Visible to the public Biblio

Found 2266 results

Filters: Keyword is Human Behavior  [Clear All Filters]
2019-10-15
Alzahrani, A. A. K., Alfosail, M. K., Aldossary, M. M., Almuhaidib, M. M., Alqahtani, S. T., Saqib, N. A., Alissa, K. A., Almubairik, N. A..  2018.  Secure Sign: Signing Document Online. 2018 21st Saudi Computer Society National Computer Conference (NCC). :1–3.
The use of technology is increasing nowadays. On the other hand, most governments and legal offices still do not use technology to implement simple things such as signing a document because they still rely on face-to-face to ensure the authenticity of the signatory. Several challenges may come while signing documents online such as, how to authenticate the signing parties and how to ensure that signing parties will not deny their signatures in future? These challenges are addressed by SecureSign system that attach the signatories' identity with their fingerprints. SecureSign was implemented in C\# and Microsoft SQL Server Management Studio, with integrating fingerprint reader and electronic signature tablet. The SecureSign system achieves the main security goals which are confidentiality, authentication, non-repudiation and integrity. It will have an impact on society and business environments positively as it will reduce fraud and forgery, and help in controlling the process of signing either in contracts or confidential papers. SecureSign have Successfully achieved confidentiality by encrypting data using AES algorithm, authentication by using user fingerprint, nonrepudiation by associating the user ID with his fingerprint, and integrity by embedding QR barcode within the document and hashing its content.
Vyakaranal, S., Kengond, S..  2018.  Performance Analysis of Symmetric Key Cryptographic Algorithms. 2018 International Conference on Communication and Signal Processing (ICCSP). :0411–0415.
Data's security being important aspect of the today's internet is gaining more importance day by day. With the increase in online data exchange, transactions and payments; secure payment and secure data transfers have become an area of concern. Cryptography makes the data transmission over the internet secure by various methods, algorithms. Cryptography helps in avoiding the unauthorized people accessing the data by authentication, confidentiality, integrity and non-repudiation. In order to securely transmit the data many cryptographic algorithms are present, but the algorithm to be used should be robust, efficient, cost effective, high performance and easily deployable. Choosing an algorithm which suits the customer's requirement is an utmost important task. The proposed work discusses different symmetric key cryptographic algorithms like DES, 3DES, AES and Blowfish by considering encryption time, decryption time, entropy, memory usage, throughput, avalanche effect and energy consumption by practical implementation using java. Practical implementation of algorithms has been highlighted in proposed work considering tradeoff performance in terms of cost of various parameters rather than mere theoretical concepts. Battery consumption and avalanche effect of algorithms has been discussed. It reveals that AES performs very well in overall performance analysis among considered algorithms.
Aublin, Pierre-Louis, Kelbert, Florian, O'Keeffe, Dan, Muthukumaran, Divya, Priebe, Christian, Lind, Joshua, Krahn, Robert, Fetzer, Christof, Eyers, David, Pietzuch, Peter.  2018.  LibSEAL: Revealing Service Integrity Violations Using Trusted Execution. Proceedings of the Thirteenth EuroSys Conference. :24:1–24:15.
Users of online services such as messaging, code hosting and collaborative document editing expect the services to uphold the integrity of their data. Despite providers' best efforts, data corruption still occurs, but at present service integrity violations are excluded from SLAs. For providers to include such violations as part of SLAs, the competing requirements of clients and providers must be satisfied. Clients need the ability to independently identify and prove service integrity violations to claim compensation. At the same time, providers must be able to refute spurious claims. We describe LibSEAL, a SEcure Audit Library for Internet services that creates a non-repudiable audit log of service operations and checks invariants to discover violations of service integrity. LibSEAL is a drop-in replacement for TLS libraries used by services, and thus observes and logs all service requests and responses. It runs inside a trusted execution environment, such as Intel SGX, to protect the integrity of the audit log. Logs are stored using an embedded relational database, permitting service invariant violations to be discovered using simple SQL queries. We evaluate LibSEAL with three popular online services (Git, ownCloud and Dropbox) and demonstrate that it is effective in discovering integrity violations, while reducing throughput by at most 14%.
Jeong, Jun Woo, Kim, Bo Youn, Jang, Ju Wook.  2018.  Security and Device Control Method for Fog Computer Using Blockchain. Proceedings of the 2018 International Conference on Information Science and System. :234–238.
Fog computing has emerged due to the problem that it becomes difficult to store every data to the cloud system as the number of Internet of Things increases. In this fog computing, a vast amount of data generated from the Internet of Things is transmitted to the cloud system located at a remote place, and is processed by a fog computer such as a sensor or a router located nearby, so that only the necessary data is transmitted to the cloud system. However, the above-mentioned fog computer has some drawbacks like being shut down due to an attack by a malicious user in advance, and a method of processing when a fog computer is down or restored. In this paper we describe a fog computing with blockchain that enables fog computers to share transaction generated by processing transaction information of a device controlled by a blockchain method to a security and device control method of a fog computer utilizing the technology. Furthemore by using security properties of blockchain such as authentication, non-repudiation and data integrity, fog computing using blockchain has advantage of security comparing to previous Cloud and fog computing system using centralized database or P2P networks.
Liang, Danwei, An, Jian, Cheng, Jindong, Yang, He, Gui, Ruowei.  2018.  The Quality Control in Crowdsensing Based on Twice Consensuses of Blockchain. Proceedings of the 2018 ACM International Joint Conference and 2018 International Symposium on Pervasive and Ubiquitous Computing and Wearable Computers. :630–635.
In most crowdsensing systems, the quality of the collected data is varied and difficult to evaluate while the existing crowdsensing quality control methods are mostly based on a central platform, which is not completely trusted in reality and results in fraud and other problems. To solve these questions, a novel crowdsensing quality control model is proposed in this paper. First, the idea of blockchain is introduced into this model. The credit-based verifier selection mechanism and twice consensuses are proposed to realize the non-repudiation and non-tampering of information in crowdsensing. Then, the quality grading evaluation (QGE) is put forward, in which the method of truth discovery and the idea of fuzzy theories are combined to evaluate the quality of sensing data, and the garbled circuit is used to ensure that evaluation criteria can not be leaked. Finally, the Experiments show that our model is feasible in time and effective in quality evaluation.
Janjua, K., Ali, W..  2018.  Enhanced Secure Mechanism for Virtual Machine Migration in Clouds. 2018 International Conference on Frontiers of Information Technology (FIT). :135–140.
Live VM migration is the most vulnerable process in cloud federations for DDOS attacks, loss of data integrity, confidentiality, unauthorized access and injection of malicious viruses on VM disk images. We have scrutinized following set of crucial security features which are; authorization, confidentiality, replay protection (accountability), integrity, mutual authentication and source non-repudiation (availability) to cater different threats and vulnerabilities during live VM migration. The investigated threats and vulnerabilities are catered and implemented in a proposed solution, presented in this paper. Six security features-authorization, confidentiality, replay protection, integrity, mutual authentication and source non-repudiation are focused and modular implementation has been done. Solution is validated in AVISPA tool in modules for threats for all the notorious security requirements and no outbreak were seen.
Toradmalle, D., Singh, R., Shastri, H., Naik, N., Panchidi, V..  2018.  Prominence Of ECDSA Over RSA Digital Signature Algorithm. 2018 2nd International Conference on 2018 2nd International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC)I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC). :253–257.

