Centrally Banked Cryptocurrencies

Current cryptocurrencies, starting with Bitcoin, build a decentralized blockchain-based transaction ledger, maintained through proofs-of-work that also generate a monetary supply. Such decentralization has benefits, such as independence from national political control, but also significant limitations in terms of scalability and computational cost. We introduce RSCoin, a cryptocurrency framework in which central banks maintain complete control over the monetary supply, but rely on a distributed set of authorities, or mintettes, to prevent double-spending. While monetary policy is centralized, RSCoin still provides strong transparency and auditability guarantees. We demonstrate, both theoretically and experimentally, the benefits of a modest degree of centralization, such as the elimination of wasteful hashing and a scalable system for avoiding double-spending attacks.Comment: 15 pages, 4 figures, 2 tables in Proceedings of NDSS 201

Two Essays on Bitcoin Price and Volume

Bitcoin is a decentralized peer to peer digital transactions system that was introduced in 2009 in the aftermath of the financial crisis. Since its introduction, it has had a volatile journey, being adopted by computer programmers, cyber punk enthusiasts, criminals, and financial investors. While the future of bitcoin is still not clear, it has been widely adopted by many, not necessarily as a new method of transactions, but rather as a new investment vehicle. Being a new asset class, there are many unknown financial characteristics to be investigated about bitcoin and in this dissertation, we try to explore two of these characteristics: Price and volume. In the first essay, we investigate the price-volume relationship. The term “price-volume relationship” in the finance literature, usually implies either relationship between volume and the magnitude of return, or relationship between volume and return per se. It has been established by previous studies that volume is positively related to the magnitude of return. We document that this is the case for bitcoin as well, and that this is merely because of the resampling of observations. The relationship between volume and return per se, however, is more controversial. It has not been studied as heavily and it is mostly observed only in spot markets, which has led scholars to believe it is caused by the restrictions imposed on short- selling in spot markets. We examine this relationship in bitcoin spot and futures markets and argue that while it is only observed in the spot market, the absence of short-selling cannot be the reason for this relationship. In the second essay, we use market sentiment measures derived from a lexical analysis of news platforms and social media networks to try and forecast returns. We find that our sentiment measures do indeed granger-cause returns in the spot market. However, they do not explain much variation in returns, and therefore are not useful in forecasting prices in the absence of a fundamental model. This relationship is weaker in the futures market which is due to the higher level of investor sophistication in that market. We also examine the effect of our sentiment measures on volatility of returns, and on trading volume and find that they do drive these variables as well

Distributed Governance: a Principal-Agent Approach to Data Governance -- Part 1 Background & Core Definitions

To address the need for regulating digital technologies without hampering innovation or pre-digital transformation regulatory frameworks, we provide a model to evolve Data governance toward Information governance and precise the relation between these two terms. This model bridges digital and non-digital information exchange. By considering the question of governed data usage through the angle of the Principal-Agent problem, we build a distributed governance model based on Autonomous Principals defined as entities capable of choice, therefore capable of exercising a transactional sovereignty. Extending the legal concept of the privacy sphere to a functional equivalent in the digital space leads to the construction of a digital self to which rights and accountability can be attached. Ecosystems, defined as communities of autonomous principals bound by a legitimate authority, provide the basis of interacting structures of increasing complexity endowed with a self-replicating property that mirrors physical world governance systems. The model proposes a governance concept for multi-stakeholder information systems operating across jurisdictions. Using recent software engineering advances in decentralised authentication and semantics, we provide a framework, Dynamic Data Economy to deploy a distributed governance model embedding checks and balance between human and technological governance. Domain specific governance models are left for further publications. Similarly, the technical questions related to the connection between a digital-self and its physical world controller (e.g biometric binding) will be treated in upcoming publications.Comment: 27 pages, 20 figures, basis of presentation at University of Geneva's lectures on Information Securit

Combining behavioural types with security analysis

Today's software systems are highly distributed and interconnected, and they increasingly rely on communication to achieve their goals; due to their societal importance, security and trustworthiness are crucial aspects for the correctness of these systems. Behavioural types, which extend data types by describing also the structured behaviour of programs, are a widely studied approach to the enforcement of correctness properties in communicating systems. This paper offers a unified overview of proposals based on behavioural types which are aimed at the analysis of security properties

Automatically Detecting the Misuse of Secrets: Foundations, Design Principles, and Applications

We develop foundations and several constructions for security protocols that can automatically detect, without false positives, if a secret (such as a key or password) has been misused. Such constructions can be used, e.g., to automatically shut down compromised services, or to automatically revoke misused secrets to minimize the effects of compromise. Our threat model includes malicious agents, (temporarily or permanently) compromised agents, and clones. Previous works have studied domain-specific partial solutions to this problem. For example, Google’s Certificate Transparency aims to provide infrastructure to detect the misuse of a certificate authority’s signing key, logs have been used for detecting endpoint compromise, and protocols have been proposed to detect cloned RFID/smart cards. Contrary to these existing approaches, for which the designs are interwoven with domain-specific considerations and which usually do not enable fully automatic response (i.e., they need human assessment), our approach shows where automatic action is possible. Our results unify, provide design rationales, and suggest improvements for the existing domain-specific solutions. Based on our analysis, we construct several mechanisms for the detection of misuse. Our mechanisms enable automatic response, such as revoking keys or shutting down services, thereby substantially limiting the impact of a compromise. In several case studies, we show how our mechanisms can be used to substantially increase the security guarantees of a wide range of systems, such as web logins, payment systems, or electronic door locks. For example, we propose and formally verify an improved version of Cloudflare’s Keyless SSL protocol that enables key misuse detection

Fail-aware untrusted storage

We consider a set of clients collaborating through an online service provider that is subject to attacks, and hence not fully trusted by the clients. We introduce the abstraction of a fail-aware untrusted service, with meaningful semantics even when the provider is faulty. In the common case, when the provider is correct, such a service guarantees consistency (linearizability) and liveness (wait-freedom) of all operations. In addition, the service always provides accurate and complete consistency and failure detection. We illustrate our new abstraction by presenting a Fail-Aware Untrusted STorage service (FAUST). Existing storage protocols in this model guarantee so-called forking semantics. We observe, however, that none of the previously suggested protocols suffice for implementing fail-aware untrusted storage with the desired liveness and consistency properties (at least wait-freedom and linearizability when the server is correct). We present a new storage protocol, which does not suffer from this limitation, and implements a new consistency notion, called weak fork-linearizability. We show how to extend this protocol to provide eventual consistency and failure awareness in FAUST.

Quantum cryptography: key distribution and beyond

Uniquely among the sciences, quantum cryptography has driven both foundational research as well as practical real-life applications. We review the progress of quantum cryptography in the last decade, covering quantum key distribution and other applications.Comment: It's a review on quantum cryptography and it is not restricted to QK

Generic Patterns for Intrusion Detection Systems in Service-Oriented Automotive and Medical Architectures

To implement new software functions and more flexible updates in the future as well as to provide cloud-based functionality, the service-oriented architecture (SOA) paradigm is increasingly being integrated into automotive electrical and electronic architecture (E/E architectures). In addition to the automotive industry, the medical industry is also researching SOA-based solutions to increase the interoperability of devices (vendor-independent). The resulting service-oriented communication is no longer fully specified during design time, which affects information security measures. In this paper, we compare different SOA protocols for the automotive and medical fields. Furthermore, we explain the underlying communication patterns and derive features for the development of an SOA-based Intrusion Detection System (IDS)