Revisiting a Privacy-Preserving Location-based Service Protocol using Edge Computing

Location-based services are getting more popular day by day. Finding nearby stores, proximity-based marketing, on-road service assistance, etc., are some of the services that use location-based services. In location-based services, user information like user identity, user query, and location must be protected. Ma et al. (INFOCOM-BigSecurity 2019) proposed a privacy-preserving location-based service using Somewhat Homomorphic Encryption (SHE). Their protocol uses edge nodes that compute on SHE encrypted location data and determines the $k$-nearest points of interest contained in the Location-based Server (LBS) without revealing the original user coordinates to LBS, hence, ensuring privacy of users locations. In this work, we show that the above protocol by Ma et al. has a critical flaw. In particular, we show that their secure comparison protocol has a correctness issue in that it will not lead to correct comparison. A major consequence of this flaw is that straightforward approaches to fix this issue will make their protocol insecure. Namely, the LBS will be able to recover the actual locations of the users in each and every query

Cryptanalysis of a Protocol for Efficient Sorting on SHE Encrypted Data

Sorting on encrypted data using Somewhat Homomorphic Encryption (SHE) schemes is currently inefficient in practice when the number of elements to be sorted is very large. Hence alternate protocols that can efficiently perform computation and sorting on encrypted data is of interest. Recently, Kesarwani et al. (EDBT 2018) proposed a protocol for efficient sorting on data encrypted using an SHE scheme in a model where one of the two non-colluding servers is holding the decryption key. The encrypted data to be sorted is transformed homomorphically by the first server using a randomly chosen monotonic polynomial with possibly large coefficients, and then the non-colluding server holding the decryption key decrypts, sorts, and conveys back the sorted order to the first server without learning the actual values except possibly for the order. In this work we demonstrate an attack on the above protocol that allows the non-colluding server holding the decryption key to recover the original plaintext inputs (up to a constant difference). Though our attack runs in time exponential in the size of plaintext inputs and degree of the polynomial but polynomial in the size of coefficients, we show that our attack is feasible for 32-bit inputs, hence accounting for several real world scenarios. Of independent interest is our algorithm for recovering the integer inputs (up to a constant difference) by observing only the integer polynomial outputs

Second-Order Masked Lookup Table Compression Scheme

Masking by lookup table randomisation is a well-known technique used to achieve side-channel attack resistance for software implementations, particularly, against DPA attacks. The randomised table technique for first- and second-order security requires about m * 2^n bits of RAM to store an (n, m)-bit masked S-box lookup table. Table compression helps in reducing the amount of memory required, and this is useful for highly resource-constrained IoT devices. Recently, Vadnala (CT-RSA 2017) proposed a randomised table compression scheme for first- and second-order security in the probing leakage model. This scheme reduces the RAM memory required by about a factor of 2^l, where l is a compression parameter. Vivek (Indocrypt 2017) demonstrated an attack against the second-order scheme of Vadnala. Hence achieving table compression at second and higher orders is an open problem. In this work, we propose a second-order secure randomised table compression scheme which works for any (n, m)-bit S-box. Our proposal is a variant of Vadnala\u27s scheme that is not only secure but also significantly improves the time-memory trade-off. Specifically, we improve the online execution time by a factor of 2^(n-l). Our proposed scheme is proved 2-SNI secure in the probing leakage model. We have implemented our method for AES-128 on a 32-bit ARM Cortex processor. We are able to reduce the memory required to store a randomised S-box table for second-order AES-128 implementation to 59 bytes

Integer Polynomial Recovery from Outputs and its Application to Cryptanalysis of a Protocol for Secure Sorting

