400 research outputs found
Measuring Multijet Structure of Hadronic Energy Flow Or What IS A Jet?
Ambiguities of jet algorithms are reinterpreted as instability wrt small
variations of input. Optimal stability occurs for observables possessing
property of calorimetric continuity (C-continuity) predetermined by kinematical
structure of calorimetric detectors. The so-called C-correlators form a basic
class of such observables and fit naturally into QFT framework, allowing
systematic theoretical studies. A few rules generate other C-continuous
observables. The resulting C-algebra correctly quantifies any feature of
multijet structure such as the "number of jets" and mass spectra of "multijet
substates". The new observables are physically equivalent to traditional ones
but can be computed from final states bypassing jet algorithms which reemerge
as a tool of approximate computation of C-observables from data with all
ambiguities under analytical control and an optimal recombination criterion
minimizing approximation errors.Comment: PostScript, 94 pp (US Letter), 18 PS files, [email protected]
Zero-Knowledge User Authentication: An Old Idea Whose Time Has Come
User authentication can rely on various factors (e.g., a password, a
cryptographic key, biometric data) but should not reveal any secret or private
information. This seemingly paradoxical feat can be achieved through
zero-knowledge proofs. Unfortunately, naive password-based approaches still
prevail on the web. Multi-factor authentication schemes address some of the
weaknesses of the traditional login process, but generally have deployability
issues or degrade usability even further as they assume users do not possess
adequate hardware. This assumption no longer holds: smartphones with biometric
sensors, cameras, short-range communication capabilities, and unlimited data
plans have become ubiquitous. In this paper, we show that, assuming the user
has such a device, both security and usability can be drastically improved
using an augmented password-authenticated key agreement (PAKE) protocol and
message authentication codes.Comment: International Workshop on Security Protocols (SPW) 201
Gaussian two-mode attacks in one-way quantum cryptography
We investigate the asymptotic security of one-way continuous variable quantum
key distribution against Gaussian two-mode coherent attacks. The one-way
protocol is implemented by arranging the channel uses in two-mode blocks. By
applying symmetric random permutations over these blocks, the security analysis
is in fact reduced to study two-mode coherent attacks and, in particular,
Gaussian ones, due to the extremality of Gaussian states. We explicitly show
that the use of two-mode Gaussian correlations by an eavesdropper leads to
asymptotic secret key rates which are strictly larger than the rate obtained
under standard single-mode Gaussian attacks.Comment: 9 pages, 2 figure
A High Speed, Post-Processing Free, Quantum Random Number Generator
A quantum random number generator (QRNG) based on gated single photon
detection of an InGaAs photodiode at GHz frequency is demonstrated. Owing to
the extremely long coherence time of each photon, each photons' wavefuntion
extends over many gating cycles of the photodiode. The collapse of the photon
wavefunction on random gating cycles as well as photon random arrival time
detection events are used to generate sequences of random bits at a rate of
4.01 megabits/s. Importantly, the random outputs are intrinsically bias-free
and require no post-processing procedure to pass random number statistical
tests, making this QRNG an extremely simple device
Trust and reputation policy-based mechanisms for self-protection in autonomic communications
Currently, there is an increasing tendency to migrate the management of communications and information systems onto the Web. This is making many traditional service support models obsolete. In addition, current security mechanisms are not sufficiently robust to protect each management system and/or subsystem from web-based intrusions, malware, and hacking attacks. This paper presents research challenges in autonomic management to provide self-protection mechanisms and tools by using trust and reputation concepts based on policy-based management to decentralize management decisions. This work also uses user-based reputation mechanisms to help enforce trust management in pervasive and communications services. The scope of this research is founded in social models, where the application of trust and reputation applied in communication systems helps detect potential users as well as hackers attempting to corrupt management operations and services. These so-called “cheating services” act as “attacks”, altering the performance and the security in communication systems by consumption of computing or network resources unnecessarily
A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes
With their increasing popularity in cryptosystems, biometrics have attracted more and more attention from the information security community. However, how to handle the relevant privacy concerns remains to be troublesome. In this paper, we propose a novel security model to formalize the privacy concerns in biometric-based remote authentication schemes. Our security model covers a number of practical privacy concerns such as identity privacy and transaction anonymity, which have not been formally considered in the literature. In addition, we propose a general biometric-based remote authentication scheme and prove its security in our security model
Efficient Attack Graph Analysis through Approximate Inference
Attack graphs provide compact representations of the attack paths that an
attacker can follow to compromise network resources by analysing network
vulnerabilities and topology. These representations are a powerful tool for
security risk assessment. Bayesian inference on attack graphs enables the
estimation of the risk of compromise to the system's components given their
vulnerabilities and interconnections, and accounts for multi-step attacks
spreading through the system. Whilst static analysis considers the risk posture
at rest, dynamic analysis also accounts for evidence of compromise, e.g. from
SIEM software or forensic investigation. However, in this context, exact
Bayesian inference techniques do not scale well. In this paper we show how
Loopy Belief Propagation - an approximate inference technique - can be applied
to attack graphs, and that it scales linearly in the number of nodes for both
static and dynamic analysis, making such analyses viable for larger networks.
We experiment with different topologies and network clustering on synthetic
Bayesian attack graphs with thousands of nodes to show that the algorithm's
accuracy is acceptable and converge to a stable solution. We compare sequential
and parallel versions of Loopy Belief Propagation with exact inference
techniques for both static and dynamic analysis, showing the advantages of
approximate inference techniques to scale to larger attack graphs.Comment: 30 pages, 14 figure
Some Directions beyond Traditional Quantum Secret Sharing
We investigate two directions beyond the traditional quantum secret sharing
(QSS). First, a restriction on QSS that comes from the no-cloning theorem is
that any pair of authorized sets in an access structure should overlap. From
the viewpoint of application, this places an unnatural constraint on secret
sharing. We present a generalization, called assisted QSS (AQSS), where access
structures without pairwise overlap of authorized sets is permissible, provided
some shares are withheld by the share dealer. We show that no more than
withheld shares are required, where is the minimum number
of {\em partially linked classes} among the authorized sets for the QSS. Our
result means that such applications of QSS need not be thwarted by the
no-cloning theorem. Secondly, we point out a way of combining the features of
QSS and quantum key distribution (QKD) for applications where a classical
information is shared by quantum means. We observe that in such case, it is
often possible to reduce the security proof of QSS to that of QKD.Comment: To appear in Physica Scripta, 7 pages, 1 figure, subsumes
arXiv:quant-ph/040720
Attack trees in Isabelle
In this paper, we present a proof theory for attack trees. Attack trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of attack trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of attack trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of attack tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification
- …