A new TRNG based on coherent sampling with self-timed rings

Random numbers play a key role in applications such as industrial simulations, laboratory experimentation, computer games, and engineering problem solving. The design of new true random generators (TRNGs) has attracted the attention of the research community for many years. Designs with little hardware requirements and high throughput are demanded by new and powerful applications. In this paper, we introduce the design of a novel TRNG based on the coherent sampling (CS) phenomenon. Contrary to most designs based on this phenomenon, ours uses self-timed rings (STRs) instead of the commonly employed ring oscillators (ROs). Our design has two key advantages over existing proposals based on CS. It does not depend on the FPGA vendor used and does not need manual placement and routing in the manufacturing process, resulting in a highly portable generator. Our experiments show that the TRNG offers a very high throughput with a moderate cost in hardware. The results obtained with ENT, DIEHARD, and National Institute of Standards and Technology (NIST) statistical test suites evidence that the output bitstream behaves as a truly random variable.This work was supported in part by the Ministerio de Economia y Competitividad (MINECO), Security and Privacy in the Internet of You (SPINY), under Grant TIN2013-46469-R, and in part by the Comunidad de Madrid (CAM), Cybersecurity, Data, and Risks (CIBERDINE), underGrant S2013/ICE-3095

Research on the System Safety Management in Urban Railway

Nowadays, rail transport has become one of the most widely utilised forms of transport thanks to its high safety level, large capacity, and cost-effectiveness. With the railway network's continuous development, including urban rail transit, one of the major areas of increasing attention and demand is ensuring safety or risk management in operation long-term remains for the whole life cycle by scientific tools, management of railway operation (Martani 2017), specifically in developed and developing countries like Vietnam. The situation in Vietnam demonstrates that the national mainline railway network has been built and operated entirely in a single narrow gauge (1000mm) since the previous century, with very few updates of manual operating technology. This significantly highlights that up to now, the conventional technique for managing the safety operation in general, and collision in particular, of the current Vietnamese railway system, including its subsystems, is only accident statistics which is not a scientific-based tool as the others like risk identify and analyse methods, risk mitigation…, that are already available in many countries. Accident management of Vietnam Railways is limited and responsible for accident statistics analysis to avoid and minimise the harm caused by phenomena that occur only after an accident. Statistical analysis of train accident case studies in Vietnam railway demonstrates that, because hazards and failures that could result in serious system occurrences (accidents and incidents) have not been identified, recorded, and evaluated to conduct safety-driven risk analysis using a well-suited assessment methodology, risk prevention and control cannot be achieved. Not only is it hard to forecast and avoid events, but it may also raise the chance and amount of danger, as well as the severity of the later effects. As a result, Vietnam's railway system has a high number of accidents and failure rates. For example, Vietnam Rail-ways' mainline network accounted for approximately 200 railway accidents in 2018, a 3% increase over the previous year, including 163 collisions between trains and road vehicles/persons, resulting in more than 100 fatalities and more than 150 casualties; 16 accidents, including almost derailments, the signal passed at danger… without fatality or casual-ty, but significant damage to rolling stock and track infrastructure (VR 2021). Focusing and developing a new standardised framework for safety management and availability of railway operation in Vietnam is required in view of the rapid development of rail urban transport in the country in recent years (VmoT 2016; VmoT 2018). UMRT Line HN2A in southwest Hanoi is the country's first elevated light rail transit line, which was completed and officially put into revenue service in November 2021. This greatly highlights that up to the current date, the UMRT Line HN2A is the first and only railway line in Vietnam with operational safety assessment launched for the first time and long-term remains for the whole life cycle. The fact that the UMRT Hanoi has a large capacity, more complicated rolling stock and infrastructure equipment, as well as a modern communica-tion-based train control (CBTC) signalling system and automatic train driving without the need for operator intervention (Lindqvist 2006), are all advantages. Developing a compatible and integrated safety management system (SMS) for adaption to the safety operating requirements of this UMRT is an important major point of concern, and this should be proven. In actuality, the system acceptance and safety certification phase for Metro Line HN2A prolonged up to 2.5 years owing to the identification of difficulties with noncompliance to safety requirements resulting from inadequate SMS documents and risk assessment. These faults and hazards have developed during the manufacturing and execution of the project; it is impossible to go back in time to correct them, and it is also impossible to ignore the project without assuming responsibility for its management. At the time of completion, the HN2A metro line will have required an expenditure of up to $868 million, thus it is vital to create measures to prevent system failure and assure passenger safety. This dissertation has reviewed the methods to solve the aforementioned challenges and presented a solution blueprint to attain the European standard level of system safety in three-phase as in the following: • Phase 1: applicable for lines that are currently in operation, such as Metro Line HN2A. Focused on operational and maintenance procedures, as well as a training plan for railway personnel, in order to enhance human performance. Complete and update the risk assessment framework for Metro Line HN2A. The dissertation's findings are described in these applications. • Phase 2: applicable for lines that are currently in construction and manufacturing, such as Metro Line HN3, Line HN2, HCMC Line 1 and Line 2. Continue refining and enhancing engineering management methods introduced during Phase 1. On the basis of the risk assessment by manufacturers (Line HN3, HCMC Line 2 with European manufacturers) and the risk assessment framework described in Chapter 4, a risk management plan for each line will be developed. Building Accident database for risk assessment research and development. • Phase 3: applicable for lines that are currently in planning. Enhance safety requirements and life-cycle management. Building a proactive Safety Culture step by step for the railway industry. This material is implemented gradually throughout all three phases, beginning with the creation of the concept and concluding with an improvement in the attitude of railway personnel on the HN2A line. In addition to this overview, Chapters 4 through Chapter 9 of the dissertation include particular solutions for Risk assessment, Vehicle and Infrastructure Maintenance methods, Inci-dent Management procedures, and Safety Culture installation. This document focuses on constructing a system safety concept for railway personnel, providing stringent and scientific management practises to assure proper engineering conditions, to manage effectively the metro line system, and ensuring passenger safety in Hanoi's metro operatio

