SRM seminar

SaToSS home
APSIA home

• Related seminars
• SRM
• SRM 2023
• SRM 2022
• SRM 2021
• SRM 2020
• SRM 2019
• SRM 2018
• SRM 2017
• SRM 2016
• SRM 2015
• SRM 2014
• SRM 2013
• SRM 2012
• SRM 2011
• SRM 2010
• SRM 2009
• Seminar Rules

Abstracts 2015

• Speaker: Alfredo Rial
• Title: Stateful Zero-Knowlege and UC Commitments
• Abstract:

  Zero-knowledge proofs of knowledge are stateless. To improve efficiency, in some settings it is desirable that the prover could reuse proofs that were already sent to the verifier in order to prove a new statement. Consider an access control system that protects two types of resources. To access type 1 resources, a user must prove in zero-knowledge that she possesses a credential signed by a trusted issuer that certifies her age. To access type 2 resources, the user must also prove that her age is greater than 16. If a user already has proven fulfillment of the policy for type 1 resources, it is desirable that the user can gain access to type 2 resources without needing to reprove possession of a credential on her age. It is easy to solve the problem described in this example using commitments. Namely, a zero-knowledge proof for type 1 resources can output a commitment to the user age, which can be used in a proof for type 2 resources to prove that the committed value is greater than 16. However, the problem becomes more difficult when it is required to hide from the verifier what value or values kept in the state are reused to compute new proofs. Therefore, in order to study the problem of how to store and use state information kept between a prover and a verifier, we define an ideal functionality for stateful zero-knowledge. Our functionality allows the prover to prove in zero-knowledge that a value is written into a state table, or that it is read from the state table. We describe a construction based on vector commitments.

  Our stateful zero-knowledge protocol can be used to store the state of zero-knowledge protocols for many different relations. To describe a hybrid protocol in the UC model that employs the stateful zero-knowledge functionality along with the zero-knowledge functionalities for those relations, one must ensure that the values read or written from the state equal those employed in the zero-knowledge functionality. In our example, one must ensure that the age value input to the stateful zero-knowledge functionality equals the age value input to the zero-knowledge functionality to prove credential possession. To ensure equality, one can input and verify a commitment to the age in both functionalities. The binding property of the commitment guarantees equality between the committed values. However, existing ideal functionalities for commitments do not allow for such a construction, which prevents us from describing a hybrid protocol. We describe how to solve this problem by proposing a new functionality for commitments. Finally, we conclude by discussing further directions and applications of stateful zero-knowledge.

• Speaker: Jiuyong Li
• Title: From association analysis to causal relationship exploration
• Association analysis is an important technology in data mining, and has been widely used in many application areas. However, associations in data can be spurious and they do not indicate causal-effect relationships that are ultimate goals for many scientific explorations and social studies. While the techniques for association discovery become mature, the problem for identifying non-spurious associations becomes prominent. In this talk, I will discuss two methods for testing causal effect relationships rooted in statistical analysis and the use of them for filtering non-causal associations in association discovery. The first method uses the Mantel and Haenszel test for partial association, and the second method uses a cohort study approach. I will also discuss the implementation issues in large data sets for combining relationship exploration and evaluation.

• Speaker: Patrick Longa
• Title: FourQ: pushing the limits of curve-based cryptography
• FourQ is a new high-performance high-security elliptic curve that targets the 128-bit security level. Scalar multiplications on FourQ are significantly faster than other alternatives because this curve supports the combination of four-dimensional Gallant-Lambert-Vanstone decompositions with the fastest explicit formulas in twisted Edwards coordinates and the efficient arithmetic over the Mersenne prime p = 2¹²⁷ - 1. For example, our results show that, in practice, FourQ is around 4-5 times faster than the original NIST curve P-256 and between 2 and 3 times faster than curves that are currently under consideration as NIST alternatives, such as Curve25519.

