ERASMUS: Efficient Remote Attestation via Self- Measurement for Unattended Settings

Remote attestation (RA) is a popular means of detecting malware in embedded and IoT devices. RA is usually realized as an interactive protocol, whereby a trusted party -- verifier -- measures integrity of a potentially compromised remote device -- prover. Early work focused on purely software-based and fully hardware-based techniques, neither of which is ideal for low-end devices. More recent results have yielded hybrid (SW/HW) security architectures comprised of a minimal set of features to support efficient and secure RA on low-end devices. All prior RA techniques require on-demand operation, i.e, RA is performed in real time. We identify some drawbacks of this general approach in the context of unattended devices: First, it fails to detect mobile malware that enters and leaves the prover between successive RA instances. Second, it requires the prover to engage in a potentially expensive (in terms of time and energy) computation, which can be harmful for critical or real-time devices. To address these drawbacks, we introduce the concept of self-measurement where a prover device periodically (and securely) measures and records its own software state, based on a pre-established schedule. A possibly untrusted verifier occasionally collects and verifies these measurements. We present the design of a concrete technique called ERASMUS : Efficient Remote Attestation via Self-Measurement for Unattended Settings, justify its features and evaluate its performance. In the process, we also define a new metric -- Quality of Attestation (QoA). We argue that ERASMUS is well-suited for time-sensitive and/or safety-critical applications that are not served well by on-demand RA. Finally, we show that ERASMUS is a promising stepping stone towards handling attestation of multiple devices (i.e., a group or swarm) with high mobility

Probabilistic and Considerate Attestation of IoT Devices against Roving Malware

Remote Attestation (RA) is a popular means of detecting malware presence (or verifying its absence) on embedded and IoT devices. It is especially relevant to low-end devices that are incapable of protecting themselves against infection. Malware that is aware of ongoing or impending attestation and aims to avoid detection can relocate itself during computation of the attestation measurement. In order to thwart such behavior, prior RA techniques are either non-interruptible or explicitly forbid modification of storage during measurement computation. However, since the latter can be a time-consuming task, this curtails availability of device\u27s other (main) functions, which is especially undesirable, or even dangerous, for devices with time- and/or safety-critical missions. In this paper, we propose SMARM, a light-weight technique, based on shuffled measurements, as a defense against roving malware. In SMARM, memory is measured in a randomized and secret order. This does not impact device\u27s availability -- the measurement process can be interrupted, even by malware, which can relocate itself at will. We analyze various malware behaviors and show that, while malware can escape detection in a single attestation instance, it is highly unlikely to avoid eventual detection

Private Projections & Variants

There are many realistic settings where two mutually suspicious parties need to share some specific information while keeping everything else private. Various privacy-preserving techniques (such as Private Set Intersection) have been proposed as general solutions. Based on timely real-world examples, this paper motivates the need for a new privacy tool, called Private Set Intersection with Projection (PSI-P). In it, Server has (at least) a two-attribute table and Client has a set of values. At the end of the protocol, based on all matches between Client\u27s set and values in one (search) attribute of Server’s database, Client should learn the set of elements corresponding to the second attribute, and nothing else. In particular the intersection of Client\u27s set and the set of values in the search attribute must remain hidden. We construct several efficient (linear complexity) protocols that approximate privacy required by PSI-P and suffice in many practical scenarios. We also provide a new construction for PSI-P with full privacy, albeit slightly less efficient. Its key building block is a new primitive called Existential Private Set Intersection (PSI-X) which yields a binary flag indicating whether the intersection of two private sets is empty or non-empty

Le déséquilibre hormonal gravidique et ses répercussions sur la morphologie du foetus chez le rat

Doctorat en sciences médicalesinfo:eu-repo/semantics/nonPublishe

Willibald Alexis : écrivain du "juste-milieu": histoire, droit et politique entre 1820 et 1860

