Abstract Model Counting: A Novel Approach for Quantification of Information Leaks

acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10acmid: 2590328 keywords: model checking, quantitative information flow, satisfiability modulo theories, symbolic execution location: Kyoto, Japan numpages: 10We present a novel method for Quantitative Information Flow analysis. We show how the problem of computing information leakage can be viewed as an extension of the Satisfiability Modulo Theories (SMT) problem. This view enables us to develop a framework for QIF analysis based on the framework DPLL(T) used in SMT solvers. We then show that the methodology of Symbolic Execution (SE) also fits our framework. Based on these ideas, we build two QIF analysis tools: the first one employs CBMC, a bounded model checker for ANSI C, and the second one is built on top of Symbolic PathFinder, a Symbolic Executor for Java. We use these tools to quantify leaks in industrial code such as C programs from the Linux kernel, a Java tax program from the European project HATS, and anonymity protocol

Letter counting: a stem cell for Cryptology, Quantitative Linguistics, and Statistics

Counting letters in written texts is a very ancient practice. It has accompanied the development of Cryptology, Quantitative Linguistics, and Statistics. In Cryptology, counting frequencies of the different characters in an encrypted message is the basis of the so called frequency analysis method. In Quantitative Linguistics, the proportion of vowels to consonants in different languages was studied long before authorship attribution. In Statistics, the alternation vowel-consonants was the only example that Markov ever gave of his theory of chained events. A short history of letter counting is presented. The three domains, Cryptology, Quantitative Linguistics, and Statistics, are then examined, focusing on the interactions with the other two fields through letter counting. As a conclusion, the eclectism of past centuries scholars, their background in humanities, and their familiarity with cryptograms, are identified as contributing factors to the mutual enrichment process which is described here

'Secure, anonymous, unregulated': 'Cryptonomicon' and the transnational data haven

This essay considers how Neal Stephenson’s 1999 epic novel Cryptonomicon engages with the long-standing and complex relationship between cryptology and national/transnational identity. Cryptonomicon's layered and disjointed structure allows it to explore the impact of cryptography and cryptanalysis in the Second World War (as well as their impact on the consequent rewriting of the international political stage), to reflect on the place of technology in the recent history of cryptology, and to consider how emergent (and supposedly secure) data storage technologies not only open up planetary-wide communication traffic but also unsettle the agreed protocols of national and international law. Stephenson provides a sense of technology's global effects by offering not a straightforward narrative of the demise of the nation-state but by showing how technologies are in a process of constant negotiation with the institutions of the nation-state, drawing upon the economic, material, and intellectual resources of the nation state, while at the same time challenging notions of a bordered and coherent national identity and working to disestablish nations of their regulatory authority. The essay is informed by recent work on cryptology, data havens, globalization, transnationalism, and postcoloniality, as well as Derrida's work on archives and technology

Year 2010 Issues on Cryptographic Algorithms

In the financial sector, cryptographic algorithms are used as fundamental techniques for assuring confidentiality and integrity of data used in financial transactions and for authenticating entities involved in the transactions. Currently, the most widely used algorithms appear to be two-key triple DES and RC4 for symmetric ciphers, RSA with a 1024-bit key for an asymmetric cipher and a digital signature, and SHA-1 for a hash function according to international standards and guidelines related to the financial transactions. However, according to academic papers and reports regarding the security evaluation for such algorithms, it is difficult to ensure enough security by using the algorithms for a long time period, such as 10 or 15 years, due to advances in cryptanalysis techniques, improvement of computing power, and so on. To enhance the transition to more secure ones, National Institute of Standards and Technology (NIST) of the United States describes in various guidelines that NIST will no longer approve two-key triple DES, RSA with a 1024-bit key, and SHA-1 as the algorithms suitable for IT systems of the U.S. Federal Government after 2010. It is an important issue how to advance the transition of the algorithms in the financial sector. This paper refers to issues regarding the transition as Year 2010 issues in cryptographic algorithms. To successfully complete the transition by 2010, the deadline set by NIST, it is necessary for financial institutions to begin discussing the issues at the earliest possible date. This paper summarizes security evaluation results of the current algorithms, and describes Year 2010 issues, their impact on the financial industry, and the transition plan announced by NIST. This paper also shows several points to be discussed when dealing with Year 2010 issues.Cryptographic algorithm; Symmetric cipher; Asymmetric cipher; Security; Year 2010 issues; Hash function

Machine Learning for Offensive Cyber Operations

In pape

Current and voltage based bit errors and their combined mitigation for the Kirchhoff-law-Johnson-noise secure key exchange

We classify and analyze bit errors in the current measurement mode of the Kirchhoff-law-Johnson-noise (KLJN) key distribution. The error probability decays exponentially with increasing bit exchange period and fixed bandwidth, which is similar to the error probability decay in the voltage measurement mode. We also analyze the combination of voltage and current modes for error removal. In this combination method, the error probability is still an exponential function that decays with the duration of the bit exchange period, but it has superior fidelity to the former schemes.Comment: 9 pages, accepted for publication in Journal of Computational Electronic