• Speaker: Hongyang Qu
• Title: Model Checking for Investigation of Pursuit-Evasion Strategies
• Abstract: In this talk, I will present a model checking and optimisation framework for robotic search and pursuit-evasion problems. The graph-clear model is used in which sweeping of locations, and their recontamination by intruders, is modelled over a surveillance graph. Optimization of strategies is carried out for shortest total travel and time taken by the robot team and under constraints of clearing costs of locations. Use of model checking enables a detailed comparison between different formulations of the problem and the properties of algorithms. The methods enable the assessment of new kinds of strategies for pursuit-evasion problems which can handle multiple criteria in terms of the order of vertices or connectedness. The desired strategies are obtained satisfying a temporal logic formula using model checking. Optimization of strategies is carried out for shortest total travel distance and time taken by the robot team and under constraints of clearing costs of locations. The physical constraints of access and timely movements by the robots are also accounted for, as well as the ability of the robots to prevent recontamination of already cleared areas. The main result of the paper is that this complex problem can be reduced to a computable LP problem. To further reduce complexity, an algorithm is presented for the case when graph clear strategies are a priori available by using other methods, for instance by model checking.

• Speaker: Tim Willemse
• Title: Games and (bi)simulations
• Abstract: Two-player, infinite duration graph games such as parity games have numerous applications in computing; in particular, they appear naturally in the context of model checking and strong (bi)simulation checking. In the first part of this talk, I will briefly introduce parity games and explain the problem of solving such games; the latter problem is in NP and coNP which most believe is an indication that the problem is solvable in polynomial time. In the second part of this talk, I will present a game-based characterisation of branching bisimulation for Labelled Transition Systems, and, time-permitting, of branching bisimulation with explicit divergence. These characterisations provide an alternative angle for understanding when two processes are not branching bisimilar. In the third part of the talk, I will present how various (bi)simulations defined on Kripke structures can be lifted to parity games. This permits reusing efficient algorithms for minimising a game graph prior to solving the game, thus potentially speeding up solving.

• Speaker: Anastasia Sergeeva
• Title: Human Factor and Information Security
• Abstract:

  The information security is described as a multidisciplinary area, which includes both technical and behavioral approaches to protection of information confidentiality, integrity and accessibility. Despite the fact that some research in the field of information security has considered socio-psychological concerns, it is still primarily focused on technical issues concerning the design and implementation of technical security systems, but according to IBM's 2014 CyberSecurity Intelligence Index 95 percent of all security incidents involve human error. Usually the human factor in information security is discussed in the context of successful social engineering attacks: attackers who aim to find some private information exploit human vulnerabilities, personal characteristics and behavior. But there are many cases when users made security-risky decisions without any external impact and it can be difficult for management to catch these incidents. There is also a very broad "gray" area of human's actions in the Internet, which don't immediately lead to information security risks, but lead to the cherishing of risky behavior, which can inevitably end in security failure.

  We can say that understanding the "human factor" in information security is crucial for information management and protection both within organizations and in the broad area of users everyday experience. Our primary focus will be on user's features and traits which can predict a hyper self- and information disclosure and risky behavior in the Internet, but we also discuss an organization cultures factors which can increase or decrease the rate of human's security mistakes.

  In this lecture, we will discuss:

  - why users sabotage (intentionally or not) the organization's security policies?

  - why users are so reckless in virtual environments and how the self-disclosure connects with users previous social networks/virtual experience?

  - how the individual difference, cognitive abilities and personality traits can predict the users behavior in "risky" businesses in the Internet.

• Speaker: Taciane Martimiano
• Title: Threat Modelling Service Security and Privacy as a Security Ceremony
• Abstract: Security Ceremonies are extensions for security protocols where we include all out-of-bounds pieces. Regular extensions for security ceremonies are the inclusion of human peers, key provisioning and their relation with the environment. One goal of ceremony designers is to be able to use symbolic evaluation methods to verify the claims embedded in such ceremonies. Unfortunately, there are some pieces missing for that, such as, a base description language and a tailored threat model for security ceremonies. Our contributions in this paper are: a standard syntax for messages description and an augmented threat model to encompass the subtleties of security ceremonies. Furthermore, we propose a new threat model, named Distributed Attacker (DA in brief), which is based on the ever changing threat model proposed by Carlos et al. and the Ceremony Concertina proposed by Bella et al.

