Aikaterini Mitrokotsa

Chalmers University of Technology · Department of Computer Science and Engineering

Aggregating data from multiple sources is often required in multiple applications. In this paper, we introduce \(\textsf {DEVA}\), a protocol that allows a distributed set of servers to perform secure and verifiable aggregation of multiple users’ secret data, while no communication between the users occurs. \(\textsf {DEVA}\) computes the sum of th...

We propose a novel primitive called \(\textsf {NIVA}\) that allows the distributed aggregation of multiple users’ secret inputs by multiple untrusted servers. The returned aggregation result can be publicly verified in a non-interactive way, i.e. the users are not required to participate in the aggregation except for providing their secret inputs....

We introduce the concept of turn-based communication channel between two mutually distrustful parties with communication consistency, i.e. both parties have the same message history, and happens in sets of exchanged messages across a limited number of turns. Our construction leverages on timed primitives. Namely, we consider a \(\mathsf{\Delta }\)-...

Abstract Signcryption originally proposed by Zheng (CRYPTO′97) is a useful cryptographic primitive that provides strong confidentiality and integrity guarantees. This article addresses the question whether it is possible to homomorphically compute arbitrary functions on signcrypted data. The answer is affirmative and a new cryptographic primitive,...

Cohen, Goldwasser, and Vaikuntanathan (TCC’15) introduced the concept of aggregate pseudo-random functions (PRFs), which allow efficiently computing the aggregate of PRF values over exponential-sized sets. In this paper, we explore the aggregation augmentation on verifiable random function (VRFs), introduced by Micali, Rabin and Vadhan (FOCS’99), a...

Often clients (e.g., sensors, organizations) need to outsource joint computations that are based on some joint inputs to external untrusted servers. These computations often rely on the aggregation of data collected from multiple clients, while the clients want to guarantee that the results are correct and, thus, an output that can be publicly veri...

In many situations, clients (e.g., researchers, companies, hospitals) need to outsource joint computations based on joint inputs to external cloud servers in order to provide useful results. Often clients want to guarantee that the results are correct and thus, an output that can be publicly verified is required. However, important security and pri...

Homomorphic authenticators (HAs) enable a client to authenticate a large collection of data elements m1,…,mt and outsource them, along with the corresponding authenticators, to an untrusted server. At any later point, the server can generate a short authenticator σf,y vouching for the correctness of the output y of a function f computed on the outs...

Distributed pseudorandom functions (DPRFs) formally defined by Naor et al. (EUROCRYPT’99) provide the properties of regular PRFs as well as the ability to distribute the evaluation of the PRF function; rendering them useful against single point of failures in multiple settings (e.g., key distribution centres). To avoid the corruption of the partial...

Pseudo-random functions are a useful cryptographic primitive that, can be combined with zero-knowledge proof systems in order to achieve privacy-preserving identification. Libert et al. (ASIACRYPT 2017) has investigated the problem of proving the correct evaluation of lattice-based PRFs based on the Learning-With-Rounding (LWR) problem. In this pap...

Server-Aided Verification (SAV) is a method that can be employed to speed up the process of verifying signatures by letting the verifier outsource part of its computation load to a third party. Achieving fast and reliable verification under the presence of an untrusted server is an attractive goal in cloud computing and internet of things scenarios...

With the rapid development of the Internet of Things (IoT) a lot of critical information is shared however without having guarantees about the origin and integrity of the information. Digital signatures can provide important integrity guarantees to prevent illegal users from getting access to private and sensitive data in various IoT applications....

Smartphones are a key enabling technology in the Internet of Things (IoT) for gathering crowd-sensed data. However, collecting crowd-sensed data for research is not simple. Issues related to device heterogeneity, security, and privacy have prevented the rise of crowd-sensing platforms for scientific data collection. For this reason, we implemented...

