privacy Protection. 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015 (2015)

Detailed reference viewed: 158 (6 UL)
Full Text
Peer Reviewed
See detailEnd-to-end verifiability
Ryan, Peter UL; Benaloh, Josh; Rivest, Ronald et al

in arXiv preprint arXiv:1504.03778 (2015)

This pamphlet describes end-to-end election verifiability (E2E-V) for a nontechnical audience: election officials, public policymakers, and anyone else interested in secure, transparent, evidence - based ... [more ▼]

This pamphlet describes end-to-end election verifiability (E2E-V) for a nontechnical audience: election officials, public policymakers, and anyone else interested in secure, transparent, evidence - based electronic elections. This work is part of the Overseas Vote Foundation’s End-to-End Verifiable Internet Voting: Specification and Feasibility Assessment Study (E2E VIV Project), funded by the Democracy Fund. [less ▲]

Detailed reference viewed: 37 (3 UL)
Full Text
Peer Reviewed
See detailEnd-to-End Verifiability in Voting Systems, from Theory to Practice
Ryan, Peter UL; Schneider, Steve; Teague, Vanessa

in IEEE SECURITY & PRIVACY (2015), 13(3), 59-62

End-to-end verifiability represents a paradigm shift in electronic voting, providing a way to verify the integrity of the election by allowing voters to audit the information published by the system ... [more ▼]

End-to-end verifiability represents a paradigm shift in electronic voting, providing a way to verify the integrity of the election by allowing voters to audit the information published by the system, rather than trusting that the system has behaved correctly. Recent deployments of these systems in real elections demonstrate their practical applicability. [less ▲]

Detailed reference viewed: 129 (8 UL)
Full Text
See detailPrivacy and Security in an Age of Surveillance
Ryan, Peter UL; Preneel, Bart; Rogaway, Phillip et al

Report (2015)

The Snowden revelations have demonstrated that the US and other nations are amassing data about people's lives at an unprecedented scale. Furthermore, these revelations have shown that intelligence ... [more ▼]

The Snowden revelations have demonstrated that the US and other nations are amassing data about people's lives at an unprecedented scale. Furthermore, these revelations have shown that intelligence agencies are not only pursuing passive surveillance over the world's communication systems, but are also seeking to facilitate such surveillance by undermining the security of the internet and communications technologies. Thus the activities of these agencies threatens not only the rights of individual citizens but also the fabric of democratic society. Intelligence services do have a useful role to play in protecting society and for this need the capabilities and authority to perform targeted surveillance. But the scope of such surveillance must be strictly limited by an understanding of its costs as well as benefits, and it should not impinge on the privacy rights of citizens any more than necessary. Here we report on a recent Dagstuhl Perspectives Workshop addressing these issues - a four-day gathering of experts from multiple disciplines connected with privacy and security. The meeting explored the scope of mass-surveillance and the deliberate undermining of the security of the internet, defined basic principles that should underlie needed reforms, and discussed the potential for technical, legal and regulatory means to help restore the security of the internet and stem infringement of human-rights by ubiquitous electronic surveillance. [less ▲]

Detailed reference viewed: 127 (2 UL)
Full Text
Peer Reviewed
See detailTrapdoor Privacy in Asymmetric Searchable Encryption Schemes
Delerue Arriaga, Afonso UL; Tang, Qiang UL; Ryan, Peter UL

in Progress in Cryptology -- AFRICACRYPT 2014, Marrakesh 28-30 May 2014 (2014)

Asymmetric searchable encryption allows searches to be carried over ciphertexts, through delegation, and by means of trapdoors issued by the owner of the data. Public Key Encryption with Keyword Search ... [more ▼]

Asymmetric searchable encryption allows searches to be carried over ciphertexts, through delegation, and by means of trapdoors issued by the owner of the data. Public Key Encryption with Keyword Search (PEKS) is a primitive with such functionality that provides delegation of exact-match searches. As it is important that ciphertexts preserve data privacy, it is also important that trapdoors do not expose the user’s search criteria. The difficulty of formalizing a security model for trapdoor privacy lies in the verification functionality, which gives the adversary the power of verifying if a trapdoor encodes a particular keyword. In this paper, we provide a broader view on what can be achieved regarding trapdoor privacy in asymmetric searchable encryption schemes, and bridge the gap between previous definitions, which give limited privacy guarantees in practice against search patterns. We propose the notion of Strong Search Pattern Privacy for PEKS and construct a scheme that achieves this security notion. [less ▲]

Detailed reference viewed: 278 (19 UL)
Full Text
Peer Reviewed
See detailDoubleMod and SingleMod: Simple Randomized Secret-Key Encryption with Bounded Homomorphicity
Ryan, Peter UL; Phatak, Dhananjay S.; Tang, Qiang et al

in IACR Cryptology ePrint Archive (2014)

An encryption relation f Z Z with decryption function f 􀀀1 is “group-homomorphic” if, for any suitable plaintexts x1 and x2, x1+x2 = f 􀀀1( f (x1)+f (x2)). It is “ring-homomorphic” if furthermore x1x2 ... [more ▼]

An encryption relation f Z Z with decryption function f 􀀀1 is “group-homomorphic” if, for any suitable plaintexts x1 and x2, x1+x2 = f 􀀀1( f (x1)+f (x2)). It is “ring-homomorphic” if furthermore x1x2 = f 􀀀1( f (x1) f (x2)); it is “field-homomorphic” if furthermore 1=x1 = f 􀀀1( f (1=x1)). Such relations would support oblivious processing of encrypted data. We propose a simple randomized encryption relation f over the integers, called DoubleMod, which is “bounded ring-homomorphic” or what some call ”somewhat homomorphic.” Here, “bounded” means that the number of additions and multiplications that can be performed, while not allowing the encrypted values to go out of range, is limited (any pre-specified bound on the operation-count can be accommodated). Let R be any large integer. For any plaintext x 2 ZR, DoubleMod encrypts x as f (x) = x + au + bv, where a and b are randomly chosen integers in some appropriate interval, while (u; v) is the secret key. Here u > R2 is a large prime and the smallest prime factor of v exceeds u. With knowledge of the key, but not of a and b, the receiver decrypts the ciphertext by computing f 􀀀1(y) = (y mod v) mod u. DoubleMod generalizes an independent idea of van Dijk et al. 2010. We present and refine a new CCA1 chosen-ciphertext attack that finds the secret key of both systems (ours and van Dijk et al.’s) in linear time in the bit length of the security parameter. Under a known-plaintext attack, breaking DoubleMod is at most as hard as solving the Approximate GCD (AGCD) problem. The complexity of AGCD is not known. We also introduce the SingleMod field-homomorphic cryptosystems. The simplest SingleMod system based on the integers can be broken trivially. We had hoped, that if SingleMod is implemented inside non-Euclidean quadratic or higher-order fields with large discriminants, where GCD computations appear di cult, it may be feasible to achieve a desired level of security. We show, however, that a variation of our chosen-ciphertext attack works against SingleMod even in non-Euclidean fields. [less ▲]

Detailed reference viewed: 30 (6 UL)