Towards more Secure and Efficient Password Databases

Password databases form one of the backbones of nowadays web applications. Every web application needs to store its users’ credentials (email and password) in an efficient way, and in popular applications (Google, Facebook, Twitter, etc.) these databases can grow to store millions of user credentials simultaneously. However, despite their critical nature and susceptibility to targeted attacks, the techniques used for securing password databases are still very rudimentary, opening the way to devastating attacks. Just in the year of 2016, and as far as publicly disclosed, there were more than 500 million passwords stolen in internet hacking attacks. To solve this problem we commit to study several schemes like property-preserving encryption schemes (e.g. deterministic encryption), encrypted data-structures that support operations (e.g. searchable encryption), partially homomorphic encryption schemes, and commodity trusted hardware (e.g. TPM and Intel SGX). In this thesis we propose to make a summary of the most efficient and secure techniques for password database management systems that exist today and recreating them to accommodate a new and simple universal API. We also propose SSPM(Simple Secure Password Management), a new password database scheme that simultaneously improves efficiency and security of current solutions existing in literature. SSPM is based on Searchable Symmetric Encryption techniques, more specifically ciphered data structures, that allow efficient queries with the minimum leak of access patterns. SSPM adapts these structures to work with the necessary operation of password database schemes preserving the security guarantees. Furthermore, SSPM explores the use of trusted hardware to minimize the revelation of access patterns during the execution of operations and protecting the storage of cryptographic keys. Experimental results with real password databases shows us that SSPM has a similar performance compared with the solutions used today in the industry, while simultaneous increasing the offered security conditions

Oblivious Parallel RAM: Improved Efficiency and Generic Constructions

Oblivious RAM (ORAM) garbles read/write operations by a client (to access a remote storage server or a random-access memory) so that an adversary observing the garbled access sequence cannot infer any information about the original operations, other than their overall number. This paper considers the natural setting of Oblivious Parallel RAM (OPRAM) recently introduced by Boyle, Chung, and Pass (TCC 2016A), where $m$ clients simultaneously access in parallel the storage server. The clients are additionally connected via point-to-point links to coordinate their accesses. However, this additional inter-client communication must also remain oblivious. The main contribution of this paper is twofold: We construct the first OPRAM scheme that (nearly) matches the storage and server-client communication complexities of the most efficient single-client ORAM schemes. Our scheme is based on an extension of Path-ORAM by Stefanov et al (CCS 2013). Moreover, we present a generic transformation turning any (single-client) ORAM scheme into an OPRAM scheme

Digitalization of Offshore Wind Farm Systems

Master's thesis in Offshore Technology: Industrial asset managementThis thesis investigates how new digital technologies and digitalization can help further evolve the offshore wind industry using the Industry 4.0 concept as a basis and explores how technologies within this concept can contribute to an offshore wind farm that overcomes some of these challenges. The study focuses on an offshore wind farm from a systems perspective, including respective modules, and where the Industry 4.0 technologies can be applied. Following this is the establishment of a systematic digitalization framework and a proposal on how to cope with increased volumes of data, connectivity, and complexity.publishedVersio

Memory-Tight Reductions

Cryptographic reductions typically aim to be tight by transforming an adversary A into an algorithm that uses essentially the same resources as A. In this work we initiate the study of memory efficiency in reductions. We argue that the amount of working memory used (relative to the initial adversary) is a relevant parameter in reductions, and that reductions that are inefficient with memory will sometimes yield less meaningful security guarantees. We then point to several common techniques in reductions that are memory-inefficient and give a toolbox for reducing memory usage. We review common cryptographic assumptions and their sensitivity to memory usage. Finally, we prove an impossibility result showing that reductions between some assumptions must unavoidably be either memory- or time-inefficient. This last result follows from a connection to data streaming algorithms for which unconditional memory lower bounds are known