Centralized vs Decentralized Multi-Agent Guesswork

We study a notion of guesswork, where multiple agents intend to launch a coordinated brute-force attack to find a single binary secret string, and each agent has access to side information generated through either a BEC or a BSC. The average number of trials required to find the secret string grows exponentially with the length of the string, and the rate of the growth is called the guesswork exponent. We compute the guesswork exponent for several multi-agent attacks. We show that a multi-agent attack reduces the guesswork exponent compared to a single agent, even when the agents do not exchange information to coordinate their attack, and try to individually guess the secret string using a predetermined scheme in a decentralized fashion. Further, we show that the guesswork exponent of two agents who do coordinate their attack is strictly smaller than that of any finite number of agents individually performing decentralized guesswork.Comment: Accepted at IEEE International Symposium on Information Theory (ISIT) 201

Why Botnets Work: Distributed Brute-Force Attacks Need No Synchronization

In September 2017, McAffee Labs quarterly report estimated that brute force attacks represent 20\% of total network attacks, making them the most prevalent type of attack ex-aequo with browser based vulnerabilities. These attacks have sometimes catastrophic consequences, and understanding their fundamental limits may play an important role in the risk assessment of password-secured systems, and in the design of better security protocols. While some solutions exist to prevent online brute-force attacks that arise from one single IP address, attacks performed by botnets are more challenging. In this paper, we analyze these distributed attacks by using a simplified model. Our aim is to understand the impact of distribution and asynchronization on the overall computational effort necessary to breach a system. Our result is based on Guesswork, a measure of the number of queries (guesses) required of an adversary before a correct sequence, such as a password, is found in an optimal attack. Guesswork is a direct surrogate for time and computational effort of guessing a sequence from a set of sequences with associated likelihoods. We model the lack of synchronization by a worst-case optimization in which the queries made by multiple adversarial agents are received in the worst possible order for the adversary, resulting in a min-max formulation. We show that, even without synchronization, and for sequences of growing length, the asymptotic optimal performance is achievable by using randomized guesses drawn from an appropriate distribution. Therefore, randomization is key for distributed asynchronous attacks. In other words, asynchronous guessers can asymptotically perform brute-force attacks as efficiently as synchronized guessers.Comment: Accepted to IEEE Transactions on Information Forensics and Securit

Let's Sketch in 360º: spherical perspectives for virtual reality panoramas

Conferência realizada em Stockholm, Sweden de 25–29 julho de 2018In this workshop we will learn how to draw a 360-degree view of our environment using spherical perspective, and how to visualize these drawings as immersive panoramas by uploading them to virtual reality platforms that provide an interactive visualization of a 3D reconstruction of the original scene. We shall show how to construct these drawing in a simple way, using ruler and compass constructions, facilitated by adequate gridding that takes advantage of the symmetry groups of these spherical perspectives. We will consider two spherical perspectives: equirectangular and azimuthal equidistant, with a focus on the former due to its seamless integration with visualization software readily available on social networks. We will stress the relationship between these panoramas and the notion of spherical anamorphosis.info:eu-repo/semantics/publishedVersio

Conceptually driven and visually rich tasks in texts and teaching practice: the case of infinite series

The study we report here examines parts of what Chevallard calls the institutional dimension of the students’ learning experience of a relatively under-researched, yet crucial, concept in Analysis, the concept of infinite series. In particular, we examine how the concept is introduced to students in texts and in teaching practice. To this purpose, we employ Duval's Theory of Registers of Semiotic Representation towards the analysis of 22 texts used in Canada and UK post-compulsory courses. We also draw on interviews with in-service teachers and university lecturers in order to discuss briefly teaching practice and some of their teaching suggestions. Our analysis of the texts highlights that the presentation of the concept is largely a-historical, with few graphical representations, few opportunities to work across different registers (algebraic, graphical, verbal), few applications or intra-mathematical references to the concept's significance and few conceptually driven tasks that go beyond practising with the application of convergence tests and prepare students for the complex topics in which the concept of series is implicated. Our preliminary analysis of the teacher interviews suggests that pedagogical practice often reflects the tendencies in the texts. Furthermore, the interviews with the university lecturers point at the pedagogical potential of: illustrative examples and evocative visual representations in teaching; and, student engagement with systematic guesswork and writing explanatory accounts of their choices and applications of convergence tests

Integration of the Friedmann equation for universes of arbitrary complexity

An explicit and complete set of constants of the motion are constructed algorithmically for Friedmann-Lema\^{i}tre-Robertson-Walker (FLRW) models consisting of an arbitrary number of non-interacting species. The inheritance of constants of the motion from simpler models as more species are added is stressed. It is then argued that all FLRW models admit what amounts to a unique candidate for a gravitational epoch function (a dimensionless scalar invariant derivable from the Riemann tensor without differentiation which is monotone throughout the evolution of the universe). The same relations that lead to the construction of constants of the motion allow an explicit evaluation of this function. In the simplest of all models, the $\Lambda$CDM model, it is shown that the epoch function exists for all models with $\Lambda > 0$, but for almost no models with $\Lambda \leq 0$.Comment: Final form to appear in Physical Review D1

Why Botnets Work: Distributed Brute-Force Attacks Need No Synchronization

In September 2017, McAffee Labs quarterly report estimated that brute force attacks represent 20% of total network attacks, making them the most prevalent type of attack ex-aequo with browser based vulnerabilities. These attacks have sometimes catastrophic consequences, and understanding their fundamental limits may play an important role in the risk assessment of password-secured systems, and in the design of better security protocols. While some solutions exist to prevent online brute-force attacks that arise from one single IP address, attacks performed by botnets are more challenging. In this paper, we analyze these distributed attacks by using a simplified model. Our aim is to understand the impact of distribution and asynchronization on the overall computational effort necessary to breach a system. Our result is based on Guesswork, a measure of the number of password queries (guesses) before the correct one is found in an optimal attack, which is a direct surrogate for the time and the computational effort. We model the lack of synchronization by a worst-case optimization in which the queries are received in the worst possible order, resulting in a min-max formulation. We show that even without synchronization and for sequences of growing length, the asymptotic optimal performance is achievable by using randomized guesses drawn from an appropriate distribution. Therefore, randomization is key for distributed asynchronous attacks. In other words, asynchronous guessers can asymptotically perform brute-force attacks as efficiently as synchronized guessers.Comment: 13 pages, 4 figure