Edge computing is the concept of moving computation back to the endpoints of a network, as an alternative to, or in combination with, centralized, cloud-based architectures. It is especially of interest for Internet-of-Things and Cyber-Physical Systems where embedded endpoints make up the edge of the network, and where these devices need to make lo...

The emergence of ubiquitous computing has led to multiple heterogeneous devices with increased connectivity. In this communication paradigm everything is inter-connected and proximity-based authentication is an indispensable requirement in multiple applications including contactless payments and access control to restricted services/places. Distanc...

Biometric Authentication Protocols (\(\mathsf {BAP}\)s) have increasingly been employed to guarantee reliable access control to places and services. However, it is well-known that biometric traits contain sensitive information of individuals and if compromised could lead to serious security and privacy breaches. Yasuda et al. [23] proposed a distri...

Indistinguishability obfuscation (\(i\mathcal {O}\)) is a powerful cryptographic tool often employed to construct a variety of core cryptographic primitives such as public key encryption and signatures. In this paper, we focus on the employment of \(i\mathcal {O}\) in order to construct short signatures with strong security guarantees (i.e., adapti...

Distance-bounding (DB) protocols are cross-layer authentication protocols that are based on the round-trip-time of challenge-response exchanges and can be employed to guarantee physical proximity and combat relay attacks. However, traditional DB protocols rely on the assumption that the prover is in the communication range of the verifier, which mi...

Encrypting data with a semantically secure cryptosystem guarantees that nothing is learned about the plaintext from the ciphertext. However, querying a database about individuals or requesting for summary statistics can leak information. Differential privacy (DP) offers a formal framework to bound the amount of information that an adversary can dis...

An emerging direction for authenticating people is the adoption of biometric authentication systems. Biometric credentials are becoming increasingly popular as a means of authenticating people due to the wide range of advantages that they provide with respect to classical authentication methods (e.g., password-based authentication). The most charac...

Homomorphic authenticators (HAs) enable a client to authenticate a large collection of data elements \(m_1, \ldots , m_t\) and outsource them, along with the corresponding authenticators, to an untrusted server. At any later point, the server can generate a short authenticator vouching for the correctness of the output y of a function f computed on...

This work addresses the security and privacy issues in remote biometric authentication by proposing an efficient mechanism to verify the correctness of the outsourced computation in such protocols. In particular, we propose an efficient verifiable computation of XOR-ing encrypted messages using an XOR linear message authentication code (MAC) and we...

The use of wireless communications has had tremendous expansion and has led to the development of wearable devices with limited resources. Often, to gain access to services/places, proving the physical proximity of a single device, may not be enough. Multiple wearable devices linked to function as a team may provide stronger guarantees on accurate...

Authentication for resource-constrained devices is seen as one of the major challenges in current wireless communication networks. The protocol by Juels and Weis provides device authentication based on the learning parity with noise (LPN) problem and is appropriate for resource-constrained devices, but it has been shown to be vulnerable to a simple...

Various flavours of a new research field on (socio − )physical or personal analytics have emerged, with the goal of deriving semanticallyrich insights from people’s low-level physical sensing combined with their (online) social interactions. In this paper, we argue for more comprehensive data sources, including environmental and application-specifi...

It is our great pleasure to welcome you to the 2015 ACM Workshop Artificial Intelligence and Security (AISec 2015) - the eight annual workshop addressing technologies that fuse intelligent systems into computer security applications and the implications of these approaches. The workshop's aim is to advance research at the intersection of artificial...

Communication technologies have revolutionized modern society. They have changed the way we do business, travel, manage our personal lives and communicate with our friends. In many cases, this crucially depends on accurate and reliable authentication. We need to get authenticated in order to get access to restricted services and/or places (i.e. tra...

Distance-bounding protocols allow devices to cryptographically verify the physical proximity of two parties and is a prominent secure neighbour detection method. We describe how existing distance-bounding protocols could be modified to verify the proximity of both next-hop and two-hop neighbours. This approach allows a node to verify that another n...