Digital signatures are replacing paper-based work to make life easier for customers and employees in various industries. We rigorously use RSA and Elliptic Curve Cryptography (ECC) for public key cryptographic algorithms. Nowadays ECDSA (Elliptical Curve Digital Signature Algorithm) gaining more popularity than the RSA algorithm because of the better performance of ECDSA over RSA. The main advantage of ECC over RSA is ECC provides the same level of security with less key size and overhead than RSA. This paper focuses on a brief review of the performance of ECDSA and RSA in various aspects like time, security and power. This review tells us about why ECC has become the latest trend in the present cryptographic scenario.

Saleh, Z., Mashhour, A..  2018.  Using Keystroke Authentication Typing Errors Pattern as Non-Repudiation in Computing Forensics. 2018 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT). :1–6.
Access to information and data is becoming an essential part of nearly every aspect of modern business operation. Unfortunately, accessing information systems comes with increased chances of intrusion and unauthorized access. Acquiring and maintaining evidence from a computer or networks in the current high-tech world is essential in any comprehensive forensic investigation. Software and hardware tools are used to easily manage the evidence and view all relevant files. In an effort to enhance computer access security, keystroke authentication, is one of the biometric solutions that were proposed as a solution for enhancing users' identification. This research proposes using user's keystroke errors to determine guilt during forensics investigations, where it was found that individuals keystroke patters are repeatable and variant from those of others, and that keystroke patterns are impossible to steal or imitate. So, in this paper, we investigate the effectiveness of relying on ``user's mistakes'' as another behavioral biometric keystroke dynamic.
Detken, K., Jahnke, M., Humann, M., Rollgen, B..  2018.  Integrity and Non-Repudiation of VoIP Streams with TPM2.0 over Wi-Fi Networks. 2018 IEEE 4th International Symposium on Wireless Systems within the International Conferences on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS-SWS). :82–87.
The complete digitization of telecommunications allows new attack scenarios, which have not been possible with legacy phone technologies before. The reason is that physical access to legacy phone technologies was necessary. Regarding internet-based communication like voice over the internet protocol (VoIP), which can be established between random nodes, eavesdropping can happen everywhere and much easier. Additionally, injection of undesirable communication like SPAM or SPIT in digital networks is simpler, too. Encryption is not sufficient because it is also necessary to know which participants are talking to each other. For that reason, the research project INTEGER has been started with the main goals of providing secure authentication and integrity of a VoIP communication by using a digital signature. The basis of this approach is the Trusted Platform Module (TPM) of the Trusted Computing Group (TCG) which works as a hardware-based trusted anchor. The TPM will be used inside of wireless IP devices with VoIP softphones. The question is if it is possible to fulfill the main goals of the project in wireless scenarios with Wi-Fi technologies. That is what this contribution aims to clarify.
2019-10-14
Yu, M., Halak, B., Zwolinski, M..  2019.  Using Hardware Performance Counters to Detect Control Hijacking Attacks. 2019 IEEE 4th International Verification and Security Workshop (IVSW). :1–6.
Code reuse techniques can circumvent existing security measures. For example, attacks such as Return Oriented Programming (ROP) use fragments of the existing code base to create an attack. Since this code is already in the system, the Data Execution Prevention methods cannot prevent the execution of this reorganised code. Existing software-based Control Flow Integrity can prevent this attack, but the overhead is enormous. Most of the improved methods utilise reduced granularity in exchange for a small performance overhead. Hardware-based detection also faces the same performance overhead and accuracy issues. Benefit from HPC's large-area loading on modern CPU chips, we propose a detection method based on the monitoring of hardware performance counters, which is a lightweight system-level detection for malicious code execution to solve the restrictions of other software and hardware security measures, and is not as complicated as Control Flow Integrity.
Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T. et al..  2019.  Spectre Attacks: Exploiting Speculative Execution. 2019 IEEE Symposium on Security and Privacy (SP). :1–19.
Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try to guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access the victim's memory and registers, and can perform operations with measurable side effects. Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim's process. More broadly, the paper shows that speculative execution implementations violate the security assumptions underpinning numerous software security mechanisms, including operating system process separation, containerization, just-in-time (JIT) compilation, and countermeasures to cache timing and side-channel attacks. These attacks represent a serious threat to actual systems since vulnerable speculative execution capabilities are found in microprocessors from Intel, AMD, and ARM that are used in billions of devices. While makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs as well as updates to instruction set architectures (ISAs) to give hardware architects and software developers a common understanding as to what computation state CPU implementations are (and are not) permitted to leak.
Angelini, M., Blasilli, G., Borrello, P., Coppa, E., D’Elia, D. C., Ferracci, S., Lenti, S., Santucci, G..  2018.  ROPMate: Visually Assisting the Creation of ROP-based Exploits. 2018 IEEE Symposium on Visualization for Cyber Security (VizSec). :1–8.
Exploits based on ROP (Return-Oriented Programming) are increasingly present in advanced attack scenarios. Testing systems for ROP-based attacks can be valuable for improving the security and reliability of software. In this paper, we propose ROPMATE, the first Visual Analytics system specifically designed to assist human red team ROP exploit builders. In contrast, previous ROP tools typically require users to inspect a puzzle of hundreds or thousands of lines of textual information, making it a daunting task. ROPMATE presents builders with a clear interface of well-defined and semantically meaningful gadgets, i.e., fragments of code already present in the binary application that can be chained to form fully-functional exploits. The system supports incrementally building exploits by suggesting gadget candidates filtered according to constraints on preserved registers and accessed memory. Several visual aids are offered to identify suitable gadgets and assemble them into semantically correct chains. We report on a preliminary user study that shows how ROPMATE can assist users in building ROP chains.
Li, W., Ma, Y., Yang, Q., Li, M..  2018.  Hardware-Based Adversary-Controlled States Tracking. 2018 IEEE 4th International Conference on Computer and Communications (ICCC). :1366–1370.
Return Oriented Programming is one of the most important software security challenges nowadays. It exploits memory vulnerabilities to control the state of the program and hijacks its control flow. Existing defenses usually focus on how to protect the control flow or face the challenge of how to maintain the taint markings for memory data. In this paper, we directly focus on the adversary-controlled states, simplify the classic dynamic taint analysis method to only track registers and propose Hardware-based Adversary-controlled States Tracking (HAST). HAST dynamically tracks registers that may be controlled by the adversary to detect ROP attack. It is transparent to user application and makes few modifications to existing hardware. Our evaluation demonstrates that HAST will introduce almost no performance overhead and can effectively detect ROP attacks without false positives on the tested common Linux applications.
Tymburibá, M., Sousa, H., Pereira, F..  2019.  Multilayer ROP Protection Via Microarchitectural Units Available in Commodity Hardware. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :315–327.
This paper presents a multilayer protection approach to guard programs against Return-Oriented Programming (ROP) attacks. Upper layers validate most of a program's control flow at a low computational cost; thus, not compromising runtime. Lower layers provide strong enforcement guarantees to handle more suspicious flows; thus, enhancing security. Our multilayer system combines techniques already described in the literature with verifications that we introduce in this paper. We argue that modern versions of x86 processors already provide the microarchitectural units necessary to implement our technique. We demonstrate the effectiveness of our multilayer protection on a extensive suite of benchmarks, which includes: SPEC CPU2006; the three most popular web browsers; 209 benchmarks distributed with LLVM and four well-known systems shown to be vulnerable to ROP exploits. Our experiments indicate that we can protect programs with almost no overhead in practice, allying the good performance of lightweight security techniques with the high dependability of heavyweight approaches.
Koo, H., Chen, Y., Lu, L., Kemerlis, V. P., Polychronakis, M..  2018.  Compiler-Assisted Code Randomization. 2018 IEEE Symposium on Security and Privacy (SP). :461–477.
