Results 1-20 of 60. Search equation: ((uid:50002965)) Sort: Issue date Author Title Filter: All documents types Scientific journals - Article - Short communication - Book review - Letter to the editor - Complete issue - OtherBooks - Book published as author, translator, etc. - Collective work published as editor or directorParts of books - Contribution to collective works - Contribution to encyclopedias, dictionaries... - Preface, postface, glossary...Scientific congresses, symposiums and conference proceedings - Unpublished conference - Paper published in a book - Paper published in a journal - PosterScientific presentation in universities or research centersReports - Expert report - Internal report - External report - OtherDissertations and theses - Bachelor/master dissertation - Doctoral thesis - Postdoctoral thesis - OtherLearning materials - Course notes - OtherPatentCartographic materials - Single work - Part of another publicationComputer developments - Textual, factual or bibliographical database - Software - OtherE-prints/Working papers - First made available on ORBilu - Already available on another siteDiverse speeches and writings - Article for general public - Conference given outside the academic context - Speeches/Talks - Other     1 2 3   Coercion-Resistant Voting in Linear Time via Fully Homomorphic Encryption: Towards a Quantum-Safe SchemeRoenne, Peter ; Atashpendar, Arash ; Kristian, Gjøsteen et alin Financial Cryptography and Data Security 2019. FC 2019: International Workshops, CIW, VOTING, and WTSC (in press)We present an approach for performing the tallying work in the coercion-resistant JCJ voting protocol, introduced by Juels, Catalano, and Jakobsson, in linear time using fully homomorphic encryption (FHE ... [more ▼]We present an approach for performing the tallying work in the coercion-resistant JCJ voting protocol, introduced by Juels, Catalano, and Jakobsson, in linear time using fully homomorphic encryption (FHE). The suggested enhancement also paves the path towards making JCJ quantum-resistant, while leaving the underlying structure of JCJ intact. The pairwise comparison-based approach of JCJ using plaintext equivalence tests leads to a quadratic blow-up in the number of votes, which makes the tallying process rather impractical in realistic settings with a large number of voters. We show how the removal of invalid votes can be done in linear time via a solution based on recent advances in various FHE primitives such as hashing, zero-knowledge proofs of correct decryption, verifiable shuffles and threshold FHE. We conclude by touching upon some of the advantages and challenges of such an approach, followed by a discussion of further security and post-quantum considerations. [less ▲]Detailed reference viewed: 150 (43 UL) Security – Visible, Yet Unseen? How Displaying Security Mechanisms Impacts User Experience and Perceived SecurityDistler, Verena ; Zollinger, Marie-Laure ; Lallemand, Carine et alin Proceedings of ACM CHI Conference on Human Factors in Computing Systems (CHI2019) (2019, April)An unsolved debate in the field of usable security concerns whether security mechanisms should be visible, or blackboxed away from the user for the sake of usability. However, tying this question to ... [more ▼]An unsolved debate in the field of usable security concerns whether security mechanisms should be visible, or blackboxed away from the user for the sake of usability. However, tying this question to pragmatic usability factors only might be simplistic. This study aims at researching the impact of displaying security mechanisms on user experience (UX) in the context of e-voting. Two versions of an e-voting application were designed and tested using a between-group experimental protocol (N=38). Version D displayed security mechanisms, while version ND did not reveal any security-related information. We collected data on UX using standardised evaluation scales and semi-structured interviews. Version D performed better overall in terms of UX and need fulfilment. Qualitative analysis of the interviews gives further insights into factors impacting perceived security. Our study adds to existing research suggesting a conceptual shift from usability to UX and discusses implications for designing and evaluating secure systems. [less ▲]Detailed reference viewed: 235 (34 UL) How to Assess the Usability Metrics of E-Voting SchemesMarky, Karola; Zollinger, Marie-Laure ; Funk, Markus et alin Lecture Notes in Computer Science (2019, February)Detailed reference viewed: 63 (7 UL) An offline dictionary attack against zkPAKE protocolLopez Becerra, José Miguel ; Ryan, Peter ; Sala, Petra et alin An offline dictionary attack against zkPAKE protocol (2019)Password Authenticated Key Exchange (PAKE) allows a user to establish a secure cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security require- ments of ... [more ▼]Password Authenticated Key Exchange (PAKE) allows a user to establish a secure cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security require- ments of PAKE is to prevent o ine dictionary attacks. In this paper, we revisit zkPAKE, an augmented PAKE that has been recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our work shows that the zkPAKE protocol is prone to o ine password guess- ing attack, even in the presence of an adversary that has only eavesdrop- ping capabilities. Results of performance evaluation show that our attack is practical and e cient.Therefore, zkPAKE is insecure and should not be used as a password-authenticated key exchange mechanism. [less ▲]Detailed reference viewed: 36 (1 UL) HoneyPAKEsLopez Becerra, José Miguel ; Roenne, Peter ; Ryan, Peter et alin Security Protocols XXVI: Lecture Notes in Computer Science (2018, November 27)We combine two security mechanisms: using a Password-based Authenticated Key Establishment (PAKE) protocol to protect the password for access control and the Honeywords construction of Juels and Rivest to ... [more ▼]We combine two security mechanisms: using a Password-based Authenticated Key Establishment (PAKE) protocol to protect the password for access control and the Honeywords construction of Juels and Rivest to detect loss of password files. The resulting construction combines the properties of both mechanisms: ensuring that the password is intrinsically protected by the PAKE protocol during transmission and the Honeywords mechanisms for detecting attempts to exploit a compromised password file. Our constructions lead very naturally to two factor type protocols. An enhanced version of our protocol further provides protection against a compromised login server by ensuring that it does not learn the index to the true password. [less ▲]Detailed reference viewed: 30 (7 UL) Revisiting Deniability in Quantum Key Exchange via Covert Communication and Entanglement DistillationAtashpendar, Arash ; Policharla, Guru Vamsi; Roenne, Peter et alin Secure IT Systems, 23rd Nordic Conference, NordSec 2018. Lecture Notes in Computer Science, vol 11252. Springer, Cham (2018, November 02)We revisit the notion of deniability in quantum key exchange (QKE), a topic that remains largely unexplored. In the only work on this subject by Donald Beaver, it is argued that QKE is not necessarily ... [more ▼]We revisit the notion of deniability in quantum key exchange (QKE), a topic that remains largely unexplored. In the only work on this subject by Donald Beaver, it is argued that QKE is not necessarily deniable due to an eavesdropping attack that limits key equivocation. We provide more insight into the nature of this attack and how it extends to other constructions such as QKE obtained from uncloneable encryption. We then adopt the framework for quantum authenticated key exchange, developed by Mosca et al., and extend it to introduce the notion of coercer-deniable QKE, formalized in terms of the indistinguishability of real and fake coercer views. Next, we apply results from a recent work by Arrazola and Scarani on covert quantum communication to establish a connection between covert QKE and deniability. We propose DC-QKE, a simple deniable covert QKE protocol, and prove its deniability via a reduction to the security of covert QKE. Finally, we consider how entanglement distillation can be used to enable information-theoretically deniable protocols for QKE and tasks beyond key exchange. [less ▲]Detailed reference viewed: 154 (46 UL) Electryo, In-person Voting with Transparent Voter Verifiability and Eligibility VerifiabilityRoenne, Peter ; Ryan, Peter ; Zollinger, Marie-Laure E-print/Working paper (2018)Selene is an e-voting protocol that allows voters to directly check their individual vote, in cleartext, in the final tally via a tracker system, while providing good coercion mitigation. This is in ... [more ▼]Selene is an e-voting protocol that allows voters to directly check their individual vote, in cleartext, in the final tally via a tracker system, while providing good coercion mitigation. This is in contrast to conventional, end-to-end verifiable schemes in which the voter verifies the presence of an encryption of her vote on the bulletin board. The Selene mechanism can be applied to many e-voting schemes, but here we present an application to the polling station context, resulting in a voter-verifiable electronic tally with a paper audit trail. The system uses a smartcard-based public key system to provide the individual