Foundations, Properties, and Security Applications of Puzzles: A Survey

Cryptographic algorithms have been used not only to create robust ciphertexts but also to generate cryptograms that, contrary to the classic goal of cryptography, are meant to be broken. These cryptograms, generally called puzzles, require the use of a certain amount of resources to be solved, hence introducing a cost that is often regarded as a time delay---though it could involve other metrics as well, such as bandwidth. These powerful features have made puzzles the core of many security protocols, acquiring increasing importance in the IT security landscape. The concept of a puzzle has subsequently been extended to other types of schemes that do not use cryptographic functions, such as CAPTCHAs, which are used to discriminate humans from machines. Overall, puzzles have experienced a renewed interest with the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In this paper, we provide a comprehensive study of the most important puzzle construction schemes available in the literature, categorizing them according to several attributes, such as resource type, verification type, and applications. We have redefined the term puzzle by collecting and integrating the scattered notions used in different works, to cover all the existing applications. Moreover, we provide an overview of the possible applications, identifying key requirements and different design approaches. Finally, we highlight the features and limitations of each approach, providing a useful guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing Survey

Characterizing the 2022 Russo-Ukrainian Conflict Through the Lenses of Aspect-Based Sentiment Analysis: Dataset, Methodology, and Preliminary Findings

Online social networks (OSNs) play a crucial role in today's world. On the one hand, they allow free speech, information sharing, and social-movements organization, to cite a few. On the other hand, they are the tool of choice to spread disinformation, hate speech, and to support propaganda. For these reasons, OSNs data mining and analysis aimed at detecting disinformation campaigns that may arm the society and, more in general, poison the democratic posture of states, are essential activities during key events such as elections, pandemics, and conflicts. In this paper, we studied the 2022 Russo-Ukrainian conflict on Twitter, one of the most used OSNs. We quantitatively and qualitatively analyze a dataset of more than 5.5+ million tweets related to the subject, generated by 1.8+ million unique users. By leveraging statistical analysis techniques and aspect-based sentiment analysis (ABSA), we discover hidden insights in the collected data and abnormal patterns in the users' sentiment that in some cases confirm while in other cases disprove common beliefs on the conflict. In particular, based on our findings and contrary to what suggested in some mainstream media, there is no evidence of massive disinformation campaigns. However, we have identified several anomalies in the behavior of particular accounts and in the sentiment trend for some subjects that represent a starting point for further analysis in the field. The adopted techniques, the availability of the data, the replicability of the experiments, and the preliminary findings, other than being interesting on their own, also pave the way to further research in the domain

FORTRESS: An Efficient and Distributed Firewall for Stateful Data Plane SDN

The Software Defined Networking (SDN) paradigm decouples the logic module from the forwarding module on traditional network devices, bringing a wave of innovation to computer networks. Firewalls, as well as other security appliances, can largely benefit from this novel paradigm. Firewalls can be easily implemented by using the default OpenFlow rules, but the logic must reside in the control plane due to the dynamic nature of their rules that cannot be handled by data plane devices. This leads to a nonnegligible overhead in the communication channel between layers, as well as introducing an additional computational load on the control plane. To address the above limitations, we propose the architectural design of FORTRESS: a stateful firewall for SDN networks that leverages the stateful data plane architecture to move the logic of the firewall from the control plane to the data plane. FORTRESS can be implemented according to two different architectural designs: Stand-Alone and Cooperative, each one with its own peculiar advantages. We compare FORTRESS against FlowTracker, the state-of-the-art solution for SDN firewalling, and show how our solution outperforms the competitor in terms of the number of packets exchanged between the control plane and the data plane—we require 0 packets for the Stand-Alone architecture and just 4 for the Cooperative one. Moreover, we discuss how the adaptability, elegant and modular design, and portability of FORTRESS contribute to make it the ideal candidate for SDN firewalling. Finally, we also provide further research directions