A Standalone FPGA-based Miner for Lyra2REv2 Cryptocurrencies

Lyra2REv2 is a hashing algorithm that consists of a chain of individual hashing algorithms, and it is used as a proof-of-work function in several cryptocurrencies. The most crucial and exotic hashing algorithm in the Lyra2REv2 chain is a specific instance of the general Lyra2 algorithm. This work presents the first hardware implementation of the specific instance of Lyra2 that is used in Lyra2REv2. Several properties of the aforementioned algorithm are exploited in order to optimize the design. In addition, an FPGA-based hardware implementation of a standalone miner for Lyra2REv2 on a Xilinx Multi-Processor System on Chip is presented. The proposed Lyra2REv2 miner is shown to be significantly more energy efficient than both a GPU and a commercially available FPGA-based miner. Finally, we also explain how the simplified Lyra2 and Lyra2REv2 architectures can be modified with minimal effort to also support the recent Lyra2REv3 chained hashing algorithm.Comment: 13 pages, accepted for publication in IEEE Trans. Circuits Syst. I. arXiv admin note: substantial text overlap with arXiv:1807.0576

Detecting child sexual abuse images: Traits of child sexual exploitation hosting and displaying websites

BackgroundAutomated detection of child sexual abuse images (CSAI) often relies on image attributes, such as hash values. However, electronic service providers and others without access to hash value databases are limited in their ability to detect CSAI. Additionally, the increasing amount of CSA content being distributed means that a large percentage of images are not yet cataloged in hash value databases. Therefore, additional detection criteria need to be determined to improve identification of non-hashed CSAI. ObjectiveWe aim to identify patterns in the locations and folder/file naming practices of websites hosting and displaying CSAI, to use as additional detection criteria for non-hashed CSAI. MethodsUsing a custom-designed web crawler and snowball sampling, we analyzed the locations and naming practices of 103 Surface Web websites hosting and/or displaying 8108 known CSAI hash values. ResultsWebsites specialize in either hosting or displaying CSAI with only 20% doing both. Neither hosting nor displaying websites fear repercussions. Over 27% of CSAI were displayed in the home directory (i.e., main page) with only 6% located in at least 4th-level sub-folder. Websites focused more on organizing images than hiding them with 68% of hosted and 54% of displayed CSAI being found in folders formatted year/month. Qualitatively, hosting websites were likely to use alphanumeric or disguised folder and file names to conceal images, while displaying websites were more explicit. ConclusionFile and folder naming patterns can be combined with existing criteria to improve automated detection of websites and website locations likely hosting and/or displaying CSAI

Segurança e privacidade em terminologia de rede

Security and Privacy are now at the forefront of modern concerns, and drive a significant part of the debate on digital society. One particular aspect that holds significant bearing in these two topics is the naming of resources in the network, because it directly impacts how networks work, but also affects how security mechanisms are implemented and what are the privacy implications of metadata disclosure. This issue is further exacerbated by interoperability mechanisms that imply this information is increasingly available regardless of the intended scope. This work focuses on the implications of naming with regards to security and privacy in namespaces used in network protocols. In particular on the imple- mentation of solutions that provide additional security through naming policies or increase privacy. To achieve this, different techniques are used to either embed security information in existing namespaces or to minimise privacy ex- posure. The former allows bootstraping secure transport protocols on top of insecure discovery protocols, while the later introduces privacy policies as part of name assignment and resolution. The main vehicle for implementation of these solutions are general purpose protocols and services, however there is a strong parallel with ongoing re- search topics that leverage name resolution systems for interoperability such as the Internet of Things (IoT) and Information Centric Networks (ICN), where these approaches are also applicable.Segurança e Privacidade são dois topicos que marcam a agenda na discus- são sobre a sociedade digital. Um aspecto particularmente subtil nesta dis- cussão é a forma como atribuímos nomes a recursos na rede, uma escolha com consequências práticas no funcionamento dos diferentes protocols de rede, na forma como se implementam diferentes mecanismos de segurança e na privacidade das várias partes envolvidas. Este problema torna-se ainda mais significativo quando se considera que, para promover a interoperabili- dade entre diferentes redes, mecanismos autónomos tornam esta informação acessível em contextos que vão para lá do que era pretendido. Esta tese foca-se nas consequências de diferentes políticas de atribuição de nomes no contexto de diferentes protocols de rede, para efeitos de segurança e privacidade. Com base no estudo deste problema, são propostas soluções que, através de diferentes políticas de atribuição de nomes, permitem introdu- zir mecanismos de segurança adicionais ou mitigar problemas de privacidade em diferentes protocolos. Isto resulta na implementação de mecanismos de segurança sobre protocolos de descoberta inseguros, assim como na intro- dução de mecanismos de atribuiçao e resolução de nomes que se focam na protecçao da privacidade. O principal veículo para a implementação destas soluções é através de ser- viços e protocolos de rede de uso geral. No entanto, a aplicabilidade destas soluções extende-se também a outros tópicos de investigação que recorrem a mecanismos de resolução de nomes para implementar soluções de intero- perabilidade, nomedamente a Internet das Coisas (IoT) e redes centradas na informação (ICN).Programa Doutoral em Informátic

