40,240 research outputs found
Directed Multicut with linearly ordered terminals
Motivated by an application in network security, we investigate the following
"linear" case of Directed Mutlicut. Let be a directed graph which includes
some distinguished vertices . What is the size of the
smallest edge cut which eliminates all paths from to for all ? We show that this problem is fixed-parameter tractable when parametrized in
the cutset size via an algorithm running in time.Comment: 12 pages, 1 figur
Implementing a Unification Algorithm for Protocol Analysis with XOR
In this paper, we propose a unification algorithm for the theory which
combines unification algorithms for E\_{\std} and E\_{\ACUN} (ACUN
properties, like XOR) but compared to the more general combination methods uses
specific properties of the equational theories for further optimizations. Our
optimizations drastically reduce the number of non-deterministic choices, in
particular those for variable identification and linear orderings. This is
important for reducing both the runtime of the unification algorithm and the
number of unifiers in the complete set of unifiers. We emphasize that obtaining
a ``small'' set of unifiers is essential for the efficiency of the constraint
solving procedure within which the unification algorithm is used. The method is
implemented in the CL-Atse tool for security protocol analysis
Worst case QC-MDPC decoder for McEliece cryptosystem
McEliece encryption scheme which enjoys relatively small key sizes as well as
a security reduction to hard problems of coding theory. Furthermore, it remains
secure against a quantum adversary and is very well suited to low cost
implementations on embedded devices.
Decoding MDPC codes is achieved with the (iterative) bit flipping algorithm,
as for LDPC codes. Variable time decoders might leak some information on the
code structure (that is on the sparse parity check equations) and must be
avoided. A constant time decoder is easy to emulate, but its running time
depends on the worst case rather than on the average case. So far
implementations were focused on minimizing the average cost. We show that the
tuning of the algorithm is not the same to reduce the maximal number of
iterations as for reducing the average cost. This provides some indications on
how to engineer the QC-MDPC-McEliece scheme to resist a timing side-channel
attack.Comment: 5 pages, conference ISIT 201
Optimizing Utility-Energy Efficiency for the Metaverse over Wireless Networks under Physical Layer Security
The Metaverse, an emerging digital space, is expected to offer various
services mirroring the real world. Wireless communications for mobile Metaverse
users should be tailored to meet the following user characteristics: 1)
emphasizing application-specific perceptual utility instead of simply the
transmission rate, 2) concerned with energy efficiency due to the limited
device battery and energy intensiveness of some applications, and 3) caring
about security as the applications may involve sensitive personal data. To this
end, this paper incorporates application-specific utility, energy efficiency,
and physical-layer security (PLS) into the studied optimization in a wireless
network for the Metaverse. Specifically, after introducing utility-energy
efficiency (UEE) to represent each Metaverse user's application-specific
objective under PLS, we formulate an optimization to maximize the network's
weighted sum-UEE by deciding users' transmission powers and communication
bandwidths. The formulated problem belongs to the sum-of-ratios optimization,
for which prior studies have demonstrated its difficulty. Nevertheless, our
proposed algorithm 1) obtains the global optimum for the weighted sum-UEE
optimization, via a transform to parametric convex optimization problems, 2)
applies to any utility function which is concave, increasing, and twice
differentiable, and 3) achieves a linear time complexity in the number of users
(the optimal complexity in the order sense). Simulations confirm the
superiority of our algorithm over other approaches. We explain that our
technique for solving the sum-of-ratios optimization is applicable to other
optimization problems in wireless networks and mobile computing
Compiling and securing cryptographic protocols
Protocol narrations are widely used in security as semi-formal notations to
specify conversations between roles. We define a translation from a protocol
narration to the sequences of operations to be performed by each role. Unlike
previous works, we reduce this compilation process to well-known decision
problems in formal protocol analysis. This allows one to define a natural
notion of prudent translation and to reuse many known results from the
literature in order to cover more crypto-primitives. In particular this work is
the first one to show how to compile protocols parameterised by the properties
of the available operations.Comment: A short version was submitted to IP
Flow Logic
Flow networks have attracted a lot of research in computer science. Indeed,
many questions in numerous application areas can be reduced to questions about
flow networks. Many of these applications would benefit from a framework in
which one can formally reason about properties of flow networks that go beyond
their maximal flow. We introduce Flow Logics: modal logics that treat flow
functions as explicit first-order objects and enable the specification of rich
properties of flow networks. The syntax of our logic BFL* (Branching Flow
Logic) is similar to the syntax of the temporal logic CTL*, except that atomic
assertions may be flow propositions, like or , for
, which refer to the value of the flow in a vertex, and
that first-order quantification can be applied both to paths and to flow
functions. We present an exhaustive study of the theoretical and practical
aspects of BFL*, as well as extensions and fragments of it. Our extensions
include flow quantifications that range over non-integral flow functions or
over maximal flow functions, path quantification that ranges over paths along
which non-zero flow travels, past operators, and first-order quantification of
flow values. We focus on the model-checking problem and show that it is
PSPACE-complete, as it is for CTL*. Handling of flow quantifiers, however,
increases the complexity in terms of the network to , even
for the LFL and BFL fragments, which are the flow-counterparts of LTL and CTL.
We are still able to point to a useful fragment of BFL* for which the
model-checking problem can be solved in polynomial time. Finally, we introduce
and study the query-checking problem for BFL*, where under-specified BFL*
formulas are used for network exploration
The problem with the SURF scheme
There is a serious problem with one of the assumptions made in the security
proof of the SURF scheme. This problem turns out to be easy in the regime of
parameters needed for the SURF scheme to work.
We give afterwards the old version of the paper for the reader's convenience.Comment: Warning : we found a serious problem in the security proof of the
SURF scheme. We explain this problem here and give the old version of the
paper afterward
A decidable policy language for history-based transaction monitoring
Online trading invariably involves dealings between strangers, so it is
important for one party to be able to judge objectively the trustworthiness of
the other. In such a setting, the decision to trust a user may sensibly be
based on that user's past behaviour. We introduce a specification language
based on linear temporal logic for expressing a policy for categorising the
behaviour patterns of a user depending on its transaction history. We also
present an algorithm for checking whether the transaction history obeys the
stated policy. To be useful in a real setting, such a language should allow one
to express realistic policies which may involve parameter quantification and
quantitative or statistical patterns. We introduce several extensions of linear
temporal logic to cater for such needs: a restricted form of universal and
existential quantification; arbitrary computable functions and relations in the
term language; and a "counting" quantifier for counting how many times a
formula holds in the past. We then show that model checking a transaction
history against a policy, which we call the history-based transaction
monitoring problem, is PSPACE-complete in the size of the policy formula and
the length of the history. The problem becomes decidable in polynomial time
when the policies are fixed. We also consider the problem of transaction
monitoring in the case where not all the parameters of actions are observable.
We formulate two such "partial observability" monitoring problems, and show
their decidability under certain restrictions
- âŠ