On the Hardness of Gray Code Problems for Combinatorial Objects

Can a list of binary strings be ordered so that consecutive strings differ in a single bit? Can a list of permutations be ordered so that consecutive permutations differ by a swap? Can a list of non-crossing set partitions be ordered so that consecutive partitions differ by refinement? These are examples of Gray coding problems: Can a list of combinatorial objects (of a particular type and size) be ordered so that consecutive objects differ by a flip (of a particular type)? For example, 000, 001, 010, 100 is a no instance of the first question, while 1234, 1324, 1243 is a yes instance of the second question due to the order 1243, 1234, 1324. We prove that a variety of Gray coding problems are NP-complete using a new tool we call a Gray code reduction.Comment: 15 pages, 5 figures, WALCOM 202

PassGAN: A Deep Learning Approach for Password Guessing

State-of-the-art password guessing tools, such as HashCat and John the Ripper, enable users to check billions of passwords per second against password hashes. In addition to performing straightforward dictionary attacks, these tools can expand password dictionaries using password generation rules, such as concatenation of words (e.g., "password123456") and leet speak (e.g., "password" becomes "p4s5w0rd"). Although these rules work well in practice, expanding them to model further passwords is a laborious task that requires specialized expertise. To address this issue, in this paper we introduce PassGAN, a novel approach that replaces human-generated password rules with theory-grounded machine learning algorithms. Instead of relying on manual password analysis, PassGAN uses a Generative Adversarial Network (GAN) to autonomously learn the distribution of real passwords from actual password leaks, and to generate high-quality password guesses. Our experiments show that this approach is very promising. When we evaluated PassGAN on two large password datasets, we were able to surpass rule-based and state-of-the-art machine learning password guessing tools. However, in contrast with the other tools, PassGAN achieved this result without any a-priori knowledge on passwords or common password structures. Additionally, when we combined the output of PassGAN with the output of HashCat, we were able to match 51%-73% more passwords than with HashCat alone. This is remarkable, because it shows that PassGAN can autonomously extract a considerable number of password properties that current state-of-the art rules do not encode.Comment: This is an extended version of the paper which appeared in NeurIPS 2018 Workshop on Security in Machine Learning (SecML'18), see https://github.com/secml2018/secml2018.github.io/raw/master/PASSGAN_SECML2018.pd

Subset-lex: did we miss an order?

We generalize a well-known algorithm for the generation of all subsets of a set in lexicographic order with respect to the sets as lists of elements (subset-lex order). We obtain algorithms for various combinatorial objects such as the subsets of a multiset, compositions and partitions represented as lists of parts, and for certain restricted growth strings. The algorithms are often loopless and require at most one extra variable for the computation of the next object. The performance of the algorithms is very competitive even when not loopless. A Gray code corresponding to the subset-lex order and a Gray code for compositions that was found during this work are described.Comment: Two obvious errors corrected (indicated by "Correction:" in the LaTeX source

Two Reflected Gray Code based orders on some restricted growth sequences

We consider two order relations: that induced by the m-ary reflected Gray code and a suffix partitioned variation of it. We show that both of them when applied to some sets of restricted growth sequences still yield Gray codes. These sets of sequences are: subexcedant or ascent sequences, restricted growth functions, and staircase words. In each case we give efficient exhaustive generating algorithms and compare the obtained results

Demystifying our Grandparent's De Bruijn Sequences with Concatenation Trees

Some of the most interesting de Bruijn sequences can be constructed in seemingly unrelated ways. In particular, the "Granddaddy" and "Grandmama" can be understood by joining necklace cycles into a tree using simple parent rules, or by concatenating smaller strings (e.g., Lyndon words) in lexicographic orders. These constructions are elegant, but their equivalences seem to come out of thin air, and the community has had limited success in finding others of the same ilk. We aim to demystify the connection between cycle-joining trees and concatenation schemes by introducing "concatenation trees". These structures combine binary trees and ordered trees, and traversals yield concatenation schemes for their sequences. In this work, we focus on the four simplest cycle-joining trees using the pure cycling register (PCR): "Granddaddy" (PCR1), "Grandmama" (PCR2), "Granny" (PCR3), and "Grandpa" (PCR4). In particular, we formally prove a previously observed correspondence for PCR3 and we unravel the mystery behind PCR4. More broadly, this work lays the foundation for translating cycle-joining trees to known concatenation constructions for a variety of underlying feedback functions including the complementing cycling register (CCR), pure summing register (PSR), complementing summing register (CSR), and pure run-length register (PRR)

On universal partial words

A universal word for a finite alphabet $A$ and some integer $n\geq 1$ is a word over $A$ such that every word in $A^n$ appears exactly once as a subword (cyclically or linearly). It is well-known and easy to prove that universal words exist for any $A$ and $n$. In this work we initiate the systematic study of universal partial words. These are words that in addition to the letters from $A$ may contain an arbitrary number of occurrences of a special `joker' symbol $\Diamond\notin A$, which can be substituted by any symbol from $A$. For example, $u=0\Diamond 011100$ is a linear partial word for the binary alphabet $A=\{0,1\}$ and for $n=3$ (e.g., the first three letters of $u$ yield the subwords $000$ and $010$). We present results on the existence and non-existence of linear and cyclic universal partial words in different situations (depending on the number of $\Diamond$s and their positions), including various explicit constructions. We also provide numerous examples of universal partial words that we found with the help of a computer

A survey and method for analysing SoHo router firmware currency

Network routers are a core component of contemporary SoHo networks. The firmware within these devices provides routing, control and monitoring functionality coupled with mechanisms to ensure a secure and reliable network. End-users are typically reliant on manufacturers to provide timely firmware updates to mitigate known vulnerabilities. An investigation was undertaken to identify the underlying software components used in the firmware of currently available, SoHo network devices used in Australia. Firmware from 37 devices was deconstructed to identify potential security issues; in each instance, the firmware images were found to include vulnerabilities, obsolete software and out-of-date operating system components. 95% of the deconstructed firmware was based on Linux. The Linux kernels identified were typically discontinued and are no longer actively maintained. This paper demonstrates a method for undertaking the analysis and summaries the outcomes of the research

A Data Science Course for Undergraduates: Thinking with Data

Data science is an emerging interdisciplinary field that combines elements of mathematics, statistics, computer science, and knowledge in a particular application domain for the purpose of extracting meaningful information from the increasingly sophisticated array of data available in many settings. These data tend to be non-traditional, in the sense that they are often live, large, complex, and/or messy. A first course in statistics at the undergraduate level typically introduces students with a variety of techniques to analyze small, neat, and clean data sets. However, whether they pursue more formal training in statistics or not, many of these students will end up working with data that is considerably more complex, and will need facility with statistical computing techniques. More importantly, these students require a framework for thinking structurally about data. We describe an undergraduate course in a liberal arts environment that provides students with the tools necessary to apply data science. The course emphasizes modern, practical, and useful skills that cover the full data analysis spectrum, from asking an interesting question to acquiring, managing, manipulating, processing, querying, analyzing, and visualizing data, as well communicating findings in written, graphical, and oral forms.Comment: 21 pages total including supplementary material