562 research outputs found

    Hidden in the Cloud : Advanced Cryptographic Techniques for Untrusted Cloud Environments

    Get PDF
    In the contemporary digital age, the ability to search and perform operations on encrypted data has become increasingly important. This significance is primarily due to the exponential growth of data, often referred to as the "new oil," and the corresponding rise in data privacy concerns. As more and more data is stored in the cloud, the need for robust security measures to protect this data from unauthorized access and misuse has become paramount. One of the key challenges in this context is the ability to perform meaningful operations on the data while it remains encrypted. Traditional encryption techniques, while providing a high level of security, render the data unusable for any practical purpose other than storage. This is where advanced cryptographic protocols like Symmetric Searchable Encryption (SSE), Functional Encryption (FE), Homomorphic Encryption (HE), and Hybrid Homomorphic Encryption (HHE) come into play. These protocols not only ensure the confidentiality of data but also allow computations on encrypted data, thereby offering a higher level of security and privacy. The ability to search and perform operations on encrypted data has several practical implications. For instance, it enables efficient Boolean queries on encrypted databases, which is crucial for many "big data" applications. It also allows for the execution of phrase searches, which are important for many machine learning applications, such as intelligent medical data analytics. Moreover, these capabilities are particularly relevant in the context of sensitive data, such as health records or financial information, where the privacy and security of user data are of utmost importance. Furthermore, these capabilities can help build trust in digital systems. Trust is a critical factor in the adoption and use of digital services. By ensuring the confidentiality, integrity, and availability of data, these protocols can help build user trust in cloud services. This trust, in turn, can drive the wider adoption of digital services, leading to a more inclusive digital society. However, it is important to note that while these capabilities offer significant advantages, they also present certain challenges. For instance, the computational overhead of these protocols can be substantial, making them less suitable for scenarios where efficiency is a critical requirement. Moreover, these protocols often require sophisticated key management mechanisms, which can be challenging to implement in practice. Therefore, there is a need for ongoing research to address these challenges and make these protocols more efficient and practical for real-world applications. The research publications included in this thesis offer a deep dive into the intricacies and advancements in the realm of cryptographic protocols, particularly in the context of the challenges and needs highlighted above. Publication I presents a novel approach to hybrid encryption, combining the strengths of ABE and SSE. This fusion aims to overcome the inherent limitations of both techniques, offering a more secure and efficient solution for key sharing and access control in cloud-based systems. Publication II further expands on SSE, showcasing a dynamic scheme that emphasizes forward and backward privacy, crucial for ensuring data integrity and confidentiality. Publication III and Publication IV delve into the potential of MIFE, demonstrating its applicability in real-world scenarios, such as designing encrypted private databases and additive reputation systems. These publications highlight the transformative potential of MIFE in bridging the gap between theoretical cryptographic concepts and practical applications. Lastly, Publication V underscores the significance of HE and HHE as a foundational element for secure protocols, emphasizing its potential in devices with limited computational capabilities. In essence, these publications not only validate the importance of searching and performing operations on encrypted data but also provide innovative solutions to the challenges mentioned. They collectively underscore the transformative potential of advanced cryptographic protocols in enhancing data security and privacy, paving the way for a more secure digital future

    Multidisciplinary perspectives on Artificial Intelligence and the law

    Get PDF
    This open access book presents an interdisciplinary, multi-authored, edited collection of chapters on Artificial Intelligence (‘AI’) and the Law. AI technology has come to play a central role in the modern data economy. Through a combination of increased computing power, the growing availability of data and the advancement of algorithms, AI has now become an umbrella term for some of the most transformational technological breakthroughs of this age. The importance of AI stems from both the opportunities that it offers and the challenges that it entails. While AI applications hold the promise of economic growth and efficiency gains, they also create significant risks and uncertainty. The potential and perils of AI have thus come to dominate modern discussions of technology and ethics – and although AI was initially allowed to largely develop without guidelines or rules, few would deny that the law is set to play a fundamental role in shaping the future of AI. As the debate over AI is far from over, the need for rigorous analysis has never been greater. This book thus brings together contributors from different fields and backgrounds to explore how the law might provide answers to some of the most pressing questions raised by AI. An outcome of the Católica Research Centre for the Future of Law and its interdisciplinary working group on Law and Artificial Intelligence, it includes contributions by leading scholars in the fields of technology, ethics and the law.info:eu-repo/semantics/publishedVersio

    La traduzione specializzata all’opera per una piccola impresa in espansione: la mia esperienza di internazionalizzazione in cinese di Bioretics© S.r.l.

    Get PDF
    Global markets are currently immersed in two all-encompassing and unstoppable processes: internationalization and globalization. While the former pushes companies to look beyond the borders of their country of origin to forge relationships with foreign trading partners, the latter fosters the standardization in all countries, by reducing spatiotemporal distances and breaking down geographical, political, economic and socio-cultural barriers. In recent decades, another domain has appeared to propel these unifying drives: Artificial Intelligence, together with its high technologies aiming to implement human cognitive abilities in machinery. The “Language Toolkit – Le lingue straniere al servizio dell’internazionalizzazione dell’impresa” project, promoted by the Department of Interpreting and Translation (ForlĂŹ Campus) in collaboration with the Romagna Chamber of Commerce (ForlĂŹ-Cesena and Rimini), seeks to help Italian SMEs make their way into the global market. It is precisely within this project that this dissertation has been conceived. Indeed, its purpose is to present the translation and localization project from English into Chinese of a series of texts produced by Bioretics© S.r.l.: an investor deck, the company website and part of the installation and use manual of the Aliquis© framework software, its flagship product. This dissertation is structured as follows: Chapter 1 presents the project and the company in detail; Chapter 2 outlines the internationalization and globalization processes and the Artificial Intelligence market both in Italy and in China; Chapter 3 provides the theoretical foundations for every aspect related to Specialized Translation, including website localization; Chapter 4 describes the resources and tools used to perform the translations; Chapter 5 proposes an analysis of the source texts; Chapter 6 is a commentary on translation strategies and choices

