Resolving Non-Determinism in Choreographies

Resolving non-deterministic choices of choreographies is a crucial task. We introduce a novel notion of realisability for choreographies –called whole-spectrum implementation– that rules out deterministic implementations of roles that, no matter which context they are placed in, will never follow one of the branches of a non-deterministic choice. We show that, under some conditions, it is decidable whether an implementation is whole-spectrum. As a case study, we analyse the POP protocol under the lens of whole-spectrum implementation

Privacy-preserving efficient searchable encryption

Data storage and computation outsourcing to third-party managed data centers, in environments such as Cloud Computing, is increasingly being adopted by individuals, organizations, and governments. However, as cloud-based outsourcing models expand to society-critical data and services, the lack of effective and independent control over security and privacy conditions in such settings presents significant challenges. An interesting solution to these issues is to perform computations on encrypted data, directly in the outsourcing servers. Such an approach benefits from not requiring major data transfers and decryptions, increasing performance and scalability of operations. Searching operations, an important application case when cloud-backed repositories increase in number and size, are good examples where security, efficiency, and precision are relevant requisites. Yet existing proposals for searching encrypted data are still limited from multiple perspectives, including usability, query expressiveness, and client-side performance and scalability. This thesis focuses on the design and evaluation of mechanisms for searching encrypted data with improved efficiency, scalability, and usability. There are two particular concerns addressed in the thesis: on one hand, the thesis aims at supporting multiple media formats, especially text, images, and multimodal data (i.e. data with multiple media formats simultaneously); on the other hand the thesis addresses client-side overhead, and how it can be minimized in order to support client applications executing in both high-performance desktop devices and resource-constrained mobile devices. From the research performed to address these issues, three core contributions were developed and are presented in the thesis: (i) CloudCryptoSearch, a middleware system for storing and searching text documents with privacy guarantees, while supporting multiple modes of deployment (user device, local proxy, or computational cloud) and exploring different tradeoffs between security, usability, and performance; (ii) a novel framework for efficiently searching encrypted images based on IES-CBIR, an Image Encryption Scheme with Content-Based Image Retrieval properties that we also propose and evaluate; (iii) MIE, a Multimodal Indexable Encryption distributed middleware that allows storing, sharing, and searching encrypted multimodal data while minimizing client-side overhead and supporting both desktop and mobile devices

On Resolving Non-determinism in Choreographies

Choreographies specify multiparty interactions via message passing. A realisation of a choreography is a composition of independent processes that behave as specified by the choreography. Existing relations of correctness/completeness between choreographies and realisations are based on models where choices are non-deterministic. Resolving non-deterministic choices into deterministic choices (e.g., conditional statements) is necessary to correctly characterise the relationship between choreographies and their implementations with concrete programming languages. We introduce a notion of realisability for choreographies - called whole-spectrum implementation - where choices are still non-deterministic in choreographies, but are deterministic in their implementations. Our notion of whole spectrum implementation rules out deterministic implementations of roles that, no matter which context they are placed in, will never follow one of the branches of a non-deterministic choice. We give a type discipline for checking whole-spectrum implementations. As a case study, we analyse the POP protocol under the lens of whole-spectrum implementation

