704 research outputs found
LIPIcs, Volume 251, ITCS 2023, Complete Volume
LIPIcs, Volume 251, ITCS 2023, Complete Volum
Threshold Encrypted Mempools: Limitations and Considerations
Encrypted mempools are a class of solutions aimed at preventing or reducing
negative externalities of MEV extraction using cryptographic privacy. Mempool
encryption aims to hide information related to pending transactions until a
block including the transactions is committed, targeting the prevention of
frontrunning and similar behaviour. Among the various methods of encryption,
threshold schemes are particularly interesting for the design of MEV mitigation
mechanisms, as their distributed nature and minimal hardware requirements
harmonize with a broader goal of decentralization.
This work looks beyond the formal and technical cryptographic aspects of
threshold encryption schemes to focus on the market and incentive implications
of implementing encrypted mempools as MEV mitigation techniques. In particular,
this paper argues that the deployment of such protocols without proper
consideration and understanding of market impact invites several undesired
outcomes, with the ultimate goal of stimulating further analysis of this class
of solutions outside of pure cryptograhic considerations. Included in the paper
is an overview of a series of problems, various candidate solutions in the form
of mempool encryption techniques with a focus on threshold encryption,
potential drawbacks to these solutions, and Osmosis as a case study. The paper
targets a broad audience and remains agnostic to blockchain design where
possible while drawing from mostly financial examples
Evaluation Methodologies in Software Protection Research
Man-at-the-end (MATE) attackers have full control over the system on which
the attacked software runs, and try to break the confidentiality or integrity
of assets embedded in the software. Both companies and malware authors want to
prevent such attacks. This has driven an arms race between attackers and
defenders, resulting in a plethora of different protection and analysis
methods. However, it remains difficult to measure the strength of protections
because MATE attackers can reach their goals in many different ways and a
universally accepted evaluation methodology does not exist. This survey
systematically reviews the evaluation methodologies of papers on obfuscation, a
major class of protections against MATE attacks. For 572 papers, we collected
113 aspects of their evaluation methodologies, ranging from sample set types
and sizes, over sample treatment, to performed measurements. We provide
detailed insights into how the academic state of the art evaluates both the
protections and analyses thereon. In summary, there is a clear need for better
evaluation methodologies. We identify nine challenges for software protection
evaluations, which represent threats to the validity, reproducibility, and
interpretation of research results in the context of MATE attacks
PERSONALIZED POINT OF INTEREST RECOMMENDATIONS WITH PRIVACY-PRESERVING TECHNIQUES
Location-based services (LBS) have become increasingly popular, with millions of people using mobile devices to access information about nearby points of interest (POIs). Personalized POI recommender systems have been developed to assist users in discovering and navigating these POIs. However, these systems typically require large amounts of user data, including location history and preferences, to provide personalized recommendations.
The collection and use of such data can pose significant privacy concerns. This dissertation proposes a privacy-preserving approach to POI recommendations that address these privacy concerns. The proposed approach uses clustering, tabular generative adversarial networks, and differential privacy to generate synthetic user data, allowing for personalized recommendations without revealing individual user data. Specifically, the approach clusters users based on their fuzzy locations, generates synthetic user data using a tabular generative adversarial network and perturbs user data with differential privacy before it is used for recommendation.
The proposed approaches achieve well-balanced trade-offs between accuracy and privacy preservation and can be applied to different recommender systems. The approach is evaluated through extensive experiments on real-world POI datasets, demonstrating that it is effective in providing personalized recommendations while preserving user privacy. The results show that the proposed approach achieves comparable accuracy to traditional POI recommender systems that do not consider privacy while providing significant privacy guarantees for users.
The research\u27s contribution is twofold: it compares different methods for synthesizing user data specifically for POI recommender systems and offers a general privacy-preserving framework for different recommender systems. The proposed approach provides a novel solution to the privacy concerns of POI recommender systems, contributes to the development of more trustworthy and user-friendly LBS applications, and can enhance the trust of users in these systems
Cybersecurity applications of Blockchain technologies
With the increase in connectivity, the popularization of cloud services, and the rise
of the Internet of Things (IoT), decentralized approaches for trust management
are gaining momentum. Since blockchain technologies provide a distributed ledger,
they are receiving massive attention from the research community in different application
fields. However, this technology does not provide cybersecurity by itself.
Thus, this thesis first aims to provide a comprehensive review of techniques and
elements that have been proposed to achieve cybersecurity in blockchain-based systems.
The analysis is intended to target area researchers, cybersecurity specialists
and blockchain developers. We present a series of lessons learned as well. One of
them is the rise of Ethereum as one of the most used technologies.
Furthermore, some intrinsic characteristics of the blockchain, like permanent
availability and immutability made it interesting for other ends, namely as covert
channels and malicious purposes.
