Primary-Secondary-Resolver Membership Proof Systems

We consider Primary-Secondary-Resolver Membership Proof Systems (PSR for short) and show different constructions of that primitive. A PSR system is a 3-party protocol, where we have a primary, which is a trusted party which commits to a set of members and their values, then generates a public and secret keys in order for secondaries (provers with knowledge of both keys) and resolvers (verifiers who only know the public key) to engage in interactive proof sessions regarding elements in the universe and their values. The motivation for such systems is for constructing a secure Domain Name System (DNSSEC) that does not reveal any unnecessary information to its clients. We require our systems to be complete, so honest executions will result in correct conclusions by the resolvers, sound, so malicious secondaries cannot cheat resolvers, and zero-knowledge, so resolvers will not learn additional information about elements they did not query explicitly. Providing proofs of membership is easy, as the primary can simply precompute signatures over all the members of the set. Providing proofs of non-membership, i.e. a denial-of-existence mechanism, is trickier and is the main issue in constructing PSR systems. We provide three different strategies to construct a denial of existence mechanism. The first uses a set of cryptographic keys for all elements of the universe which are not members, which we implement using hierarchical identity based encryption and a tree based signature scheme. The second construction uses cuckoo hashing with a stash, where in order to prove non-membership, a secondary must prove that a search for it will fail, i.e. that it is not in the tables or the stash of the cuckoo hashing scheme. The third uses a verifiable ``random looking\u27\u27 function which the primary evaluates over the set of members, then signs the values lexicographically and secondaries then use those signatures to prove to resolvers that the value of the non-member was not signed by the primary. We implement this function using a weaker variant of verifiable random/unpredictable functions and pseudorandom functions with interactive zero knowledge proofs. For all three constructions we suggest fairly efficient implementations, of order comparable to other public-key operations such as signatures and encryption. The first approach offers perfect ZK and does not reveal the size of the set in question, the second can be implemented based on very solid cryptographic assumptions and uses the unique structure of cuckoo hashing, while the last technique has the potential to be highly efficient, if one could construct an efficient and secure VRF/VUF or if one is willing to live in the random oracle model

Can NSEC5 be practical for DNSSEC deployments?

NSEC5 is proposed modification to DNSSEC that simultaneously guarantees two security properties: (1) privacy against offline zone enumeration, and (2) integrity of zone contents, even if an adversary compromises the authoritative nameserver responsible for responding to DNS queries for the zone. This paper redesigns NSEC5 to make it both practical and performant. Our NSEC5 redesign features a new fast verifiable random function (VRF) based on elliptic curve cryptography (ECC), along with a cryptographic proof of its security. This VRF is also of independent interest, as it is being standardized by the IETF and being used by several other projects. We show how to integrate NSEC5 using our ECC-based VRF into the DNSSEC protocol, leveraging precomputation to improve performance and DNS protocol-level optimizations to shorten responses. Next, we present the first full-fledged implementation of NSEC5—extending widely-used DNS software to present a nameserver and recursive resolver that support NSEC5—and evaluate their performance under aggressive DNS query loads. Our performance results indicate that our redesigned NSEC5 can be viable even for high-throughput scenarioshttps://eprint.iacr.org/2017/099.pdfFirst author draf

Fuzzy Virtual Reference Model Sensorless Tracking Control for Linear Induction Motors

Accepted[[abstract]]This paper introduces a fuzzy virtual reference model (FVRM) synthesis method for linear induction motor (LIM) speed sensorless tracking control. First, we represent the LIM as a T-S fuzzy model. Second, we estimate the immeasurable mover speed and secondary flux by a fuzzy observer. Third, to convert the speed tracking control into a stabilization problem, we define the internal desired states for state tracking via an FVRM. Finally, by solving a set of linear matrix inequalities (LMIs), we obtain the observer gains and the control gains where exponential convergence is guaranteed. The contributions of the approach in this paper are three folds: i) simplified approach -- speed tracking problem converted to stabilization problem; ii) omit need of actual reference model -- fuzzy virtual reference model generates internal desired states; and iii) unification of controller and observer design -- control objectives are formulated into LMI problem where powerful numerical toolboxes solve controller and observer gains. Finally, experiments are carried out to verify the theoretical results and show satisfactory performance both in transient response and robustness.[[notice]]補正完畢[[journaltype]]國外[[incitationindex]]SCI[[incitationindex]]EI[[ispeerreviewed]]Y[[booktype]]紙本[[booktype]]電子版[[countrycodes]]US

Engineering a global resolution service

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1997.Includes bibliographical references (p. 99-100).by Edward C. Slottow.M.Eng

Proof-of-Concept Application - Annual Report Year 1

In this document the Cat-COVITE Application for use in the CATNETS Project is introduced and motivated. Furthermore an introduction to the catallactic middleware and Web Services Agreement (WS-Agreement) concepts is given as a basis for the future work. Requirements for the application of Cat-COVITE with in catallactic systems are analysed. Finally the integration of the Cat-COVITE application and the catallactic middleware is described. --Grid Computing