Despite decades of research on software diversification, only address space layout randomization has seen widespread adoption. Code randomization, an effective defense against return-oriented programming exploits, has remained an academic exercise mainly due to i) the lack of a transparent and streamlined deployment model that does not disrupt existing software distribution norms, and ii) the inherent incompatibility of program variants with error reporting, whitelisting, patching, and other operations that rely on code uniformity. In this work we present compiler-assisted code randomization (CCR), a hybrid approach that relies on compiler-rewriter cooperation to enable fast and robust fine-grained code randomization on end-user systems, while maintaining compatibility with existing software distribution models. The main concept behind CCR is to augment binaries with a minimal set of transformation-assisting metadata, which i) facilitate rapid fine-grained code transformation at installation or load time, and ii) form the basis for reversing any applied code transformation when needed, to maintain compatibility with existing mechanisms that rely on referencing the original code. We have implemented a prototype of this approach by extending the LLVM compiler toolchain, and developing a simple binary rewriter that leverages the embedded metadata to generate randomized variants using basic block reordering. The results of our experimental evaluation demonstrate the feasibility and practicality of CCR, as on average it incurs a modest file size increase of 11.46% and a negligible runtime overhead of 0.28%, while it is compatible with link-time optimization and control flow integrity.
Rong, Z., Xie, P., Wang, J., Xu, S., Wang, Y..  2018.  Clean the Scratch Registers: A Way to Mitigate Return-Oriented Programming Attacks. 2018 IEEE 29th International Conference on Application-specific Systems, Architectures and Processors (ASAP). :1–8.
With the implementation of W ⊕ X security model on computer system, Return-Oriented Programming(ROP) has become the primary exploitation technique for adversaries. Although many solutions that defend against ROP exploits have been proposed, they still suffer from various shortcomings. In this paper, we propose a new way to mitigate ROP attacks that are based on return instructions. We clean the scratch registers which are also the parameter registers based on the features of ROP malicious code and calling convention. A prototype is implemented on x64-based Linux platform based on Pin. Preliminary experimental results show that our method can efficiently mitigate conventional ROP attacks.
Li, W., Li, M., Ma, Y., Yang, Q..  2018.  PMU-extended Hardware ROP Attack Detection. 2018 12th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID). :183–187.
Return Oriented Programming is one of the major challenges for software security nowadays. It can bypass Data Execution Prevention (DEP) mechanism by chaining short instruction sequences from existing code together to induce arbitrary code execution. Existing defenses are usually trade-offs between practicality, security, and performance. In this paper, we propose PMUe, a low-cost hardware ROP detection approach that detects ROP attack based on three inherent properties of ROP. It is transparent to user applications and can be regarded as a small extension to existing Performance Monitoring Unit in commodity processors. Our evaluation demonstrates that PMUe can effectively detect ROP attack with negligible performance overhead.
Guo, Y., Chen, L., Shi, G..  2018.  Function-Oriented Programming: A New Class of Code Reuse Attack in C Applications. 2018 IEEE Conference on Communications and Network Security (CNS). :1–9.
Control-hijacking attacks include code injection attacks and code reuse attacks. In recent years, with the emergence of the defense mechanism data-execution prevention(DEP), code reuse attacks have become mainstream, such as return-oriented programming(ROP), Jump-Oriented Programming(JOP), and Counterfeit Object-oriented Programming(COOP). And a series of defensive measures have been proposed, such as DEP, address space layout randomization (ASLR), coarse-grained Control-Flow Integrity(CFI) and fine-grained CFI. In this paper, we propose a new attack called function-oriented programming(FOP) to construct malicious program behavior. FOP takes advantage of the existing function of the C program to induce attack. We propose concrete algorithms for FOP gadgets and build a tool to identify FOP gadgets. FOP can successfully bypass coarse-grained CFI, and FOP also can bypass some existing fine-grained CFI technologies, such as shadow stack technology. We show a real-world attack for proftpd1.3.0 server in the Linux x64 environment. We believe that the FOP attack will encourage people to come up with more effective defense measures.
2019-10-08
Kim, S., Jin, S., Lee, Y., Park, B., Kim, H., Hong, S..  2018.  Single Trace Side Channel Analysis on Quantum Key Distribution. 2018 International Conference on Information and Communication Technology Convergence (ICTC). :736–739.

