libInterMAC: Beyond Confidentiality and Integrity in Practice

Boldyreva et al. (Eurocrypt 2012) defined a fine-grained security model capturing ciphertext fragmentation attacks against symmetric encryption schemes. The model was extended by Albrecht et al. (CCS 2016) to include an integrity notion. The extended security model encompasses important security goals of SSH that go beyond confidentiality and integrity to include length hiding and denial-of-service resistance properties. Boldyreva et al. also defined and analysed the InterMAC scheme, while Albrecht et al. showed that InterMAC satisfies stronger security notions than all currently available SSH encryption schemes. In this work, we take the InterMAC scheme and make it fully ready for use in practice. This involves several steps. First, we modify the InterMAC scheme to support encryption of arbitrary length plaintexts and we replace the use of Encrypt-then-MAC in InterMAC with modern noncebased authenticated encryption. Second, we describe a reference implementation of the modified InterMAC scheme in the form of the library libInterMAC. We give a performance analysis of libInterMAC. Third, to test the practical performance of libInterMAC, we implement several InterMAC-based encryption schemes in OpenSSH and carry out a performance analysis for the use-case of file transfer using SCP. We measure the data throughput and the data overhead of using InterMAC-based schemes compared to existing schemes in OpenSSH. Our analysis shows that, for some network set-ups, using InterMAC-based schemes in OpenSSH only moderately affects performance whilst providing stronger security guarantees compared to existing schemes

Governance Framework for Cloud Computing

In the current era of competitive business worldand stringent market share and revenue sustenance challenges,organizations tend to focus more on their core competencies ratherthan the functional areas that support the business. However,traditionally this has not been possible in the IT management areabecause the technologies and their underlying infrastructures aresignificantly complex thus requiring dedicated and sustained inhouse efforts to maintain IT systems that enable core businessactivities. Senior executives of organisations are forced in manycases to conclude that it is too cumbersome, expensive and timeconsuming for them to manage internal IT infrastructures. Thistakes the focus away from their core revenue making activities.This scenario facilitates the need for external infrastructurehosting, external service provision and outsourcing capability.This trend resulted in evolution of IT outsourcing models. Theauthors attempted to analyse the option of leveraging the cloudcomputing model to facilitate this common scenario. This paperinitially discusses the characteristics of cloud computing focusingon scalability and delivery as a service. The model is evaluatedusing two case scenarios, one is an enterprise client with30,000 worldwide customers followed by a small scale subjectmatter expertise through small to medium enterprise (SME)organisations. The paper evaluates the findings and developsa governance framework to articulate the value propositionof cloud computing.. The model takes into consideration thefinancial aspects, and the behaviors and IT control structures ofan IT organisation

Terahertz Wave Detection and Imaging with a Hot Rydberg Vapour

This thesis investigates the resonant interaction between Rydberg atoms in a hot caesium vapour and terahertz frequency electromagnetic fields, and explores hyperfine quantum beats modified by driving an excited state transition in an inverted ladder scheme. The 21P$_{3/2}$ caesium Rydberg atoms are excited using a three-step ladder scheme and we use a terahertz field resonant with the 21P$_{3/2}$ to 21S$_{1/2}$ transition (0.634 THz), to measure Autler-Townes splitting of a 3-photon Rydberg electromagnetically induced transparency (EIT) feature. The Autler-Townes splitting allows us to infer the terahertz electric field amplitude, and we show a worked example measurement of a low-amplitude electric field, yielding $25\pm5$ $\rm{mVcm}^{-1}$. By driving an off-resonant Raman transition which combines the laser and terahertz fields, we restrict the Rydberg excitation to areas of the caesium vapour where the laser and terahertz fields spatially overlap. We show that the terahertz field intensity is proportional to the pixel intensity of a camera image of the atomic fluorescence, and demonstrate an image of a terahertz standing wave. The camera image is used to fit a model for a corresponding Autler-Townes spectrum, giving the scale of the electric field amplitude, and we use a video camera to record real-time images of the terahertz wave. In the regime of intrinsic optical bistability we study a Rydberg atom phase transition and critical slowing down, and we find that the terahertz field drives the collective Rydberg atom phase transition at low terahertz intensity ($I_{{\rm T}} < 1$ $\rm{Wm}^{-2}$). We measure a linear shift of the phase transition laser detuning with coefficient $-179\pm2$ $\rm{MHzW}^{-1}\rm{m}^{2}$, and we use the frequency shift to detect incident terahertz radiation with sensitivity, $S~\approx~90$ $\mu\rm{Wm}^{-2}\rm{Hz}^{-1/2}$. When the system is initialised in one of two bistable states a single 1 ms terahertz pulse with energy of order 10 fJ can permanently flip the system to the twin state