Distance-bounding protocols can offer protection against attacks on access control systems that require users to both verify their credentials and prove their location. However, tradeoffs among accuracy, cost, and privacy are necessary.

Authentication for resource-constrained devices is seen as one of the major challenges in current wireless communication networks. The HB⁺ protocol performs device authentication based on the learning parity with noise (LPN) problem and simple computational steps, that renders it suitable for resource-constrained devices such as radio frequency ide...

From contactless payments to remote car unlocking, many applications are vulnerable to relay attacks. Distance bounding protocols are the main practical countermeasure against these attacks. In this paper, we present a formal analysis of SKI, which recently emerged as the first family of lightweight and provably secure distance bounding protocols....

In biometric authentication protocols, a user is authenticated or granted access to a service if her fresh biometric trait matches the reference biometric template stored on the service provider. This match- ing process is usually based on a suitable distance which measures the similarities between the two biometric templates. In this paper, we pro...

In this paper, we study the security of two recently proposed privacy-preserving biometric authentication protocols that employ packed somewhat homomorphic encryption schemes based on ideal lattices and ring-LWE, respectively. These two schemes have the same structure and have distributed architecture consisting of three entities: a client server,...

Biometric authentication establishes the identity of an individual based on biometric templates (e.g. fingerprints, retina scans etc.). Although biometric authentication has important advantages and many applications, it also raises serious security and privacy concerns. Here, we investigate a biometric authentication protocol that has been propose...

In many cases, we can only have access to a service by proving we are sufficiently close to a particular location (e.g., in automobile or building access control). In these cases, proximity can be guaranteed through signal attenuation. However, by using additional transmitters an attacker can relay signals between the prover and the verifier. Dista...

Relay attacks (and, more generally, man-in-the-middle attacks) are a serious threat against many access control and payment schemes. In this work, we present distance-bounding protocols, how these can deter relay attacks, and the security models formalizing these protocols. We show several pitfalls making existing protocols insecure (or at least, v...

Biometric authentication based on facial image, fingerprint, palm print, iris, retina, or veins are becoming increasingly popular. However, compromised biometric templates, indeed,may lead to serious threats to identity and their inherent irrevocability makes this risk even more serious. Because of such serious privacy implications the need for pri...

We examine the robustness and privacy of Bayesian inference, under assumptions on the prior, and with no modifications to the Bayesian framework. First, we generalise the concept of differential privacy to arbitrary dataset distances, outcome spaces and distribution families. We then prove bounds on the robustness of the posterior, introduce a post...

Distance-bounding is a practical solution aiming to prevent relay attacks. The main challenge when designing such protocols is maintaining their inexpensive cryptographic nature, whilst being able to protect against as many, if not all, of the classical threats posed in their context. Moreover, in distance-bounding, some subtle security shortcoming...

The communication between an honest prover and an honest verifier can be intercepted by a malicious man-in-the-middle (MiM), without the legitimate interlocutors noticing the intrusion. The attacker can simply relay messages from one party to another, eventually impersonating the prover to the verifier and possibly gaining the privileges of the for...

Mobile Ad hoc Networks (MANETs) are wireless networks without fixed infrastructure based on the cooperation of independent mobile nodes. The proliferation of these networks and their use in critical scenarios (like battlefield communications or vehicular networks) require new security mechanisms and policies to guarantee the integrity, confidential...

There is a high need for secure authentication protocols conforming with the EPC Class-1 Generation 2 (Gen2 in short) standard. The security analyses of the new born authentication protocols provide some guidelines and lessons that should be considered in the design of new proposals. In this paper, we scrutinize the security of a Gen2 based RFID au...

RFID technology is one of the most pervasive computing technologies with important advantages and a wide range of applications. Nevertheless, the widespread adoption of RFID technology mainly depends on fixing the security and privacy concerns of this technology. Using a tagged object should not lead to the traceability of this object. This concern...