Easy Encryption for Email, Photo, and Other Cloud Services

Modern users carry mobile devices with them at nearly all times, and this likely has contributed to the rapid growth of private user data—such as emails, photos, and more—stored online in the cloud. Unfortunately, the security of many cloud services for user data is lacking, and the vast amount of user data stored in the cloud is an attractive target for adversaries. Even a single compromise of a user’s account yields all its data to attackers. A breach of an unencrypted email account gives the attacker full access to years, even decades, of emails. Ideally, users would encrypt their data to prevent this. However, encrypting data at rest has long been considered too difficult for users, even technical ones, mainly due to the confusing nature of managing cryptographic keys. My thesis is that strong security can be made easy to use through client-side encryption using self-generated per-device cryptographic keys, such that user data in cloud services is well protected, encryption is transparent and largely unnoticeable to users even on multiple devices, and encryption can be used with existing services without any server-side modifications. This dissertation introduces a new paradigm for usable cryptographic key management, Per-Device Keys (PDK), and explores how self-generated keys unique to every device can enable new client-side encryption schemes that are compatible with existing online services yet are transparent to users. PDK’s design based on self-generated keys allows them to stay on each device and never leave them. Management of these self-generated keys can be shown to users as a device management abstraction which looks like pairing devices with each other, and not any form of cryptographic key management. I design, implement, and evaluate three client-side encryption schemes supported by PDK, with a focus on designing around usability to bring transparent encryption to users. First, I introduce Easy Email Encryption (E3), a secure email solution that is easy to use. Usersstruggle with using end-to-end encrypted email, such as PGP and S/MIME, because it requires users to understand cryptographic key exchanges to send encrypted emails. E3 eliminates this key exchange by focusing on storing encrypting emails instead of sending them. E3 transparently encrypts emails on receipt, ensuring that all emails received before a compromise are protected from attack, and relies on widely-used TLS connections to protect in-flight emails. Emails are encrypted using self-generated keys, which are completely hidden from the user and do not need to be exchanged with other users, alleviating the burden of users having to know how to use and manage them. E3 encrypts on the client, making it easy to deploy because it requires no server or protocol changes and is compatible with any existing email service. Experimental results show that E3 is compatible with existing IMAP email services, including Gmail and Yahoo!, and has good performance for common email operations. Results of a user study show that E3 provides much stronger security guarantees than current practice yet is much easier to use than end-to-end encrypted email such as PGP. Second, I introduce Easy Secure Photos (ESP), an easy-to-use system that enables photos tobe encrypted and stored using existing cloud photo services. Users cannot store encrypted photos in services like Google Photos because these services only allow users to upload valid images such as JPEG images, but typical encryption methods do not retain image file formats for the encrypted versions and are not compatible with image processing such as image compression. ESP introduces a new image encryption technique that outputs valid encrypted JPEG files which are accepted by cloud photo services, and are robust against compression. The photos are encrypted using self-generated keys before being uploaded to cloud photo services, and are decrypted when downloaded to users’ devices. Similar to E3, ESP hides all the details of encryption/decryption and key management from the user. Since all crypto operations happen in the user’s photo app, ESP requires no changes to existing cloud photo services, making it easy to deploy. Experimental results and user studies show that ESP encryption is robust against attack techniques, exhibits acceptable performance overheads, and is simple for users to set up and use. Third, I introduce Easy Device-based Passwords (EDP), a password manager with improvedsecurity guarantees over existing ones while maintaining their familiar usage models. To encrypt and decrypt user passwords, existing password managers rely on weak, human-generated master passwords which are easy to use but easily broken. EDP introduces a new approach using self-generated keys to encrypt passwords, and an easy-to-use pairing mechanism to allow users to access passwords across multiple devices. Keys are not exposed to users and users do not need to know anything about key management. EDP is the first password manager that secures passwords even with untrusted servers, protecting against server break-ins and password database leaks. Experimental results and a user study show that EDP ensures password security with untrusted servers and infrastructure, has comparable performance to existing password managers, and is considered usable by users

Managing a Profitable Interactive Email Marketing Program: Modeling and Analysis

Despite the popularity of mobile and social media, email continues to be the marketing tool that brings the highest ROI, according to the Direct Marketing Association’s “Power of Direct” (2011) study. An important reason for email marketing’s success is the application of an idea— “Permission Marketing,” which asks marketers to seek consent from customers before sending them messages. Permission-based email marketing seeks to build a two-way interactive communication channel through which customers can engage with firms by expressing their interests, responding to firms’ email messages and making purchases. This thesis consists of two essays that address several key questions that are related to the management of a profitable interactive permission-based email marketing program. Existing research has examined the drivers of customers’ opt-in and opt-out decisions, but it has investigated neither the timings of two decisions nor the influence of transactional activity on the length of time a customer stays with an email program. In the first essay, we adopt a multivariate copula model using a pair-copula construction method to jointly model opt-in time (from a customer’s first purchase to opt-in), opt-out time (from customer opt-in to opt-out) and average transaction amount. Through such multivariate dependences, this model significantly improves the predictive performance of the opt-out time in comparison with several benchmark models. The study offers several important findings (1) marketing intensity affects opt-in and opt-out times (2) customers with certain characteristics are more or less likely to opt-in or opt-out (3) firms can extend customer opt-out time and increase customer spending level by strategically allocating resources. Firms are using email marketing to engage with customers and encourage active transactional behavior. Extant research either focuses only on how customers respond to email messages or looks at the “average” effect of email on transactional behavior. In the second essay, we consider not only customers’ response to emails and their correlated transactional behavior, but also the dynamics that govern the evolving of the two types of customer relationship: email-response and purchase relationships. We model the email open count with a Binomial distribution and the purchase count with a zero-inflated negative binomial model. We capture the dependence between the two discrete distributions using a copula approach. In addition, we develop a hidden Markov model to model the effects of email contacts on purchase behavior. We also allow the relationship that represents customers’ responsiveness to email marketing to evolve flexibly along with the relationship of purchase. In the second essay, we apply the proposed model in a non-contractual context where a retailer operates a large-scale email marketing program. Through the empirical study, we capture a positive dependence between the opening of emails and purchase behavior. We identify three purchase-behavior states along with three email-response states. The empirical finding suggests that the customers who are in the medium relationship state have the highest intrinsic propensity to open an email, followed by the customers in the lowest and highest relationship state. Furthermore, we derive a dynamic email marketing resource allocation policy using the hidden Markov model, the purchase and email open model estimates. We demonstrate that a forward-looking agent could maximize the long-term profits of its existing email subscribers