• Speaker: Bill Roscoe
• Title: Out of band channels and non-standard authentication
• Abstract: I will examine authentication by context and the protocols that can be used to support it. This will involve both examining the circumstances in which this sort of protocol can be used, and classifying the protocols that enable authentication via a low bandwidth authentic but not secret channel.

• Speaker: Haoyi Xiong
• Title: From Coverage to Sparsity - Mobile Crowdsensing for Environment Monitoring in Smart Cities
• Abstract:

  With the rapid development of sensor-equipped mobile devices such as smartphones and tablets, mobile crowdsensing sensing (MCS) [1] becomes a promising paradigm of collecting real-time information of mobile users, such as users’ locations, activities, surrounding air quality, health status, and etc. Through aggregating the data from each individual user, a big picture of large crowds and further the world becomes visible and clear.

  In this talk, I would like to share my experiences and visions of mobile crowdsensing through introducing interesting MCS applications for environment monitoring. First, this talk introduces my Ph.D research in “Near-Optimal Mobile Crowdsensing” [2], where we intend to leverage mobility of crowds and mobile sensors to monitor environment e.g., air pollution of a city; specifically several energy-efficient/cost-effective environment data collection algorithms are addressed, in order to obtain sensor readings covering the target region timely. Further, rather than collecting sensor readings fully covering target region, recent progress in compressive sensing [3] shows that it is possible to collect sensor readings from part of the target region and deduce the sensor readings of uncovered area. With the basic idea in mind, this talk also presents my in-progress works in sparse mobile crowdsensing, where I show how active machine learning paradigms could be adopted to improve the efficiency of crowdsensing.

• Speaker: Qiang Tang
• Title: Homomorphic encryption and recommender system privacy
• Abstract: In this talk, I will summarize two lines of research: homomorphic encryption and recommender system privacy. I will first give a very brief review of homomorphic encryption and the work on key recovery attacks. Then, I will switch to recommender system privacy, which is in the scope of my BRAIDS project. I will show how to design efficient and privacy-preserving recommender systems by simultaneously exploiting the data characteristics and homomorphic encryption schemes.

• Speaker: Richard Clayton
• Title: Which Malware Lures Work Best? Measurements from a Large Instant Messaging Worm
• Abstract: Users are inveigled into visiting a malicious website in a phishing or malware-distribution scam through the use of a 'lure' -- a superficially valid reason for their interest. We examine real world data from some 'worms' that spread over the social graph of Instant Messenger users. We find that over 14 million distinct users clicked on these lures over a two year period from Spring 2010. Furthermore, we present evidence that 95% of users who clicked on the lures became infected with malware. In one four week period spanning May-June 2010, near the worm's peak, we estimate that at least 1.67 million users were infected. We measure the extent to which small variations in lure URLs and the short pieces of text that accompany these URLs affects the likelihood of users clicking on the malicious URL. We show that the hostnames containing recognizable brand names were more effective than the terse random strings employed by URL shortening systems; and that brief Portuguese phrases were more effective in luring in Brazilians than more generic 'language independent' text.

• Speaker: Hugo Jonker
• Title: FP-Block: Usable web-privacy by controlling browser fingerprinting
• Abstract: Online tracking of users is used for benign goals, such as detecting fraudulent logins, but also to invade user privacy. We posit that for non-oppressed users, tracking within one website does not have a substantial negative impact on privacy, while it enables legitimate benefits. In contrast, /cross-domain/ tracking negatively impacts user privacy, while being of little benefit to the user. Existing methods to counter tracking treat any and all tracking similar: client-side storage is blocked, or all sites are fed random characteristics to hamper re-identification. We develop a tool, /FP-Block/, that counters cross-domain tracking, while allowing intra-domain tracking. For each visited site, /FP-Block/ generates a unique, consistent fingerprint: a "web identity". This web identity is then used for any interaction with that site, including for third-party embedded content. This ensures that ubiquitously embedded parties will see different, unrelatable fingerprints from different sites, and can thus no longer track the user across the web.

