Group key exchange protocols withstanding ephemeral-key reveals

When a group key exchange protocol is executed, the session key is typically extracted from two types of secrets; long-term keys (for authentication) and freshly generated (often random) values. The leakage of this latter so-called ephemeral keys has been extensively analyzed in the 2-party case, yet very few works are concerned with it in the group setting. We provide a generic {group key exchange} construction that is strongly secure, meaning that the attacker is allowed to learn both long-term and ephemeral keys (but not both from the same participant, as this would trivially disclose the session key). Our design can be seen as a compiler, in the sense that it builds on a 2-party key exchange protocol which is strongly secure and transforms it into a strongly secure group key exchange protocol by adding only one extra round of communication. When applied to an existing 2-party protocol from Bergsma et al., the result is a 2-round group key exchange protocol which is strongly secure in the standard model, thus yielding the first construction with this property

Cryptanalysis of a Group Key Establishment Protocol

[EN] In this paper, we analyze the security of a group key establishment scheme proposed by López-Ramos et al. This proposal aims at allowing a group of users to agree on a common key. We present several attacks against the security of the proposed protocol. In particular, an active attack is presented, and it is also proved that the protocol does not provide forward secrecy.SIMinisterio de Ciencia, Innovación y Universidade

Cryptanalysis of a group key establishment protocol

In this paper, we analyze the security of a group key establishment scheme proposed by López-Ramos et al. This proposal aims at allowing a group of users to agree on a common key. We present several attacks against the security of the proposed protocol. In particular, an active attack is presented, and it is also proved that the protocol does not provide forward secrecy

Lightweight Three-Factor Authentication and Key Agreement Protocol for Internet-Integrated Wireless Sensor Networks

Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their protocol suffers from smart card loss attack where the user identity and password can be guessed using offline brute force techniques. Moreover, the protocol suffers from known session-specific temporary information attack, which leads to the disclosure of session keys in other sessions. Furthermore, the protocol is vulnerable to tracking attack and fails to fulfill user untraceability. To address these deficiencies, we present a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry. We conduct a formal verification of our proposed protocol using ProVerif in order to demonstrate that our scheme fulfills the required security properties. We also present a comprehensive heuristic security analysis to show that our protocol is secure against all the possible attacks and provides the desired security features. The results we obtained show that our new protocol is a secure and lightweight solution for authentication and key agreement for Internet-integrated WSNs

Scaling Distributed Ledgers and Privacy-Preserving Applications

This thesis proposes techniques aiming to make blockchain technologies and smart contract platforms practical by improving their scalability, latency, and privacy. This thesis starts by presenting the design and implementation of Chainspace, a distributed ledger that supports user defined smart contracts and execute user-supplied transactions on their objects. The correct execution of smart contract transactions is publicly verifiable. Chainspace is scalable by sharding state; it is secure against subsets of nodes trying to compromise its integrity or availability properties through Byzantine Fault Tolerance (BFT). This thesis also introduces a family of replay attacks against sharded distributed ledgers targeting cross-shard consensus protocols; they allow an attacker, with network access only, to double-spend resources with minimal efforts. We then build Byzcuit, a new cross-shard consensus protocol that is immune to those attacks and that is tailored to run at the heart of Chainspace. Next, we propose FastPay, a high-integrity settlement system for pre-funded payments that can be used as a financial side-infrastructure for Chainspace to support low-latency retail payments. This settlement system is based on Byzantine Consistent Broadcast as its core primitive, foregoing the expenses of full atomic commit channels (consensus). The resulting system has extremely low-latency for both confirmation and payment finality. Finally, this thesis proposes Coconut, a selective disclosure credential scheme supporting distributed threshold issuance, public and private attributes, re-randomization, and multiple unlinkable selective attribute revelations. It ensures authenticity and availability even when a subset of credential issuing authorities are malicious or offline, and natively integrates with Chainspace to enable a number of scalable privacy-preserving applications

Complexity and duplicity in the digital age : new implications for business and labor management strategy

