Naturally Rehearsing Passwords

We introduce quantitative usability and security models to guide the design of password management schemes --- systematic strategies to help users create and remember multiple passwords. In the same way that security proofs in cryptography are based on complexity-theoretic assumptions (e.g., hardness of factoring and discrete logarithm), we quantify usability by introducing usability assumptions. In particular, password management relies on assumptions about human memory, e.g., that a user who follows a particular rehearsal schedule will successfully maintain the corresponding memory. These assumptions are informed by research in cognitive science and validated through empirical studies. Given rehearsal requirements and a user's visitation schedule for each account, we use the total number of extra rehearsals that the user would have to do to remember all of his passwords as a measure of the usability of the password scheme. Our usability model leads us to a key observation: password reuse benefits users not only by reducing the number of passwords that the user has to memorize, but more importantly by increasing the natural rehearsal rate for each password. We also present a security model which accounts for the complexity of password management with multiple accounts and associated threats, including online, offline, and plaintext password leak attacks. Observing that current password management schemes are either insecure or unusable, we present Shared Cues--- a new scheme in which the underlying secret is strategically shared across accounts to ensure that most rehearsal requirements are satisfied naturally while simultaneously providing strong security. The construction uses the Chinese Remainder Theorem to achieve these competing goals

Simultaneous Visual Cryptography

A visual cryptography scheme (VCS), as proposed by M. Naor and A. Shamir, encodes a secret image into n different shares. The scheme ensures that only certain designated combinations of shares can recover the original image, while other combinations yield, in probabilistic sense, no information about the secret image. In this thesis, we show that there exist simultaneous visual cryptography schemes (SVCS), i.e. cryptographic schemes that allow for multiple secret images to be encoded across a set of n shares. The essential part of this research is to derive a set of formal definitions used to construct a valid SVCS and to design and examine different approaches for establishing valid SVCS constructions. In particular, we describe an SVCS that allows encoding n 1 distinct secret images across a set of n shares, and include a program that demonstrates the successful use of this SVCS in the appendix

On Split-State Quantum Tamper Detection and Non-Malleability

Tamper-detection codes (TDCs) and non-malleable codes (NMCs) are now fundamental objects at the intersection of cryptography and coding theory. Both of these primitives represent natural relaxations of error-correcting codes and offer related security guarantees in adversarial settings where error correction is impossible. While in a TDC, the decoder is tasked with either recovering the original message or rejecting it, in an NMC, the decoder is additionally allowed to output a completely unrelated message. In this work, we study quantum analogs of one of the most well-studied adversarial tampering models: the so-called split-state tampering model. In the $t$-split-state model, the codeword (or code-state) is divided into $t$ shares, and each share is tampered with "locally". Previous research has primarily focused on settings where the adversaries' local quantum operations are assisted by an unbounded amount of pre-shared entanglement, while the code remains unentangled, either classical or separable. We construct quantum TDCs and NMCs in several $\textit{resource-restricted}$ analogs of the split-state model, which are provably impossible using just classical codes. In particular, against split-state adversaries restricted to local (unentangled) operations, local operations and classical communication, as well as a "bounded storage model" where they are limited to a finite amount of pre-shared entanglement. We complement our code constructions in two directions. First, we present applications to designing secret sharing schemes, which inherit similar non-malleable and tamper-detection guarantees. Second, we discuss connections between our codes and quantum encryption schemes, which we leverage to prove singleton-type bounds on the capacity of certain families of quantum NMCs in the split-state model

HRM and Performance: What’s Next?

The last decade of empirical research on the added value of human resource management (HRM), also known as the HRM and Performance debate, demonstrates evidence that ‘HRM does matter’ (Huselid, 1995; Guest, Michie, Conway and Sheehan, 2003; Wright, Gardner and Moynihan, 2003). Unfortunately, the relationships are often (statistically) weak and the results ambiguous. This paper reviews and attempts to extend the theoretical and methodological issues in the HRM and performance debate. Our aim is to build an agenda for future research in this area. After a brief overview of achievements to date, we proceed with the theoretical and methodological issues related to what constitutes HRM, what is meant by the concept of performance and what is the nature of the link between these two. In the final section, we make a plea for research designs starting from a multidimensional concept of performance, including the perceptions of employees, and building on the premise of HRM systems as an enabling device for a whole range of strategic options. This implies a reversal of the Strategy-HRM linkage

Input-shrinking functions: theory and application

In this thesis, we contribute to the emerging field of the Leakage-Resilient Cryptography by studying the problem of secure data storage on hardware that may leak information, introducing a new primitive, a leakage-resilient storage, and showing two different constructions of such storage scheme provably secure against a class of leakage functions that can depend only on some restricted part of the memory and against a class of computationally weak leakage functions, e.g. functions computable by small circuits, respectively. Our results come with instantiations and analysis of concrete parameters. Furthermore, as second contribution, we present our implementation in C programming language, using the cryptographic library of the OpenSSL project, of a two-party Authenticated Key Exchange (AKE) protocol, which allows a client and a server, who share a huge secret file, to securely compute a shared key, providing client-to-server authentication, also in the presence of active attackers. Following the work of Cash et al. (TCC 2007), we based our construction on a Weak Key Exchange (WKE) protocol, developed in the BRM, and a Password-based Authenticated Key Exchange (PAKE) protocol secure in the Universally Composable (UC) framework. The WKE protocol showed by Cash et al. uses an explicit construction of averaging sampler, which uses less random bits than the random choice but does not seem to be efficiently implementable in practice. In this thesis, we propose a WKE protocol similar but simpler than that one of Cash et al.: our protocol uses more randomness than the Cash et al.'s one, as it simply uses random choice instead of averaging sampler, but we are able to show an efficient implementation of it. Moreover, we formally adapt the security analysis of the WKE protocol of Cash et al. to our WKE protocol. To complete our AKE protocol, we implement the PAKE protocol showed secure in the UC framework by Abdalla et al. (CT-RSA 2008), which is more efficient than the Canetti et al.'s UC-PAKE protocol (EuroCrypt 2005) used in Cash et al.'s work. In our implementation of the WKE protocol, to achieve small constant communication complexity and amount of randomness, we rely on the Random Oracle (RO) model. However, we would like to note that in our implementation of the AKE protocol we need also a UC-PAKE protocol which already relies on RO, as it is impossible to achieve UC-PAKE in the standard model. In our work we focus not only on the theoretical aspects of the area, providing formal models and proofs, but also on the practical ones, analyzing instantiations, concrete parameters and implementation of the proposed solutions, to contribute to bridge the gap between theory and practice in this field