verifica- tion and universal eligibility verifiability. The paper record contains an encrypted link to the voter’s identity, requiring stronger assumptions on ballot privacy than normal paper voting, but with the benefit of pro- viding good auditability and dispute resolution as well as supporting (comparison) risk limiting audits. [less ▲]Detailed reference viewed: 48 (5 UL) Facilitating Privacy-preserving Recommendation-as-a-Service with Machine LearningWang, Jun ; Arriaga, Afonso; Tang, Qiang et alPoster (2018, October)Machine-Learning-as-a-Service has become increasingly popular, with Recommendation-as-a-Service as one of the representative examples. In such services, providing privacy protection for users is an ... [more ▼]Machine-Learning-as-a-Service has become increasingly popular, with Recommendation-as-a-Service as one of the representative examples. In such services, providing privacy protection for users is an important topic. Reviewing privacy-preserving solutions which were proposed in the past decade, privacy and machine learning are often seen as two competing goals at stake. Though improving cryptographic primitives (e.g., secure multi-party computation (SMC) or homomorphic encryption (HE)) or devising sophisticated secure protocols has made a remarkable achievement, but in conjunction with state-of-the-art recommender systems often yields far-from-practical solutions. We tackle this problem from the direction of machine learning. We aim to design crypto-friendly recommendation algorithms, thus to obtain efficient solutions by directly using existing cryptographic tools. In particular, we propose an HE-friendly recommender system, refer to as CryptoRec, which (1) decouples user features from latent feature space, avoiding training the recommendation model on encrypted data; (2) only relies on addition and multiplication operations, making the model straightforwardly compatible with HE schemes. The properties turn recommendation-computations into a simple matrix-multiplication operation. To further improve efficiency, we introduce a sparse-quantization-reuse method which reduces the recommendation-computation time by $9\times$ (compared to using CryptoRec directly), without compromising the accuracy. We demonstrate the efficiency and accuracy of CryptoRec on three real-world datasets. CryptoRec allows a server to estimate a user's preferences on thousands of items within a few seconds on a single PC, with the user's data homomorphically encrypted, while its prediction accuracy is still competitive with state-of-the-art recommender systems computing over clear data. Our solution enables Recommendation-as-a-Service on large datasets in a nearly real-time (seconds) level. [less ▲]Detailed reference viewed: 77 (4 UL) A Proof of Entropy Minimization for Outputs in Deletion Channels via Hidden Word StatisticsAtashpendar, Arash ; Mestel, David ; Roscoe, A.W. (Bill) et alE-print/Working paper (2018)From the output produced by a memoryless deletion channel from a uniformly random input of known length n, one obtains a posterior distribution on the channel input. The difference between the Shannon ... [more ▼]From the output produced by a memoryless deletion channel from a uniformly random input of known length n, one obtains a posterior distribution on the channel input. The difference between the Shannon entropy of this distribution and that of the uniform prior measures the amount of information about the channel input which is conveyed by the output of length m, and it is natural to ask for which outputs this is extremized. This question was posed in a previous work, where it was conjectured on the basis of experimental data that the entropy of the posterior is minimized and maximized by the constant strings 𝟶𝟶𝟶… and 𝟷𝟷𝟷… and the alternating strings 𝟶𝟷𝟶𝟷… and 𝟷𝟶𝟷𝟶… respectively. In the present work we confirm the minimization conjecture in the asymptotic limit using results from hidden word statistics. We show how the analytic-combinatorial methods of Flajolet, Szpankowski and Vall\'ee for dealing with the hidden pattern matching problem can be applied to resolve the case of fixed output length and n→∞, by obtaining estimates for the entropy in terms of the moments of the posterior distribution and establishing its minimization via a measure of autocorrelation. [less ▲]Detailed reference viewed: 87 (39 UL) An Offline Dictionary Attack Against zkPAKE ProtocolLopez Becerra, José Miguel ; Ryan, Peter ; Sala, Petra et alPoster (2018, June)Password Authenticated Key Exchange (PAKE) allows a user to establish a strong cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security requirements of ... [more ▼]Password Authenticated Key Exchange (PAKE) allows a user to establish a strong cryptographic key with a server, using only knowledge of a pre-shared password. One of the basic security requirements of PAKE is to prevent o ine dictionary attacks. In this paper, we revisit zkPAKE, an augmented PAKE that has been recently proposed by Mochetti, Resende, and Aranha (SBSeg 2015). Our work shows that the zkPAKE protocol is prone to o ine password guessing attack, even in the presence of an adversary that has only eavesdropping capabilities. Therefore, zkPAKE is insecure and should not be used as a password-authenticated key exchange mechanism [less ▲]Detailed reference viewed: 58 (10 UL) Cholesteric Liquid Crystal Shells as Enabling Material for Information-Rich Design and Architecture.Schwartz, Mathew; Lenzini, Gabriele ; Geng, Yong et alin Advanced Materials (2018)The responsive and dynamic character of liquid crystals (LCs), arising from their ability to self-organize into long-range ordered structures while maintaining fluidity, has given them a role as key ... [more ▼]The responsive and dynamic character of liquid crystals (LCs), arising from their ability to self-organize into long-range ordered structures while maintaining fluidity, has given them a role as key enabling materials in the information technology that surrounds us today. Ongoing research hints at future LC-based technologies of entirely different types, for instance by taking advantage of the peculiar behavior of cholesteric liquid crystals (CLCs) subject to curvature. Spherical shells of CLC reflect light omnidirectionally with specific polarization and wavelength, tunable from the UV to the infrared (IR) range, with complex patterns arising when many of them are brought together. Here, these properties are analyzed and explained, and future application opportunities from an inter- disciplinary standpoint are discussed. By incorporating arrangements of CLC shells in smart facades or vehicle coatings, or in objects of high value subject to counterfeiting, game-changing future uses might arise in fields spanning infor- mation security, design, and architecture. The focus here is on the challenges of a digitized and information-rich future society where humans increasingly rely on technology and share their space with autonomous vehicles, drones, and robots. [less ▲]Detailed reference viewed: 166 (2 UL) From Clustering Supersequences to Entropy Minimizing Subsequences for Single and Double DeletionsAtashpendar, Arash ; Beunardeau, Marc; Connolly, Aisling et alE-print/Working paper (2018)A binary string transmitted via a memoryless i.i.d. deletion channel is received as a subsequence of the original input. From this, one obtains a posterior distribution on the channel input, corresponding ... [more ▼]A binary string transmitted via a memoryless i.i.d. deletion channel is received as a subsequence of the original input. From this, one obtains a posterior distribution on the channel input, corresponding to a set of candidate supersequences weighted by the number of times the received subsequence can be embedded in them. In a previous work it is conjectured on the basis of experimental data that the entropy of the posterior is minimized and maximized by the constant and the alternating strings, respectively. In this work, in addition to revisiting the entropy minimization conjecture, we also address several related combinatorial problems. We present an algorithm for counting the number of subsequence embeddings using a run-length encoding of strings. We then describe methods for clustering the space of supersequences such that the cardinality of the resulting sets depends only on the length of the received subsequence and its Hamming weight, but not its exact form. Then, we consider supersequences that contain a single embedding of a fixed subsequence, referred to as singletons, and provide a closed form expression for enumerating them using the same run-length encoding. We prove an analogous result for the minimization and maximization of the number of singletons, by the alternating and the uniform strings, respectively. Next, we prove the original minimal entropy conjecture for the special cases of single and double deletions using similar clustering techniques and the same run-length encoding, which allow us to characterize the distribution of the number of subsequence embeddings in the space of compatible supersequences to demonstrate the effect of an entropy decreasing operation. [less ▲]Detailed reference viewed: 82 (34 UL) A Security Analysis, and a Fix, of a Code-Corrupted Honeywords SystemGenç, Ziya Alper ; Lenzini, Gabriele ; Ryan, Peter et alin Proceedings of the 4th International Conference on Information Systems Security