BOREALIS: Building Block for Sealed Bid Auctions on Blockchains

We focus on securely computing the ranks of sealed integers distributed among $n$ parties. For example, we securely compute the largest or smallest integer, the median, or in general the $k^{th}$-ranked integer. Such computations are a useful building block to securely implement a variety of sealed-bid auctions. Our objective is efficiency, specifically low interactivity between parties to support blockchains or other scenarios where multiple rounds are time-consuming. Hence, we dismiss powerful, yet highly-interactive MPC frameworks and propose BOREALIS, a special-purpose protocol for secure computation of ranks among integers. BOREALIS uses additively homomorphic encryption to implement core comparisons, but computes under distinct keys, chosen by each party to optimize the number of rounds. By carefully combining cryptographic primitives, such as ECC Elgamal encryption, encrypted comparisons, ciphertext blinding, secret sharing, and shuffling, BOREALIS sets up systems of multi-scalar equations which we efficiently prove with Groth-Sahai ZK proofs. Therewith, BOREALIS implements a multi-party computation of pairwise comparisons and rank zero-knowledge proofs secure against malicious adversaries. BOREALIS completes in at most $4$ rounds which is constant in both bit length $\ell$ of integers and the number of parties $n$. This is not only asymptotically optimal, but surpasses generic constant-round secure multi-party computation protocols, even those based on shared-key fully homomorphic encryption. Furthermore, our implementation shows that BOREALIS is very practical. Its main bottleneck, ZK proof computations, is small in practice. Even for a large number of parties ($n=200$) and high-precision integers ($\ell=32$), computation time of all proofs is less than a single Bitcoin block interval

Towards Applying Cryptographic Security Models to Real-World Systems

The cryptographic methodology of formal security analysis usually works in three steps: choosing a security model, describing a system and its intended security properties, and creating a formal proof of security. For basic cryptographic primitives and simple protocols this is a well understood process and is performed regularly. For more complex systems, as they are in use in real-world settings it is rarely applied, however. In practice, this often leads to missing or incomplete descriptions of the security properties and requirements of such systems, which in turn can lead to insecure implementations and consequent security breaches. One of the main reasons for the lack of application of formal models in practice is that they are particularly difficult to use and to adapt to new use cases. With this work, we therefore aim to investigate how cryptographic security models can be used to argue about the security of real-world systems. To this end, we perform case studies of three important types of real-world systems: data outsourcing, computer networks and electronic payment. First, we give a unified framework to express and analyze the security of data outsourcing schemes. Within this framework, we define three privacy objectives: \emph{data privacy}, \emph{query privacy}, and \emph{result privacy}. We show that data privacy and query privacy are independent concepts, while result privacy is consequential to them. We then extend our framework to allow the modeling of \emph{integrity} for the specific use case of file systems. To validate our model, we show that existing security notions can be expressed within our framework and we prove the security of CryFS---a cryptographic cloud file system. Second, we introduce a model, based on the Universal Composability (UC) framework, in which computer networks and their security properties can be described We extend it to incorporate time, which cannot be expressed in the basic UC framework, and give formal tools to facilitate its application. For validation, we use this model to argue about the security of architectures of multiple firewalls in the presence of an active adversary. We show that a parallel composition of firewalls exhibits strictly better security properties than other variants. Finally, we introduce a formal model for the security of electronic payment protocols within the UC framework. Using this model, we prove a set of necessary requirements for secure electronic payment. Based on these findings, we discuss the security of current payment protocols and find that most are insecure. We then give a simple payment protocol inspired by chipTAN and photoTAN and prove its security within our model. We conclude that cryptographic security models can indeed be used to describe the security of real-world systems. They are, however, difficult to apply and always need to be adapted to the specific use case

The relationships between context and conceptual access.

147 p.An important question in the cognitive neuroscience of language regards the nature of the conceptual representations that make up semantic memory. Amodal accounts argue that conceptual representations of objects and their processing is functionally distinct from sensory or motor brain systems whereas sensorimotor theories maintain that they involve the same perceptual and action brain areas active in experience. In a break from current orthodoxy, this thesis seeks to explore if concepts and semantic processing are best considered as functionally grounded in sensorimotor systems and contextually sensitive. We report four studies using behavioural-psycholinguistic and neuroimaging techniques in healthy and clinical populations. In part 1 we show that online perceptual processing in the visual and olfactory modalities can interact with language comprehension, that lifetime sensory experience shapes the representational structure of object concepts, and that the outcome of semantic processing differs depending on an interaction of personal experience and people¿s immediate perceptual context. In part 2, we examine whether motor system degradation due to Parkinson's disease leads to impairments in processing manipulable objects compared to healthy controls. Counter to our predictions we do not observe behavioural differences in the way Parkinson's disease patients access the representations of manipulable objects, however, we report neuroimaging evidence suggesting that changes in people's motor capacities lead to measurable alterations in the way that they process action semantics, at the neural level. Taken together this thesis provides evidence that the content and format of the conceptual representations of objects is multimodal and grounded in sensory and motor brain systems and people's lifetime sensory and motor experience with objects shapes their representations in deeply personal ways. Therefore, contrary to amodal accounts, there is functional overlap between sensorimotor and semantic processing, such that sensory, motor and semantic processes mutually interact with context (at many levels). This suggests that exploring the relationship between concepts and context is both necessary and vital in order to properly understand the semantic representations underlying noun words.Basque Center on Cognition, Brain and Languag