462 research outputs found
Safe abstractions of data encodings in formal security protocol models
When using formal methods, security protocols are usually modeled at a high level of abstraction. In particular, data encoding and decoding transformations are often abstracted away. However, if no assumptions at all are made on the behavior of such transformations, they could trivially lead to security faults, for example leaking secrets or breaking freshness by collapsing nonces into constants. In order to address this issue, this paper formally states sufficient conditions, checkable on sequential code, such that if an abstract protocol model is secure under a Dolev-Yao adversary, then a refined model, which takes into account a wide class of possible implementations of the encoding/decoding operations, is implied to be secure too under the same adversary model. The paper also indicates possible exploitations of this result in the context of methods based on formal model extraction from implementation code and of methods based on automated code generation from formally verified model
Population stability: regulating size in the presence of an adversary
We introduce a new coordination problem in distributed computing that we call
the population stability problem. A system of agents each with limited memory
and communication, as well as the ability to replicate and self-destruct, is
subjected to attacks by a worst-case adversary that can at a bounded rate (1)
delete agents chosen arbitrarily and (2) insert additional agents with
arbitrary initial state into the system. The goal is perpetually to maintain a
population whose size is within a constant factor of the target size . The
problem is inspired by the ability of complex biological systems composed of a
multitude of memory-limited individual cells to maintain a stable population
size in an adverse environment. Such biological mechanisms allow organisms to
heal after trauma or to recover from excessive cell proliferation caused by
inflammation, disease, or normal development.
We present a population stability protocol in a communication model that is a
synchronous variant of the population model of Angluin et al. In each round,
pairs of agents selected at random meet and exchange messages, where at least a
constant fraction of agents is matched in each round. Our protocol uses
three-bit messages and states per agent. We emphasize that
our protocol can handle an adversary that can both insert and delete agents, a
setting in which existing approximate counting techniques do not seem to apply.
The protocol relies on a novel coloring strategy in which the population size
is encoded in the variance of the distribution of colors. Individual agents can
locally obtain a weak estimate of the population size by sampling from the
distribution, and make individual decisions that robustly maintain a stable
global population size
Optimal confinement potential in quantum Hall droplets
We find that the confinement potential of a few electron quantum dot can be
tuned to significantly increase the overlap with certain quantum Hall trial
wave functions. Besides manipulating inter-electron interaction, this approach
may prove useful in quantum point contact experiments, which involve narrow
constrictions.Comment: 4 pages, 1 figur
A Superstabilizing -Approximation Algorithm for Dynamic Steiner Trees
In this paper we design and prove correct a fully dynamic distributed
algorithm for maintaining an approximate Steiner tree that connects via a
minimum-weight spanning tree a subset of nodes of a network (referred as
Steiner members or Steiner group) . Steiner trees are good candidates to
efficiently implement communication primitives such as publish/subscribe or
multicast, essential building blocks for the new emergent networks (e.g. P2P,
sensor or adhoc networks). The cost of the solution returned by our algorithm
is at most times the cost of an optimal solution, where is the
group of members. Our algorithm improves over existing solutions in several
ways. First, it tolerates the dynamism of both the group members and the
network. Next, our algorithm is self-stabilizing, that is, it copes with nodes
memory corruption. Last but not least, our algorithm is
\emph{superstabilizing}. That is, while converging to a correct configuration
(i.e., a Steiner tree) after a modification of the network, it keeps offering
the Steiner tree service during the stabilization time to all members that have
not been affected by this modification
Leader Election in Anonymous Rings: Franklin Goes Probabilistic
We present a probabilistic leader election algorithm for anonymous, bidirectional, asynchronous rings. It is based on an algorithm from Franklin, augmented with random identity selection, hop counters to detect identity clashes, and round numbers modulo 2. As a result, the algorithm is finite-state, so that various model checking techniques can be employed to verify its correctness, that is, eventually a unique leader is elected with probability one. We also sketch a formal correctness proof of the algorithm for rings with arbitrary size
Is the charge determined via shot noise measurements unique?
Charged excitations in the fractional quantum Hall effect are known to carry
fractional charges, as theoretically predicted and experimentally verified.
Here we report on the dependence of the tunneling quasiparticle charge, as
determined via highly sensitive shot noise measurements, on the measurement
conditions, in the odd denominators states v=1/3 and v=7/3 and in the even
denominator state v=5/2. In particular, for very weak backscattering
probability and sufficiently small excitation energies (temperature and applied
voltage), tunneling charges across a constriction were found to be
significantly higher than the theoretically predicted fundamental quasiparticle
charges
Making Code Voting Secure against Insider Threats using Unconditionally Secure MIX Schemes and Human PSMT Protocols
Code voting was introduced by Chaum as a solution for using a possibly
infected-by-malware device to cast a vote in an electronic voting application.
