Environmental Controls on Pore Number in Hyalosphenia papilio: Implications for Paleoenvironmental Reconstruction

Testate amoebae are routinely used as paleoenvironmental indicators. However, considerable variability occurs in test morphology, even within commonly identified taxa. Relationships between morphological variability and environmental conditions might be useful in paleohydrological studies of peatlands, assuming good preservation of characteristics. Hyalosphenia papilio is a common taxon, well preserved in Sphagnum peatlands, that displays variability in the number of pores on the broad side of the test. We assessed whether variability in pore number was related to substrate moisture by comparing the abundance of individuals with different numbers of pores to measured water-table depths at 67 sites in North America. Results indicated that the abundance of individuals with higher numbers of pores increased in wetter conditions. Individuals with 2 pores were relatively widespread, although they dominated drier habitats. Transfer functions developed with and without pore-number quantification suggest that when communities contain abundant individuals with greater than 2 pores, water-table depth reconstructions can be improved by including pore-number information. Results have implications for peatland paleohydrological studies and suggest that greater exploitation of morphological variability could improve testate amoeba-based reconstructions of past environmental change

The POLIPO Security Framework

Systems of systems are dynamic coalitions of distributed, autonomous and heterogeneous systems that collaborate to achieve a common goal. While offering several advantages in terms of scalability and flexibility, the systems of systems paradigm has a significant impact on systems interoperability and on the security requirements of the collaborating systems. In this chapter we introduce POLIPO, a security framework that protects the information exchanged among the systems in a system of systems, while preserving systems’ autonomy and interoperability. Information is protected from unauthorized access and improper modification by combining context-aware access control with trust management. Autonomy and interoperability are enabled by the use of ontology-based services. More precisely, each authority may refer to different ontologies to define the semantics of the terms used in the security policy of the system it governs and to describe domain knowledge and context information. A semantic alignment technique is then employed to map concepts from different ontologies and align the systems’ vocabularies. We demonstrate the applicability of our solution with a prototype implementation of the framework for a scenario in the maritime safety and security domain

Efficient Attribute-based Proxy Re-Encryption with Constant Size Ciphertexts

Attribute-based proxy re-encryption (ABPRE) allows a semi-trusted proxy to transform an encryption under an access-policy into an encryption under a new access policy, without revealing any information about the underlying message. Such a primitive facilitates fine-grained secure sharing of encrypted data in the cloud. In its key-policy flavor, the re-encryption key is associated with an access structure that specifies which type of ciphertexts can be re-encrypted. Only two attempts have been made towards realising key-policy ABPRE (KP-ABPRE), one satisfying replayable chosen ciphertext security (RCCA security) and the other claiming to be chosen ciphertext secure (CCA secure). We show that both the systems are vulnerable to RCCA and CCA attacks respectively. We further propose a selective CCA secure KP-ABPRE scheme in this work. Since we demonstrate attacks on the only two existing RCCA secure and CCA secure schemes in the literature, our scheme becomes the first KP-ABPRE scheme satisfying selective CCA security. Moreover, our scheme has an additional attractive property, namely collusion resistance. A proxy re-encryption scheme typically consists of three parties: a delegator who delegates his decryption rights, a proxy who performs re-encryption, and a delegatee to whom the decryption power is delegated to. When a delegator wishes to share his data with a delegatee satisfying an access-policy, the proxy can collude with the malicious delegatee to attempt to obtain the private keys of the delegator during delegation period. If the private keys are exposed, security of the delegator\u27s data is completely compromised. The proxy or the delegatee can obtain all confidential data of the delegator at will at any time, even after the delegation period is over. Hence, achieving collusion resistance is indispensable to real-world applications. In this paper, we show that our construction satisfies collusion resistance. Our scheme is proven collusion resistant and selective CCA secure in the random oracle model, based on Bilinear Diffie-Hellman exponent assumption

Towards a Formal Framework for Computational Trust

We define a mathematical measure for the quantitative comparison of probabilistic computational trust systems, and use it to compare a well-known class of algorithms based on the so-called beta model. The main novelty is that our approach is formal, rather than based on experimental simulation

Strengthening the Security of Encrypted Databases: Non-Transitive JOINs

Database management systems operating over encrypted data are gaining significant commercial interest. CryptDB is one such notable system supporting a variety SQL queries over encrypted data (Popa et al., SOSP \u2711). It is a practical system obtained by utilizing a number of encryption schemes, together with a new cryptographic primitive for supporting SQL\u27s join operator. This new primitive, an adjustable join scheme, is an encoding scheme that enables to generate tokens corresponding to any two database columns for computing their join given only their encodings. Popa et al. presented a framework for modeling the security of adjustable join schemes, but it is not completely clear what types of potential adversarial behavior it captures. Most notably, CryptDB\u27s join operator is transitive, and this may reveal a significant amount of sensitive information. In this work we put forward a strong and intuitive notion of security for adjustable join schemes, and argue that it indeed captures the security of such schemes: We introduce, in addition, natural simulation-based and indistinguishability-based notions (capturing the ``minimal leakage\u27\u27 of such schemes), and prove that our notion is positioned between their adaptive and non-adaptive variants. Then, we construct an adjustable join scheme that satisfies our notion of security based on the linear assumption (or on the seemingly stronger matrix-DDH assumption for improved efficiency) in bilinear groups. Instantiating CryptDB with our scheme strengthens its security by providing a non-transitive join operator, while increasing the size of CryptDB\u27s encodings from one group element to four group elements based on the linear assumption (or two group elements based on the matrix-DDH assumption), and increasing the running time of the adjustment operation from that of computing one group exponentiation to that of computing four bilinear maps based on the linear assumption (or two bilinear maps based on the matrix-DDH assumption). Most importantly, however, the most critical and frequent operation underlying our scheme is comparison of single group elements as in CryptDB\u27s join scheme

Ciphertext-Policy Attribute Based Encryption Supporting Access Policy Update

Attribute-based encryption (ABE) allows one-to-many encryption with static access control. In many occasions, the access control policy must be updated and the original encryptor might be required to re-encrypt the message, which is impractical, since the encryptor might be unavailable. Unfortunately, to date the work in ABE does not consider this issue yet, and hence this hinders the adoption of ABE in practice. In this work, we consider how to efficiently update access policies in Ciphertext-policy Attribute-based Encryption (CP-ABE) systems without re-encryption. We introduce a new notion of CP-ABE supporting access policy update that captures the functionalities of attribute addition and revocation to access policies. We formalize the security requirements for this notion, and subsequently construct two provably secure CP-ABE schemes supporting AND-gate access policy with constant-size ciphertext for user decryption. The security of our schemes are proved under the Augmented Multi-sequences of Exponents Decisional Diffie-Hellman assumption