    Global value chains: Potential synergies between external trade policy and internal economic initiatives to address the strategic dependencies of the EU

    Get PDF
    Global value chains enable two-thirds of international trade, notably for the EU. The EU wants to preserve its commercial links with third countries and organisations to make up for trade disruptions. This study examines sustainable supply of raw materials, commodities, and critical goods using the EU's Open Strategic Autonomy concept. It examines which raw material are crucial for sustainable supply and necessary for the green transition. The paper examines EU internal legislation and international cooperation instruments to determine the EU's disruption risk. It evaluates the economic impact of EU preferential trade agreements on raw material availability. The study illustrates the political and economic relevance of raw material partnerships and plurilateral and bilateral trade agreements. It analyses the EU's toolbox for safeguarding its interests and making independent trade choices to counteract other actors' unfair practices and intervention. Finally, the paper examines regulatory frameworks, international alliances, and activities to find ways to strengthen global value chains in critical EU industries

    Foreword to Routledge Handbook of Global Land and Resource Grabbing

    Get PDF

    Cryptographic Analysis of Secure Messaging Protocols

    Get PDF
    Instant messaging applications promise their users a secure and private way to communicate. The validity of these promises rests on the design of the underlying protocol, the cryptographic primitives used and the quality of the implementation. Though secure messaging designs exist in the literature, for various reasons developers of messaging applications often opt to design their own protocols, creating a gap between cryptography as understood by academic research and cryptography as implemented in practice. This thesis contributes to bridging this gap by approaching it from both sides: by looking for flaws in the protocols underlying real-world messaging applications, as well as by performing a rigorous analysis of their security guarantees in a provable security model.Secure messaging can provide a host of different, sometimes conflicting, security and privacy guarantees. It is thus important to judge applications based on the concrete security expectations of their users. This is particularly significant for higher-risk users such as activists or civil rights protesters. To position our work, we first studied the security practices of protesters in the context of the 2019 Anti-ELAB protests in Hong Kong using in-depth, semi-structured interviews with participants of these protests. We report how they organised on different chat platforms based on their perceived security, and how they developed tactics and strategies to enable pseudonymity and detect compromise.Then, we analysed two messaging applications relevant in the protest context: Bridgefy and Telegram. Bridgefy is a mobile mesh messaging application, allowing users in relative proximity to communicate without the Internet. It was being promoted as a secure communication tool for use in areas experiencing large-scale protests. We showed that Bridgefy permitted its users to be tracked, offered no authenticity, no effective confidentiality protections and lacked resilience against adversarially crafted messages. We verified these vulnerabilities by demonstrating a series of practical attacks.Telegram is a messaging platform with over 500 million users, yet prior to this work its bespoke protocol, MTProto, had received little attention from the cryptographic community. We provided the first comprehensive study of the MTProto symmetric channel as implemented in cloud chats. We gave both positive and negative results. First, we found two attacks on the existing protocol, and two attacks on its implementation in official clients which exploit timing side channels and uncover a vulnerability in the key exchange protocol. Second, we proved that a fixed version of the symmetric MTProto protocol achieves security in a suitable bidirectional secure channel model, albeit under unstudied assumptions. Our model itself advances the state-of-the-art for secure channels

    A Low-Energy Security Solution for IoT-Based Smart Farms

    Get PDF
    This work proposes a novel configuration of the Transport Layer Security protocol (TLS), suitable for low energy Internet of Things (IoT), applications. The motivation behind the redesign of TLS is energy consumption minimisation and sustainable farming, as exemplified by an application domain of aquaponic smart farms. The work therefore considers decentralisation of a formerly centralised security model, with a focus on reducing energy consumption for battery powered devices. The research presents a four-part investigation into the security solution, composed of a risk assessment, energy analysis of authentication and data exchange functions, and finally the design and verification of a novel consensus authorisation mechanism. The first investigation considered traditional risk-driven threat assessment, but to include energy reduction, working towards device longevity within a content-oriented framework. Since the aquaponics environments include limited but specific data exchanges, a content-oriented approach produced valuable insights into security and privacy requirements that would later be tested by implementing a variety of mechanisms available on the ESP32. The second and third investigations featured the energy analysis of authentication and data exchange functions respectively, where the results of the risk assessment were implemented to compare the re-configurations of TLS mechanisms and domain content. Results concluded that selective confidentiality and persistent secure sessions between paired devices enabled considerable improvements for energy consumptions, and were a good reflection of the possibilities suggested by the risk assessment. The fourth and final investigation proposed a granular authorisation design to increase the safety of access control that would otherwise be binary in TLS. The motivation was for damage mitigation from inside attacks or network faults. The approach involved an automated, hierarchy-based, decentralised network topology to reduce data duplication whilst still providing robustness beyond the vulnerability of central governance. Formal verification using model-checking indicated a safe design model, using four automated back-ends. The research concludes that lower energy IoT solutions for the smart farm application domain are possible
    • 

    corecore