23 research outputs found
On Non-Parallelizable Deterministic Client Puzzle Scheme with Batch Verification Modes
A (computational) client puzzle scheme enables a client to prove to a server that a certain amount of computing resources (CPU cycles and/or Memory look-ups) has been dedicated to solve a puzzle. Researchers have identified a number of potential applications, such as constructing timed cryptography, fighting junk emails, and protecting critical infrastructure from DoS attacks. In this paper, we first revisit this concept and formally define two properties, namely deterministic computation and parallel computation resistance. Our analysis show that both properties are crucial for the effectiveness of client puzzle schemes in most application scenarios. We prove that the RSW client puzzle scheme, which is based on the repeated squaring technique, achieves both properties. Secondly, we introduce two batch verification modes for the RSW client puzzle scheme in order to improve the verification efficiency of the server, and investigate three methods for handling errors in batch verifications. Lastly, we show that client puzzle schemes can be integrated with reputation systems to further improve the effectiveness in practice
LightChain: A DHT-based Blockchain for Resource Constrained Environments
As an append-only distributed database, blockchain is utilized in a vast
variety of applications including the cryptocurrency and Internet-of-Things
(IoT). The existing blockchain solutions have downsides in communication and
storage efficiency, convergence to centralization, and consistency problems. In
this paper, we propose LightChain, which is the first blockchain architecture
that operates over a Distributed Hash Table (DHT) of participating peers.
LightChain is a permissionless blockchain that provides addressable blocks and
transactions within the network, which makes them efficiently accessible by all
the peers. Each block and transaction is replicated within the DHT of peers and
is retrieved in an on-demand manner. Hence, peers in LightChain are not
required to retrieve or keep the entire blockchain. LightChain is fair as all
of the participating peers have a uniform chance of being involved in the
consensus regardless of their influence such as hashing power or stake.
LightChain provides a deterministic fork-resolving strategy as well as a
blacklisting mechanism, and it is secure against colluding adversarial peers
attacking the availability and integrity of the system. We provide mathematical
analysis and experimental results on scenarios involving 10K nodes to
demonstrate the security and fairness of LightChain. As we experimentally show
in this paper, compared to the mainstream blockchains like Bitcoin and
Ethereum, LightChain requires around 66 times less per node storage, and is
around 380 times faster on bootstrapping a new node to the system, while each
LightChain node is rewarded equally likely for participating in the protocol
Foundations, Properties, and Security Applications of Puzzles: A Survey
Cryptographic algorithms have been used not only to create robust ciphertexts
but also to generate cryptograms that, contrary to the classic goal of
cryptography, are meant to be broken. These cryptograms, generally called
puzzles, require the use of a certain amount of resources to be solved, hence
introducing a cost that is often regarded as a time delay---though it could
involve other metrics as well, such as bandwidth. These powerful features have
made puzzles the core of many security protocols, acquiring increasing
importance in the IT security landscape. The concept of a puzzle has
subsequently been extended to other types of schemes that do not use
cryptographic functions, such as CAPTCHAs, which are used to discriminate
humans from machines. Overall, puzzles have experienced a renewed interest with
the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In
this paper, we provide a comprehensive study of the most important puzzle
construction schemes available in the literature, categorizing them according
to several attributes, such as resource type, verification type, and
applications. We have redefined the term puzzle by collecting and integrating
the scattered notions used in different works, to cover all the existing
applications. Moreover, we provide an overview of the possible applications,
identifying key requirements and different design approaches. Finally, we
highlight the features and limitations of each approach, providing a useful
guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing
Survey
Blockchain Tree for eHealth
The design of access control mechanisms for healthcare systems is
challenging: it must strike the right balance between permissions and
restrictions. In this work, we propose a novel approach that is based on the
Blockchain technology for storage patient medical data and create an audit
logging system able to protect health data from unauthorized modification and
access. The proposed method consists of a tree structure: a main chain linked
with the patient's identity and one or several Subchains which are used for
storing additional critical data (e.g., medical diagnoses or access logs)
Smart Contract Execution - the (+-)-Biased Ballot Problem