Chaum's work on code voting assumed voting codes are physically delivered to
voters using the mail system, implicitly requiring to trust the mail system.
This is not necessarily a valid assumption to make - especially if the mail
system cannot be trusted. When conspiring with the recipient of the cast
ballots, privacy is broken.
It is clear to the public that when it comes to privacy, computers and
"secure" communication over the Internet cannot fully be trusted. This
emphasizes the importance of using: (1) Unconditional security for secure
network communication. (2) Reduce reliance on untrusted computers.
In this paper we explore how to remove the mail system trust assumption in
code voting. We use PSMT protocols (SCN 2012) where with the help of visual
aids, humans can carry out addition correctly with a 99\% degree of
accuracy. We introduce an unconditionally secure MIX based on the combinatorics
of set systems.
Given that end users of our proposed voting scheme construction are humans we
\emph{cannot use} classical Secure Multi Party Computation protocols.
Our solutions are for both single and multi-seat elections achieving:
\begin{enumerate}[i)]
\item An anonymous and perfectly secure communication network secure against
a -bounded passive adversary used to deliver voting,
\item The end step of the protocol can be handled by a human to evade the
threat of malware. \end{enumerate} We do not focus on active adversaries
A Spatial-Epistemic Logic for Reasoning about Security Protocols
Reasoning about security properties involves reasoning about where the
information of a system is located, and how it evolves over time. While most
security analysis techniques need to cope with some notions of information
locality and knowledge propagation, usually they do not provide a general
language for expressing arbitrary properties involving local knowledge and
knowledge transfer. Building on this observation, we introduce a framework for
security protocol analysis based on dynamic spatial logic specifications. Our
computational model is a variant of existing pi-calculi, while specifications
are expressed in a dynamic spatial logic extended with an epistemic operator.
We present the syntax and semantics of the model and logic, and discuss the
expressiveness of the approach, showing it complete for passive attackers. We
also prove that generic Dolev-Yao attackers may be mechanically determined for
any deterministic finite protocol, and discuss how this result may be used to
reason about security properties of open systems. We also present a
model-checking algorithm for our logic, which has been implemented as an
extension to the SLMC system.Comment: In Proceedings SecCo 2010, arXiv:1102.516
Analysis of Shot Noise at Finite Temperatures in Fractional Quantum Hall Edge States
We investigate shot noise at {\it finite temperatures} induced by the
quasi-particle tunneling between fractional quantum Hall (FQH) edge states. The
resulting Fano factor has the peak structure at a certain bias voltage. Such a
structure indicates that quasi-particles are weakly {\it glued} due to thermal
fluctuation. We show that the effect makes it possible to probe the difference
of statistics between FQH states where quasi-particles have the
same unit charge.Finally we propose a way to indirectly obtain statistical
angle in hierarchical FQH states.Comment: 5 pages, 3 figure
Non-malleable encryption: simpler, shorter, stronger
In a seminal paper, Dolev et al. [15] introduced the notion of non-malleable encryption (NM-CPA). This notion is very intriguing since it suffices for many applications of chosen-ciphertext secure encryption (IND-CCA), and, yet, can be generically built from semantically secure (IND-CPA) encryption, as was shown in the seminal works by Pass et al. [29] and by Choi et al. [9], the latter of which provided a black-box construction. In this paper we investigate three questions related to NM-CPA security: 1. Can the rate of the construction by Choi et al. of NM-CPA from IND-CPA be improved? 2. Is it possible to achieve multi-bit NM-CPA security more efficiently from a single-bit NM-CPA scheme than from IND-CPA? 3. Is there a notion stronger than NM-CPA that has natural applications and can be achieved from IND-CPA security? We answer all three questions in the positive. First, we improve the rate in the scheme of Choi et al. by a factor O(λ), where λ is the security parameter. Still, encrypting a message of size O(λ) would require ciphertext and keys of size O(λ2) times that of the IND-CPA scheme, even in our improved scheme. Therefore, we show a more efficient domain extension technique for building a λ-bit NM-CPA scheme from a single-bit NM-CPA scheme with keys and ciphertext of size O(λ) times that of the NM-CPA one-bit scheme. To achieve our goal, we define and construct a novel type of continuous non-malleable code (NMC), called secret-state NMC, as we show that standard continuous NMCs are not enough for the natural âencode-then-encrypt-bit-by-bitâ approach to work. Finally, we introduce a new security notion for public-key encryption that we dub non-malleability under (chosen-ciphertext) self-destruct attacks (NM-SDA). After showing that NM-SDA is a strict strengthening of NM-CPA and allows for more applications, we nevertheless show that both of our resultsâ(faster) construction from IND-CPA and domain extension from one-bit schemeâalso hold for our stronger NM-SDA security. In particular, the notions of IND-CPA, NM-CPA, and NM-SDA security are all equivalent, lying (plausibly, strictly?) below IND-CCA securit
- âŠ