Foundations, Properties, and Security Applications of Puzzles: A Survey

Cryptographic algorithms have been used not only to create robust ciphertexts but also to generate cryptograms that, contrary to the classic goal of cryptography, are meant to be broken. These cryptograms, generally called puzzles, require the use of a certain amount of resources to be solved, hence introducing a cost that is often regarded as a time delay---though it could involve other metrics as well, such as bandwidth. These powerful features have made puzzles the core of many security protocols, acquiring increasing importance in the IT security landscape. The concept of a puzzle has subsequently been extended to other types of schemes that do not use cryptographic functions, such as CAPTCHAs, which are used to discriminate humans from machines. Overall, puzzles have experienced a renewed interest with the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In this paper, we provide a comprehensive study of the most important puzzle construction schemes available in the literature, categorizing them according to several attributes, such as resource type, verification type, and applications. We have redefined the term puzzle by collecting and integrating the scattered notions used in different works, to cover all the existing applications. Moreover, we provide an overview of the possible applications, identifying key requirements and different design approaches. Finally, we highlight the features and limitations of each approach, providing a useful guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing Survey

Characterizing the 2022 Russo-Ukrainian Conflict Through the Lenses of Aspect-Based Sentiment Analysis: Dataset, Methodology, and Preliminary Findings

Online social networks (OSNs) play a crucial role in today's world. On the one hand, they allow free speech, information sharing, and social-movements organization, to cite a few. On the other hand, they are the tool of choice to spread disinformation, hate speech, and to support propaganda. For these reasons, OSNs data mining and analysis aimed at detecting disinformation campaigns that may arm the society and, more in general, poison the democratic posture of states, are essential activities during key events such as elections, pandemics, and conflicts. In this paper, we studied the 2022 Russo-Ukrainian conflict on Twitter, one of the most used OSNs. We quantitatively and qualitatively analyze a dataset of more than 5.5+ million tweets related to the subject, generated by 1.8+ million unique users. By leveraging statistical analysis techniques and aspect-based sentiment analysis (ABSA), we discover hidden insights in the collected data and abnormal patterns in the users' sentiment that in some cases confirm while in other cases disprove common beliefs on the conflict. In particular, based on our findings and contrary to what suggested in some mainstream media, there is no evidence of massive disinformation campaigns. However, we have identified several anomalies in the behavior of particular accounts and in the sentiment trend for some subjects that represent a starting point for further analysis in the field. The adopted techniques, the availability of the data, the replicability of the experiments, and the preliminary findings, other than being interesting on their own, also pave the way to further research in the domain

Cryptomining Makes Noise: a Machine Learning Approach for Cryptojacking Detection

A new cybersecurity attack,where an adversary illicitly runs crypto-mining software over the devices of unaware users, is emerging in both the literature and in the wild . This attack, known as cryptojacking, has proved to be very effective given the simplicity of running a crypto-client into a target device. Several countermeasures have recently been proposed, with different features and performance, but all characterized by a host-based architecture. This kind of solutions, designed to protect the individual user, are not suitable for efficiently protecting a corporate network, especially against insiders. In this paper, we propose a network-based approach to detect and identify crypto-clients activities by solely relying on the network traffic, even when encrypted. First, we provide a detailed analysis of the real network traces generated by three major cryptocurrencies, Bitcoin, Monero, and Bytecoin, considering both the normal traffic and the one shaped by a VPN. Then, we propose Crypto-Aegis, a Machine Learning (ML) based framework built over the results of our investigation, aimed at detecting cryptocurrencies related activities, e.g., pool mining, solo mining, and active full nodes. Our solution achieves a striking 0.96 of F1-score and 0.99 of AUC for the ROC, while enjoying a few other properties, such as device and infrastructure independence. Given the extent and novelty of the addressed threat we believe that our approach, supported by its excellent results, pave the way for further research in this area

Watch Nearby!:Privacy Analysis of the People Nearby Service of Telegram

People Nearby is a service offered by Telegram that allows a user to discover other Telegram users, based only on geographical proximity. Nearby users are reported with a rough estimate of their distance from the position of the reference user, allowing Telegram to claim location privacy. In this paper, we systematically analyze the location privacy provided by Telegram to users of the People Nearby service. Through an extensive measurement campaign run by spoofing the user's location all over the world, we reverse-engineer the algorithm adopted by People Nearby to compute distances between users. Although the service protects against precise user localization, we demonstrate that location privacy is always lower than the one declared by Telegram (500∼meters). Specifically, we discover that location privacy is a function of the geographical position of the user. Indeed, the radius of the location privacy area (localization error) spans between 400∼meters (close to the equator) and 128∼meters (close to the poles), with a difference of up to 75% (worst case) compared to what Telegram declares. After our responsible disclosure, Telegram updated the FAQ associated with the service. Finally, we provide some solutions and countermeasures that Telegram can implement to improve location privacy. In general, the reported findings highlight the significant privacy risks associated with the use of the People Nearby service.</p

Fracture Mechanics Models for Brittle Failure of Bottom Rails due to Uplift in Timber Frame Shear Walls

In partially anchored timber frame shear walls, hold-down devices are not provided; hence the uplift forces are transferred by the fasteners of the sheathing-to-framing joints into the bottom rail and via anchor bolts from the bottom rail into the foundation. Since the force in the anchor bolts and the sheathing-to-framing joints do not act in the same vertical plane, the bottom rail is subjected to tensile stresses perpendicular to the grain and splitting of the bottom rail may occur. This paper presents simple analytical models based on fracture mechanics for the analysis of such bottom rails. An existing model is reviewed and several alternative models are derived and compared qualitatively and with experimental data. It is concluded that several of the fracture mechanics models lead to failure load predictions which seem in sufficiently good agreement with the experimental results to justify their application in practical design

Matching tests of brittle failure of bottom rail versus tensile strength perpendicular to the grain and fracture energy in RT and TR plane.

Godkänd; 2014; 20140402 (giucap

Experimental testing of anchoring devices for bottom rail in partially anchored timber frame shear walls with two-sided sheathing

Källsner and Girhammar [1] have presented a new plastic design method for wood-framed shear walls at ultimate limit state. This method allows the designer to calculate the load-carrying capacity of shear walls partially anchored, where the leading stud is not fully anchored against uplift. The anchorage system of shear walls is provided from anchor bolts and hold downs. Anchor bolts provide horizontal shear continuity between the bottom rail and the foundation. Hold downs are directly connected from the vertical end stud to the foundation. When hold downs are not provided, the bottom row of nails transmits the vertical forces in the sheathing to the bottom rail (instead of the vertical stud) where the anchor bolts will further transmit the forces into the foundation. Because of the eccentric load transfer, due to forces acting in the same vertical plane, transverse bending is created in the bottom rail and splitting often occurs. It is important to evaluate this cross-wise bending and to ensure that no brittle failure occur in the bottom rail. The bottom rail is experimentally studied with respect to two primary failure modes, splitting along the bottom of the bottom rail due to cross-wise bending and splitting along the edge side of the bottom rail due forces perpendicular to the grain from the sheathing-to-framing connections. The parameters varied are the size of the washer and the orientation of the pith. The bottom rail was subjected to loading perpendicular to grain through two-sided sheathing. In this report the different set of series are presented. Five sets were conducted depending on the size of the washer and in each set the pith was placed upwards and downwards. The tests showed three different failure modes. In addition to the failure modes that the testing program was aimed at, splitting along the bottom or side of the bottom rail, the final failure was also due to plastic bending and withdrawal of the sheathing-to-framing nails. The results show that the size of the washer has a significant influence on the maximum load and the failure modes. The results show also that the orientation of the pith have a significant influence on the maximum load.Godkänd; 2012; 20120116 (giucap