Transaction system build on top of blockchain, especially smart contract, is becoming an important part of world economy. However, there is a lack of formal study on the behavior of users in these systems, which leaves the correctness and security of such system without a solid foundation. Unlike mining, in which the reward for mining a block is fixed, different execution results of a smart contract may lead to significantly different payoffs of users, which gives more incentives for some user to follow a branch that contains a wrong result, even if the branch is shorter. It is thus important to understand the exact probability that a branch is being selected by the system. We formulate this problem as the (+-)-Biased Ballot Problem as follows: there are n voters one by one voting for either of the two candidates A and B. The probability of a user voting for A or B depends on whether the difference between the current votes of A and B is positive or negative. Our model takes into account the behavior of three different kinds of users when a branch occurs in the system -- users having preference over a certain branch based on the history of their transactions, and users being indifferent and simply follow the longest chain. We study two important probabilities that are closely related with a blockchain based system - the probability that A wins at last, and the probability that A receives d votes first. We show how to recursively calculate the two probabilities for any fixed n and d, and also discuss their asymptotic values when n and d are sufficiently large
When Proof of Work Works
Proof of work (POW) is a set of cryptographic mechanisms which increase
the cost of initiating a connection. Currently recipients bear as much
or more cost per connection as initiators. The design goal of POW is to
reverse the economics of connection initiation on the Internet. In the
case of spam, the first economic examination of POW argued that POW
would not, in fact, work. This result was based on the difference in
production cost between legitimate and criminal enterprises. We
illustrate that the difference in production costs enabled by zombies
does not remove the efficacy of POW when work requirements are weighted.
We illustrate that POW will work with a reputation system modeled on the
systems currently used by commercial anti-spam companies. We also
discuss how the variation on POW changes the nature of corresponding
proofs from token currency to a notational currency
Bootstrapping Trust in Online Dating: Social Verification of Online Dating Profiles
Online dating is an increasingly thriving business which boasts
billion-dollar revenues and attracts users in the tens of millions.
Notwithstanding its popularity, online dating is not impervious to worrisome
trust and privacy concerns raised by the disclosure of potentially sensitive
data as well as the exposure to self-reported (and thus potentially
misrepresented) information. Nonetheless, little research has, thus far,
focused on how to enhance privacy and trustworthiness. In this paper, we report
on a series of semi-structured interviews involving 20 participants, and show
that users are significantly concerned with the veracity of online dating
profiles. To address some of these concerns, we present the user-centered
design of an interface, called Certifeye, which aims to bootstrap trust in
online dating profiles using existing social network data. Certifeye verifies
that the information users report on their online dating profile (e.g., age,
relationship status, and/or photos) matches that displayed on their own
Facebook profile. Finally, we present the results of a 161-user Mechanical Turk
study assessing whether our veracity-enhancing interface successfully reduced
concerns in online dating users and find a statistically significant trust
increase.Comment: In Proceedings of Financial Cryptography and Data Security (FC)
Workshop on Usable Security (USEC), 201
An efficient confidentiality-preserving Proof of Ownership for deduplication
Data storage in the cloud is becoming widespread. Deduplication is a key mechanism to decrease the operating costs cloud providers face, due to the reduction of replicated data storage. Nonetheless, deduplication must deal with several security threats such as honest-but-curious servers or malicious users who may try to take ownership of files they are not entitled to. Unfortunately, state-of-the-art solutions present weaknesses such as not coping with honest-but-curious servers, deployment problems, or lacking a sound security analysis. In this paper we present a novel Proof of Ownership scheme that uses convergent encryption and requires neither trusted third parties nor complex key management. The experimental evaluation highlights the efficiency and feasibility of our proposal that is proven to be secure under the random oracle model in the bounded leakage setting. (C) 2015 Elsevier Ltd. All rights reserved
Recommended from our members
Protecting Controllers against Denial-of-Service Attacks in Software-Defined Networks
Connection setup in software-defined networks (SDN) requires considerable amounts of processing, communication, and memory resources. Attackers can target SDN controllers defense mechanism based on a proof-of-work protocol. This thesis proposes a new protocol to protect controllers against such attacks, shows implementation of the system and analyze the its performance. The key characteristics of this protocol, namely its one-way operation, its requirement for freshness in proofs of work, its adjustable difficulty, its ability to work withmultiple network providers, and its use of existing TCP/IP header fields, ensure that this approach can be used in practice