170 research outputs found
Interpretable Probabilistic Password Strength Meters via Deep Learning
Probabilistic password strength meters have been proved to be the most
accurate tools to measure password strength. Unfortunately, by construction,
they are limited to solely produce an opaque security estimation that fails to
fully support the user during the password composition. In the present work, we
move the first steps towards cracking the intelligibility barrier of this
compelling class of meters. We show that probabilistic password meters
inherently own the capability of describing the latent relation occurring
between password strength and password structure. In our approach, the security
contribution of each character composing a password is disentangled and used to
provide explicit fine-grained feedback for the user. Furthermore, unlike
existing heuristic constructions, our method is free from any human bias, and,
more importantly, its feedback has a clear probabilistic interpretation. In our
contribution: (1) we formulate the theoretical foundations of interpretable
probabilistic password strength meters; (2) we describe how they can be
implemented via an efficient and lightweight deep learning framework suitable
for client-side operability.Comment: An abridged version of this paper appears in the proceedings of the
25th European Symposium on Research in Computer Security (ESORICS) 202
On a generalization of the Dvoretzky-Wald-Wolfowitz theorem with an application to a robust optimization problem
A generalization of the Dvoretzky-Wald-Wolfowitz theorem to the case of
conditional expectations is provided assuming that the -field on the
state space has no conditional atoms.Comment: 10 page
Universal Neural-Cracking-Machines: Self-Configurable Password Models from Auxiliary Data
We develop the first universal password model -- a password model that, once
pre-trained, can automatically adapt to any password distribution. To achieve
this result, the model does not need to access any plaintext passwords from the
target set. Instead, it exploits users' auxiliary information, such as email
addresses, as a proxy signal to predict the underlying target password
distribution. The model uses deep learning to capture the correlation between
the auxiliary data of a group of users (e.g., users of a web application) and
their passwords. It then exploits those patterns to create a tailored password
model for the target community at inference time. No further training steps,
targeted data collection, or prior knowledge of the community's password
distribution is required. Besides defining a new state-of-the-art for password
strength estimation, our model enables any end-user (e.g., system
administrators) to autonomously generate tailored password models for their
systems without the often unworkable requirement of collecting suitable
training data and fitting the underlying password model. Ultimately, our
framework enables the democratization of well-calibrated password models to the
community, addressing a major challenge in the deployment of password security
solutions on a large scale.Comment: v0.0
Improving Password Guessing via Representation Learning
Learning useful representations from unstructured data is one of the core
challenges, as well as a driving force, of modern data-driven approaches. Deep
learning has demonstrated the broad advantages of learning and harnessing such
representations. In this paper, we introduce a deep generative model
representation learning approach for password guessing. We show that an
abstract password representation naturally offers compelling and versatile
properties that can be used to open new directions in the extensively studied,
and yet presently active, password guessing field. These properties can
establish novel password generation techniques that are neither feasible nor
practical with the existing probabilistic and non-probabilistic approaches.
Based on these properties, we introduce:(1) A general framework for conditional
password guessing that can generate passwords with arbitrary biases; and (2) an
Expectation Maximization-inspired framework that can dynamically adapt the
estimated password distribution to match the distribution of the attacked
password set.Comment: This paper appears in the proceedings of the 42nd IEEE Symposium on
Security and Privacy (Oakland) S&P 202
The integration of 3D modeling and simulation to determine the energy potential of low-temperature geothermal systems in the Pisa (Italy) sedimentary plain
Shallow, low-temperature geothermal resources can significantly reduce the environmental impact of heating and cooling. Based on a replicable standard workflow for three-dimensional (3D) geothermal modeling, an approach to the assessment of geothermal energy potential is proposed and applied to the young sedimentary basin of Pisa (north Tuscany, Italy), starting from the development of a geothermal geodatabase, with collated geological, stratigraphic, hydrogeological, geophysical and thermal data. The contents of the spatial database are integrated and processed using software for geological and geothermal modeling. The models are calibrated using borehole data. Model outputs are visualized as three-dimensional reconstructions of the subsoil units, their volumes and depths, the hydrogeological framework, and the distribution of subsoil temperatures and geothermal properties. The resulting deep knowledge of subsoil geology would facilitate the deployment of geothermal heat pump technology, site selection for well doublets (for open-loop systems), or vertical heat exchangers (for closed-loop systems). The reconstructed geological-hydrogeological models and the geothermal numerical simulations performed help to define the limits of sustainable utilization of an area's geothermal potential
Breach Extraction Attacks: Exposing and Addressing the Leakage in Second Generation Compromised Credential Checking Services
Credential tweaking attacks use breached passwords to generate semantically similar passwords and gain access to victims\u27 services.
