PALPAS - PAsswordLess PAssword Synchronization

Tools that synchronize passwords over several user devices typically store the encrypted passwords in a central online database. For encryption, a low-entropy, password-based key is used. Such a database may be subject to unauthorized access which can lead to the disclosure of all passwords by an offline brute-force attack. In this paper, we present PALPAS, a secure and user-friendly tool that synchronizes passwords between user devices without storing information about them centrally. The idea of PALPAS is to generate a password from a high entropy secret shared by all devices and a random salt value for each service. Only the salt values are stored on a server but not the secret. The salt enables the user devices to generate the same password but is statistically independent of the password. In order for PALPAS to generate passwords according to different password policies, we also present a mechanism that automatically retrieves and processes the password requirements of services. PALPAS users need to only memorize a single password and the setup of PALPAS on a further device demands only a one-time transfer of few static data.Comment: An extended abstract of this work appears in the proceedings of ARES 201

Privacy-preserving techniques for computer and network forensics

Clients, administrators, and law enforcement personnel have many privacy concerns when it comes to network forensics. Clients would like to use network services in a freedom-friendly environment that protects their privacy and personal data. Administrators would like to monitor their network, and audit its behavior and functionality for debugging and statistical purposes (which could involve invading the privacy of its network users). Finally, members of law enforcement would like to track and identify any type of digital crimes that occur on the network, and charge the suspects with the appropriate crimes. Members of law enforcement could use some security back doors made available by network administrators, or other forensic tools, that could potentially invade the privacy of network users. In my dissertation, I will be identifying and implementing techniques that each of these entities could use to achieve their goals while preserving the privacy of users on the network. I will show a privacy-preserving implementation of network flow recording that can allow administrators to monitor and audit their network behavior and functionality for debugging and statistical purposes without having this data contain any private information about its users. This implementation is based on identity-based encryption and differential privacy. I will also be showing how law enforcement could use timing channel techniques to fingerprint anonymous servers that are running websites with illegal content and services. Finally I will show the results from a thought experiment about how network administrators can identify pattern-like software that is running on clients\u27 machines remotely without any administrative privileges. The goal of my work is to understand what privileges administrators or law enforcement need to achieve their goals, and the privacy issues inherent in this, and to develop technologies that help administrators and law enforcement achieve their goals while preserving the privacy of network users

Issues in Esahie Nominal Morphology: From Inflection to Word-formation

The present study is a documentation-oriented research which aims at exploring the nominal morphology of Esahie, an otherwise unexplored cross-border Kwa language. Essentially, it examines pertinent inflectional and word formation issues in the nominal domain of Esahie such as noun class system, agreement, syncretism, nominalization, and compounding. The overall goal of this thesis is to investigate and provide a comprehensive account of the attested types, structure, formation, and the lexical semantics of nouns and nominalizations in Esahie. This thesis also seeks to understand what the facts about the structure and formation of nouns and nominalizations in Esahie reveal about the nature of the interface between morphology, phonology, syntax, and semantics, and about the architecture of the grammar in general. In interpreting the Esahie data, we ultimately hope to contribute to current theoretical debates by presenting empirical arguments in support of an abstractive, rather than a constructive view of morphology, by arguing that adopting the formalism of Construction Morphology (CxM, see Booij 2010a-d), as an abstractive model, comes with many advantages. We show that the formalism espoused in CxM is able to deal adequately with all the inflectional and word formation issues discussed in this thesis, including the irregular (non-canonical) patterns which are characterized either by cumulative exponence or extra-compositionality. With regards to compounding, this study confirms the view (cf. Appah 2013; 2015; Akrofi-Ansah 2012b; Lawer 2017) that, in Kwa, notwithstanding the word class of the input elements, the output of a compounding operation is always a nominal. This characterization points to a fascinating (mutual) interplay between the word-formation phenomena of compounding and nominalization, since the former operation invariably feeds into the latter. Overall, this thesis shows that nominalization is a prominent word-formation operation in Kwa grammar. Data used in this thesis emanates from several fieldtrips carried out in some Esahie speaking communities in the Western-North region of Ghana, as well as other secondary sources

Generative Language Models for Personalized Information Understanding

A major challenge in information understanding stems from the diverse nature of the audience, where individuals possess varying preferences, experiences, educational and cultural backgrounds. Consequently, adopting a one-size-fits-all approach to provide information may prove suboptimal. While prior research has predominantly focused on delivering pre-existing content to users with potential interests, this thesis explores generative language models for personalized information understanding. By harnessing the potential of generative language models, our objective is to generate novel personalize content for individual users. As a result, users from diverse backgrounds can be provided with content that are tailored for their need and better aligns with their interests. The crux of this research hinges on addressing the following two aspects: 1. Personalized Content: How to harness user profiles to create tailored content for individual users; 2. Effective Communication: How to engage with users in order to proficiently convey information. For the first aspect, i.e. personalized content, we explored personalized news headline generation. By analyzing users\u27 reading history, our proposed framework identifies perspectives that users are interested in, which can further guide generating news headlines that are attractive to users. For the second aspect, i.e. effective communication, we developed personalized reading assistive agent, which assist users understand complex information in news article or academic documents through conversations. Compared to reading, obtaining information through conversations is more interactive and requires shorter attention span. We further incorporate the above aspects in personalized information systems in a real-life scenario, i.e. patient education. Specifically, we propose a novel after-visit summaries (AVS) writing assistant. After-visit summaries notes are documents given to patients to help them understand their clinical visits and disease self-management. Our approach not only automatically generates AVS drafts, but also detects potential errors in the generated drafts, allowing physicians to revise and produce AVS notes with higher efficiency and accuracy. Moreover, we present PaniniQA, a patient-centric interactive question answering system designed to help patients understand their discharge instructions. PaniniQA first identifies important clinical content from patients’ discharge instructions and then formulates personalized educational questions for distinctive patients. In addition, PaniniQA is also equipped with answer verification functionality to provide timely feedback to correct patients’ misunderstandings. Overall, we aspire to contribute to the advancement of information dissemination techniques, promoting a more inclusive and effective means of communication in our information-driven world