20,855 research outputs found
Callisto: a cryptographic approach to detecting serial perpetrators of sexual misconduct
Sexual misconduct is prevalent in workplace and education settings
but stigma and risk of further damage deter many victims from
seeking justice. Callisto, a non-profit that has created an online sexual assault reporting platform for college campuses, is expanding its
work to combat sexual assault and harassment in other industries.
In this new product, users will be invited to an online "matching
escrow" that will detect repeat perpetrators and create pathways
to support for victims. Users submit encrypted data about their
perpetrator, and this data can only be decrypted by the Callisto
Options Counselor (a lawyer), when another user enters the identity of the same perpetrator. If the perpetrator identities match,
both users will be put in touch independently with the Options
Counselor, who will connect them to each other (if appropriate) and
help them determine their best path towards justice. The client relationships with the Options Counselors are structured so that any
client-counselor communications would be privileged. A combination of client-side encryption, encrypted communication channels,
oblivious pseudo-random functions, key federation, and Shamir
Secret Sharing keep data confidential in transit, at rest, and during
the matching process with the guarantee that only the lawyer ever
has access to user submitted data, and even then only when a match
is identified.Accepted manuscrip
Copyright protection for the electronic distribution of text documents
Each copy of a text document can be made different in a nearly invisible way by repositioning or modifying the appearance of different elements of text, i.e., lines, words, or characters. A unique copy can be registered with its recipient, so that subsequent unauthorized copies that are retrieved can be traced back to the original owner.
In this paper we describe and compare several mechanisms for marking documents and several other mechanisms for decoding the marks after documents have been subjected to common types of distortion. The marks are intended to protect documents of limited value that are owned by individuals who would rather possess a legal than an illegal copy if they can be distinguished. We will describe attacks that remove the marks and countermeasures to those attacks.
An architecture is described for distributing a large number of copies without burdening the publisher with creating and transmitting the unique documents. The architecture also allows the publisher to determine the identity of a recipient who has illegally redistributed the document, without compromising the privacy of individuals who are not operating illegally.
Two experimental systems are described. One was used to distribute an issue of the IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, and the second was used to mark copies of company private memoranda
Steganalytic Methods for the Detection of Histogram Shifting Data Hiding Schemes
Peer-reviewedIn this paper, several steganalytic techniques designed to detect the existence of hidden messages using histogram shifting schemes are presented. Firstly, three techniques to identify specific histogram shifting data hiding schemes, based on detectable visible alterations on the histogram or abnormal statistical distributions, are suggested. Afterwards, a general technique capable of detecting all the analyzed histogram shifting data hiding methods is suggested. This technique is based on the effect of histogram shifting methods on the ¿volatility¿ of the histogram of the difference image. The different behavior of volatility whenever new data are hidden makes it possible to identify stego and cover images
Discovering, quantifying, and displaying attacks
In the design of software and cyber-physical systems, security is often
perceived as a qualitative need, but can only be attained quantitatively.
Especially when distributed components are involved, it is hard to predict and
confront all possible attacks. A main challenge in the development of complex
systems is therefore to discover attacks, quantify them to comprehend their
likelihood, and communicate them to non-experts for facilitating the decision
process. To address this three-sided challenge we propose a protection analysis
over the Quality Calculus that (i) computes all the sets of data required by an
attacker to reach a given location in a system, (ii) determines the cheapest
set of such attacks for a given notion of cost, and (iii) derives an attack
tree that displays the attacks graphically. The protection analysis is first
developed in a qualitative setting, and then extended to quantitative settings
following an approach applicable to a great many contexts. The quantitative
formulation is implemented as an optimisation problem encoded into
Satisfiability Modulo Theories, allowing us to deal with complex cost
structures. The usefulness of the framework is demonstrated on a national-scale
authentication system, studied through a Java implementation of the framework.Comment: LMCS SPECIAL ISSUE FORTE 201
- …