Les sociologues différencient souvent les époques en fonction de la manière dont le commerce est pratiqué (Ashton, 2013 ; Rose, 1991). Souvent, les progrès technologiques modifient la façon dont les parties échangent des biens, un phénomène qui a des conséquences sur le changement d'époque (Wright, 2004). À cet égard, les historiens économiques distinguent généralement l'ère féodale de l'ère industrielle en raison de l'invention de la technologie de la vapeur à la fin du 17e siècle et de son application généralisée au milieu du 18e siècle (Ashton, 2013). La disponibilité du World Wide Web a créé l'ère numérique. Alors que l'ancienne époque de l'ère industrielle limite principalement l'échange de travail dans une période définie, Internet permet l'expansion des paramètres commerciaux. Alors que les universitaires considèrent que l'ère numérique a entraîné des changements substantiels dans le domaine du commerce et des échanges, la plupart des théories sur la gestion (en particulier celles concernant la planification et la stratégie) trouvent leur origine dans l'ère industrielle, c'est-à-dire l'ère précédant l'existence de l'Internet. Malgré les efforts de chercheurs tels qu'Allen et al, (2007), l'éventail complet des options de stratégie compétitive disponibles pour les entreprises modernes n'a peut-être pas été suffisamment délimité. Le présent ouvrage soutient que les technologies basées sur Internet ont influencé l'émergence d'industries distinctement numérique et que, par conséquent, la théorie concernant l'avantage concurrentiel comme celle de Michael Porter doit être réexaminée. Le but de ce travail est de fournir un aperçu conceptuel de l’émergence de la complexité à l’ère numérique et de montrer en quoi ce phénomène émergeant a des implications pour la stratégie en général, mais aussi pour les relations de travail. Le projet a produit des articles scientifiques revus par des pairs dans des revues universitaires classiques. Ces articles traitent des conséquences de la duplicité pour trois types d’acteurs : ceux qui élaborent et mettent en œuvre la stratégie commerciale; les consommateurs; et ceux qui opère dans le marché du travail.Sociologists frequently differentiate eras based on the way commerce is undertaken (Ashton, 2013; Rose, 1991). Often, technological advance changes the way parties exchange goods, a phenomenon that has consequences for epochal change (Wright, 2004). In this regard, economic historians typically differentiate the feudal era from the industrial age because of the invention of the steam technology in the late 17th century and its widespread application in the mid 18th century (Ashton, 2013). The availability of the World Wide Web created the digital era. Whereas the old industrial-age epoch mostly limits work exchange within a defined era, the Internet permits expansion of trading parameters. While scholars mostly consider that in the era of the Internet substantial changes have occurred in relation to commerce and trading, most theories about management (particular those concerning planning and strategy) have their origins in the industrial age, the era before the Internet existed. Despite the efforts of scholars such as Allen et al, (2007) the full range of competitive strategy options available to modern firms may not have been adequately delineated. The present body of work argues that Internet-based technologies have influenced the emergence of distinctively post-modern or digital age industries and that, therefore, theory regarding competitive advantage such as those of Michael Porter must be revisited. The aim of this work is to provide a conceptual overview of the emergence of complexity in the digital era and indicate how this emergent phenomenon has implications for strategy generally and the employment relationship in particular, insofar as technological complexity concerns labor control. The project has produced peer-reviewed scholarly articles in mainstream academic journals. These articles address the consequences of duplicity for three kinds of actors : those who craft and implement business strategy; consumers; and, those in (what is conventional though of as) the labor market

Leveraging Conventional Internet Routing Protocol Behavior to Defeat DDoS and Adverse Networking Conditions

The Internet is a cornerstone of modern society. Yet increasingly devastating attacks against the Internet threaten to undermine the Internet\u27s success at connecting the unconnected. Of all the adversarial campaigns waged against the Internet and the organizations that rely on it, distributed denial of service, or DDoS, tops the list of the most volatile attacks. In recent years, DDoS attacks have been responsible for large swaths of the Internet blacking out, while other attacks have completely overwhelmed key Internet services and websites. Core to the Internet\u27s functionality is the way in which traffic on the Internet gets from one destination to another. The set of rules, or protocol, that defines the way traffic travels the Internet is known as the Border Gateway Protocol, or BGP, the de facto routing protocol on the Internet. Advanced adversaries often target the most used portions of the Internet by flooding the routes benign traffic takes with malicious traffic designed to cause widespread traffic loss to targeted end users and regions. This dissertation focuses on examining the following thesis statement. Rather than seek to redefine the way the Internet works to combat advanced DDoS attacks, we can leverage conventional Internet routing behavior to mitigate modern distributed denial of service attacks. The research in this work breaks down into a single arc with three independent, but connected thrusts, which demonstrate that the aforementioned thesis is possible, practical, and useful. The first thrust demonstrates that this thesis is possible by building and evaluating Nyx, a system that can protect Internet networks from DDoS using BGP, without an Internet redesign and without cooperation from other networks. This work reveals that Nyx is effective in simulation for protecting Internet networks and end users from the impact of devastating DDoS. The second thrust examines the real-world practicality of Nyx, as well as other systems which rely on real-world BGP behavior. Through a comprehensive set of real-world Internet routing experiments, this second thrust confirms that Nyx works effectively in practice beyond simulation as well as revealing novel insights about the effectiveness of other Internet security defensive and offensive systems. We then follow these experiments by re-evaluating Nyx under the real-world routing constraints we discovered. The third thrust explores the usefulness of Nyx for mitigating DDoS against a crucial industry sector, power generation, by exposing the latent vulnerability of the U.S. power grid to DDoS and how a system such as Nyx can protect electric power utilities. This final thrust finds that the current set of exposed U.S. power facilities are widely vulnerable to DDoS that could induce blackouts, and that Nyx can be leveraged to reduce the impact of these targeted DDoS attacks

