Fundamental problems in provable security and cryptography

This paper examines methods for formally proving the security of cryptographic schemes. We show that, despite many years of active research, there are fundamental problems which have yet to be solved. We also present a new approach to one of the more controversial aspects of provable security: the random oracle model

Chasing diagrams in cryptography

Cryptography is a theory of secret functions. Category theory is a general theory of functions. Cryptography has reached a stage where its structures often take several pages to define, and its formulas sometimes run from page to page. Category theory has some complicated definitions as well, but one of its specialties is taming the flood of structure. Cryptography seems to be in need of high level methods, whereas category theory always needs concrete applications. So why is there no categorical cryptography? One reason may be that the foundations of modern cryptography are built from probabilistic polynomial-time Turing machines, and category theory does not have a good handle on such things. On the other hand, such foundational problems might be the very reason why cryptographic constructions often resemble low level machine programming. I present some preliminary explorations towards categorical cryptography. It turns out that some of the main security concepts are easily characterized through the categorical technique of *diagram chasing*, which was first used Lambek's seminal `Lecture Notes on Rings and Modules'.Comment: 17 pages, 4 figures; to appear in: 'Categories in Logic, Language and Physics. Festschrift on the occasion of Jim Lambek's 90th birthday', Claudia Casadio, Bob Coecke, Michael Moortgat, and Philip Scott (editors); this version: fixed typos found by kind reader

Machine Learning approach for malware detection using executable files features extraction

A malicious software is generally an executable program which usually settles itself in the system, replicates by copying itself, and has a malicious effect. Modern antivirus systems detect malware by knowing its pattern and detect a new virus quite difficult. There are a lot of heuristic techniques are used for detecting an unknown malware which are usually consume a lot of system memory and CPU resources. This load can be overcome by training a machine learning model which collects features from Portable Executable (PE) file which are used for identifying an unknown virus patterns. A technique to collect these features from PE file is proposed in this paper.Вредоносное ПО, как правило, представляет собой исполняемую программу, которая обычно располага-ется в системе, реплицируется путем копирования и оказывает вредоносное воздействие. Современные анти-вирусные системы обнаруживают вредоносное ПО, зная его паттерн, а обнаруживать новый вирус довольно сложно. Существует множество эвристических методов, используемых для обнаружения неизвестных вредо-носных программ, которые обычно потребляют много системной памяти и ресурсов процессора. Эту нагрузку можно преодолеть путем обучения модели машинного обучения, которая собирает данные из Portable Executable (PE) файла, которые используются для идентификации неизвестных вирусных паттернов. В данной статье предлагается метод сбора этих характеристик из PE-файла

A Brief History of Provably-Secure Public-Key Encryption

Public-key encryption schemes are a useful and interesting field of cryptographic study. The ultimate goal for the cryptographer in the field of public-key encryption would be the production of a very efficient encryption scheme with a proof of security in a strong security model using a weak and reasonable computational assumption. This ultimate goal has yet to be reached. In this invited paper, we survey the major results that have been achieved in the quest to find such a scheme

A Unified Approach to Idealized Model Separations via Indistinguishability Obfuscation

It is well known that the random oracle model is not sound in the sense that there exist cryptographic systems that are secure in the random oracle model but when instantiated by any family of hash functions become insecure. However, all known separation results require the attacker to send an appropriately crafted message to the challenger in order to break security. Thus, this leaves open the possibility that some cryptographic schemes, such as bit-encryption, are still sound in the random oracle model. In this work we refute this possibility, assuming the existence of indistinguishability obfuscation. We do so in the following way. First, we present a random oracle separation for bit-encryption; namely, we show that there exists a bit-encryption protocol secure in the random oracle model but \emph{completely insecure} when the random oracle is instantiated by any concrete function. Second, we show how to adapt this separation to work for most natural simulation-based and game-based definitions. Our techniques can easily be adapted to other idealized models, and thus we present a \emph{unified approach} to showing separations for most protocols of interest in most idealized models

FRAMEWORK FOR ANONYMIZED COVERT COMMUNICATIONS: A BLOCKCHAIN-BASED PROOF-OF-CONCEPT

In this dissertation, we present an information hiding approach incorporating anonymity that builds on existing classical steganographic models. Current security definitions are not sufficient to analyze the proposed information hiding approach as steganography offers data privacy by hiding the existence of data, a property that is distinct from confidentiality (data existence is known but access is restricted) and authenticity (data existence is known but manipulation is restricted). Combinations of the latter two properties are common in analyses, such as Authenticated Encryption with Associated Data (AEAD), yet there is a lack of research on combinations with steganography. This dissertation also introduces the security definition of Authenticated Stegotext with Associated Data (ASAD), which captures steganographic properties even when there is contextual information provided alongside the hidden data. We develop a hierarchical framework of ASAD variants, corresponding to different channel demands. We present a real-world steganographic embedding scheme, Authenticated SteGotex with Associated tRansaction Data (ASGARD), that leverages a blockchain-based application as a medium for sending hidden data. We analyze ASGARD in our framework and show that it meets Level-4 ASAD security. Finally, we implement ASGARD on the Ethereum platform as a proof-of-concept and analyze some of the ways an adversary might detect our embedding activity by analyzing historical Ethereum data.Lieutenant, United States NavyApproved for public release. Distribution is unlimited

Privacy Enhancing Protocols using Pairing Based Cryptography

This thesis presents privacy enhanced cryptographic constructions, consisting of formal definitions, algorithms and motivating applications. The contributions are a step towards the development of cryptosystems which, from the design phase, incorporate privacy as a primary goal. Privacy offers a form of protection over personal and other sensitive data to individuals, and has been the subject of much study in recent years. Our constructions are based on a special type of algebraic group called bilinear groups. We present existing cryptographic constructions which use bilinear pairings, namely Identity-Based Encryption (IBE). We define a desirable property of digital signatures, blindness, and present new IBE constructions which incorporate this property. Blindness is a desirable feature from a privacy perspective as it allows an individual to obscure elements such as personal details in the data it presents to a third party. In IBE, blinding focuses on obscuring elements of the identity string which an individual presents to the key generation centre. This protects an individual's privacy in a direct manner by allowing her to blind sensitive elements of the identity string and also prevents a key generation centre from subsequently producing decryption keys using her full identity string. Using blinding techniques, the key generation centre does not learn the full identity string. In this thesis, we study selected provably-secure cryptographic constructions. Our contribution is to reconsider the design of such constructions with a view to incorporating privacy. We present the new, privacy-enhanced cryptographic protocols using these constructions as primitives. We refine useful existing security notions and present feasible security definitions and proofs for these constructions