How to Sequentialize Independent Parallel Attacks?

We assume a scenario where an attacker can mount several independent attacks on a single CPU. Each attack can be run several times in independent ways. Each attack can succeed after a given number of steps with some given and known probability. A natural question is to wonder what is the optimal strategy to run steps of the attacks in a sequence. In this paper, we develop a formalism to tackle this problem. When the number of attacks is infinite, we show that there is a magic number of steps m such that the optimal strategy is to run an attack for m steps and to try again with another attack until one succeeds. We also study the case of a finite number of attacks. We describe this problem when the attacks are exhaustive key searches, but the result is more general. We apply our result to the learning parity with noise (LPN) problem and the password search problem. Although the optimal m decreases as the distribution is more biased, we observe a phase transition in all cases: the decrease is very abrupt from m corresponding to exhaustive search on a single target to m=1 corresponding to running a single step of the attack on each target. For all practical biased examples, we show that the best strategy is to use m=1. For LPN, this means to guess that the noise vector is 0 and to solve the secret by Gaussian elimination. This is actually better than all variants of the Blum-Kalai-Wasserman (BKW) algorithm

Demographics of HIV-infected persons attending a dental clinic

The demographics of 147 HIV-infected persons attending a special care dental clinic in South West England are reported. The majority of attendants were homosexual/bisexual males, reflecting the UK epidemiology of HIV disease at the time of study. There was a substantial rise in patient numbers from 1988 onwards but patients often did not reveal their route of HIV acquisition or increasingly had acquired HIV disease via heterosexual routes. Patients were usually referred for routine dental treatment, not HIV-related oral disease. The HIV-infected patients generally attended the clinic irregularly, despite being offered many appointments. It is concluded that most patients with HIV disease attend clinics for routine dental care, yet many may be unable or unwilling to attend regularly

Optimistic fair exchange based on publicly verifiable secret sharing

Abstract. In this paper we propose an optimistic two-party fair exchange protocol which does not rely on a centralized trusted third party. Instead, the fairness of the protocol relies on the honesty of part of the neighbor participants. This new concept, which is based on a generic verifiable secret sharing scheme, is particularly relevant in networks where centralized authority can neither be used on-line nor off-line.

RFID Systems: A Survey on Security Threats and Proposed Solutions

Abstract. Low-cost Radio Frequency Identification (RFID) tags affixed to consumer items as smart labels are emerging as one of the most per-vasive computing technology in history. This can have huge security im-plications. The present article surveys the most important technical se-curity challenges of RFID systems. We first provide a brief summary of the most relevant standards related to this technology. Next, we present an overview about the state of the art on RFID security, addressing both the functional aspects and the security risks and threats associated to its use. Finally, we analyze the main security solutions proposed until date

Usable Optimistic Fair Exchange

Fairly exchanging digital content is an everyday problem. It has been shown that fair exchange cannot be done without a trusted third party (called the Arbiter). Yet, even with a trusted party, it is still non-trivial to come up with an efficient solution, especially one that can be used in a p2p file sharing system with a high volume of data exchanged. We provide an efficient optimistic fair exchange mechanism for bartering digital files, where receiving a payment in return to a file (buying) is also considered fair. The exchange is optimistic, removing the need for the Arbiter\u27s involvement unless a dispute occurs. While the previous solutions employ costly cryptographic primitives for every file or block exchanged, our protocol employs them only once per peer, therefore achieving O(n) efficiency improvement when n blocks are exchanged between two peers. The rest of our protocol uses very efficient cryptography, making it perfectly suitable for a p2p file sharing system where tens of peers exchange thousands of blocks and they do not know beforehand which ones they will end up exchanging. Therefore, our system yields to one-two orders of magnitude improvement in terms of both computation and communication (40 seconds vs. 42 minutes, 1.6MB vs. 200MB). Thus, for the first time, a provably secure (and privacy respecting when payments are made using e-cash) fair exchange protocol is being used in real bartering applications (e.g., BitTorrent) without sacrificing performance

A formal approach to distance-bounding RFID protocols

Distance-bounding protocols aim at impeding man-in-themiddle( MITM) attacks by measuring response times. Three kinds of attacks are usually addressed: (1) Mafia attacks where adversaries relay communication between honest prover and honest verifier in different sessions; (2) Terrorist attacks where adversaries gets limited active support from the prover to impersonate; (3) Distance attacks where a malicious prover claims to be closer to the verifier than it really is. Many protocols in the literature address one or two such threats, but no rigorous security models -nor clean proofs- exist so far. For resource-constrained RFID tags, distance-bounding is more difficult to achieve. Our contribution here is to formally define security against the above-mentioned attacks and to relate the properties. We thus refute previous beliefs about relations between the notions, showing instead that they are independent. Finally we assess the security of the RFID distance-bounding sche me due to Kim and Avoine in our model, and enhance it to include impersonation security and allow for errors due to noisy channel transmissions