• Speaker: Maina Olembo
• Title: Cast-as-Intended Verification in Helios: Exploring Usability and Voter Involvement
• Abstract:

  End-to-end (E2E) verifiable remote electronic voting (e-voting) systems are becoming more important, being used frequently in a variety of legally-binding elections. Helios is one prominent example of an E2E verifiable remote e-voting system, enabling 'cast-as-intended', 'stored-as-cast', and 'tallied-as-stored' verification. 'Cast-as-intended' verification is important since all other verification opportunities can be conducted by other parties without violating vote secrecy. Voters have to verify that their own votes are 'cast-as-intended', to preserve vote secrecy. Furthermore, they have to conduct several actions to conduct 'cast-as-intended' verification. These actions range from simple actions such as clicking buttons on the voting interface, to more cumbersome ones such as comparing lengthy hash values. Therefore, 'cast-as-intended' verification requires active participation from voters. Any voter who wants to conduct 'cast-as-intended' verification in Helios should be able to do so. Consequently, this research focuses on usability, conceptualized as voter ability to conduct this verification. Moreover, voter involvement with 'cast-as-intended' verification deserves attention as even usable systems can remain unused due to a lack of motivation. This research has two goals: (1) to investigate the usability of 'cast-as-intended' verification in the Helios remote e-voting system, and (2) to investigate whether voters are motivated to take up the verification opportunity.

  For the first research goal, a cognitive walkthrough is conducted by experts in usability, security, and e-voting. Multiple obstacles to 'cast-as-intended' verification in Helios are identified. Subsequently, an improved 'cast-as-intended' Helios verification process is proposed. The improvements include: (1) raising voter awareness of the verification opportunity, (2) simplifying 'cast-as-intended' verification by automation, and (3) proposing 'cast-as-intended' verification using two new verification methods. Mock-ups of these two methods are used to evaluate their efficacy, finding that voters can, or are of the opinion that they can, conduct verification with these two methods.

  With respect to the second research goal, a survey is conducted to identify voters' mental models of verification, that is, their knowledge, beliefs, and attitudes towards verification as they cast votes in paper-based elections. The findings are that voters largely trust in the people and processes involved in paper-based elections. Consequently, voters are likely not to be motivated to take up the verification opportunity. Therefore, three motivating messages are developed to increase voter verification intention without affecting their intention to vote online. The motivating messages are developed based on behavior-change theories that are used to motivate the conduct of various security-related actions. A survey conducted to test these motivating messages shows that, overall, they do significantly increase voter verification intention, while not negatively affecting their intention to vote online.

• Speaker: Jintai Ding
• Title: A simple and provable secure (Authenticated) Key Exchange based on LWE
• Abstract: In this lecture, we present a practical and provably secure two-pass authenticated key exchange protocol over ideal lattices, which is conceptually simple and has similarities to the Diffie-Hellman based protocols such as HMQV (CRYPTO 2005) and OAKE (CCS 2013). Our method does not involve other cryptographic primitives - in particular, it does not use signatures - which simplifies the protocol and enables us to base the security directly on the hardness of the ring learning with errors problem. The security is proven in the Bellare-Rogaway model with weak perfect forward secrecy in the random oracle model. Several concrete choices of parameters are provided, and a proof-of-concept implementation shows that our protocols are indeed practical.