At ACM CCS 2008, Rasmussen and Čapkun introduced a distance-bounding protocol [22] (henceforth RČ protocol) where the prover and verifier use simultaneous transmissions and the verifier counts the delay between sending a challenge (starting with a hidden marker) and receiving the response. Thus, the verifier is able to compute an upper bound on the...

In this paper, we show that many formal and informal security results on distance-bounding (DB) protocols are incorrect/ incomplete. We identify that this inadequacy stems from the fact that the pseudorandom function (PRF) assumption alone, invoked in many security claims, is insufficient. To this end, we identify two distinct shortcomings of invok...

Many applications involve agents sharing a resource, such as networks or services. When agents are honest, the system functions well and there is a net profit. Unfortunately, some agents may be malicious, but it may be hard to detect them. We consider the intrusion response problem of how to permanently blacklist agents, in order to maximise expect...

The articles in this special section are devoted to the topic of learning, computer games and system security.

We propose a gesture recognition technique based on RFID: cheap and unintrusive passive RFID tags can be easily attached to or interweaved into user clothes, which are then read by RFID antennas. These readings can be used to recognize hand gestures, ...

We derive bounds on the expected loss for authentication protocols in channels which are constrained due to noisy conditions and communication costs. This is motivated by a number of authentication protocols, where at least some part of the authentication is performed during a phase, lasting n rounds, with no error correction. This requires assigni...

Distance-bounding protocols form a family of challenge–response authentication protocols that have been introduced to thwart relay attacks. They enable a verifier to authenticate and to establish an upper bound on the physical distance to an untrusted prover. We provide a detailed security analysis of a family of such protocols. More precisely, we...

Intrusion detection is frequently used as a second line of defense in Mobile Ad-hoc Networks (MANETs). In this paper we examine how to properly use classification methods in intrusion detection for MANETs. In order to do so we evaluate five supervised classification algorithms for intrusion detection on a number of metrics. We measure their perform...

RFID middleware often has to process enormous amounts of data, possibly causes overloading and leading to data errors. Therefore, RFID middleware applications require load-balancing mechanisms. This work proposes a grid-based load-balancing mechanism ...

Errors involving medication administration can be costly, both in financial and in human terms. Indeed, there is much potential for errors due to the complexity of the medication administration process. Nurses are often singled out as the only responsible of these errors because they are in charge of drug administration. Nevertheless, the intervent...

Radio Frequency Identification (RFID) technology uses wireless radio technology to automatically track items spanning various locations with little effort or cost. It is used for various applications such as supply chains and health care. Unfortunately, due to the nature of the passive RFID architecture, cloned tags lower the overall accuracy of th...

Distance bounding protocols enable a device to establish an upper bound on the physical distance to a communication partner so as to prevent location spoofing, as exploited by relay attacks. Recently, Rasmussen and Čapkun (ACM-CCS'08) observed that these protocols leak information on the location of the parties to external observers, which is undes...

RFID (Radio Frequency Identication) systems are one of the most per- vasive computing technologies with technical potential and protable opportunities in a diverse area of applications. Among their advantages is included their low cost and their broad applicability. However, they also present a number of inherent vulnerabili- ties. This paper devel...

A number of authentication protocols have been proposed recently, where at least some part of the authentication is performed during a phase, lasting $n$ rounds, with no error correction. This requires assigning an acceptable threshold for the number of detected errors. This paper describes a framework enabling an expected loss analysis for all the...

RFID technology is an area currently undergoing active development. An issue, which has received a lot of attention, is the security risks that arise due to the inherent vulnerabilities of RFID technology. Most of this attention, however, has focused on related privacy issues. The goal of this chapter is to present a more global overview of RFID th...

