Olivier Markowitch

• PhD
• Professor at Université Libre de Bruxelles

In a competitive market, online auction systems enable optimal trading of digital products and services. Bidders can participate in existing blockchain-based auctions while protecting the confidentiality of their bids in a decentralized, transparent, secure, and auditable manner. However, in a competitive market, parties would prefer not to disclos...

The scheme [1] is flawed because: (1) its circuit access structure is confusingly described; (2) the cloud server cannot complete the related computations; (3) some users can conspire to generate new decryption keys, without the help of the key generation authority.

We remark that the quantum key agreement protocol (Yang et al. in Quantum Inf Process 18(10):322, 2019) is flawed. It is unnecessary for Bob to prepare his secret key \(K_B\), because it is finally announced and accessible to adversaries. We find, \(K_B\) has no relation to the confidentiality of the final agreed key \(K_{AB}=K_A\oplus K_B\). It is...

In this paper, we present a detailed and systematic overview of communication security aspects of Multi-Processor Systems-on-Chip (MPSoC) and the emerging potential threats on the novel Cloud-of-Chips (CoC) paradigm. The CoC concept refers to highly scalable and composable systems, assembled not only at system design-time using RTL, like traditiona...

Since the number of processors and cores on a single chip is increasing, the interconnection among them becomes significant. Network-on-Chip (NoC) has direct access to all resources and information within a System-on-Chip (SoC), rendering it appealing to attackers. Malicious attacks targeting NoC are a major cause of performance depletion and they...

As the number of processing cores is increasing dramatically, the communication among them is of high importance. Network-on-Chip (NoC) has direct access to all resources and information within a System-on-Chip (SoC) by rendering it appealing to attackers. In this paper a novel Hardware Trojan (HT) assisted Denial of Service (DoS) attack, called Gr...

The scheme [IEEE Trans. Big Data, 4 (1), 2018, 26-39] is flawed because the sparsity of coefficient matrix is neglected. In the discussed scenario, we find it is unnecessary to outsource such a problem because the client can solve it locally. Even if the matrix is not sparse, the proposed paradigm which requires a great number of interactions, is r...

Currently the industry moves to smaller process nodes even if the cost for yielding large dies continues to increase, moving to the 5nm and even 3nm nodes. Hence a chiplet-based design has been initiated and quickly gain attention from industry, academia and government agencies. This cutting edge approach became advantageous to break down a large d...

A symmetric group key agreement protocol enables the group members to derive a shared session key for secure communication among them, whereas an asymmetric one facilitates security to any communication from outside, without adding outsiders into the group. In order to combine both the functionalities, a hybrid key agreement protocol is needed, whi...

In recent years,Multi-Processor System-on-Chips (MPSoCs) are widely deployed in safety-critical embedded systems.The Cloudof- Chips (CoC) is a scalable MPSoC architecture comprised of a large number of interconnected Integrated Circuits (IC) and Processing Clusters (PC) destined for critical systems. While many researches have focused on addressing...

Since the last decade, the public-key encryption with keyword search (PEKS) has been studied as a popular technique for searching data over encrypted files. The notion finds useful application for fine-grained data search on outsourced encrypted data like iCloud, mobile cloud data, etc. In this paper, we present a concrete public-key encryption (PK...

Template attacks and machine learning are two popular approaches to profiled side-channel analysis. In this paper, we aim to contribute to the understanding of their respective strengths and weaknesses, with a particular focus on their curse of dimensionality. For this purpose, we take advantage of a well-controlled simulated experimental setting i...

Side-channel adversaries represent real-world threats against (certified and uncertified) cryptographic devices. Masking schemes represent prevailing countermeasures to reduce the success probabilities of side-channel attacks. However, masking schemes increase the implementation cost in term of power consumption, clock cycles, and random number gen...

The increasing integration on latest MPSoC devices invites various security threats. To execute a sensitive application, a combination of IP cores on an MPSoC platform creates a security zone. This security zone must be protected. In this paper, we attempt to achieve the secure communication among these security zones supported by a two party key a...