{We investigate the problem of recovering integer inputs (up to an affine scaling) when given only the integer monotonic polynomial outputs. Given $n$ integer outputs of a degree-$d$ integer monotonic polynomial whose coefficients and inputs are integers within known bounds and $n \gg d$, we give an algorithm to recover the polynomial and the integer inputs (up to an affine scaling). A heuristic expected time complexity analysis of our method shows that it is exponential in the size of the degree of the polynomial but polynomial in the size of the polynomial coefficients. We conduct experiments with real-world data as well as randomly chosen parameters and demonstrate the effectiveness of our algorithm over a wide range of parameters. Using only the polynomial evaluations at specific integer points, the apparent hardness of recovering the input data served as the basis of security of a recent protocol proposed by Kesarwani et al. for secure $k$-nearest neighbour computation on encrypted data that involved secure sorting. The protocol uses the outputs of randomly chosen monotonic integer polynomial to hide its inputs except to only reveal the ordering of input data. Using our integer polynomial recovery algorithm, we show that we can recover the polynomial and the inputs within a few seconds, thereby demonstrating an attack on the protocol of Kesarwani et al

Integer Complexity: Breaking the Θ(n 2 ) barrier

Abstract-The integer complexity of a positive integer n, denoted f (n), is defined as the least number of 1's required to represent n, using only 1's, the addition and multiplication operators, and the parentheses. The running time of the algorithm currently used to compute f (n) is Θ(n 2 ). In this paper we present an algorithm with Θ(n log 2 3 ) as its running time. We also present a proof of the theorem: the largest solutions of f (m) = 3k, 3k±1 are, respectively, m = 3 k , 3 k ± 3 k−1

A Faster Third-Order Masking of Lookup Tables

Masking of S-boxes using lookup tables is an effective countermeasure to thwart side-channel attacks on block ciphers implemented in software. At first and second orders, the Table-based Masking (TBM) schemes can be very efficient and even faster than circuit-based masking schemes. Ever since the customised second-order TBM schemes were proposed, the focus has been on designing and optimising Higher-Order Table-based Masking (HO-TBM) schemes that facilitate masking at arbitrary order. One of the reasons for this trend is that at large orders HO-TBM schemes are significantly slower and consume a prohibitive amount of RAM memory compared to circuit-based masking schemes such as bit-sliced masking, and hence efforts were targeted in this direction. However, a recent work due to Valiveti and Vivek (TCHES 2021) has demonstrated that the HO-TBM scheme of Coron et al. (TCHES 2018) is feasible to be implemented on memory-constrained devices with pre-processing capability and a competitive online execution time. Yet, currently, there are no customised designs for third-order TBM that are more efficient than instantiating a HO-TBM scheme at third order. In this work, we propose a third-order TBM scheme for arbitrary S-boxes that is secure in the probing model and under compositions, i.e., 3-SNI secure. It is very efficient in terms of the overall running time, compared to the third-order instantiations of state-of-the-art HO-TBM schemes. It also supports the pre-processing functionality. For example, the overall running time of a single execution of the third-order masked AES-128 on a 32-bit ARM-Cortex M4 micro-controller is reduced by about 80% without any overhead on the online execution time. This implies that the online execution time of the proposed scheme is approximately eight times faster than the bit-sliced masked implementation at third order, and it is comparable to the recent scheme of Wang et al. (TCHES 2022) that makes use of reuse of shares. We also present the implementation results for the third-order masked PRESENT cipher. Our work suggests that there is a significant scope for tuning the performance of HO-TBM schemes at lower orders

An Analytic Attack Against ARX Addition Exploiting Standard Side-Channel Leakage

In the last few years a new design paradigm, the so-called ARX (modular addition, rotation, exclusive-or) ciphers, have gained popularity in part because of their non-linear operation\u27s seemingly `inherent resilience\u27 against Differential Power Analysis (DPA) Attacks: the non-linear modular addition is not only known to be a poor target for DPA attacks, but also the computational complexity of DPA-style attacks grows exponentially with the operand size and thus DPA-style attacks quickly become practically infeasible. We however propose a novel DPA-style attack strategy that scales linearly with respect to the operand size in the chosen-message attack setting

Leadless Cardiac Pacemakers Back to the Future

AbstractDespite significant advances in battery longevity, lead performance, and programming features since the first implanted permanent pacemaker was developed, the basic design of cardiac pacemakers has remained relatively unchanged over the past 50 years. Because of inherent limitations in their design, conventional (transvenous) pacemakers are prone to multiple potential short- and long-term complications. Accordingly, there has been intense interest in a system able to provide the symptomatic and potentially lifesaving therapies of cardiac pacemakers while mitigating many of the risks associated with their weakest link—the transvenous lead. Leadless cardiac pacing represents the future of cardiac pacing systems, similar to the transition that occurred from the use of epicardial pacing systems to the familiar transvenous systems of today. This review summarizes the current evidence and potential benefits of leadless pacing systems, which are either commercially available (in Europe) or under clinical investigation

PerSort Facilitates Characterization and Elimination of Persister Subpopulation in Mycobacteria.

