446 research outputs found
Projection of two biphoton qutrits onto a maximally entangled state
Bell state measurements, in which two quantum bits are projected onto a
maximally entangled state, are an essential component of quantum information
science. We propose and experimentally demonstrate the projection of two
quantum systems with three states (qutrits) onto a generalized maximally
entangled state. Each qutrit is represented by the polarization of a pair of
indistinguishable photons - a biphoton. The projection is a joint measurement
on both biphotons using standard linear optics elements. This demonstration
enables the realization of quantum information protocols with qutrits, such as
teleportation and entanglement swapping.Comment: 4 pages, 3 figures, published versio
Keyword-Based Delegable Proofs of Storage
Cloud users (clients) with limited storage capacity at their end can
outsource bulk data to the cloud storage server. A client can later access her
data by downloading the required data files. However, a large fraction of the
data files the client outsources to the server is often archival in nature that
the client uses for backup purposes and accesses less frequently. An untrusted
server can thus delete some of these archival data files in order to save some
space (and allocate the same to other clients) without being detected by the
client (data owner). Proofs of storage enable the client to audit her data
files uploaded to the server in order to ensure the integrity of those files.
In this work, we introduce one type of (selective) proofs of storage that we
call keyword-based delegable proofs of storage, where the client wants to audit
all her data files containing a specific keyword (e.g., "important"). Moreover,
it satisfies the notion of public verifiability where the client can delegate
the auditing task to a third-party auditor who audits the set of files
corresponding to the keyword on behalf of the client. We formally define the
security of a keyword-based delegable proof-of-storage protocol. We construct
such a protocol based on an existing proof-of-storage scheme and analyze the
security of our protocol. We argue that the techniques we use can be applied
atop any existing publicly verifiable proof-of-storage scheme for static data.
Finally, we discuss the efficiency of our construction.Comment: A preliminary version of this work has been published in
International Conference on Information Security Practice and Experience
(ISPEC 2018
Regular Topologies for Gigabit Wide-Area Networks
In general terms, this project aimed at the analysis and design of techniques for very high-speed networking. The formal objectives of the project were to: (1) Identify switch and network technologies for wide-area networks that interconnect a large number of users and can provide individual data paths at gigabit/s rates; (2) Quantitatively evaluate and compare existing and proposed architectures and protocols, identify their strength and growth potentials, and ascertain the compatibility of competing technologies; and (3) Propose new approaches to existing architectures and protocols, and identify opportunities for research to overcome deficiencies and enhance performance. The project was organized into two parts: 1. The design, analysis, and specification of techniques and protocols for very-high-speed network environments. In this part, SRI has focused on several key high-speed networking areas, including Forward Error Control (FEC) for high-speed networks in which data distortion is the result of packet loss, and the distribution of broadband, real-time traffic in multiple user sessions. 2. Congestion Avoidance Testbed Experiment (CATE). This part of the project was done within the framework of the DARTnet experimental T1 national network. The aim of the work was to advance the state of the art in benchmarking DARTnet's performance and traffic control by developing support tools for network experimentation, by designing benchmarks that allow various algorithms to be meaningfully compared, and by investigating new queueing techniques that better satisfy the needs of best-effort and reserved-resource traffic. This document is the final technical report describing the results obtained by SRI under this project. The report consists of three volumes: Volume 1 contains a technical description of the network techniques developed by SRI in the areas of FEC and multicast of real-time traffic. Volume 2 describes the work performed under CATE. Volume 3 contains the source code of all software developed under CATE
Protecting Against Address Space Layout Randomization (ASLR) Compromises and Return-to-Libc Attacks Using Network Intrusion Detection Systems
Writable XOR eXecutable (W XOR X) and
Address Space Layout Randomisation (ASLR), have
elevated the understanding necessary to perpetrate
buffer overflow exploits [1]. However, they have not
proved to be a panacea [1] [2] [3] and so other
mechanisms such as stack guards and prelinking have
been introduced. In this paper we show that host based
protection still does not offer a complete solution. To
demonstrate, we perform an over the network brute
force return-to-libc attack against a pre-forking
concurrent server to gain remote access to W XOR X and
ASLR. We then demonstrate that deploying a NIDS
with appropriate signatures can detect this attack
efficiently
Auditable Compressed Storage
Outsourcing data to the cloud for personal use is becoming an everyday trend rather than an extreme scenario. The frequent outsourcing of data increases the possible attack window because users do not fully control their personal files. Typically, once there are established secure channels between two endpoints, communication is considered secure. However, in the cloud model the receiver–the cloud–cannot be fully trusted, either because it has been under adversarial control, or because it acts maliciously to increase its revenue by deleting infrequent accessed file blocks. One approach used by current literature to address the aforementioned security concerns is via Remote Data Integrity Checking (RDIC) protocols, whereby a data owner can challenge an untrusted cloud service provider (CSP) to prove faithful storage of its data.
Current RDIC protocols assume that the original data format remains unchanged. However, users may wish to compress their data in order to enjoy less charges. In that case, current RDIC protocols become impractical because, each time compression happens on a file, the user has to run a new RDIC protocol. In this work we initiate the study for Auditable Compressed Storage (ACS). After defining the new model we instantiate two protocols for different widely used compression techniques: run length encoding and Huffman encoding. In contrast with conventional RDIC, our protocols allow a user to delegate the compression to the cloud in a provably secure way: The client can verify correctness of compression without having to download the entire uncompressed file and check it against the compressed one
Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups
We develop an abstract framework that encompasses the key properties of bilinear groups of composite order that are required to construct secure pairing-based cryptosystems, and we show how to use prime-order elliptic curve groups to construct bilinear groups with the same properties. In particular, we define a generalized version of the subgroup decision problem and give explicit constructions of bilinear groups in which the generalized subgroup decision assumption follows from the decision Diffie-Hellman assumption, the decision linear assumption, and/or related assumptions in prime-order groups.
We apply our framework and our prime-order group constructions to create more efficient versions of cryptosystems that originally required composite-order groups. Specifically, we consider the Boneh-Goh-Nissim encryption scheme, the Boneh-Sahai-Waters traitor tracing system, and the Katz-Sahai-Waters attribute-based encryption scheme. We give a security theorem for the prime-order group instantiation of each system, using assumptions of comparable complexity to those used in the composite-order setting. Our conversion of the last two systems to prime-order groups answers a problem posed by Groth and Sahai
- …