These attacks sidestep the first generation of compromised credential checking (C3) services. The second generation of compromised credential checking services, called Might I Get Pwned (MIGP), is a privacy-preserving protocol that defends against credential tweaking attacks by allowing clients to query whether a password or a semantically similar variation is present in the server\u27s compromised credentials dataset.
The desired privacy requirements include not revealing the user\u27s entered password to the server and ensuring that no compromised credentials are disclosed to the client.
In this work, we formalize the cryptographic leakage of the MIGP protocol and perform a security analysis to assess its impact on the credentials held by the server. We focus on how this leakage aids breach extraction attacks, where an honest-but-curious client interacts with the server to extract information about the stored credentials. Furthermore, we discover additional leakage that arises from the implementation of Cloudflare\u27s deployment of MIGP. We evaluate how the discovered leakage affects the guessing capability of an attacker in relation to breach extraction attacks. Finally, we propose MIGP 2.0, a new iteration of the MIGP protocol designed to minimize data leakage and prevent the introduced attacks
A non‑lethal method to assess element content in the endangered Pinna nobilis
The fan shell Pinna nobilis is the largest bivalve endemic to the Mediterranean and is actually a strongly endangered species. Due to the biological, ecological, and historical relevance of this species, the research of a non-lethal method to relate the element content in organism’s tissues and environment can provide information potentially useful to evaluate environmental pollution and organism physiological status. In this study, a screening on element concentration in the animal growing environment (seawater and sediments) and in four soft tissues (hepatopancreas, gills, mantle, and muscle), and two acellular tissues (calcite shell layer, and byssus) was performed. The comparison among these results was used to assess whether the no-lethal acellular tissue element concentration can be used to reveal the element presence in the environment and soft tissues. Elements, such as B, Ag, As, Mn, Mo, Pb, or Se, showed a possible relationship between their presence in the byssus and soft tissues. In the byssus Cr, Sb, Sn, and V have shown to be mostly related to the environment, more than the soft tissues, and might be used to draw a historical record of the exposure of the organism. The element concentration in the calcite shell layer did not relate with environmental element concentrations. Essential elements, like Cu, Fe, Ni, and Zn, were present in calcite shell layer and byssus and are likely related to their biological activity in the organism. The research also gave an overview on the presence of pollution and on the preferential intake route of the element. In summary, this study, performed on a limited number of specimens of this protected species, indicated that element concentration in the byssus can be applied as non-lethal method to monitor this endangered species and its interaction with the elements in the growing environment
Circulating haematopoietic and endothelial progenitor cells are decreased in COPD
Circulating CD34+ cells are haemopoietic progenitors that may play a role in
tissue repair. No data are available on circulating progenitors in chronic
obstructive pulmonary disease (COPD). Circulating CD34+ cells were studied in 18
patients with moderate-to-severe COPD (age: mean+/-sd 68+/-8 yrs; forced
expiratory volume in one second: 48+/-12% predicted) and 12 controls, at rest and
after endurance exercise. Plasma concentrations of haematopoietic growth factors
(FMS-like tyrosine kinase 3 (Flt3) ligand, kit ligand), markers of hypoxia
(vascular endothelial growth factor (VEGF)) and stimulators of angiogenesis
(VEGF, hepatocyte growth factor (HGF)) and markers of systemic inflammation
(tumour necrosis factor (TNF)-alpha, interleukin (IL)-6, IL-8) were measured.
Compared with the controls, the COPD patients showed a three-fold reduction in
CD34+ cell counts (3.3+/-2.5 versus 10.3+/-4.2 cells.microL-1), and a 50%
decrease in AC133+ cells. In the COPD patients, progenitor-derived haemopoietic
and endothelial cell colonies were reduced by 30-50%. However, four COPD patients
showed progenitor counts in the normal range associated with lower TNF-alpha
levels. In the entire sample, CD34+ cell counts correlated with exercise capacity
and severity of airflow obstruction. After endurance exercise, progenitor counts
were unchanged, while plasma Flt3 ligand and VEGF only increased in the COPD
patients. Plasma HGF levels were higher in the COPD patients compared with the
controls and correlated inversely with the number of progenitor-derived colonies.
In conclusion, circulating CD34+ cells and endothelial progenitors were decreased
in chronic obstructive pulmonary disease patients and could be correlated with
disease severity
- …