Washington University Magazine, Winter 1981

https://digitalcommons.wustl.edu/ad_wumag/1082/thumbnail.jp

Evolution of Reproduction and Stress Tolerance in Brachionid Rotifers

Stress can be a driving force for new evolutionary changes leading to local adaptation, or may be responded to with pre-existing, ancestral tolerance mechanisms. Using brachionid rotifers (microzooplankton) as a study system, I demonstrate roles of both conserved physiological mechanisms (heat shock protein induction) and rapid evolution of traits in response to ecologically relevant stressors such as temperature and hydroperiod. Rapid evolution of higher levels of sex and dormancy in cultures mimicking temporary waters represents an eco-evolutionary dynamic, with trait evolution feeding back into effects on ecology (i.e., reduced population growth). I also reveal that prolonged culture in a benign laboratory environment leads to evolution of increased lifespan and fecundity, perhaps due to reduction of extrinsic mortality factors. Potential mechanisms (e.g., hormonal signals) are suggested that may control evolvability of facets of the stress response. Due to prior studies suggesting a role of progesterone signaling in rotifer sex and dormancy, the membrane associated progesterone receptor is assayed as a candidate gene that could show positive selection indicating rapid divergence. Despite some sequence variation that may contribute to functional differences among species, results indicate this hormone receptor is under purifying selection. Detailed analyses of multiple stress responses and their evolution as performed here will be imperative to understanding current patterns of local adaptation and trait-environment correlations. Such research also is key to predicting persistence of species upon introduction to novel habitats and exposure to new stressors (e.g., warming due to climate change). Perhaps one of the most intriguing results of this dissertation is the rapid, adaptive change in levels of sex and dormancy in a metazoan through new mutations or re-arrangements of the genetic material. This suggests species may be able to rapidly evolve tolerance of new stressors, even if standing genetic variation does not currently encompass the suite of alleles necessary for survival.Ph.D

Because I am Not Here, Selected Second Life-Based Art Case Studies. Subjectivity, Autoempathy and Virtual World Aesthetics

Second Life is a virtual world accessible through the Internet in which users create objects and spaces, and interact socially through 3D avatars. Certain artists use the platform as a medium for art creation, using the aesthetic, spatial, temporal and technological features of SL as raw material. Code and scripts applied to animate and manipulate objects, avatars and spaces are important in this sense. These artists, their avatars and artwork in SL are at the centre of my research questions: what does virtual existence mean and what is its purpose when stemming from aesthetic exchange in SL? Through a qualitative research method mixing distribute aesthetics, digital art and media theories, the goal is to examine aesthetic exchange in the virtual: subjectivity and identity and their possible shifting patterns as reflected in avatar-artists. A theoretical and methodological emphasis from a media studies perspective is applied to digital media and networks, contributing to the reshaping of our epistemologies of these media, in contrast to the traditional emphasis on communicational aspects. Four case studies, discourse and text analysis, as well as interviews in-world and via email, plus observation while immersed in SL, are used in the collection of data, experiences, objects and narratives from avatars Eva and Franco Mattes, Gazira Babeli, Bryn Oh and China Tracy. The findings confirm the role that aesthetic exchange in virtual worlds has in the rearrangement of ideas and epistemologies on the virtual and networked self. This is reflected by the fact that the artists examined—whether in SL or AL—create and embody avatars from a liminal (ambiguous) modality of identity, subjectivity and interaction. Mythopoeia (narrative creation) and experiencing oneself as ‘another’ through multiplied identity and subjectivity are the outcomes of code performance and machinima (films created in-world). They constitute a modus operandi (syntax) in which episteme, techne and embodiment work in symbiosis with those of the machine, affected by the synthetic nature of code and liminality in SL. The combined perspective from media studies and distribute aesthetics proves to be an effective method for studying these subjects, contributing to the discussion of contemporary virtual worlds and art theories