Filetype
We study the notion of anonymous credentials with Publicly Auditable Privacy Revocation (PAPR). PAPR credentials simultaneously provide conditional user privacy and auditable privacy revocation. The first property implies that users keep their identity private when authenticating unless and until an appointed authority requests to revoke this privacy, retroactively. The second property enforces th
In this paper, we present the first chosen-ciphertext (CC) cache-timing attacks on the reference implementation of HQC. We build a cache-timing based distinguisher for implementing a plaintext-checking (PC) oracle. The PC oracle uses side-channel information to check if a given ciphertext decrypts to a given message. This is done by identifying a vulnerability during the generating process of two
10 maj 2025 17:00 | Utställning, Övrigt To register your attendance, please send an email with your full name to berger_and_wirz [at] outlook [dot] com (berger_and_wirz[at]outlook[dot]com)A partial reconstruction of the fossil fuel company Shell’s Annual General Meeting, presented as a series of events taking place at IAC and in front of the Mazettihouse. Using installation, theater, and custom co
https://www.lu.se/evenemang/performance-does-world-need-another-gas-field-berger-wirz - 2026-06-08
In this paper we describe an image-based approach to finding location-based information from camera-equipped mobile devices. We introduce a point-by-photograph paradigm, where users can specify a location simply by taking pictures. Our technique uses content-based image retrieval methods to search the web or other databases for matching images and their source pages to find relevant location-based
A key enabler for Industry 4.0 is Fifth Generation Wireless Specifications (5G), within which network slicing is a promising technique to ensure customized quality of service for specific end-user groups in industrial scenarios. Massive Multiple Input Multiple Output (MIMO) plays a significant role in 5G but network slicing for massive MIMO has not yet been addressed. In this paper, we propose a n
Cloud-RAN (C-RAN) is a promising paradigm for the next generation radio access network infrastructure, which offers centralized and coordinated base-band signal processing in a BBU pool. This requires extremely low latency fronthaul links to achieve real-time signal processing. In this paper, we investigate massive MIMO pilot scheduling in a C-RAN infrastructure under a factory automation scenario
5G promises to usher in the industrial 4.0 era. In that era, intricately managed autonomous industrial sites with for example remotely controller equipment and autonomous units promise previously unseen levels of efficiency. Although such scenarios are elusive, they come with strict long-since established safety requirements. To uphold such requirements, intelligent industrial 5G networks, that ac
Nowadays, the growth of advanced technologies is paving the way for Industrial Control Systems (ICS) and making them more efficient and smarter. However, this makes ICS more connected to communication networks that provide a potential platform for attackers to intrude into the systems and cause damage and catastrophic consequences. In this paper, we propose implementing digital twins that have bee
With the help of modern technologies and advances in communication systems, the functionality of Industrial control systems (ICS) has been enhanced leading toward to have more efficient and smarter ICS. However, this makes these systems more and more connected and part of a networked system. This can provide an entry point for attackers to infiltrate the system and cause damage with potentially ca
Cloud computing has become a prominent technology for the computing paradigm in various industrial sectors nowadays. For most industrial applications to perform in real-time, the support of periodic computing is required. However, it remains a challenge when the computing is executed in a cloud, since both the network connection and the cloud environment are uncertain. In this paper, we propose a
During recent years, research on authenticated encryption has been thriving through two highly active and practice-motivated research directions: provably secure leakage-resilience schemes and key- or context-commitment security. However, the intersection of both fields had been overlooked until very recently. In ToSC 1/2024, Struck and Weish\"aupl studied generic compositions of Encryption scheme
The increase in both the use of open-source software (OSS) and the number of new vulnerabilities reported in this software constitutes an increased threat to businesses, people, and our society. To mitigate this threat, vulnerability information must be efficiently handled in organizations. In addition, where e.g., IoT devices are integrated into systems, such information must be disseminated from
Social norms play a fundamental role in holding groups together. The rationale behind most of them is to coordinate individual actions into a beneficial societal outcome. However, there are cases where pro-social behavior within a community seems, to the contrary, to cause inefficiencies and suboptimal collective outcomes. An explanation for this is that individuals in a society are of different t
Security has been recognized as a leading barrier for IoT adoption. The growing number of connected devices and reported software vulnerabilities increases the importance firmware updates. Maturity models for software security do include parts of this, but are lacking in several aspects. This paper presents and evaluates a maturity model (HAVOSS) for handling vulnerabilities in third party OSS and
The area of Internet of Things (IoT) is growing and it affects a large amount of users, which means that security is important. Many parts of IoT systems are built with Open Source Software, for which security vulnerabilities are available. It is important to update the software when vulnerabilities are detected, but it is unclear to what extent this is done in industry today. This study presents
The evolution of the fifth-generation network (5G) increases the demand and use of Internet of Things (IoT) devices extensively. The increased number of IoT devices increases the possibility of new attack surfaces, and thus even resource-constrained IoT devices need secure communication. In this work, we consider the Julia Key Agreement (JKA) protocol, which has been proposed as a secure and effic
The Internet of Things (IoT) paradigm, has opened up the possibility of using the ubiquity of small devices to route information without the necessity of being connected to a Wide Area Network (WAN). Use cases of IoT devices sending updates that are routed and delivered by other IoT devices have been proposed in the literature. In this paper we focus on receivers only interested in the freshest up
We present a simple key-recovery attack on the LCMQ Authentication Protocol, an RFID authentication protocol proposed by Li, Gong, and Qin in 2013. We show that a successful attack is performed by solving a Learning Parity with Noise instance in a not-too-large dimension. For the proposed LCMQ parameters, the attack requires only a few invocations with the tag under attack. When there is no restri
Using the class of information set decoding algorithms is the best known way of decoding general codes, i.e. codes that admit no special structure, in the Hamming metric. The Stern algorithm is the origin of the most efficient algorithms in this class. We consider the same decoding problem but for a channel with soft information. We give a version of the Stern algorithm for a channel with soft inf
In this paper, we introduce OT-PCA, a novel approach for conducting Plaintext-Checking (PC) oracle based side-channel attacks, specifically designed for Hamming Quasi-Cyclic (HQC). By calling the publicly accessible HQC decoder, we build offline templates that enable efficient extraction of soft information for hundreds of secret positions with just a single PC oracle call. Our method addresses cr