and Privacy (2018)In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together ... [more ▼]In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together with indistinguishable decoy words so when an intruder steals the file, retrieves the words, and tries to log-in, he does not know which one is the password. By guessing one from the decoy words, he may not be lucky and reveal the leak. Juels and Rivest left a problem open: how to make the system secure even when the intruder corrupted the login server’s code. In this paper we study and solve the problem. However, since “code corruption” is a powerful attack, we first define rigorously the threat and set a few assumptions under which the problem is still solvable, before showing meaningful attacks against the original Honeywords System. Then we elicit a fundamental security requirement, implementing which, we are able to restore the honeywords System’s security despite a corrupted login service. We verify the new protocol’s security formally, using ProVerif for this task. We also implement the protocol and test its performance. Finally, at the light of our findings, we discuss whether it is still worth using a fixed honeywords-based system against such a powerful threat, or whether it is better, in order to be resilient against code corruption attacks, to design afresh a completely different password-based authentication solution. [less ▲]Detailed reference viewed: 273 (41 UL) Next Generation Cryptographic RansomwareGenç, Ziya Alper ; Lenzini, Gabriele ; Ryan, Peter in Secure IT Systems: 23rd Nordic Conference, NordSec 2018, Oslo, Norway, November 28-30, 2018, Proceedings (2018)We are assisting at an evolution in the ecosystem of cryptoware - the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by ... [more ▼]We are assisting at an evolution in the ecosystem of cryptoware - the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by older versions; incident reports suggest that forthcoming ransomware will be more sophisticated, disruptive, and targeted. Can we anticipate how such future generations of ransomware will work in order to start planning on how to stop them? We argue that among them there will be some which will try to defeat current anti-ransomware; thus, we can speculate over their working principle by studying the weak points in the strategies that seven of the most advanced anti-ransomware are currently implementing. We support our speculations with experiments, proving at the same time that those weak points are in fact vulnerabilities and that the future ransomware that we have imagined can be effective. [less ▲]Detailed reference viewed: 76 (6 UL) No Random, No Ransom: A Key to Stop Cryptographic RansomwareGenç, Ziya Alper ; Lenzini, Gabriele ; Ryan, Peter in Giuffrida, Cristiano; Bardin, Sébastien; Blanc, Gregory (Eds.) Proceedings of the 15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2018) (2018)To be effective, ransomware has to implement strong encryption, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo ... [more ▼]To be effective, ransomware has to implement strong encryption, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo random number generators that modern Operating Systems make available to applications. With this insight, we propose a strategy to mitigate ransomware attacks that considers pseudo random number generator functions as critical resources, controls accesses on their APIs and stops unauthorized applications that call them. Our strategy, tested against 524 active real-world ransomware samples, stops 94% of them, including WannaCry, Locky, CryptoLocker and CryptoWall. Remarkably, it also nullifies NotPetya, the latest offspring of the family which so far has eluded all defenses. [less ▲]Detailed reference viewed: 361 (21 UL) Security Analysis of Key Acquiring Strategies Used by Cryptographic RansomwareGenç, Ziya Alper ; Lenzini, Gabriele ; Ryan, Peter in Advances in Cybersecurity 2018 (2018)To achieve its goals, ransomware needs to employ strong encryption, which in turn requires access to high-grade encryption keys. Over the evolution of ransomware, various techniques have been observed to ... [more ▼]To achieve its goals, ransomware needs to employ strong encryption, which in turn requires access to high-grade encryption keys. Over the evolution of ransomware, various techniques have been observed to accomplish the latter. Understanding the advantages and disadvantages of each method is essential to develop robust defense strategies. In this paper we explain the techniques used by ransomware to derive encryption keys and analyze the security of each approach. We argue that recovery of data might be possible if the ransomware