On the one hand, the use of blockchains by malwares has not been characterized
yet. Therefore, this thesis also analyzes the current state of the art in this area. One
of the lessons learned is that covert communications have received little attention.
On the other hand, although previous works have analyzed the feasibility of
covert channels in a particular blockchain technology called Bitcoin, no previous
work has explored the use of Ethereum to establish a covert channel considering all
transaction fields and smart contracts.
To foster further defence-oriented research, two novel mechanisms are presented
on this thesis. First, Zephyrus takes advantage of all Ethereum fields and smartcontract
bytecode. Second, Smart-Zephyrus is built to complement Zephyrus by
leveraging smart contracts written in Solidity. We also assess the mechanisms feasibility
and cost. Our experiments show that Zephyrus, in the best case, can embed
40 Kbits in 0.57 s. for US 1.82 per bit), the provided stealthiness might be worth the price for attackers. Furthermore,
these two mechanisms can be combined to increase capacity and reduce
costs.Debido al aumento de la conectividad, la popularización de los servicios en la nube
y el auge del Internet de las cosas (IoT), los enfoques descentralizados para la
gestión de la confianza están cobrando impulso. Dado que las tecnologÃas de cadena
de bloques (blockchain) proporcionan un archivo distribuido, están recibiendo
una atención masiva por parte de la comunidad investigadora en diferentes campos
de aplicación. Sin embargo, esta tecnologÃa no proporciona ciberseguridad por sÃ
misma. Por lo tanto, esta tesis tiene como primer objetivo proporcionar una revisión
exhaustiva de las técnicas y elementos que se han propuesto para lograr la ciberseguridad
en los sistemas basados en blockchain. Este análisis está dirigido a investigadores
del área, especialistas en ciberseguridad y desarrolladores de blockchain. A
su vez, se presentan una serie de lecciones aprendidas, siendo una de ellas el auge
de Ethereum como una de las tecnologÃas más utilizadas.
Asimismo, algunas caracterÃsticas intrÃnsecas de la blockchain, como la disponibilidad
permanente y la inmutabilidad, la hacen interesante para otros fines, concretamente
como canal encubierto y con fines maliciosos.
Por una parte, aún no se ha caracterizado el uso de la blockchain por parte
de malwares. Por ello, esta tesis también analiza el actual estado del arte en este
ámbito. Una de las lecciones aprendidas al analizar los datos es que las comunicaciones
encubiertas han recibido poca atención.
Por otro lado, aunque trabajos anteriores han analizado la viabilidad de los
canales encubiertos en una tecnologÃa blockchain concreta llamada Bitcoin, ningún
trabajo anterior ha explorado el uso de Ethereum para establecer un canal encubierto
considerando todos los campos de transacción y contratos inteligentes.
Con el objetivo de fomentar una mayor investigación orientada a la defensa,
en esta tesis se presentan dos mecanismos novedosos. En primer lugar, Zephyrus
aprovecha todos los campos de Ethereum y el bytecode de los contratos inteligentes.
En segundo lugar, Smart-Zephyrus complementa Zephyrus aprovechando los contratos inteligentes escritos en Solidity. Se evalúa, también, la viabilidad y el coste
de ambos mecanismos. Los resultados muestran que Zephyrus, en el mejor de los
casos, puede ocultar 40 Kbits en 0,57 s. por 1,64 US$, y recuperarlos en 2,8 s.
Smart-Zephyrus, por su parte, es capaz de ocultar un secreto de 4 Kb en 41 s. Si
bien es cierto que es caro (alrededor de 1,82 dólares por bit), el sigilo proporcionado
podrÃa valer la pena para los atacantes. Además, estos dos mecanismos pueden
combinarse para aumentar la capacidad y reducir los costesPrograma de Doctorado en Ciencia y TecnologÃa Informática por la Universidad Carlos III de MadridPresidente: José Manuel Estévez Tapiador.- Secretario: Jorge Blasco AlÃs.- Vocal: Luis Hernández Encina
Incremental Offline/Online PIR (extended version)
Recent private information retrieval (PIR) schemes preprocess the database with a query-independent offline phase in order to achieve sublinear computation during a query-specific online phase. These offline/online protocols expand the set of applications that can profitably use PIR, but they make a critical assumption: that the database is immutable. In the presence of changes such as additions, deletions, or updates, existing schemes must preprocess the database from scratch, wasting prior effort. To address this, we introduce incremental preprocessing for offline/online PIR schemes, allowing the original preprocessing to continue to be used after database changes, while incurring an update cost proportional to the number of changes rather than the size of the database. We adapt two offline/online PIR schemes to use incremental preprocessing and show how it significantly improves the throughput and reduces the latency of applications where the database changes over time
One-out-of-Many Unclonable Cryptography: Definitions, Constructions, and More
The no-cloning principle of quantum mechanics enables us to achieve amazing unclonable cryptographic primitives, which is impossible in classical cryptography. However, the security definitions for unclonable cryptography are tricky. Achieving desirable security notions for unclonability is a challenging task. In particular, there is no indistinguishable-secure unclonable encryption and quantum copy-protection for single-bit output point functions in the standard model. To tackle this problem, we introduce and study relaxed but meaningful security notions for unclonable cryptography in this work. We call the new security notion one-out-of-many unclonable security.