Synchronous control of double-containers for overhead crane

The development and wide application of double spreaders overhead cranes have effectively improved the loading and unloading efficiency of the container terminals. However, due to the nonlinear time-varying characteristics and parameter perturbation of the lifting device of the double spreaders, the difficulty of synchronous and coordinated control of the double spreader overhead crane is increased. In order to solve the problem of synchronous control of double spreaders overhead cranes, this work establishes the mathematical model of the double spreaders overhead crane and proposes two main methods. The controller based on the fuzzy sliding mode method is established. Fuzzy logic control can effective estimate the parameters of the system, reduce the chattering of sliding mode control, and improve the performance of its control. Mean deviation coupling synchronization control combined with sliding mode control can effectively control the speed error between the two spreaders, so that they can keep working synchronously. The other controller is established which use fast non-singular terminal sliding mode control to ensure that the system can converge in a finite time. The combination of terminal sliding mode control and super twisting algorithm can enhance the stability of the system.O desenvolvimento e a vasta aplicação de pontes rolantes de duplo espalhamento tem melhorado a eficiência de carga e descarga dos terminais de contentores. No entanto devido ao facto das variações não lineares do tempo e a perturbação dos parâmetros do dispositivo de elevação de duplo espalhamento, é dificultado o controlo sincronizado e coordenado. Com o objetivo de resolver o problema do controlo síncrono das pontes rolantes de duplo espalhamento, este projeto usa o modelo matemático do guindaste de dupla propagação e propõe dois métodos de resolução. O controlo baseado no método do modo deslizante difuso. O controlo lógico difuso pode estimar eficazmente os parâmetros do sistema, reduzir a vibração do controlo do modo deslizante e melhorar o seu desempenho. O control de sincronização do acoplamento do desvio médio, combinado com o control do modo deslizante que pode controlar eficazmente o erro de velocidade entre os dois espalhadores, para que o seu trabalho possa continuar de forma síncrona. O outro controlador usa um controlo rápido e não singular do modo de deslizamento do terminal para garantir que o sistema possa convergir num tempo limitado. A combinação do control no modo deslizante do terminal e do algoritmo de super rotação pode melhorar a estabilidade do sistema

Authenticated Range \& Closest Point Queries in Zero-Knowledge

We present an efficient method for answering one-dimensional range and closest-point queries in a verifiable and privacy-preserving manner. We consider a model where a data owner outsources a dataset of key-value pairs to a server, who answers range and closest-point queries issued by a client and provides proofs of the answers. The client verifies the correctness of the answers while learning nothing about the dataset besides the answers to the current and previous queries. Our work yields for the first time a zero-knowledge privacy assurance to authenticated range and closest-point queries. Previous work leaked the size of the dataset and used an inefficient proof protocol. Our construction is based on hierarchical identity-based encryption. We prove its security and analyze its efficiency both theoretically and with experiments

Integrated Flywheel Technology, 1983

Topics of discussion included: technology assessment of the integrated flywheel systems, potential of system concepts, identification of critical areas needing development and, to scope and define an appropriate program for coordinated activity

AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments

This report considers the application of Articial Intelligence (AI) techniques to the problem of misuse detection and misuse localisation within telecommunications environments. A broad survey of techniques is provided, that covers inter alia rule based systems, model-based systems, case based reasoning, pattern matching, clustering and feature extraction, articial neural networks, genetic algorithms, arti cial immune systems, agent based systems, data mining and a variety of hybrid approaches. The report then considers the central issue of event correlation, that is at the heart of many misuse detection and localisation systems. The notion of being able to infer misuse by the correlation of individual temporally distributed events within a multiple data stream environment is explored, and a range of techniques, covering model based approaches, `programmed' AI and machine learning paradigms. It is found that, in general, correlation is best achieved via rule based approaches, but that these suffer from a number of drawbacks, such as the difculty of developing and maintaining an appropriate knowledge base, and the lack of ability to generalise from known misuses to new unseen misuses. Two distinct approaches are evident. One attempts to encode knowledge of known misuses, typically within rules, and use this to screen events. This approach cannot generally detect misuses for which it has not been programmed, i.e. it is prone to issuing false negatives. The other attempts to `learn' the features of event patterns that constitute normal behaviour, and, by observing patterns that do not match expected behaviour, detect when a misuse has occurred. This approach is prone to issuing false positives, i.e. inferring misuse from innocent patterns of behaviour that the system was not trained to recognise. Contemporary approaches are seen to favour hybridisation, often combining detection or localisation mechanisms for both abnormal and normal behaviour, the former to capture known cases of misuse, the latter to capture unknown cases. In some systems, these mechanisms even work together to update each other to increase detection rates and lower false positive rates. It is concluded that hybridisation offers the most promising future direction, but that a rule or state based component is likely to remain, being the most natural approach to the correlation of complex events. The challenge, then, is to mitigate the weaknesses of canonical programmed systems such that learning, generalisation and adaptation are more readily facilitated