While there is no doubt that liberal ideals serve as a guide for the political choices of Alexis, it should be stated at the same time that some of his opinions are taken from conservatries values. in his works, the French model, breaking with tradition by introducing institutions based on the notion of social contract, is opposed to the English model, a sample of historical continuity based on the organic evolution of Germanic institutions. in the 1840's, his reasoning, when the trial by jury was being debated, shows the inner mechanism of his political thought quite clearly. For him, Anglo-American history was both a keen interest and a useful instrument for criticizing political events in contemporary Germany. His writings on the subject reveal the ethical and religious foundation of his conception of history; as a matter of fact, for this descendant of "refugiés", Huguenot political thought appears extremely important, and studying his ideas concerning the notion of "vaterland" confirms this. this concept deals not only with the eventual role of Prussia as a leader in united Germany, but his use of the word "vaterland" shows that this is linked to civic idealism, which makes him the heir to 18th century conceptions. He is ready to sacrifice the Prussian state in order to keep what he believes to be its real values, the tradition of citizenship principally developed by the Huguenots refugees and used by the Hohenzollern dynasty to unify the state.Si des idéaux incontestablement libéraux guident les prises de position d'Alexis, on constate dans le même temps que ses choix s'appuyent sur des valeurs conservatrices : au modèle française fondé sur la rupture effectué au nom de la conception de contrat social, il oppose le modèle anglais, paradigme de la continuité historique fondée sur l'évolution organique d'institutions germaniques. L’argumentation qu'il développe dans le débat sur les jurys d'assises met particulièrement en évidence les mécanismes de sa pensée politique. Aux yeux d'Alexis, l'histoire anglo-américaine est à la fois l'objet d'un intérêt réel et un instrument qui lui permet de critiquer la situation allemande contemporaine. Il est possible de montrer que sa conception de l'histoire est fondée sur l'éthique et la religion; la place qu'occupe l'héritage de la pensée politique huguenote chez ce descendant de refugiés apparait clairement et se trouve confirmée par l'étude de la notion de "vaterland". Ce concept ne saurait se limiter chez Alexis à la discussion portant sur la place revenant à la Prusse dans l'Allemagne unie. Son emploi des termes de "patrie" et de "patriotisme" permet de dégager le lien qui unit cette valeur à celle du "civisme", ce qui le rattache à des conceptions héritées du XVIIIe siècle. Il est prêt à sacrifier l'état prussien pour en conserver ce qu'il estime en être les vraies valeurs : la tradition de citoyenneté développée principalement par les refugies huguenots et grâce à laquelle les hohenzollern ont unifie leur état

RFID authentication and time-memory trade-offs

RFID is a technology that allows identification and authentication of objects or persons through the use of wireless communication between tags and readers. RFID Tags are small devices that are comprised of an antenna (for receiving/transmitting data) and a chip. Although exceptions exist (e.g. passports, etc.), tags are generally inexpensive and moderately powerful in terms of computation. Due to the high requirements (secure authentication, respect of privacy, speed of authentication, etc.) and specific constraints (asymetric system, inexpensive tags, wireless communication, etc.), there are many challenges in RFID security. Mostly two have been studied in this thesis: ultralightweight authentication (authentication protocols dedicated to extremely low-end tags where classical crypto is deemed too expensive) and the complexity/privacy tradeoff (protecting privacy makes the task of readers very time-consuming). In the former, our results are mostly cryptanalytic (almost all ultralightweight protocols are broken), and in the latter where, it seems, no perfect solution exists, our results are mainly analytical and comparative (the OSK/AO protocol in particular achieves good privacy protection with reasonnable complexity, and uses cryptanalytic time-memory tradeoffs that is the focus of the second part of the thesis). A cryptanalytic time-memory tradeoff is a tool to carry out brute force search for the pre-image of a one-way function efficiently. They are a compromise between the online exhaustive search (no precomputation, searching through all the possibilities) and the lookup table (all possibilities precomputed and stored, and then looking up when needed) approaches. In the former, no precomputation or memory is required, but the search is expensive, and in the latter, precomputation and storage is expensive, but the search is nearly instant. Time-memory tradeoffs are a compromise between these two solutions. In this thesis, ways to improve the performance of existing techniques have been explored, among which fingerprints (in which stored information is slightly different than in classical time-memory tradeoffs, which results in a speedup in the online phase), storage optimization (which reduce the storage of time-memory tradeoffs), and interleaving (which accelerates the search when there is a bias in the input probability distribution).(FSA - Sciences de l) -- UCL, 201

Nation, nationalisme(s), identité(s). Les Allemands en Autriche-Hongrie (1867-1918)

International audienc

Le déséquilibre hormonal gravidique et ses répercussions sur la morphologie du foetus chez le rat

Doctorat en sciences médicalesinfo:eu-repo/semantics/nonPublishe

Heterogeneous Rainbow Table Widths Provide Faster Cryptanalyses

International audienceCryptanalytic time-memory trade-offs are techniques introduced by Hellman in 1980 to speed up exhaustive searches. Oechslin improved the original version with the introduction of rainbow tables in 2003. It is worth noting that this variant is nowadays used world-wide by security experts, notably to break passwords, and a key assumption is that rainbow tables are of equal width. We demonstrate in this paper that rainbow tables are underexploited due to this assumption never being challenged. We stress that the optimal width of each rainbow table should be individually - although not independently - calculated. So it goes for the memory allocated to each table. We also stress that visiting sequentially the rainbow tables is no longer optimal when considering tables with heterogeneous widths.We provide an algorithm to calculate the optimal configuration and a decision function to visit the tables. Our technique performs very well: it makes any TMTO based on rainbow tables 40% faster than its classical version