The security of current key exchange protocols such as Diffie-Hellman key exchange is based on the hardness of number theoretic problems. However, these key exchange protocols are threatened by weak random number generators, advances to CPU power, a new attack from the eavesdropper, and the emergence of a quantum computer. Quantum Key Distribution (QKD) addresses these challenges by using quantum properties to exchange a secret key without the risk of being intercepted. Recent developments on the QKD system resulted in a stable key generation with fewer errors so that the QKD system is rapidly becoming a solid commercial proposition. However, although the security of the QKD system is guaranteed by quantum physics, its careless implementation could make the system vulnerable. In this paper, we proposed the first side-channel attack on plug-and-play QKD system. Through a single electromagnetic trace obtained from the phase modulator on Alice's side, we were able to classify the electromagnetic trace into four classes, which corresponds to the number of bit and basis combination in the BB84 protocol. We concluded that the plug-and-play QKD system is vulnerable to side-channel attack so that the countermeasure must be considered.

Agrawal, Shashank, Mohassel, Payman, Mukherjee, Pratyay, Rindal, Peter.  2018.  DiSE: Distributed Symmetric-Key Encryption. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1993–2010.

Threshold cryptography provides a mechanism for protecting secret keys by sharing them among multiple parties, who then jointly perform cryptographic operations. An attacker who corrupts up to a threshold number of parties cannot recover the secrets or violate security. Prior works in this space have mostly focused on definitions and constructions for public-key cryptography and digital signatures, and thus do not capture the security concerns and efficiency challenges of symmetric-key based applications which commonly use long-term (unprotected) master keys to protect data at rest, authenticate clients on enterprise networks, and secure data and payments on IoT devices. We put forth the first formal treatment for distributed symmetric-key encryption, proposing new notions of correctness, privacy and authenticity in presence of malicious attackers. We provide strong and intuitive game-based definitions that are easy to understand and yield efficient constructions. We propose a generic construction of threshold authenticated encryption based on any distributed pseudorandom function (DPRF). When instantiated with the two different DPRF constructions proposed by Naor, Pinkas and Reingold (Eurocrypt 1999) and our enhanced versions, we obtain several efficient constructions meeting different security definitions. We implement these variants and provide extensive performance comparisons. Our most efficient instantiation uses only symmetric-key primitives and achieves a throughput of upto 1 million encryptions/decryptions per seconds, or alternatively a sub-millisecond latency with upto 18 participating parties.