• Speaker: Hongyang Qu
• Title: On Efficient Consistency Checks by Robots
• Abstract: Most autonomous robotic agents use logic inference to keep to safe and permitted behaviour. Given a set of rules, it is important that the robot is able to establish the consistency of its rules and its current perception-based beliefs. This paper investigates how a robotic agent can use model checking to examine the consistency of its rules and beliefs. A rule set is modelled by a Boolean evolution system with synchronous semantics which can be translated into a labelled transition system (LTS). It is proven that stability and consistency can be formulated as computation tree logic (CTL) and linear temporal logic (LTL) properties. Two new algorithms are presented to perform realtime consistency and stability checks respectively, which is crucial for efficient consistency checks by robots.

• Speaker: Ismael González Yero
• Title: From the identification of vertices in a graph to non-identification: a short story with ending in privacy for social graphs
• Abstract: Graph structures may be used to model computer networks. Servers, hosts or hubs in a network can be represented as vertices in a graph and edges could represent connections between them. Each vertex in a graph is a possible location for an intruder (fault in a computer network, spoiled device) and, in this sense, a correct surveillance of each vertex of the graph to control such a possible intruder would be worthwhile. According to this fact, it would be desirable to uniquely recognize each vertex of the graph. In order to solve this problem, in 1975, Slater brought in the notion of locating sets and locating number of graphs. Also, Harary and Melter in 1976 introduced independently the same concept, but using the terms resolving sets and metric dimension to refer to locating sets and locating number, respectively. The concept of metric generators in graphs have been used to model the navigation of robots in networks. However, there is a weakness which has not been taken into account, i.e., the possible uniqueness of a landmark which could distinguish some pairs of vertices. In this sense, for more realistic settings, the concept of k-metric generator was introduced and some preliminary properties of it were studied. On the other hand, the k-metric antidimension is a recent introduced problem that resembles to the aforementioned k-metric dimension. The fact is that not always is desirable to uniquely recognize each vertex of the graph, instead, very frequently it is desirable to have some privacy features. In this sense, a principal motivation of the new concept arises from a connection with some privacy preserving problem lying along the borderline between computer science and social sciences. That is, we have introduced a novel privacy measure, named (k,l)-anonymity, which is based on the k-metric antidimension problem, aimed at evaluating the resistance of social graphs to active attacks. In this sense, this talk shall describe the "evolution" of the metric dimension in graphs beginning at its primary usefulness as a model of navigation of robots in networks and finishing as a privacy measure for social graphs. Some theoretical, algorithmic and applied results on the k-metric dimension and the k-metric antidimension of graphs will be presented. Moreover, some differences and similarities between both parameters will be addressed, and finally some possible questions and open problems regarding the k-metric antidimension of social graphs will be discussed.

• Speaker: Erman Ayday
• Title: Security and Privacy in the Age of Big Data: The Case of Genomics
• Abstract:

  In this talk, I will mainly focus on the research I have been actively carrying for the last 3 years: security and privacy of genomic data. However, techniques that will be presented in this talk can also be applied to other domains such as online social networks, banks, hospitals, military, mobile devices, cyber-physical systems, and sensor data.

  Genomics is becoming the next significant challenge for privacy. The price of a complete genome profile has plummeted below $ 100 for genome-wide genotyping, which is offered by a number of companies. This low cost of DNA sequencing will break the physician/patient connection and it can open the door to all kinds of abuse, not yet fully understood. Access to genomic data prompts some important privacy concerns: (i) DNA reflects information about genetic conditions and predispositions to specific diseases such as Alzheimer's, cancer, or schizophrenia, (ii) DNA contains information about ancestors, and progeny, (iii) DNA (almost) does not change over time, hence revoking or replacing it is impossible, and (iv) DNA analysis is already being used both in law enforcement and health-care, thus prompting numerous ethical issues. Such issues could lead to abuse, threats, and genetic discrimination. As pointed out by author Rebecca Skloot, "the view we have today of genomes is like a world map, but Google Street View is coming very soon". This growing precision can be highly beneficial in terms of personalized medicine, but it can have devastating consequences on individuals' peace of mind.