cannot access high entropy randomness sources. As an evidence to support our theoretical results, we provide a decryptor program for a previously undefeated ransomware. [less ▲]Detailed reference viewed: 110 (11 UL) Security in the Shell : An Optical Physical Unclonable Function made of Shells of Cholesteric Liquid CrystalsLenzini, Gabriele ; Samir, Ouchani; Roenne, Peter et alin Proc. of the 9th IEEE Workshop on Information Forensics and Security (2017, October 02)We describe the application in security of shells of Cholesteric Liquid Crystals (ChLCs). Such shells have a diameter in the microns range and can be gathered in hundreds in a surface area as small as a ... [more ▼]We describe the application in security of shells of Cholesteric Liquid Crystals (ChLCs). Such shells have a diameter in the microns range and can be gathered in hundreds in a surface area as small as a nail’s head. Because of their structural properties, a bundle of them reflects light, creating colorful patterns that we argue to be unique and computationally hard to predict. We argue also that the bundle itself is unclonable. These are typical properties of Physically Unclonable Functions, a family to which shells of ChLCs belong too. Herein we discuss their physical and security properties and their potential use in object authentication. [less ▲]Detailed reference viewed: 224 (25 UL) Deniability in Quantum CryptographyAtashpendar, Arash ; Roenne, Peter ; Ostrev, Dimiter et alPoster (2017, June 14)This poster describes ongoing work on deniability in quantum cryptography, an area of research that remains almost entirely unexplored in the quantum information processing literature. Deniability is a ... [more ▼]This poster describes ongoing work on deniability in quantum cryptography, an area of research that remains almost entirely unexplored in the quantum information processing literature. Deniability is a well-known and fundamental concept in classical cryptography and it can be defined as the ability for the sender of a message to deny the contents of a message or the very act of having participated in an exchange, e.g. having sent the said message. We discuss deniability in the context of quantum key exchange and address a particular problem, first discovered by Donald Beaver, where he claims that all QKD protocols are undeniable. The claim is that while we do get a one-time pad (OTP) using QKD, it does not provide the property of key equivocation as it is expected in the Shannon sense for a OTP. Intuitively, this difficulty lies in the quantum channel alone and it has to do with the fact that in QKD, while we generate entropy by expanding an initially short pre-shared key into an arbitrary longer secret key, we do so by exchanging information over a quantum as well as a classical channel, which could potentially leave a binding transcript of Alice's decisions to the final secret key. This is in contrast with the implicit assumption that Eve knows nothing about how two given parties have established their shared OTP in the first place. We discuss the importance of deniability in cryptography and its wide range of applications, along with cryptographic primitives other than key exchange where deniability might be a desired property. Finally, we present a series of fundamental open questions in this area of research and discuss quantum cryptographic primitives that lend themselves to devising deniable protocols. [less ▲]Detailed reference viewed: 212 (20 UL) Trustworthy exams without trusted partiesBella, Giampaolo; Giustolisi, Rosario; Lenzini, Gabriele et alin Computer and Security (2017), 67Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam ... [more ▼]Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam scandals confirm, also invigilators and authorities may pose security threats. The introduction of computers into the different phases of an exam, such as candidate registration, brings new security issues that should be addressed with the care normally devoted to security protocols. This paper proposes a protocol that meets a wide set of security requirements and resists threats that may originate from candidates as well as from exam administrators. By relying on a combination of oblivious transfer and visual cryptography schemes, the protocol does not need to rely on any trusted third party. We analyse the protocol formally in ProVerif and prove that it verifies all the stated security requirements. [less ▲]Detailed reference viewed: 108 (5 UL) Using Selene to Verify your Vote in JCJIovino, Vincenzo ; Rial Duran, Alfredo ; Roenne, Peter et alin Workshop on Advances in Secure Electronic Voting (VOTING'17) (2017, April 07)Detailed reference viewed: 157 (28 UL) 1 2 3