34 research outputs found
One-Time Signatures Revisited: Have They Become Practical?
One-time signatures have been known for more than two decades, and
have been studied mainly due to their theoretical value. Recent
works motivated us to examine the practical use of one-time
signatures in high-performance applications. In this paper we
describe FMTseq - a signature scheme that merges recent
improvements in hash tree traversal into Merkle\u27s one-time signature
scheme. Implementation results show that the scheme provides a
signature speed of up to 35 times faster than a 2048-bit RSA
signature scheme, for about one million signatures, and a signature
size of only a few kilobytes. We provide an analysis of practical
parameter selection for the scheme, and improvements that can be
applied in more specific scenarios
Towards Knowledge in the Cloud
Knowledge in the form of semantic data is becoming more and more ubiquitous, and the need for scalable, dynamic systems to support collaborative work with such distributed, heterogeneous knowledge arises. We extend the “data in the cloud” approach that is emerging today to “knowledge in the cloud”, with support for handling semantic information, organizing and finding it efficiently and providing reasoning and quality support. Both the life sciences and emergency response fields are identified as strong potential beneficiaries of having ”knowledge in the cloud”
Broadcast-enhanced key predistribution schemes
We present a formalisation of a category of schemes that we refer to as broadcast-enhanced key predistribution schemes (BEKPSs). These schemes are suitable for networks with access to a trusted base station and an authenticated broadcast channel. We demonstrate that the access to these extra resources allows for the creation of BEKPSs with advantages over key predistribution schemes such as flexibility and more efficient revocation. There are many possible ways to implement BEKPSs, and we propose a framework for describing and analysing them.
In their paper “From Key Predistribution to Key Redistribution,” Cichoń et al. [2010] propose a scheme for “redistributing” keys to a wireless sensor network using a broadcast channel after an initial key predistribution. We classify this as a BEKPS and analyse it in that context. We provide simpler proofs of some results from their paper, give a precise analysis of the resilience of their scheme, and discuss possible modifications. We then study two scenarios where BEKPSs may be particularly desirable and propose a suitable family of BEKPSs for each case. We demonstrate that they are practical and efficient to implement, and our analysis shows their effectiveness in achieving suitable trade-offs between the conflicting priorities in resource-constrained networks
IOStack: Software-Defined Object Storage
The complexity and scale of today’s cloud storage systems is growing fast. In response to these challenges, Software-
Defined Storage (SDS) has recently become a prime candidate to simplify storage management in the cloud.
This article presents IOStack: The first SDS architecture for object stores (OpenStack Swift). At the control plane,
the provisioning of SDS services to tenants is made according to a set of policies managed via a high-level DSL. Policies may target storage automation and/or specific SLA objectives. At the data plane, policies define the enforcement of SDS services, namely filters, on a tenant’s requests. Moreover, IOStack is a framework to build a variety of filters, ranging from general-purpose computations close to the data to specialized data management mechanisms.
Our experiments illustrate that IOStack enables easy and effective policy-based provisioning, which can significantly
improve the operation of a multi-tenant object store.This work has been funded by the European Union through project H2020 “IOStack: Software-Defined Storage for Big Data” (644182) and by the Spanish Ministry of Science and Innovation through project “Servicios Cloud y Redes Comunitarias” (TIN-2013-47245-C2-2-R).Peer ReviewedPostprint (author's final draft
Revocation and Tracing Schemes for Stateless Receivers
We deal with the problem of a center sending a message to a group of users such that some subset of the users is considered revoked and should not be able to obtain the content of the message. We concentrate on the stateless receiver case, where the users do not (necessarily) update their state from session to session. We present a framework called the Subset-Cover framework, which abstracts a variety of revocation schemes including some previously known ones. We provide sufficient conditions that guarantee the security of a revocation algorithm in this class. We describ
A Lower Bound on the Number of Solutions to the Probed Partial Digest Problem
The Probed Partial Digestion mapping method partially digests a DNA strand with a restriction enzyme. A probe, which attaches to the DNA between two restriction enzyme cutting sites, is hybridized to the partially digested DNA, and the sizes of fragments to which the probe hybridizes are measured. The objective is to reconstruct the linear order of the restriction enzyme cutting sites from the multiset of measured lengths. In many cases, more than one underlying linear ordering is consistent with a multiset of measured lengths. This article shows that a multiset of N measured lengths can have as many as \Omega\Gamma N t ) solutions for any t ! i \Gamma1 (2) where i(t) is the Riemann Zeta Function and i \Gamma1 (2) Ăź 1:73. 1 Introduction The Probed Partial Digestion (or PPD) mapping scheme is used to generate physical maps of large DNA strands using restriction enzymes and probes. A DNA strand can be viewed as a finite sequence over the alphabet of four letters fA, C, G, Tg. A re..
Representing and Enumerating Edge Connectivity Cuts in RNC
An undirected edge-weighted graph can have at most \Gamma n 2 \Delta edge connectivity cuts. A succinct and algorithmically useful representation for this set of cuts was given by [4], and an efficient sequential algorithm for obtaining it was given by [12]. In this paper, we present a fast parallel algorithm for obtaining this representation; our algorithm is an RNC algorithm in case the weights are given in unary. We also observe that for a unary weighted graph, the problems of counting and enumerating the connectivity cuts are in RNC