A Polynomial-Time Universal Security Amplifier in the Class of Block Ciphers

We demonstrate the existence of an efficient block cipher with the property that whenever it is composed with any non-perfect cipher, the resulting product is strictly more secure, against an ideal adversary, than the original cipher. We call this property universal security amplification, and note that it holds trivially for a one-time pad (a stream cipher). However, as far as we are aware, this is the first efficient block cipher with this property. Several practical implications of this result are considered

Towards a digitally conceived physical performance object

Thesis (S.M.)--Massachusetts Institute of Technology, School of Architecture and Planning, Program in Media Arts and Sciences, 2007.Includes bibliographical references (p. 122-126).In the performing arts, the relationship that is established between what is seen and what is heard must be experienced to fully appreciate and understand the aesthetics of performance. Actual physical objects such as musical instruments, lights, elements of the set, props, and people provide the visual associations and a tangible reality which can enhance the musical elements in a performance. This thesis proposes that new and artistic physical objects can, in themselves, be designed to perform. It introduces the Chandelier, a kinetic sculpture, a central set piece for a new opera, a new kind of musical instrument, and an object that performs. The piece moves and changes shape through mechanical action and the designed interplay between surfaces and light. It is intended to be interacted with by musicians and players of the opera. This thesis also explores the design process and evolution of the Chandelier with a primary objective of realizing a constructible, physical performance object through an authentic and abstruse digital conception. It is a conception not of a static nature, but incorporates a dynamic sense of changeable form through coordinated elements of light, mechanics, and sculpture.Steven L. Pliam.S.M

Compositional closure for Bayes Risk in probabilistic noninterference

We give a sequential model for noninterference security including probability (but not demonic choice), thus supporting reasoning about the likelihood that high-security values might be revealed by observations of low-security activity. Our novel methodological contribution is the definition of a refinement order and its use to compare security measures between specifications and (their supposed) implementations. This contrasts with the more common practice of evaluating the security of individual programs in isolation. The appropriateness of our model and order is supported by our showing that our refinement order is the greatest compositional relation --the compositional closure-- with respect to our semantics and an "elementary" order based on Bayes Risk --- a security measure already in widespread use. We also relate refinement to other measures such as Shannon Entropy. By applying the approach to a non-trivial example, the anonymous-majority Three-Judges protocol, we demonstrate by example that correctness arguments can be simplified by the sort of layered developments --through levels of increasing detail-- that are allowed and encouraged by compositional semantics

Naturally Rehearsing Passwords

We introduce quantitative usability and security models to guide the design of password management schemes --- systematic strategies to help users create and remember multiple passwords. In the same way that security proofs in cryptography are based on complexity-theoretic assumptions (e.g., hardness of factoring and discrete logarithm), we quantify usability by introducing usability assumptions. In particular, password management relies on assumptions about human memory, e.g., that a user who follows a particular rehearsal schedule will successfully maintain the corresponding memory. These assumptions are informed by research in cognitive science and validated through empirical studies. Given rehearsal requirements and a user's visitation schedule for each account, we use the total number of extra rehearsals that the user would have to do to remember all of his passwords as a measure of the usability of the password scheme. Our usability model leads us to a key observation: password reuse benefits users not only by reducing the number of passwords that the user has to memorize, but more importantly by increasing the natural rehearsal rate for each password. We also present a security model which accounts for the complexity of password management with multiple accounts and associated threats, including online, offline, and plaintext password leak attacks. Observing that current password management schemes are either insecure or unusable, we present Shared Cues--- a new scheme in which the underlying secret is strategically shared across accounts to ensure that most rehearsal requirements are satisfied naturally while simultaneously providing strong security. The construction uses the Chinese Remainder Theorem to achieve these competing goals

Late Simultaneous Presentation of Left Ventricular Pseudoaneurysm and Tricuspid Regurgitation after Blunt Chest Trauma

A 32-yr-old man developed progressive exertional dyspnea 4 yr after blunt chest trauma due to an automobile accident. Two-dimensional echocardiography and computed-tomographic coronary angiography demonstrated a large pseudoaneurysm of the left ventricle and severe tricuspid regurgitation. The patient underwent successful surgical exclusion of the pseudoaneurysm by endoaneurysmal patch closure and repair of the tricuspid valve regurgitation. To the best of our knowledge, this is the first case of these 2 different pathologies presenting late simultaneously after blunt chest trauma and successful surgical repairs in the published literature

Quantitative Information Flow and Applications to Differential Privacy

International audienceSecure information flow is the problem of ensuring that the information made publicly available by a computational system does not leak information that should be kept secret. Since it is practically impossible to avoid leakage entirely, in recent years there has been a growing interest in considering the quantitative aspects of information flow, in order to measure and compare the amount of leakage. Information theory is widely regarded as a natural framework to provide firm foundations to quantitative information flow. In this notes we review the two main information-theoretic approaches that have been investigated: the one based on Shannon entropy, and the one based on Rényi min-entropy. Furthermore, we discuss some applications in the area of privacy. In particular, we consider statistical databases and the recently-proposed notion of differential privacy. Using the information-theoretic view, we discuss the bound that differential privacy induces on leakage, and the trade-off between utility and privac

On the Incomparability of Entropy and Marginal Guesswork in Brute-Force Attacks

We discuss measures of statistical uncertainty relevant to determining random values in cryptology. It is shown that unbalanced and self-similar Huffman trees have extremal properties with respect to these measures. Their corresponding probability distributions exhibit an unbounded gap between (Shannon) entropy and the logarithm of the minimum search space size necessary to be guaranteed a certain chance of success (called marginal guesswork). Thus, there can be no general inequality between them. We discuss the implications of this result in terms of the security of weak secrets against brute-force searching attacks, and also in terms of Shannon's uncertainty axioms