Interactive energy minimizing segmentation frameworks

[no abstract

Count Me If You Can: Enumerating QUIC Servers Behind Load Balancers

QUIC is a new transport protocol over UDP which is recently became an IETF RFC. Our security analysis of the Connection ID mechanism in QUIC reveals that the protocol is underspecified. This allows an attacker  to count the number of server instances behind a middlebox, e.g., a  load balancer. We found 4/15 (~25%) implementations vulnerable to  our enumeration attack. We then concretely describe how an attacker  can count the number of instances behind a load balancer that either uses Round Robin or Hashing

Report Dagstuhl Seminar 10402 - Working Group on Fundamental Limits and Opportunities

This working group investigated first steps towards finding a theoretical foundation for inter-vehicle communication. The main outcome is a sketch of a roadmap for future work in this direction

Joint Source-and-Channel Coding for Small Satellite Applications

Small satellites are widely used today as cost effective means to perform Earth observation and other tasks that generate large amounts of high-dimensional data, such as multi-spectral imagery. These satellites typically operate in low earth orbit, which poses significant challenges for data transmission due to short contact times with ground stations, low bandwidth, and high packet loss probabilities. In this paper, we introduce JSCC-Sat, which applies joint source-and-channel coding using neural networks to provide efficient and robust transmission of compressed image data for satellite applications. We evaluate our mechanism against traditional transmission schemes with separate source and channel coding and demonstrate that it outperforms the existing approaches when applied to Earth observation data of the Sentinel-2 mission

P2KMV: A Privacy-preserving Counting Sketch for Efficient and Accurate Set Intersection Cardinality Estimations

In this paper, we propose P2KMV, a novel privacy-preserving counting sketch, based on the k minimum values algorithm. With P2KMV, we offer a versatile privacy-enhanced technology for obtaining statistics, following the principle of data minimization, and aiming for the sweet spot between privacy, accuracy, and computational efficiency. As our main contribution, we develop methods to perform set operations, which facilitate cardinality estimates under strong privacy requirements. Most notably, we propose an efficient, privacy-preserving algorithm to estimate the set intersection cardinality. P2KMV provides plausible deniability for all data items contained in the sketch. We discuss the algorithm's privacy guarantees as well as the accuracy of the obtained estimates. An experimental evaluation confirms our analytical expectations and provides insights regarding parameter choices

Eclipsing Ethereum Peers with False Friends

Ethereum is a decentralized Blockchain system that supports the execution of Turing-complete smart contracts. Although the security of the Ethereum ecosystem has been studied in the past, the network layer has been mostly neglected. We show that Go Ethereum (Geth), the most widely used Ethereum implementation, is vulnerable to eclipse attacks, effectively circumventing recently introduced (Geth v1.8.0) security enhancements. We responsibly disclosed the vulnerability to core Ethereum developers; the corresponding countermeasures to our attack where incorporated into the v1.9.0 release of Geth. Our false friends attack exploits the Kademlia-inspired peer discovery logic used by Geth and enables a low-resource eclipsing of long-running, remote victim nodes. An adversary only needs two hosts in distinct /24 subnets to launch the eclipse, which can then be leveraged to filter the victim's view of the Blockchain. We discuss fundamental properties of Geth's node discovery logic that enable the false friends attack, as well as proposed and implemented countermeasures.Comment: Extended version of the original publication in: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW

The sum of its parts: Analysis of federated byzantine agreement systems

Federated Byzantine Agreement Systems (FBASs) are a fascinating new paradigm in the context of consensus protocols. Originally proposed for powering the Stellar payment network, FBASs can instantiate Byzantine quorum systems without requiring out-of-band agreement on a common set of validators; every node is free to decide for itself with whom it requires agreement. Sybil-resistant and yet energy-efficient consensus protocols can therefore be built upon FBASs, and the “decentrality” possible with the FBAS paradigm might be sufficient to reduce the use of environmentally unsustainable proof-of-work protocols. In this paper, we first demonstrate how the robustness of individual FBASs can be determined, by precisely determining their safety and liveness buffers and therefore enabling a comparison with threshold-based quorum systems. Using simulations and example node configuration strategies, we then empirically investigate the hypothesis that while FBASs can be bootstrapped in a bottom-up fashion from individual preferences, strategic considerations should additionally be applied by node operators in order to arrive at FBASs that are robust and amenable to monitoring. Finally, we investigate the reported “open-membership” property of FBASs. We observe that an often small group of nodes is exclusively relevant for determining liveness buffers and prove that membership in this top tier is conditional on the approval by current top tier nodes if maintaining safety is a core requirement.Peer Reviewe