Can we Construct Unbounded Time-Stamping Schemes from Collision-Free Hash Functions?

Käesolevas töös uurime piiranguteta ajatempliskeemi jaoks turvaliste räsifunktsioonide konstrueerimise võimalusi kollisioonivabadest räsifunktsioonidest. Kasutades Harberi ja Stornetta poolt loodud ajatembeldusskeemi ning Buldase ja Saarepera poolt selle jaoks konstrueeritud turvatingimust uurime nn. musta kasti konstruktsioonide võimatuse tõestuse võimalikkust. Kuna võimatuse tõestuse lihtsaim variant on oraakliga eraldus, keskendumegi just ühe selle eralduse jaoks sobivana tunduva oraakli omaduste ja võimaluste uurimisele. Me eeldame, et oraakel konstrueerib räsipuu, väljastab puu juurväärtuse ning annab seejärel sellest puust lähtuvalt ajatemplisertifikaate. Me tõestame, et kui oraakli argumendiks olev musta kasti meetodil koostatud räsifunktsioon ainult algse räsifunktsiooni kollisioonipaare kontrollib või nn. suurem-kui predikaati kasutab, ei saa seda oraaklit kasutada kollisioonide leidmiseks . Töö tulemused annavad lootust, et nimetatud oraakel on tõepoolest eralduseks sobiv ja lubavad oletada, et sarnaste oraaklite edasine uurimine võib lõpuks probleemi lahenduseni viia.It has been known for quite some time that collision-resistance of hash functions does not seem to give any actual security guarantees for unbounded hash-tree time-stamping, where the size of the hash-tree created by the time-stamping service is not explicitly restricted. We focus on the possibility of showing that there exist no black-box reductions of unbounded time-stamping schemes to collision-free hash functions. We propose an oracle that is probably suitable for such a separation and give strong evidence in support of that. However, the existence of a separation still remains open. We introduce the problem and give a construction of the oracle relative to which there seem to be no secure time-stamping schemes but there still exist collision-free hash function families. Although we rule out many useful collision-finding strategies (relative to the oracle) and the conjecture seems quite probable after that, there still remains a possibility that the oracle can be abused by some very smartly constructed wrappers. We also argue why it is probably very hard to give a correct proof for our conjecture

Optimal Adversary Behavior for the Serial Model of Financial Attack Trees

Attack tree analysis is used to estimate different parameters of general security threats based on information available for atomic subthreats. We focus on estimating the expected gains of an adversary based on both the cost and likelihood of the subthreats. Such a multi-parameter analysis is considerably more complicated than separate probability or skill level estimation, requiring exponential time in general. However, this paper shows that under reasonable assumptions a completely different type of optimal substructure exists which can be harnessed into a linear-time algorithm for optimal gains estimation. More concretely, we use a decision-theoretic framework in which a rational adversary sequentially considers and performs the available attacks. The assumption of rationality serves as an upper bound as any irrational behavior will just hurt the end result of the adversary himself. We show that if the attacker considers the attacks in a goal-oriented way, his optimal expected gains can be computed in linear time. Our model places the least restrictions on adversarial behavior of all known attack tree models that analyze economic viability of an attack and, as such, provides for the best efficiently computable estimate for the potential reward

Why do students choose to study Information and Communications Technology?

Abstract It is a worldwide problem that although many students are highly interested in Information and Communications Technology (ICT), they do not study it at the higher education level, or if they do then many of them eventually dropout. We studied the reasons student candidates choose to study ICT, in order to gather data that can be used for improving future ICT recruitment and retention. During the admissions procedure to three higher education institutions in Estonia, 1,464 student candidates were asked what reasons influenced them to apply to Informatics or Information Technology. On average, 2.6 candidates competed per available position at the institutions. Qualitative content analysis was used to code the candidates' open-ended answers and resulted inductively in 14 distinguishable categories. The most frequent reasons for studying ICT were general interest in ICT, previous experience in the field, need for personal professional development, and importance of the field in the future. Interestingly, only a few candidates expressed as a reason the importance of high salaries. Chi-square analysis showed that candidates were accepted with higher probability if they found ICT to be suitable for them, or expressed good opportunities in the labour market. These results are useful for planning effective admission procedures to recruit ICT students

Oraakliga musta kasti eraldustehnikad rakendustega ajatembeldusele

Väitekirja elektrooniline versioon ei sisalda publikatsioone.Doktoritöö üldisem teemavaldkond on krüptograafia, mis käsitleb erinevaid andmeturbega seonduvaid matemaatilisi probleeme. Krüptograafia üheks keskseks mõisteks on reduktsioon, mille abil on võimalik uue süsteemi turvalisus taandada teise, juba olemas oleva süsteemi turvalisuse eeldusele. Reduktsioonide abil on pea kogu tänapäevane digitaalne andmeturve võimalik ehitada seni arvutuslikult raskeks peetavatele matemaatilistele probleemidele. Enamasti kasutatakse niinimetatud musta kasti reduktsioone, kus konstruktsiooni sees kasutatava algse süsteemi kohta tehakse vaid minimaalseid eelduseid. Sellist tüüpi reduktsioonide rakendatavusel on siiski omad piirid, ning vahel on isegi võimalik tõestada nende mitteeksisteerimist teatud süsteemide korral. Antud töös uuritaksegi just seesuguste võimatustõestuste võimalusi ning nende rakendatavust. Näidatakse, et seni tuntud võtteid on võimalik üle kanda ka mitteühtlasesse arvutusmudelisse. Samuti demonstreeritakse, te lisaks võimatustõestustele saab sarnaste võtetega tõestada ka piire reduktsioonide turvatõestuste efektiivsusele, ning et neid on võimalik kasutada ühe praktilist kasutust leidnud ajatembeldusskeemi turvatõestuse optimaalsuse näitamiseks. Samuti tuuakse välja võimalus asendada tõestustes kasutatav juhuslikkus puhtalt deterministlike vahenditega, mis lubaks tulevikus esitada algoritmilisemaid ja potentsiaalselt lihtsamini jälgitavaid tõestuskäike.The thesis is from the general field of cryptography, which deals with the mathematical problems of information security. One of the central concepts of cryptography is that of reductions, which allow researchers to reduce the security of a new, constructed scheme to the assumption of security of a pre-existing scheme. Such reductions allow us to base most of modern cryptography on computational hardness assumptions of well-studied mathematical problems. The reductions are usually black-box, in the sense that only minimal assumptions are made about the workings of the underlying system. In this thesis we study the possibility of proving separation results, i.e., showing that such black-box reductions cannot exist in certain cases. We show that the techniques currently employed for such proofs can be generalized into the non-uniform model of computation. Additionally, it is shown that similar methods allow us to prove bounds on the efficiency of the security proofs, which in turn allows us to prove the optimality of a security reduction for a well.known time-stamping scheme. We also propose the idea of replacing true randomness with the notion of algorithmic randomness, which may allow for more algorithmic and easier to follow proofs to be presented for future separation results