Accurate and discernible photocollages

There currently exist several techniques for selecting and combining images from a digital image library into a single image so that the result meets certain prespecified visual criteria. Image mosaic methods, first explored by Connors and Trivedi[18], arrange library images according to some tiling arrangement, often a regular grid, so that the combination of images, when viewed as a whole, resembles some input target image. Other techniques, such as Autocollage of Rother et al.[78], seek only to combine images in an interesting and visually pleasing manner, according to certain composition principles, without attempting to approximate any target image. Each of these techniques provide a myriad of creative options for artists who wish to combine several levels of meaning into a single image or who wish to exploit the meaning and symbolism contained in each of a large set of images through an efficient and easy process. We first examine the most notable and successful of these methods, and summarize the advantages and limitations of each. We then formulate a set of goals for an image collage system that combines the advantages of these methods while addressing and mitigating the drawbacks. Particularly, we propose a system for creating photocollages that approximate a target image as an aggregation of smaller images, chosen from a large library, so that interesting visual correspondences between images are exploited. In this way, we allow users to create collages in which multiple layers of meaning are encoded, with meaningful visual links between each layer. In service of this goal, we ensure that the images used are as large as possible and are combined in such a way that boundaries between images are not immediately apparent, as in Autocollage. This has required us to apply a multiscale approach to searching and comparing images from a large database, which achieves both speed and accuracy. We also propose a new framework for color post-processing, and propose novel techniques for decomposing images according to object and texture information

How to Abuse and Fix Authenticated Encryption Without Key Commitment

Authenticated encryption (AE) is used in a wide variety of applications, potentially in settings for which it was not originally designed. Recent research tries to understand what happens when AE is not used as prescribed by its designers. A question given relatively little attention is whether an AE scheme guarantees ``key commitment\u27\u27: ciphertext should only decrypt to a valid plaintext under the key used to generate the ciphertext. Generally, AE schemes do not guarantee key commitment as it is not part of AE\u27s design goal. Nevertheless, one would not expect this seemingly obscure property to have much impact on the security of actual products. In reality, however, products do rely on key commitment. We discuss three recent applications where missing key commitment is exploitable in practice. We provide proof-of-concept attacks via a tool that constructs AES-GCM ciphertext which can be decrypted to two plaintexts valid under a wide variety of file formats, such as PDF, Windows executables, and DICOM. Finally we discuss two solutions to add key commitment to AE schemes which have not been analyzed in the literature: a generic approach that adds an explicit key commitment scheme to the AE scheme, and a simple fix which works for AE schemes like AES-GCM and ChaCha20Poly1305, but requires separate analysis for each scheme

Anymals, Poems, Empathy.:A Zoopoetical Study

Summary A vast body of research addresses the relationships between empathy and novels figuring human protagonists, and the notion that novel reading as a kind of ‘empathy training’ meets little skepticism. As the saying goes, readers can live a thousand lives in the minds of the characters in the novels they read. How different the case when the protagonists are anymals instead of humans. This study focuses on zoopoetry to explore the intricate relation between anymals, poems, and empathy. It addresses the abyss between the anymal and the human, whether an abyss of knowledge or of phenomenal experience, to argue that poets who write about anymals employ ‘zoopoetical tools’ to bridge the gap between the two worlds. They employ an array of traditional poetic tools such as rhythm and metaphor, but they also draw from a previously unnamed zoopoetical lexicon to illustrate how the assumed abyss between the anymal and the human is in fact based on speciesism and Cartesian dualism. In his article “What Is It Like to Be a Bat?” (1974), the philosopher Thomas Nagel provocatively argues that we are unable to know what it is to feel bat-like. We might be able to imagine to a certain extent what it is to fly around and catch insects in our mouths, he writes, but then we only know what it is like for us to behave like a bat, whereas we can never know what it is like for a bat to be a bat. In trying to imagine what a bat experiences, we stumble on a line we can never cross, between our own subjective worlds and the phenomenal experience of the bat. Researchers in both literary studies and biology often invoke Nagel’s example and presume a skeptical stance concerning the knowability and envisionability of the phenomenal experience of anymal others. In this vein, Jenny Diski writes that there is “an abyss of knowledge that we simply can’t cross” (73). Three central oppositions emerge from speciecism and Cartesian dualism to complicate explorations of zoopoetical anymals: anthropocentrism versus anymals as themselves; projectivism versus empathy or sympathetic identification; and anymals inside a text versus anymals outside a text. Note that the tension in these oppositions is less felt when human subjects receive poetic attention. Zoopoetical anymals, however, seem to be inevitably anthropomorphised by poets and readers alike. As a result, empathy seems to become an unattainable ideal; with whom would we be empathising? In this study I argue, however, that many of these assumptions about anymal minds are based upon Cartesian dualism. This study, therefore, is driven by two central questions that counter these assumptions. In what ways does zoopoetry confront and unsettle Cartesian dualism? How do instances of perspective shift and empathy evoked through zoopoetry contribute to the empathy debate? These questions are not straightforwardly answered. Instead, the chapters show a hermeneutical to-and-fro movement between the poems, philosophical ideas, and the topic of empathy

Man in the Middle: The Boarding School Education of Will West Long

This thesis examines the boarding school education of Will West Long(circa 1870-194 7), a member of the Eastern Band of Cherokee Indians. Basedlargely on analysis of sources from the archives of Trinity College (now DukeUniversity) and Hampton Institute (now Hampton University), where Longviiattended school, this thesis argues that from his boarding school education, Longgained insight to place, race, and identity that allowed him to conce1ve of theEastern Band as culturally distinct, intrinsically valuable, and in some waysattractive to the dominant white culture. When he returned to the QuallaBoundary after more than a decade away, Long employed this understandingthrough his work as a tribal politician, language preservationist, culturalpreservationist, and anthropological informant to help shape modern EasternBand identity