Distance bounding protocols are an effective countermeasure against relay attacks including distance fraud, mafia fraud and terrorist fraud attacks. Reid et al. proposed the first symmetric key distance bounding protocol against mafia and terrorist fraud attacks. However, claims that this is only achieved with a (7/8)ⁿ probability of suc...

In this paper we present an intrusion detection engine comprised of two main elements; firstly, a neural network for the actual detection task and secondly watermarking techniques for protecting the related information that must be exchanged between nodes. In particular, we exploit information visualization and machine learning techniques in order...

User authentication and intrusion detection differ from standard classification problems in that while we have data generated from legitimate users, impostor or intrusion data is scarce or non-existent. We review existing techniques for dealing with this problem and propose a novel alternative based on a principled statistical decision-making view...

The vast majority of RFID authentication protocols assume the proximity between readers and tags due to the limited range of the radio channel. However, in real scenarios an intruder can be located between the prover (tag) and the verifier (reader) and trick this last one into thinking that the prover is in close proximity. This attack is generally...

Intrusion Detection is an invaluable part of computer networks defense. An important consideration is the fact that raising false alarms carries a significantly lower cost than not detecting at- tacks. For this reason, we examine how cost-sensitive classification methods can be used in Intrusion Detection systems. The performance of the approach is...

In this paper we present the design and evaluation of intrusion detection models for MANETs using supervised classification algorithms. Specifically, we evaluate the performance of the MultiLayer Perceptron (MLP), the Linear classifier, the Gaussian Mixture Model (GMM), the Naive Bayes classifier and the Support Vector Machine (SVM). The performanc...

In this paper, we present an effective intrusion response engine combined with intrusion detection in ad hoc networks. The intrusion response engine is composed of a secure communication module, a local and a global response module. Its function is based on an innovative tree-based key agreement protocol while the intrusion detection engine is base...

RFID (Radio Frequency Identification) systems are emerging as one of the most pervasive computing technologies in history due to their low cost and their broad applicability. Although RFID networks have many advantages, they also present a number of inherent vulnerabilities with seri ous potential security implications. This paper develops a struct...

The use of electronic technologies in government services has played a significant role in making citizens’ lives more convenient. Even though the transition to digital governance has great advantages for the quality of government services it may be accompanied with many security threats. One of the major threats and hardest security problems e-Gov...

The use of electronic technologies in government services has played a significant role in making citizens’ lives more convenient. Even though the transition to digital governance has great advantages for the quality of government services it may be accompanied with many security threats. One of the major threats and hardest security problems e-Gov...

In mobile ad hoc networks (MANET) specific Intrusion Detection Systems (IDSs) are needed to safeguard them since traditional intrusion prevention techniques are not sufficient in the protection of MANET. In this paper we present an intrusion detection engine based on neural networks combined with a protection method, which is based on watermarking...

Ad hoc networks have received great attention in recent years, mainly due to their important advantages and their growing demand. Nevertheless, ad hoc networks present many inherent vulnerabilities and demand efficient security mechanisms in order to be safeguarded. An efficient intrusion detection approach combined with an authenticated intrusion...

Availability requires that computer systems function normally without loss of resources to legitimate users. One of the most challenging issues to availability is the denial-of-service (DoS) attack. DoS attacks constitute one of the major threats and among the hardest security problems in today’s Internet. The main aim of a DoS is the disruption of...

In this paper, we analyze the potential of using Emergent Self- Organizing Maps (ESOMs) based on Kohonen Self -Organizing maps in order to detect intrusive behaviours. The proposed approach combines machine learning and information visualization techniques to analyze network traffic and is based on classifying "normal" versus "abnormal" traffic. Th...

The evolution of wireless network technologies and the recent advances in mobile computing hardware have made possible the introduction of various applications in mobile ad hoc networks. Not only is the infrastructure of these networks inherently vulnerable but they have increased requirements regarding their security as well. As intrusion preventi...

Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today’s Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With little or no advance warning, a DDoS attack can easily exhaust the computing and communication resour...