Mycobacterium tuberculosis (MTB) generates phenotypic diversity to persist and survive the harsh conditions encountered during infection. MTB avoids immune effectors and antibacterial killing by entering into distinct physiological states. The surviving cells, persisters, are a major barrier to the timely and relapse-free treatment of tuberculosis (TB). We present for the first time, PerSort, a method to isolate and characterize persisters in the absence of antibiotic or other pressure. We demonstrate the value of PerSort to isolate translationally dormant cells that preexisted in small numbers within Mycobacterium species cultures growing under optimal conditions but that dramatically increased in proportion under stress conditions. The translationally dormant subpopulation exhibited multidrug tolerance and regrowth properties consistent with those of persister cells. Furthermore, PerSort enabled single-cell transcriptional profiling that provided evidence that the translationally dormant persisters were generated through a variety of mechanisms, including vapC30, mazF, and relA/spoT overexpression. Finally, we demonstrate that notwithstanding the varied mechanisms by which the persister cells were generated, they converge on a similar low-oxygen metabolic state that was reversed through activation of respiration to rapidly eliminate persisters fostered under host-relevant stress conditions. We conclude that PerSort provides a new tool to study MTB persisters, enabling targeted strategies to improve and shorten the treatment of TB.IMPORTANCE Mycobacterium tuberculosis (MTB) persists and survives antibiotic treatments by generating phenotypically heterogeneous drug-tolerant subpopulations. The surviving cells, persisters, are a major barrier to the relapse-free treatment of tuberculosis (TB), which is already killing \u3e1.8 million people every year and becoming deadlier with the emergence of multidrug-resistant strains. This study describes PerSort, a cell sorting method to isolate and characterize, without antibiotic treatment, translationally dormant persisters that preexist in small numbers within Mycobacterium cultures. Characterization of this subpopulation has discovered multiple mechanisms by which mycobacterial persisters emerge and unveiled the physiological basis for their dormant and multidrug-tolerant physiological state. This analysis has discovered that activating oxygen respiratory physiology using l-cysteine eliminates preexisting persister subpopulations, potentiating rapid antibiotic killing of mycobacteria under host-relevant stress. PerSort serves as a new tool to study MTB persisters for enabling targeted strategies to improve and shorten the treatment of TB

Molecular epidemiology of canine parvovirus in southern India

Aim: The present study was conducted to isolate and characterize canine parvovirus circulating in Southern India by genetic analysis of VP2 capsid protein gene.Materials and Methods: In this study, 128 samples were collected from nine different locations covering five Southern Indian states (Pondicherry, Tamil Nadu, Kerala, Andhra Pradesh and Karnataka) . Out of 128 samples, 69 samples were found to be positive by PCR assay. Out of 69 positive samples, 36 were randomly selected and processed for virus isolation. Twenty viruses could be isolated successfully and 18 randomly selected isolate were subjected to VP2 gene sequence analysis along with 6 random clinical samples.Result: Seventeen isolates and 5 clinical samples were characterized as New CPV-2a (CPV2a with 297-Ser→Ala). But one isolate and one clinical sample had amino acids variations which were characteristics of New CPV-2b. The phylogenetic analysis revealed that one of the field isolates was found to be phylogenetically closely related to New CPV-2b strains of India; rest other sequences was found to share ancestral origins with New CPV-2a reference strains of Japan, China, Thailand and India.Conclusion: The present study revealed that the predominant CPV strain circulating in Southern India is New CPV-2a. There is also enough indication of New CPV-2b strain from different states of Southern India