Filetype
Algorithms for secure encryption in a post-quantum world are currently receiving a lot of attention in the research community. One of the most promising such algorithms is the code-based scheme called QC-MDPC, which has excellent performance and a small public key size. In this work we present a very efficient key recovery attack on the QC-MDPC scheme using the fact that decryption uses an iterati
The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access contr
With the advancement of the next generation of cellular systems, flexible mechanisms for Discontinuous Reception (DRX) are needed in order to save energy. 5G will bring heterogeneous packet sizes and traffic types, as well as an increasing need for energy efficiency. The current static DRX mechanism is inadequate to meet these needs. In this paper we exploit channel prediction to develop integer p
HQC is an IND-CCA2 KEM running for standardization in NIST’s post-quantum cryptography project and has advanced to the second round. It is a code-based scheme in the class of public key encryptions, with given sets of parameters spanning NIST security strength 1, 3 and 5, corresponding to 128, 192 and 256 bits of classic security.In this paper we present an attack recovering the secret key of an H
Intel Software Guard Extensions (SGX) provides a trusted execution environment (TEE) to run code and operate sensitive data.SGX provides runtime hardware protection where both code and data are protected even if other code components are malicious.However, recently many attacks targeting SGX have been identified and introduced that can thwart the hardware defence provided by SGX.In this paper we p
The Bit Flipping algorithm is a hard decision decoding algorithm originally designed by Gallager in 1962 to decode Low Density Parity Check Codes (LDPC). It has recently proved to be much more versatile, for Moderate Parity Check Codes (MDPC) or Euclidean metric. We further demonstrate its power by proposing a noisy Euclidean version of it. This tweak allows to construct a lattice based key exchan
Flow thinning (FT) is a traffic routing and protection strategy for communication networks whose links experience fluctuations in available capacity (as, e.g., in wireless networks). To cope with this phenomenon, end-to-end traffic demands are assigned dedicated tunnels (e.g., MPLS tunnels) whose nominal capacity is subject to thinning in order to account for variable capacity of the links, fluctu
The Learning with Errors problem (LWE) is one of the main candidates for post-quantum cryptography. At Asiacrypt 2017, coded-BKW with sieving, an algorithm combining the Blum-Kalai-Wasserman algorithm (BKW) with lattice sieving techniques, was proposed. In this paper, we improve that algorithm by using different reduction factors in different steps of the sieving part of the algorithm. In the Rege
In this paper we address the problem of resource allocation for alarm traffic in industrial Internet of Things networks using massive MIMO. We formulate the general problem of how to allocate pilot signals to alarm traffic such that delivery is guaranteed, while also minimising the number of pilots reserved for alarms, thus maximising the channel resources available for other traffic, such as indu
Software-Defined Networking (SDN) is a novel architectural model for cloud network infrastructure, improving resource utilization, scalability and administration. SDN deployments increasingly rely on virtual switches executing on commodity operating systems with large code bases, which are prime targets for adversaries attacking the network infrastructure. We describe and implement TruSDN, a frame
We implement the Grain-128AEAD stream cipher in hardware, using a 65 nm library. By exploring different optimization techniques, both at RTL level but also during synthesis, we first target high throughput, then low power. We reach over 33 GB/s targeting a high-speed design, at expense of power and area. We also show that, when targeting low power, the design only requires 0.23 $${\upmu }$$W runni
Cryptosystems based on Learning with Errors or related problems are central topics in recent cryptographic research. One main witness to this is the NIST Post-Quantum Cryptography Standardization effort. Many submitted proposals rely on problems related to Learning with Errors. Such schemes often include the possibility of decryption errors with some very small probability. Some of them have a som
We point out the risks of protecting relational databases via Searchable Symmetric Encryption (SSE) schemes by proposing an inference attack exploiting the structural properties of relational databases. We show that record-injection attacks mounted on relational databases have worse consequences than their file-injection counterparts on un- structured databases. Moreover, we discuss some technique
With the increasing number of IoT devices deployed, the problem of switching ownership of devices is becoming more apparent. Especially, there is a need for transfer protocols not only addressing a single unit ownership transfer but secure transfer of a complete infrastructure of IoT units including also resource constraint devices. In this paper we present our novel ownership transfer protocol fo
One important open question in side-channel analysis is to find out whether all the leakage samples in an implementation can be exploited by an adversary, as suggested by masking security proofs. For attacks exploiting a divide-and-conquer strategy, the answer is negative: only the leakages corresponding to the first/last rounds of a block cipher can be exploited. Soft Analytical Side-Channel Atta
Open Source Security and Dependency Vulnerability Management (DVM) has become a more vital part of the software security stack in recent years as modern software tend to be more dependent on open source libraries. The largest open source of vulnerabilities is the National Vulnerability Database (NVD), which supplies developers with machine-readable vulnerabilities. However, sometimes Common Vulner
Along with the rapid development of cloud computing technology, containerization technology has drawn much attention from both industry and academia. In this paper, we perform a comparative measurement analysis of Docker-sec, which is a Linux Security Module proposed in 2018, and a new AppArmor profile generator called Lic-Sec, which combines Docker-sec with a modified version of LiCShield, which
Internet of Things or IoT deployments are becoming more and more common. The list of use-cases for IoT is getting longer and longer, but some examples are smart home appliances and wireless sensor networks. When IoT devices are deployed and used over an extended time, it is not guaranteed that one owner will control the IoT devices over their entire lifetime. If the ownership of an IoT system shal
This chapter is devoted to modeling and optimization techniques applicable to communication network design and planning. The main emphasis is put on the models dealing with optimization of the capacity of network resources and traffic routing that lead to tractable optimization problems. It is a common belief that the right means for such modeling are multicommodity flow networks (MFN). MFN form a
We improve iterative decoding of the moderate density parity-check codes, recently suggested as code candidates in the McEliece public key cryptosystem. In case of bit-flipping (BF) decoder failure, the code parity-check matrix is extended by adding auxiliary variable nodes based on reliability information from the BF decoder. Then iterative decoding is applied to the extended parity-check matrix.