  In this talk, after discussing the threats on genomic privacy, I will first focus on inference attacks and quantification of kin genomic privacy, using information theoretical tools. First, I will show how vulnerable the genomic privacy of individuals is due to genomic data shared by their relatives, and data available on online social networks. That is, I will show how genomic data of family members can be efficiently inferred using data publicly shared by other relatives and background knowledge on genomics. For this, we propose an algorithm to model such an attack using (i) available genomic data of a subset of family members, (ii) statistical relationships (correlations) between the nucleotides on the DNA, and (iii) publicly known genomic background. For the efficiency of such an algorithm, we represent this attack as an inference problem (to infer the unknown nucleotides of the family members from the available data). We model the familial relationships, nucleotides on the DNA, and the correlations between the nucleotides on a factor graph, and we use the belief propagation algorithm to efficiently infer the unknown nucleotides on the factor graph via message passing. Then, I will show how this attack threatens the real users who share genomic data on the Internet.

  In the remaining of the talk, I will introduce a new protection mechanism, GenoGuard, based on a newly proposed cryptographic primitive called honey-encryption. Considering the high sensitivity and longevity of genomic data, GenoGuard is able to provide security against brute-force attacks (by attackers with unlimited computational power). To encrypt a genome, we propose a tree-based generative model based on public genomic statistics. To retrieve the genomic sequence of a patient, a client (the patient or his doctor) has to provide a password which has the ability to reconstruct a sequence from the ciphertext. Providing a wrong password yields a plausible but incorrect sequence, which makes it hard for an adversary to decide whether he has used a correct password or not.

• Speaker: Yury Zhauniarovich
• Title: StaDynA: Addressing the problem of dynamic code updates in the security analysis of Android applications
• Abstract: Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android malware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These techniques defuse even the most recent static analyzers that normally operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). In this work we propose the solution that allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. In this presentation we will present design, implementation and preliminary evaluation results of our solution called StaDynA.

• Speaker: Roberto Araujo
• Title: A generic ABRTY based coercion-resistant voting scheme (work in progress)
• Abstract: Estonia was the first country in the world to conduct general elections over the internet. This may motivate others countries to introduce internet voting due mainly to its benefits. Internet voting is more attractive for voters as they may vote from any place with internet access. Also, it may reduce costs and increase voter turnout. However, the risks increases as we remove the voting booth. Coercer and vote sellers, for instance, can easily succeed as voters can use any computer to vote. In 2006, Juels, Catalano, and Jakobsson (JCJ) introduced a voting scheme that considers realistic attacks in the internet voting scenario. Unfortunately, JCJ scheme is not efficient for large scale elections. Based on JCJ solution, more efficient schemes were proposed. Nowadays, the most efficient scheme was introduced by ABRTY. This scheme, though, depends on two computational hard problems and cannot be based on other problems. In this talk, I first recall the idea behind JCJ and ABRTY proposals. After that, I introduce a generic version of ABRTY voting scheme.

• Speaker: Qixia Yuan
• Title: Efficient Algorithms for Steady-state Analysis of Large Probabilistic Boolean Networks
• Abstract: Probabilistic Boolean networks (PBNs), introduced by Shmulevich et al. in 2002 as an extension of Boolean networks, are widely used to model gene regulatory networks (GRNs). The steady-state distribution of PBNs is of crucial importance in the study of GRNs. Numerical methods for computing the steady-state distribution are well studied for small-size PBNs. However, for large-size PBNs, simulation-based methods are the only viable means. How to simulate efficiently and when to stop simulating are two critical questions to answer when applying simulation-based methods. We discuss the Alias method for efficiently simulating PBNs and two methods, i.e., the two-state Markov chain approach and the Skart method, for judging when to stop simulating. We present experimental results for comparing the performance of the two-state Markov chain approach and the Skart method.

Back to SRM presenations.

Contact

For questions and comments contact Jun or Jean .