53,287 research outputs found
Simulatable security for quantum protocols
The notion of simulatable security (reactive simulatability, universal
composability) is a powerful tool for allowing the modular design of
cryptographic protocols (composition of protocols) and showing the security of
a given protocol embedded in a larger one. Recently, these methods have
received much attention in the quantum cryptographic community.
We give a short introduction to simulatable security in general and proceed
by sketching the many different definitional choices together with their
advantages and disadvantages.
Based on the reactive simulatability modelling of Backes, Pfitzmann and
Waidner we then develop a quantum security model. By following the BPW
modelling as closely as possible, we show that composable quantum security
definitions for quantum protocols can strongly profit from their classical
counterparts, since most of the definitional choices in the modelling are
independent of the underlying machine model.
In particular, we give a proof for the simple composition theorem in our
framework.Comment: Added proof of combination lemma; added comparison to the model of
Ben-Or, Mayers; minor correction
Bounded-Leakage Differential Privacy
We introduce and study a relaxation of differential privacy [Dwork et al., 2006] that accounts for mechanisms that leak some additional, bounded information about the database. We apply this notion to reason about two distinct settings where the notion of differential privacy is of limited use. First, we consider cases, such as in the 2020 US Census [Abowd, 2018], in which some information about the database is released exactly or with small noise. Second, we consider the accumulation of privacy harms for an individual across studies that may not even include the data of this individual. The tools that we develop for bounded-leakage differential privacy allow us reason about privacy loss in these settings, and to show that individuals preserve some meaningful protections
Markov modeling of moving target defense games
We introduce a Markov-model-based framework for Moving Target Defense (MTD) analysis. The framework allows modeling of broad range of MTD strategies, provides general theorems about how the probability of a successful adversary defeating an MTD strategy is related to the amount of time/cost spent by the adversary, and shows how a multi-level composition of MTD strategies can be analyzed by a straightforward combination of the analysis for each one of these strategies. Within the proposed framework we define the concept of security capacity which measures the strength or effectiveness of an MTD strategy: the security capacity depends on MTD specific parameters and more general system parameters. We apply our framework to two concrete MTD strategies
Unforgeable Quantum Encryption
We study the problem of encrypting and authenticating quantum data in the
presence of adversaries making adaptive chosen plaintext and chosen ciphertext
queries. Classically, security games use string copying and comparison to
detect adversarial cheating in such scenarios. Quantumly, this approach would
violate no-cloning. We develop new techniques to overcome this problem: we use
entanglement to detect cheating, and rely on recent results for characterizing
quantum encryption schemes. We give definitions for (i.) ciphertext
unforgeability , (ii.) indistinguishability under adaptive chosen-ciphertext
attack, and (iii.) authenticated encryption. The restriction of each definition
to the classical setting is at least as strong as the corresponding classical
notion: (i) implies INT-CTXT, (ii) implies IND-CCA2, and (iii) implies AE. All
of our new notions also imply QIND-CPA privacy. Combining one-time
authentication and classical pseudorandomness, we construct schemes for each of
these new quantum security notions, and provide several separation examples.
Along the way, we also give a new definition of one-time quantum authentication
which, unlike all previous approaches, authenticates ciphertexts rather than
plaintexts.Comment: 22+2 pages, 1 figure. v3: error in the definition of QIND-CCA2 fixed,
some proofs related to QIND-CCA2 clarifie
Parallel Monitors for Self-adaptive Sessions
The paper presents a data-driven model of self-adaptivity for multiparty
sessions. System choreography is prescribed by a global type. Participants are
incarnated by processes associated with monitors, which control their
behaviour. Each participant can access and modify a set of global data, which
are able to trigger adaptations in the presence of critical changes of values.
The use of the parallel composition for building global types, monitors and
processes enables a significant degree of flexibility: an adaptation step can
dynamically reconfigure a set of participants only, without altering the
remaining participants, even if the two groups communicate.Comment: In Proceedings PLACES 2016, arXiv:1606.0540
Self-Adaptation and Secure Information Flow in Multiparty Structured Communications: A Unified Perspective
We present initial results on a comprehensive model of structured
communications, in which self- adaptation and security concerns are jointly
addressed. More specifically, we propose a model of self-adaptive, multiparty
communications with secure information flow guarantees. In this model, security
violations occur when processes attempt to read or write messages of
inappropriate security levels within directed exchanges. Such violations
trigger adaptation mechanisms that prevent the violations to occur and/or to
propagate their effect in the choreography. Our model is equipped with local
and global mechanisms for reacting to security violations; type soundness
results ensure that global protocols are still correctly executed, while the
system adapts itself to preserve security.Comment: In Proceedings BEAT 2014, arXiv:1408.556
- …