The increasing integration on latest MPSoC devices invites various security threats. To execute a sensitive application, a combination of IP cores on an MPSoC platform creates a security zone. This security zone must be protected. In this paper, we attempt to achieve the secure communication among these security zones supported by a two party key a...

Masking schemes represent a well-researched and successful option to follow when considering side-channel countermeasures. Still, such measures increase the implementation cost in terms of power consumption, clock cycles, and random numbers generation. In fact, the higher the order of protection against side-channel adversaries, the higher the impl...

System on chips (SoCs) are all around us in today's world. Therefore, in this paper we propose a flexible, technology-aware SoC design, named as Cloud-of-Chips (CoC), which is able to change its characteristics, such as routing logic, transmission paths, priorities, IC clustering, etc. We focus particularly on inside communication of CoC architectu...

Feature extraction is the first task of pre-processing input logs in order to detect cybersecurity threats and attacks while utilizing machine learning. When it comes to the analysis of heterogeneous data derived from different sources, this task is found to be time-consuming and difficult to be managed efficiently. In this paper we present an appr...

Feature extraction and feature selection are the first tasks in pre-processing of input logs in order to detect cyber security threats and attacks while utilizing machine learning. When it comes to the analysis of heterogeneous data derived from different sources, these tasks are found to be time-consuming and difficult to be managed efficiently. I...

We first formalise a generic architecture for attribute-based signatures (ABS). Further we expand the design to the generic framework of an attribute-based group signature (ABGS), combining our generic structure of ABS with the efficient generic design of group signature proposed by Bellare et al. in Eurocrypt 2003. We also analyse security of the...

Many Internet users deploy several cloud services for storing sensitive data. Cloud services provide the opportunity to perform cheap and efficient storage techniques. In order to guarantee secrecy of uploaded data, users need first to encrypt it before uploading it to the cloud servers. There are also certain services which allow user to perform s...

Feature extraction and feature selection are the first tasks in pre-processing of input logs in order to detect cyber security threats and attacks while utilizing machine learning. When it comes to the analysis of heterogeneous data derived from different sources, these tasks are found to be time-consuming and difficult to be managed efficiently. I...

Side-channel attacks exploit physical characteristics of implementations of cryptographic algorithms in order to extract sensitive information such as the secret key. These physical attacks are among the most powerful attacks against real-world crypto-systems. In recent years, there has been a number of proposals how to increase the resilience of c...

A Proxy Re-encryption (PRE) is a cryptographic scheme for delegation of decryption rights. In a PRE scheme, a semi-honest proxy agent of Bob re-encrypts the ciphertext, on the message intended for Alice, on behalf of Bob, without learning anything about the message. The PRE schemes are useful in the scenarios where data are desired to be shared wit...

Evaluating the resistance of cryptosystems to side-channel attacks is an important research challenge. Profiled attacks reveal the degree of resilience of a cryptographic device when an adversary examines its physical characteristics. So far, evaluation laboratories launch several physical attacks (based on engineering intuitions) in order to find...

We show that Chen et al.’s schemes [IEEE TCC, 2(4), 2014, 499-508] for outsourcing linear regression computation to the cloud are not unquestioned. In scheme 1, the client has to generate an orthogonal matrix. Its computational complexity is almost equal to that of solving a linear regression problem locally. In such case, the client has no necessa...

Cloud computing supports a paradigm shift from local to network-centric computing and enables customers with limited computational resources to outsource large-scale computational tasks to the cloud, such as linear equations and linear programming. Recently, Yu et al. [IEEE TIFS, 11(6), 2016, 1362-1375] have proposed a scheme for cloud storage audi...

In 2015, Kalyna has been chosen as the new Ukrainian standard block cipher. Kalyna is an AES-like block cipher with a non-invertible key schedule. In this paper we perform the first side-channel analysis of Kalyna by performing a CPA attack on the round keys of Kalyna 128/128. Our work is based on simulations and real experiments performed on a sof...

We propose a modular framework which deploys state-of-the art techniques in dynamic pattern matching as well as machine learning algorithms for Big Data predictive and be-havioural analytics to detect threats and attacks in Managed File Transfer and collaboration platforms. We leverage the use of the kill chain model by looking for indicators of co...

As more Internet users are getting interested in using cloud services for storing sensitive data, it motivates the user to encrypt the private data before uploading it to the cloud. There are services which allow an user to conduct searches without revealing anything about the encrypted data. This service is provided by public key encryption with k...

Side-channel attacks provide tools to analyse the degree of resilience of a cryptographic device against adversaries measuring leakages (e.g. power traces) on the target device executing cryptographic algorithms. In 2002, Chari et al. introduced template attacks (TA) as the strongest parametric profiled attacks in an information theoretic sense. Fe...

At Asiacrypt'05, Girault and Lefranc introduced the primitive of server-aided verification (SAV). In the proposed model, the server is assumed to be untrusted but is supposed to not collude with the legitimate prover. At ProvSec'08, Wu et al. have generalized the Girault- Lefranc SAV model by allowing the server to collude with the legitimate prove...

The profiled attacks challenge the security of cryptographic devices in the worst case scenario. We elucidate the reasons underlying the success of different profiled attacks (that depend essentially on the context) based on the well-known bias–variance tradeoff developed in the machine learning field. Note that our approach can easily be extended...

Mobile security is of paramount importance. The security of LTE (long term evolution of radio networks), which is currently widely deployed as a long-term standard for mobile networks, relies upon three cryptographic primitives, among which the stream cipher ZUC. In this paper, we point out that the linear feedback shift register (LFSR) used in ZUC...

Template attacks and machine learning are two popular approaches to profiled side-channel analysis. In this paper, we aim to contribute to the understanding of their respective strengths and weaknesses, with a particular focus on their curse of dimensionality. For this purpose, we take advantage of a well-controlled simulated experimental setting i...

The main contributions of this paper are efficient distinguishing attacks against block ciphers that are conventionally modeled as pseudorandom permutations (PRP). Formally, block ciphers operate on fixed-length blocks of n bits, for example, n = 128 for the Advanced Encryption Standard (AES). Our analysis takes place in the setting in which the me...

In cryptography, a side-channel attack is any attack based on the analysis of measurements related to the physical implementation of a cryptosystem. Nowadays, the possibility of collecting a large amount of observations paves the way to the adoption of machine learning techniques, i.e., techniques able to extract information and patterns from large...

In this paper, we propose a formally verified protocol to securely manage vertical handovers heterogeneous networks (HetNets), even when different cryptographic algorithms are used in the infrastructure. The protocol presentation goes with a review of the current propositions of security mechanisms and procedures dedicated to manage vertical handov...

Side-channel attacks challenge the security of cryptographic devices. A widespread countermeasure against these attacks is the masking approach. Masking combines sensitive variables with secret random values to reduce its leakage. In 2012, Nassar et al. (DATE, pp 1173–1178. IEEE, 2012) presented a new lightweight (low-cost) boolean masking counterm...

Side-channel attacks challenge the security of cryptographic devices. One of the widespread countermeasures against these attacks is the masking approach. In 2012, Nassar et al. [21] presented a new lightweight (low-cost) Boolean masking countermeasure to protect the implementation of the AES block-cipher. This masking scheme represents the target...

In Asiacrypt’08, Green and Hohenberger presented an adaptive oblivious transfer (OT) scheme which makes use of a signature built from the Boneh-Boyen Identity Based Encryption. In this note, we show that the signature scheme is vulnerable to known-message attacks and the reduction used in the proof of Lemma A.6 is flawed. We also remark that the pa...

Mobile security is of paramount importance. The security of LTE (long term evolution of radio networks), which is currently widely deployed as a long-term standard for mobile networks, relies upon three cryptographic primitives, among which the stream cipher ZUC. In this paper, we point out that the linear feedback shift register (LFSR) used in ZUC...

Authenticated key agreement protocols provide wireless technologies with fundamental mechanisms such as session key generation and device authentication. Many of these protocols have been designed specifically for those technologies, but most of them do not integrate all the security requirements, and others have been attacked. Another important is...

In this paper, we propose a formally verified protocol to securely manage vertical handovers heterogeneous networks (HetNets), even when different cryptographic algorithms are used in the infrastructure. The protocol presentation goes with a review of the current propositions of security mechanisms and procedures dedicated to manage vertical handov...

The goal of a profiling attack is to challenge the security of a cryptographic device in the worst case scenario. Though template attack is reputed as the strongest power analysis attack, they effectiveness is strongly dependent on the validity of the Gaussian assumption. This led recently to the appearance of nonparametric approaches, often based...

Side channel attacks take advantage of information leakages in cryptographic devices. Template attacks form a family of side channel attacks which is reputed to be extremely effective. This kind of attacks assumes that the attacker fully controls a cryptographic device before attacking a similar one. In this paper, we propose to relax this assumpti...

In this paper, we propose a review of the mechanisms and procedures to securely manage vertical handovers in heterogeneous networks. The purpose of the paper is to position the heterogeneous networks in the context of wireless security and to describe the possible attacks that come along with this new kind of infrastructure. From a critical analysi...

In this paper we consider the security issues related to the key management in cloud computing. We focus on the difficulty of managing cryptographic keys necessary to maintain for example the confidentiality of information stored in the clouds. In this framework, we present a threshold cryptosystem as well as three protocols, based on cooperation b...

In this paper we present how multi-party designated verifier signatures can be used as generic solution to provide coercion-freeness in electronic voting schemes. We illustrate the concept of multi-party designated verifier signatures with an enhanced version of Ghodosi and Pieprzyk [GP06]'s threshold signature scheme. The proposed scheme is effici...

In cryptography, a side channel attack is any attack based on the analysis of measurements related to the physical implementa- tion of a cryptosystem. Nowadays, the possibility of collecting a large amount of observations paves the way to the adoption of machine learn- ing techniques, i.e. techniques able to extract information and patterns from la...

We remark that the schemes [S. Gaertner, C. Kurtsiefer, M. Bourennane and H. Weinfurter, Phys. Rev. Lett. 98, Article ID 020503 (2007); H. Takesue and K. Inoue, Phys. Rev. A 74, Article ID 012315 (2006); L. Hsu and C. Li, Phys. Rev. A 71, Article ID 022321 (2005); F. Yan and T. Gao, Phys. Rev. A 72, Article ID 012304 (2005); L. Xiao, G. Long, F. De...

In this paper we present two publishing methods for the votes and the result of an election, the TreeCounting and alternative TreeCounting method. These methods make the verifiability of public boards more achievable by publishing the result of an election as a tree. Both can be parametrized to increase the average number of times each node of that...

In this paper we review a non-exhaustive list of online banking systems used in Belgium in regard of man in the browser attacks. We focus our attention to the signature on each transaction and suggest simple solutions that would prevent and/or detect attacks attempts.

Zeng and Keitel proposed an arbitrated quantum signature scheme in 2002. Recently, Curty and Lütkenhaus pointed out that the protocol is not operationally specified. In a reply, Zeng gave more details of the scheme. The author also claimed that the scheme is suitable for unknown messages. In this letter, we remark that the invented scenario in the...

We point out that the quantum digital signature scheme proposed in ICACT 2005 has three problems. According to the original description of the scheme, we find: (1) the quantum one-way function is not specified clearly; (2) the signer Alice does not use her private key in the signing process; (3) both the signing and the verification can not work we...

We investigate the security difference between DSA and Schnorr's signature. The security of DSA can be reduced to the problem: to find m isin Omega, rho, thetas isin Zq* such that H(m) = P ((g^py)^thetas mod p) mod q, where Omega denotes the text space and the message to is not restrained. Unlike DSA evaluates the hash function...

In the primitive greedy algorithm for shortest superstring, if a pair of strings with maximum overlap picked out, they are subsequently merged. In this paper, we introduce the concept of optimal set and generalize the primitive greedy algorithm. The generalized algorithm can be reduced to the primitive greedy algorithm if the relative optimal set i...

We put forward the concepts of universal authentication, restrictive authentication and designated authentication. We then revisit a popular signcryption scheme using a technique similar to the one developed in Schnorr's signature, allowing it respects the restrictive authentication property. Comparing with the modification suggested by Baek et al...

In this paper we propose a new designated verifier signature scheme based on the threshold signature scheme presented (8) by Ghodosi and Pieprzyk. The advan- tages of the new scheme compared with previously proposed solutions are its computational efficiency and its simple and rational design that allows distributed implementations of the computati...

In this paper we propose a new voting scheme that provides a receipt to each voters. The receipt is build in a way that prevents that the vote can be revealed to third entities other than a judge. The scheme is based on the concept of strong designated verifier signature scheme and threshold RSA signatures. The signing key size remains bounded by t...

Computing and data Grids are widely distributed computing systems usually used to resolve scientific or technical problems that require a large amount of computing power and/or storage resources. To be really attractive, Grids must provide secured environments (in terms of confidentiality, data integrity, entity identificati on, etc). In this paper...

In 2006, Obana et al proposed two optimum secret sharing schemes secure against cheating. They extend the secret s in the Shamir's scheme to an array of three elements, (s, e₀, e₁), and construct two equations for checking validity. Each item in the equations should be reconstructed using Lagrange's interpolation. In this pape...

Some electronic commerce transactions are inherently performed between more than two parties. In this context, it is thus important to determine whether the underlying fair exchange protocols allowing the secure implementation of such transactions enable participants to exclude other entities from a protocol execution. This is an important point th...

In this paper we consider the confidentiality aspects of particular Grid's ap plications such as, for ex- ample, genetic applications. The search of DNA similarities is one of the interestin g areas of genetic biology. However, DNA sequences comparisons need greedy and sensitive computations. We propose a model allowing to search DNA similarities i...

Grids are large distributed systems composed of resources of many computing systems used to resolve problems that require heavy computations on large amount of data. In such a large distributed system, ensuring infor-mation integrity is of particular importance. Honest users and possible malicious entities live together in this network, the risks o...

The growing use of the Internet promotes the replacement of traditional manual transactions by equivalent electronic services. Research was carried out to investigate enhanced services related to electronic mail. This paper points out that a certified email protocol has to provide the sender of a certified email with an evidence that this email has...

In a large distributed system such as the Grid, ensuring data integrity is of particular importance. Since in a same network honest users and possible malicious entities live together, the risks of unauthorized alterations of data and information cannot be ignored. This concern on data integrity has two faces. On the one hand, insurance has to be g...

In this paper we propose a new strong and perfectly key-insulated signature scheme, more efficient than previous proposals and whose key length is constant and independent of the number of insulated time periods. Moreover, unlike previous schemes, it becomes forward-secure when all the existing secrets at a given time period are compromised. We als...

This paper proposes a designated verifier signature scheme based on the Schnorr signature and the Zheng signcryption schemes. One of the advantages of the new scheme compared with all previously proposed schemes is that it achieves the "strong designated verifier" property without encrypting any part of the signatures. This is because the designate...

This paper proposes a designated verifier signature based on the Schnorr signature scheme. One of the advantages of the new scheme compared with the one proposed by Jakobsson, Sako and Impagliazzo is that not only the designated verifier (Bob) cannot convince a third party (Cindy) that a sig-nature is originated by a given signer (Alice), but also...