Predictable arguments of knowledge

We initiate a formal investigation on the power of predictability for argument of knowledge systems for NP. Specifically, we consider private-coin argument systems where the answer of the prover can be predicted, given the private randomness of the verifier; we call such protocols Predictable Arguments of Knowledge (PAoK). Our study encompasses a full characterization of PAoK, showing that such arguments can be made extremely laconic, with the prover sending a single bit, and assumed to have only one round (i.e., two messages) of communication without loss of generality. We additionally explore PAoK satisfying additional properties (including zero-knowledge and the possibility of re-using the same challenge across multiple executions with the prover), present several constructions of PAoK relying on different cryptographic tools, and discuss applications to cryptography

Do not trust me: Using malicious IdPs for analyzing and attacking Single Sign-On

Single Sign-On (SSO) systems simplify login procedures by using an an Identity Provider (IdP) to issue authentication tokens which can be consumed by Service Providers (SPs). Traditionally, IdPs are modeled as trusted third parties. This is reasonable for SSO systems like Kerberos, MS Passport and SAML, where each SP explicitely specifies which IdP he trusts. However, in open systems like OpenID and OpenID Connect, each user may set up his own IdP, and a discovery phase is added to the protocol flow. Thus it is easy for an attacker to set up its own IdP. In this paper we use a novel approach for analyzing SSO authentication schemes by introducing a malicious IdP. With this approach we evaluate one of the most popular and widely deployed SSO protocols - OpenID. We found four novel attack classes on OpenID, which were not covered by previous research, and show their applicability to real-life implementations. As a result, we were able to compromise 11 out of 16 existing OpenID implementations like Sourceforge, Drupal and ownCloud. We automated discovery of these attacks in a open source tool OpenID Attacker, which additionally allows fine-granular testing of all parameters in OpenID implementations. Our research helps to better understand the message flow in the OpenID protocol, trust assumptions in the different components of the system, and implementation issues in OpenID components. It is applicable to other SSO systems like OpenID Connect and SAML. All OpenID implementations have been informed about their vulnerabilities and we supported them in fixing the issues

Coordinated Multi-Agent Imitation Learning

We study the problem of imitation learning from demonstrations of multiple coordinating agents. One key challenge in this setting is that learning a good model of coordination can be difficult, since coordination is often implicit in the demonstrations and must be inferred as a latent variable. We propose a joint approach that simultaneously learns a latent coordination model along with the individual policies. In particular, our method integrates unsupervised structure learning with conventional imitation learning. We illustrate the power of our approach on a difficult problem of learning multiple policies for fine-grained behavior modeling in team sports, where different players occupy different roles in the coordinated team strategy. We show that having a coordination model to infer the roles of players yields substantially improved imitation loss compared to conventional baselines.Comment: International Conference on Machine Learning 201

String Creation, D-branes and Effective Field Theory

This paper addresses several unsettled issues associated with string creation in systems of orthogonal Dp-D(8-p) branes. The interaction between the branes can be understood either from the closed string or open string picture. In the closed string picture it has been noted that the DBI action fails to capture an extra RR exchange between the branes. We demonstrate how this problem persists upon lifting to M-theory. These D-brane systems are analysed in the closed string picture by using gauge-fixed boundary states in a non-standard lightcone gauge, in which RR exchange can be analysed precisely. The missing piece in the DBI action also manifests itself in the open string picture as a mismatch between the Coleman-Weinberg potential obtained from the effective field theory and the corresponding open string calculation. We show that this difference can be reconciled by taking into account the superghosts in the (0+1)effective theory of the chiral fermion, that arises from gauge fixing the spontaneously broken world-line local supersymmetries.Comment: 33 page

Light dynamical fermions on the lattice: toward the chiral regime of QCD

Algorithmic and technical progress achieved over the last few years makes QCD simulations with light dynamical quarks much faster than before. As a result lattices with pions as light as 250--300 MeV can be simulated with the present generation of computers. I review recent conceptual and numerical progress in this field, with particular emphasis on results obtained and difficulties encountered in simulations with significantly smaller quark masses with respect to previous computations. I also attempt to compare physical results for pion masses and decay constants available to date in the two-flavour theory with expectations from chiral perturbation theory.Comment: Plenary talk given at XXIVth International Symposium on Lattice Field Theory Lattice2006(plenary), Tucson, Arizona, 23-28 July 2006. Submitted to PoS in October 200

Superspace calculation of the four-loop spectrum in N=6 supersymmetric Chern-Simons theories

Using N=2 superspace techniques we compute the four-loop spectrum of single trace operators in the SU(2) x SU(2) sector of ABJM and ABJ supersymmetric Chern-Simons theories. Our computation yields a four-loop contribution to the function h^2(\lambda) (and its ABJ generalization) in the magnon dispersion relation which has fixed maximum transcendentality and coincides with the findings in components given in the revised versions of arXiv:0908.2463 and arXiv:0912.3460. We also discuss possible scenarios for an all-loop function h^2(\lambda) that interpolates between weak and strong couplings.Comment: LaTeX, feynmp, 34 pages; v2: typos corrected, formulations improved, references adde

Cross-VM Network Channel Attacks and Countermeasures within Cloud Computing Environments

Cloud providers attempt to maintain the highest levels of isolation between Virtual Machines (VMs) and inter-user processes to keep co-located VMs and processes separate. This logical isolation creates an internal virtual network to separate VMs co-residing within a shared physical network. However, as co-residing VMs share their underlying VMM (Virtual Machine Monitor), virtual network, and hardware are susceptible to cross VM attacks. It is possible for a malicious VM to potentially access or control other VMs through network connections, shared memory, other shared resources, or by gaining the privilege level of its non-root machine. This research presents a two novel zero-day cross-VM network channel attacks. In the first attack, a malicious VM can redirect the network traffic of target VMs to a specific destination by impersonating the Virtual Network Interface Controller (VNIC). The malicious VM can extract the decrypted information from target VMs by using open source decryption tools such as Aircrack. The second contribution of this research is a privilege escalation attack in a cross VM cloud environment with Xen hypervisor. An adversary having limited privileges rights may execute Return-Oriented Programming (ROP), establish a connection with the root domain by exploiting the network channel, and acquiring the tool stack (root domain) which it is not authorized to access directly. Countermeasures against this attacks are also presente

XSS-FP: Browser Fingerprinting using HTML Parser Quirks

There are many scenarios in which inferring the type of a client browser is desirable, for instance to fight against session stealing. This is known as browser fingerprinting. This paper presents and evaluates a novel fingerprinting technique to determine the exact nature (browser type and version, eg Firefox 15) of a web-browser, exploiting HTML parser quirks exercised through XSS. Our experiments show that the exact version of a web browser can be determined with 71% of accuracy, and that only 6 tests are sufficient to quickly determine the exact family a web browser belongs to