Measuring Multijet Structure of Hadronic Energy Flow Or What IS A Jet?

Ambiguities of jet algorithms are reinterpreted as instability wrt small variations of input. Optimal stability occurs for observables possessing property of calorimetric continuity (C-continuity) predetermined by kinematical structure of calorimetric detectors. The so-called C-correlators form a basic class of such observables and fit naturally into QFT framework, allowing systematic theoretical studies. A few rules generate other C-continuous observables. The resulting C-algebra correctly quantifies any feature of multijet structure such as the "number of jets" and mass spectra of "multijet substates". The new observables are physically equivalent to traditional ones but can be computed from final states bypassing jet algorithms which reemerge as a tool of approximate computation of C-observables from data with all ambiguities under analytical control and an optimal recombination criterion minimizing approximation errors.Comment: PostScript, 94 pp (US Letter), 18 PS files, [email protected]

Zero-Knowledge User Authentication: An Old Idea Whose Time Has Come

User authentication can rely on various factors (e.g., a password, a cryptographic key, biometric data) but should not reveal any secret or private information. This seemingly paradoxical feat can be achieved through zero-knowledge proofs. Unfortunately, naive password-based approaches still prevail on the web. Multi-factor authentication schemes address some of the weaknesses of the traditional login process, but generally have deployability issues or degrade usability even further as they assume users do not possess adequate hardware. This assumption no longer holds: smartphones with biometric sensors, cameras, short-range communication capabilities, and unlimited data plans have become ubiquitous. In this paper, we show that, assuming the user has such a device, both security and usability can be drastically improved using an augmented password-authenticated key agreement (PAKE) protocol and message authentication codes.Comment: International Workshop on Security Protocols (SPW) 201

Gaussian two-mode attacks in one-way quantum cryptography

We investigate the asymptotic security of one-way continuous variable quantum key distribution against Gaussian two-mode coherent attacks. The one-way protocol is implemented by arranging the channel uses in two-mode blocks. By applying symmetric random permutations over these blocks, the security analysis is in fact reduced to study two-mode coherent attacks and, in particular, Gaussian ones, due to the extremality of Gaussian states. We explicitly show that the use of two-mode Gaussian correlations by an eavesdropper leads to asymptotic secret key rates which are strictly larger than the rate obtained under standard single-mode Gaussian attacks.Comment: 9 pages, 2 figure

A High Speed, Post-Processing Free, Quantum Random Number Generator

A quantum random number generator (QRNG) based on gated single photon detection of an InGaAs photodiode at GHz frequency is demonstrated. Owing to the extremely long coherence time of each photon, each photons' wavefuntion extends over many gating cycles of the photodiode. The collapse of the photon wavefunction on random gating cycles as well as photon random arrival time detection events are used to generate sequences of random bits at a rate of 4.01 megabits/s. Importantly, the random outputs are intrinsically bias-free and require no post-processing procedure to pass random number statistical tests, making this QRNG an extremely simple device

Trust and reputation policy-based mechanisms for self-protection in autonomic communications

Currently, there is an increasing tendency to migrate the management of communications and information systems onto the Web. This is making many traditional service support models obsolete. In addition, current security mechanisms are not sufficiently robust to protect each management system and/or subsystem from web-based intrusions, malware, and hacking attacks. This paper presents research challenges in autonomic management to provide self-protection mechanisms and tools by using trust and reputation concepts based on policy-based management to decentralize management decisions. This work also uses user-based reputation mechanisms to help enforce trust management in pervasive and communications services. The scope of this research is founded in social models, where the application of trust and reputation applied in communication systems helps detect potential users as well as hackers attempting to corrupt management operations and services. These so-called “cheating services” act as “attacks”, altering the performance and the security in communication systems by consumption of computing or network resources unnecessarily

A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes

With their increasing popularity in cryptosystems, biometrics have attracted more and more attention from the information security community. However, how to handle the relevant privacy concerns remains to be troublesome. In this paper, we propose a novel security model to formalize the privacy concerns in biometric-based remote authentication schemes. Our security model covers a number of practical privacy concerns such as identity privacy and transaction anonymity, which have not been formally considered in the literature. In addition, we propose a general biometric-based remote authentication scheme and prove its security in our security model

Efficient Attack Graph Analysis through Approximate Inference

Attack graphs provide compact representations of the attack paths that an attacker can follow to compromise network resources by analysing network vulnerabilities and topology. These representations are a powerful tool for security risk assessment. Bayesian inference on attack graphs enables the estimation of the risk of compromise to the system's components given their vulnerabilities and interconnections, and accounts for multi-step attacks spreading through the system. Whilst static analysis considers the risk posture at rest, dynamic analysis also accounts for evidence of compromise, e.g. from SIEM software or forensic investigation. However, in this context, exact Bayesian inference techniques do not scale well. In this paper we show how Loopy Belief Propagation - an approximate inference technique - can be applied to attack graphs, and that it scales linearly in the number of nodes for both static and dynamic analysis, making such analyses viable for larger networks. We experiment with different topologies and network clustering on synthetic Bayesian attack graphs with thousands of nodes to show that the algorithm's accuracy is acceptable and converge to a stable solution. We compare sequential and parallel versions of Loopy Belief Propagation with exact inference techniques for both static and dynamic analysis, showing the advantages of approximate inference techniques to scale to larger attack graphs.Comment: 30 pages, 14 figure

Some Directions beyond Traditional Quantum Secret Sharing

We investigate two directions beyond the traditional quantum secret sharing (QSS). First, a restriction on QSS that comes from the no-cloning theorem is that any pair of authorized sets in an access structure should overlap. From the viewpoint of application, this places an unnatural constraint on secret sharing. We present a generalization, called assisted QSS (AQSS), where access structures without pairwise overlap of authorized sets is permissible, provided some shares are withheld by the share dealer. We show that no more than $\lambda-1$ withheld shares are required, where $\lambda$ is the minimum number of {\em partially linked classes} among the authorized sets for the QSS. Our result means that such applications of QSS need not be thwarted by the no-cloning theorem. Secondly, we point out a way of combining the features of QSS and quantum key distribution (QKD) for applications where a classical information is shared by quantum means. We observe that in such case, it is often possible to reduce the security proof of QSS to that of QKD.Comment: To appear in Physica Scripta, 7 pages, 1 figure, subsumes arXiv:quant-ph/040720

Attack trees in Isabelle

In this paper, we present a proof theory for attack trees. Attack trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of attack trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of attack trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of attack tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification