Member

Abstract
Radio-frequency identification (RFID) technology constitutes an important part of what has become known as the Internet of Things (IoT) that is accessible and interconnected machines and everyday objects that form a dynamic and complex environment. To secure the IoT in a cost-efficient manner, we need to build security and privacy into the design of its components. Moreover, mechanisms should be constructed that will allow both individuals and organizations to actively manage their “things” and information in a highly flux environment. The contributions of this paper are twofold: We first discuss the use of security and privacy policies that can offer fine granularity and context-aware information control in RFID systems. Second, we propose a novel secure and privacy-preserving tag management protocol that can support such policies. Our protocol has a modular design that allows it to support a set of desirable management operations (viz. tag authentication, delegation, and ownership transfer) while imposing minimal hardware and computational requirements on the tag side. Furthermore, inspired by the European Network and Information Security Agency's Flying 2.0 study, we describe a near-future air travel scenario to further explain and demonstrate the inner workings of our proposal.

Abstract
At the 2011 Eurocrypt, Kiltz et al., in their best paper price awarded paper, proposed an ultra-lightweight authentication protocol, called AUTH . While the new protocol is supported by a delicate security proof based on the conjectured hardness of the learning parity with noise problem, this security proof does not include man-in-the-middle attacks. In this paper, we show that AUTH is weak against MIM adversaries by introducing a very efficient key recovery MIM attack that has only linear complexity with respect to the length of the secret key.

Abstract
In this paper, we describe an attack against one of the most efficient authentication protocols for low-cost RFID tags recently proposed by Song and Mitchell. A weak attacker, i.e. an attacker that has no access to the internal data of a tag, is able to impersonate a legitimate reader/server, and to desynchronize a tag. The attack is very efficient and has minimal computational complexity. Finally, we propose a simple solution to fix the flaw.

Abstract
Mental health diseases are common but research to further knowledge and understanding of them is hampered by data privacy and con.dentiality regulations that apply to medical records. Centralised databases containing the relevant medical history of thousands of patients with an individual mental disease would be of great value for researchers, enabling techniques such as data mining to be applied. The major challenge in achieving this is anonymising the data to satisfy legal and ethical requirements without removing important clinical information. In this paper we propose a model that can be used to create a central repository of anonymised data for patients with bipolar disease. Knowledge obtained from the database is fed into an expert system which can guide clinicians in patient management. Security requirements are provided by access to the database being controlled by RBAC (Role Based Access Control).

Abstract
Searchable Symmetric Encryption (SSE) is a mechanism that facilitates search over encrypted data that are outsourced to an untrusted Server. SSE schemes offer practicality at the expense of some information leakage. The last two years, the first dynamic SSE (DSSE) schemes, i.e. schemes that support updates, that are both forward and backward private were introduced. Two lines of design have been proposed. The first one contains the schemes that use some type of oblivious data structure, i.e. the Client hides the memory access pattern from the Server. This level of security comes at the expense of significant communication overheads as the oblivious memory access requires several communication roundtrips or the use of expensive primitives that limits the potential of practicality. The second line of design contains solutions that avoid oblivious data structures. In this paper, we introduce two new DSSE solutions that offer both forward and the highest level of backward privacy. Our schemes are the first ones that follow the first line of design and achieve this level of security with a constant and small number of communication roundtrips. We evaluate their performance and we show that they are practical.

Abstract
Searchable Symmetric Encryption is a mechanism that facilitates search over encrypted data that are outsourced to an untrusted server. SSE schemes are practical as they trade nicely security for efficiency. However, the supported functionalities are mainly limited to single keyword queries. In this paper, we present a new efficient SSE scheme, called REX, that supports range queries. REX is a no interactive (single round) and response-hiding scheme. It has optimal communication and search computation complexity, while it is much more secure than traditional Order Preserving Encryption based range SSE schemes.

Abstract
In the cloud era, as more and more businesses and individ- uals have their data hosted by an untrusted storage service provider, data privacy has become an important concern. In this context, searchable symmetric encryption (SSE) has gained a lot of attention. An SSE scheme aims to protect the privacy of the outsourced data by supporting, at the same time, outsourced search computation. However, the design of an e_cient dynamic SSE (DSSE) has been shown to be a challenging task. In this paper, we present two e_cient DSSEs that leak a limited amount of information. Both our schemes make a limited use of ORAM algorithms to achieve forward privacy and to minimize the overhead that ORAMs introduce, at the same time. To the best of our knowledge, there is only one other DSSE scheme that o_ers e_ciently forward privacy. Our schemes are parallizable and signi_cantly improve the search and update complexity, as well as the memory access locality

Abstract
Cloud Computing (CC) is the new trend in computing and resource management, an architectural shift towards thin clients and conveniently centralized provision of computing and networking resources. Worldwide cloud services revenue reached 148.8 billion in 2014. However, CC introduces security risks that the clients of the cloud have to deal with. More precisely, there are many security concerns related to outsourcing storage and computation to the cloud and these are mainly attributed to the fact that the clients do not have direct control over the systems that process their data. In this paper, we investigate the new challenges that cryptography faces in the CC era. We introduce a security framework for analysing these challenges, and we describe the cryptographic techniques that have been proposed until now. Finally, we provide a list of open problems and we propose new directions for research.

Abstract
At the 2011 Eurocrypt, Kiltz et al., in their best paper price awarded paper, proposed an ultra-lightweight authentication protocol, called AUTH. This new protocol is supported by a delegated security proof, against passive and active attacks, based on the conjectured hardness of the Learning Parity with Noise (LPN) problem. However, AUTH has two shortcomings. The security proof does not include man-in-the-middle (MIM) attacks and the communication complexity is high. The weakness against MIM attacks was recently verified as a very efficient key recovery MIM attack was introduced with only linear complexity with respect to the length of the secret key. Regarding the communication overhead, Kiltz et al. proposed a modified version of AUTH where the communication complexity is reduced at the expense of higher storage complexity. This modified protocol was shown to be at least as secure as AUTH. In this paper, we revisit the security of AUTH and we show, somehow surprisingly, that its communication efficient version is secure against the powerful MIM attacks. This issue was left as an open problem by Kiltz et al. We provide a security proof that is based on the hardness of the LPN problem to support our security analysis.

Abstract
Cloud Computing (CC) is a promising next-generation computing paradigm providing network and computing resources on demand via the web. The cloud market is still in its infancy and all major issues, ranging from interoperability and standardization, to legislation and SLA contracts are still wide open. However, the main obstacle for a more catholic acceptance of the cloud model is security. In the CC model, the client has limited control over her data and computations as she outsources everything to the cloud provider. This basic CC feature influences several security related areas.

Abstract
RFID technology constitutes a fundamental part of what is known as the Internet of Things; i.e. accessible and interconnected machines and everyday objects that form a dynamic and complex environment. In order to secure RFID tags in a cost-efficient manner, the last few years several lightweight cryptography-based tag management protocols have been proposed. One of the most promising proposals is the HB+ protocol, a lightweight authentication protocol that is supported by an elegant security proof against all passive and a subclass of active attackers based on the hardness of the Learning Parity with Noise (LPN) problem. However, the HB+ was shown to be weak against active man-in-the-middle (MIM) attacks and for that several variants have been proposed. Yet, the vast majority of them has been broken. In this paper, we introduce a new variant of the HB+ protocol that can provably resist MIM attacks. More precisely, we improve the security of another recently proposed variant, the HB# protocol by taking advantage of the properties of the well studied Gold power functions. The new authentication protocol is called GHB# and its security can be reduced to the LPN problem. Finally, we show that the GHB# remains practical and lightweight.

Abstract
In the last few years, a plethora of RFID authentication protocols have been proposed and several security analyses have been published creating the impression that designing such a protocol must be, more or less, a straightforward task. In this paper, we investigate the security of two recently proposed schemes, showing that designing a secure RFID authentication protocol is still a demanding process. One is a mature work; in the sense that it has predecessors that have been extensively analyzed, while the other is a fresh proposal. Our security analysis demonstrates that both are weak, as they suffer from a similar desychronization attack. In addition we prove the existence of a fatal tag impersonation attack against the second one.

Abstract
RFID technology constitutes an important part of what has become known as the IoT; i.e accessible and interconnected machines and everyday objects that form a dynamic and complex environment. In order to be able to secure the IoT in a cost-efficient manner we need to build security and privacy into the design of its components. Thus, in this paper, we first introduce the use of security and privacy policies that can offer fine granularity and context-aware information control in RFID systems, and with this in mind, we propose a novel secure and privacy preserving tag management protocol to implement such policies. The new protocol has a modular design in order to support all the basic management operations (tag authentication, delegation and ownership transfer), while imposing minimal hardware and computational requirements on the tag side.

Abstract
Motivated by the plethora of RFID security protocols and the interoperability problems that this diversity causes, we propose a software agent-based platform that allows an RFID back-end subsystem to integrate and manage heterogeneous tags that are based on non-standardized implementations. In addition, we introduce a new suite of lightweight tag management protocols that support tag authentication, time-based tag delegation and ownership transfer. The protocols can take advantage of the proposed agent-based platform and do satisfy all the standard security and privacy requirements.

Abstract
Hardware efficient encryption algorithms are necessary for applications like low cost Radio Frequency Identification (RFID) tags. In order to keep the cost as low as possible, the designers of lightweight algorithms are using simplified versions of well studied components. Unfortunately, in most cases this simplification leads to weak constructions. In this paper, we investigate one such case. Recently, a low hardware complexity binary additive stream cipher was proposed in the Computers & Security journal. This stream cipher is based on a simplified version of a family of universal hash functions. The new family is called Toeplitz hash. The Toeplitz hash functions can be very efficiently implemented on hardware and for that the proposed stream cipher is suitable for low cost applications. However, we demonstrate that the security of the cipher is much weaker than it was claimed. More precisely, we introduce a known-plaintext attack that can retrieve the secret key with very low computational complexity that requires only a few known keystream bits by taking advantage of the low cost.

Abstract
The Random−HB# protocol is a significant improvement of the HB+ protocol introduced by Juels and Weis for the authentication of low-cost RFID tags. Random − HB# improves HB+ in terms of both security and practicality. It is provably resistant against man-inthe- middle attacks, where the adversary can modify messages send from the reader to the tag and performs significantly better than HB+, since it reduces the transmission costs and provides more practical error rates. The only problem with Random − HB# is that the storage costs for the secret keys are insurmountable to low cost tags. The designers of the protocol have proposed also an enhanced variant which has less storage requirements, but it is not supported by a security proof. They call this variant just HB#. In this paper we propose a variant of the Random− HB#. The new proposal maintains the performance of the Random − HB#, but it requires significantly less storage for the key. To achieve that we add a lightweight message authentication code to protect the integrity of all the exchanged messages.

Abstract
Most mental illnesses, including bipolar disorder (BD), cause disability. BD is one of the world’s 10 most disabling conditions, characterized by episodes of full-blown mania and major depression, with devastating consequences on the professional and social life of the patient. A major problem in BD diagnosis and treatment is the absence of objective criteria and lack of understanding of the underlying pathological mechanisms and symptoms linked to episodes. The need for a central repository that will maintain BD related data is therefore a prerequisite for triggering BD-research and address the aforementioned problem. Specifically, it will collect healthcare data for BD cases in Europe, phenotypical information (clinical, cognitive, electrophysiological, brain imaging and biochemical evaluations), genotype information, and other information like sleep activity, actimeter, speech characteristics etc. Even though this approach is highly beneficial for medical research, the processing of medical data raises, by definition, security and privacy issues; protection of data confidentiality and integrity as well as inability to identify the patient. This paper presents an anonymity-preserving mechanism for disclosing electronic health care records to the research community without revealing the identity of the BD patient while taking into account local and international data protection legislation and other related ethical issues. Finally, we will identify the parts of the system where access control is required and will specify the rights that each user role should exhibit over the system resources.

Abstract
The algebraic immunity AI(f) of a Boolean function f is defined as the minimum degree of all annihilators of f. The high value of algebraic immunity consists a necessary condition for Boolean functions used in stream ciphers to resist algebraic attacks. of the two values. In this paper, we introduce the notion of extended algebraic immunity AI(f) defined as the maximum of pAI(f) and pAI(f © 1), where pAI(f) is the minimum degree of all annihilators of f (pAI(f © 1) of f © 1 respectively). We introduce a lower bound of the r-th order nonlinearity of a Boolean function f with given AI(f) and AI(f). The bound is tighter than all known lower bounds, where only the algebraic immunity AI(f) is used. The value of AI(f) can be computed as part of the calculation of AI(f), with no extra computational cost.

Abstract
The construction of quantum computers forms the major threat against the security of modern communication systems, as anyone who can build a large quantum computer can break today's most popular cryptosystems. Given the central role of information security in the deployment of modern systems, the preparation of the cryptographic world for a future of quantum computers is imperative. In this context, several alternatives have been proposed, mainly basing their security on the laws of physics. One of the most promising technologies is the optically generated chaos-based cryptography. One of its main advantages is that it can be combined with the technology of optical communication networks in a natural way. In this paper, we propose a message authentication and integrity protection scheme based on optically generated chaos. The new scheme is coming to complete a recently introduced solution, for data confidentiality based on optical chaos.

Abstract
In this paper new constructions of low trellis complexity convolutional codes are presented. New codes are found by searching into a specific class of time varying convolutional codes, which is shaped by some basic properties and search restrictions. An efficient technique for obtaining minimal trellis modules for the proposed codes is provided. Finally, more than 80 new low complexity convolutional codes of various code rates and memory sizes are tabulated

Abstract
Filter generators are important building blocks of stream ciphers and have been studied extensively. Recently, a new attack has been proposed. In this paper, we analyze this attack using the trace representation of the output sequence y and we prove that the attack does not work always as expected. We propose a new algorithm that covers the cases that the attack cannot be applied. The new attack is as efficient as the original attack. Finally, trying to motivate the research on the nonlinear complexity of binary sequences, we present a scenario where the knowledge of the quadratic complexity of a sequence can decrease significantly the necessary for the attack amount of known keystream bits.

Abstract
A new approach on the computation of the nonlinear span of periodic binary sequences, i.e. the length of shortest feedback shift register that generates the given sequence, is presented. The problem of designing binary sequences with the maximum possible span is considered and solved

Abstract
A new family of balanced sequences over Fp, p odd prime, with the optimal correlation property is presented. The construction is based on p-ary Helleseth-Gong sequences with ideal autocorrelation. The family contains pn balanced sequences of period p2n−1. The correlation spectrum peak nontrivial value does not exceed 1 + pn, i.e. it is optimal in terms of Welch’s lower bound. The linear span of the sequences is 2n( n k + 2), where k is a divisor of n such that n/k is odd.

Abstract
A new family of balanced sequences over Fp, p odd prime, with optimal correlation property is presented. The construction is based on p-ary Helleseth-Gong sequences with ideal autocorrelation. The family contains pn balanced sequences of period N = p2n − 1. The correlation spectrum peak nontrivial value does not exceed 1 + pn, i.e. it is optimal in terms of Welch’s lower bound. The linear span of the sequences is 2n( n k + 2), where k is a divisor of n such that n/k is odd.

Abstract
We present an efficient algorithm for finding the shortest feedback shift register, with quadratic feedback function, that generates a given finite--length sequence. This algorithm exploits the special structure of the coefficient matrix formed when the problem is expressed in terms of matrix equations.

Abstract
In this paper GMW sequences with relatively prime periods are employed to develop large families of balanced sequences with four–valued autocorrelation

Abstract
A new family of balanced sequences over Fp, p odd prime, with the optimal correlation property is presented. The construction is based on p-ary Helleseth-Gong sequences with ideal autocorrelation. The family contains pn balanced sequences of period p2n−1. The correlation spectrum peak nontrivial value does not exceed 1 + pn, i.e. it is optimal in terms of Welch’s lower bound. The linear span of the sequences is 2n( n k + 2), where k is a divisor of n such that n/k is odd.