Lohkoketjun hajautettu DNS ilman luottamusta: IOT laitteen osoitteen julkaisu ja datan verifiointi

Blockchain enabled distributed DNS makes possible to have a trustless system, where no participant needs to be trusted. Blockstack is such a distributed DNS that is built on top of Bitcoin’s blockchain. In this thesis I will extend this trustless feature to data sharing from an IOT device, by creating a proof of concept implementation. Cryptographically linking parts together, the trustless feature of the underlying blockchain can be preserved from the blockchain to the shared data from the device.Lohkoketjun päälle rakennettu hajautettu DNS mahdollistaa järjestelmän, jossa ei tarvitse luottaa muihin osapuoliin. Blockstack on tällainen hajautettu DNS, joka on rakennettu Bitcoinin lohkoketjun päälle. Tässä työssä laajennan tämän luottamattomuus ominaisuuden IOT laitteen datan jakamiseen demo-ohjelman muodossa. Kryptograafisesti linkittämällä eri osat toisiinsa, voidaan perustalla olevan lohkoketjun luottamattomuus ominaisuus laajentaa myös IOT laitteen jakamaan dataan asti

Innovative Solution Approach for Controlling Access to Visibility Data in Open Food Supply Chains

Visibility data (providing details about supply chain activities in e.g. production, logistics, and quality processes) is of highly sensitive nature – not just in the food sector, but also beyond. Amongst other things, unauthorized data access can be (mis)used to uncover supply chain relationships, volumes, and other business context information. At the same time, it becomes increasingly important to share visibility data with trading partners, e.g. to meet customer requirements and legal obligations. So far, it is not a trivial matter to access or even discover that data, which is often stored in numerous distributed databases.A possible means to overcome this predicament is a Discovery Service (DS), which has knowledge of the parties owning information about specific objects (e.g. product batches) and can provide pointers to the actual data sources to authorized clients while leaving no opportunity to misuse accessible data. It is important to note that a DS itself does not contain actual visibility data, but only references to it. Yet, even the knowledge that party A, B and C have information about a specific product is still sensitive as the querying client would be able to reveal the flow of goods and may take advantage of that knowledge. For instance, he could identify his supplier’s upstream vendor and, for the sake of saving costs, try to procure products directly from that upstream vendor rather than from his previous supplier. Hence, a DS should provide the ability to prevent such scenarios if it strives to achieve a high level of acceptance.A key enabler for a DS is a trust-inspiring means to ascertain whether a querying party is actually part of a given chain of custody (CoC). In conjunction with a set of rules previously defined by the respective data owners, the DS is then able to decide which service addresses (if at all) can be provided in the message response to the query client. Afterwards, the querying party can gather detailed information about a specific object by querying the indicated data sources. In this context, our paper addresses the following research question: How can a DS ascertain if and to which extent a trading partner, whether known or not, is entitled to get pointers to visibility data stored in distributed repositories while ensuring privacy of the data owners?In pursuing this research question, we first provide the relevant background including the current state of the art. Second, we explain and discuss the solution approach and complete our paper by outlining the solution we are going to realize in the course of the research project ‘FoodAuthent’ (funded by the German Ministry of Food and Agriculture).

Trusty URIs: Verifiable, Immutable, and Permanent Digital Artifacts for Linked Data

To make digital resources on the web verifiable, immutable, and permanent, we propose a technique to include cryptographic hash values in URIs. We call them trusty URIs and we show how they can be used for approaches like nanopublications to make not only specific resources but their entire reference trees verifiable. Digital artifacts can be identified not only on the byte level but on more abstract levels such as RDF graphs, which means that resources keep their hash values even when presented in a different format. Our approach sticks to the core principles of the web, namely openness and decentralized architecture, is fully compatible with existing standards and protocols, and can therefore be used right away. Evaluation of our reference implementations shows that these desired properties are indeed accomplished by our approach, and that it remains practical even for very large files.Comment: Small error corrected in the text (table data was correct) on page 13: "All average values are below 0.8s (0.03s for batch mode). Using Java in batch mode even requires only 1ms per file.