We obtain the following results.
- We show that one-time strong anti-piracy secure secret key single-decryptor encryption (SDE) implies one-out-of-many indistinguishable-secure unclonable encryption.
- We construct a one-time strong anti-piracy secure secret key SDE scheme in the standard model from the LWE assumption.
- We construct one-out-of-many copy-protection for single-bit output point functions from one-out-of-many indistinguishable-secure unclonable encryption and the LWE assumption.
- We construct one-out-of-many unclonable predicate encryption (PE) from one-out-of-many indistinguishable-secure unclonable encryption and the LWE assumption.
Thus, we obtain one-out-of-many indistinguishable-secure unclonable encryption, one-out-of-many copy-protection for single-bit output point functions, and one-out-of-many unclonable PE in the standard model from the LWE assumption. In addition, our one-time SDE scheme is the first SDE scheme that does not rely on any oracle heuristics and strong assumptions such as indistinguishability obfuscation and witness encryption
Piano: Extremely Simple, Single-Server PIR with Sublinear Server Computation
We construct a sublinear-time single-server pre-processing Private Information Retrieval
(PIR) scheme with optimal client storage and server computation (up to poly-logarithmic factors), only relying on the assumption of the existence of One Way Functions (OWF). Our scheme achieves amortized online server computation and client computation and
online communication per query, and requires client storage. Unlike prior single-server PIR schemes that rely on heavy cryptographic machinery such as Homomorphic Encryption, our scheme only utilizes lightweight cryptography such as PRFs, which is easily instantiated in practice. To our knowledge, this is the first practical implementation of a single-server sublinear-time PIR scheme.
Compared to existing linear time single-server solutions, our schemes are faster by and are comparable to the fastest two-server schemes. In particular, for a 100GB database of 1.6 billion entries, our experiments show that our scheme has less than 40ms online computation time on a single core
Towards a Peaceful Development of Cyberspace - Challenges and Technical Measures for the De-escalation of State-led Cyberconflicts and Arms Control of Cyberweapons
Cyberspace, already a few decades old, has become a matter of course for most of us, part of our everyday life. At the same time, this space and the global infrastructure behind it are essential for our civilizations, the economy and administration, and thus an essential expression and lifeline of a globalized world. However, these developments also create vulnerabilities and thus, cyberspace is increasingly developing into an intelligence and military operational area – for the defense and security of states but also as a component of offensive military planning, visible in the creation of military cyber-departments and the integration of cyberspace into states' security and defense strategies. In order to contain and regulate the conflict and escalation potential of technology used by military forces, over the last decades, a complex tool set of transparency, de-escalation and arms control measures has been developed and proof-tested. Unfortunately, many of these established measures do not work for cyberspace due to its specific technical characteristics. Even more, the concept of what constitutes a weapon – an essential requirement for regulation – starts to blur for this domain. Against this background, this thesis aims to answer how measures for the de-escalation of state-led conflicts in cyberspace and arms control of cyberweapons can be developed. In order to answer this question, the dissertation takes a specifically technical perspective on these problems and the underlying political challenges of state behavior and international humanitarian law in cyberspace to identify starting points for technical measures of transparency, arms control and verification. Based on this approach of adopting already existing technical measures from other fields of computer science, the thesis will provide proof of concepts approaches for some mentioned challenges like a classification system for cyberweapons that is based on technical measurable features, an approach for the mutual reduction of vulnerability stockpiles and an approach to plausibly assure the non-involvement in a cyberconflict as a measure for de-escalation. All these initial approaches and the questions of how and by which measures arms control and conflict reduction can work for cyberspace are still quite new and subject to not too many debates. Indeed, the approach of deliberately self-restricting the capabilities of technology in order to serve a bigger goal, like the reduction of its destructive usage, is yet not very common for the engineering thinking of computer science. Therefore, this dissertation also aims to provide some impulses regarding the responsibility and creative options of computer science with a view to the peaceful development and use of cyberspace
Adversarial Robustness in Unsupervised Machine Learning: A Systematic Review
As the adoption of machine learning models increases, ensuring robust models
against adversarial attacks is increasingly important. With unsupervised
machine learning gaining more attention, ensuring it is robust against attacks
is vital. This paper conducts a systematic literature review on the robustness
of unsupervised learning, collecting 86 papers. Our results show that most
research focuses on privacy attacks, which have effective defenses; however,
many attacks lack effective and general defensive measures. Based on the
results, we formulate a model on the properties of an attack on unsupervised
learning, contributing to future research by providing a model to use.Comment: 38 pages, 11 figure
- …