Hajomer, A. A. E., Yang, X., Sultan, A., Sun, W., Hu, W..  2018.  Key Generation and Distribution Using Phase Fluctuation in Classical Fiber Channel. 2018 20th International Conference on Transparent Optical Networks (ICTON). :1–3.

We propose a secure key generation and distribution scheme for data encryption in classical optical fiber channel. A Delay interferometer (DI) is used to track the random phase fluctuation inside fiber, while the reconfigurable lengths of polarization-maintaining (PM) fiber are set as the source of optical phase fluctuations. The output signals from DI are extracted as the secret key and shared between the two-legal transmitter and receiver. Because of the randomness of local environment and the uniqueness of fiber channel, the phase fluctuation between orthogonal polarization modes (OPMs) can be used as secure keys to enhance the level of security in physical layer. Experimentally, we realize the random key generation and distribution over 25-km standard single-mode fiber (SSMF). Moreover, the proposed key generation scheme has the advantages of low cost, compatible with current optical fiber networks and long distance transmission with optical amplifiers.

Tripathi, S. K., Pandian, K. K. S., Gupta, B..  2018.  Hardware Implementation of Dynamic Key Value Based Stream Cipher Using Chaotic Logistic Map. 2018 2nd International Conference on Trends in Electronics and Informatics (ICOEI). :1104–1108.

In the last few decades, the relative simplicity of the logistic map made it a widely accepted point in the consideration of chaos, which is having the good properties of unpredictability, sensitiveness in the key values and ergodicity. Further, the system parameters fit the requirements of a cipher widely used in the field of cryptography, asymmetric and symmetric key chaos based cryptography, and for pseudorandom sequence generation. Also, the hardware-based embedded system is configured on FPGA devices for high performance. In this paper, a novel stream cipher using chaotic logistic map is proposed. The two chaotic logistic maps are coded using Verilog HDL and implemented on commercially available FPGA hardware using Xilinx device: XC3S250E for the part: FT256 and operated at frequency of 62.20 MHz to generate the non-recursive key which is used in key scheduling of pseudorandom number generation (PRNG) to produce the key stream. The realization of proposed cryptosystem in this FPGA device accomplishes the improved efficiency equal to 0.1186 Mbps/slice. Further, the generated binary sequence from the experiment is analyzed for X-power, thermal analysis, and randomness tests are performed using NIST statistical.

Liu, Y., Yuan, X., Li, M., Zhang, W., Zhao, Q., Zhong, J., Cao, Y., Li, Y., Chen, L., Li, H. et al..  2018.  High Speed Device-Independent Quantum Random Number Generation without Detection Loophole. 2018 Conference on Lasers and Electro-Optics (CLEO). :1–2.

We report a an experimental study of device-independent quantum random number generation based on an detection-loophole free Bell test with entangled photons. After considering statistical fluctuations and applying an 80 Gb × 45.6 Mb Toeplitz matrix hashing, we achieve a final random bit rate of 114 bits/s, with a failure probability less than 10-5.

Lauer, Sebastian.  2018.  On Several Verifiable Random Functions and the Q-Decisional Bilinear Diffie-Hellman Inversion Assumption. Proceedings of the 5th ACM on ASIA Public-Key Cryptography Workshop. :45–51.

In 1999, Micali, Rabin and Vadhan introduced the notion of Verifiable Random Functions (VRF)$\backslash$citeFOCS:MicRabVad99. VRFs compute for a given input x and a secret key \$sk\$ a unique function value \$y=V\_sk (x)\$, and additionally a publicly verifiable proof $π$. Each owner of the corresponding public key \$pk\$ can use the proof to non-interactivly verify that the function value was computed correctly. Furthermore, the function value provides the property of pseudorandomness. Most constructions in the past are based on q-type assumptions. Since these assumptions get stronger for a larger factor q, it is desirable to show the existence of VRFs under static or general assumptions. In this work we will show for the constructions presented in $\backslash$citePKC:DodYam05 $\backslash$citeCCS:BonMonRag10 the equivalence of breaking the VRF and solving the underlying q-type assumption.

Jiang, Zhengshen, Liu, Hongzhi, Fu, Bin, Wu, Zhonghai, Zhang, Tao.  2018.  Recommendation in Heterogeneous Information Networks Based on Generalized Random Walk Model and Bayesian Personalized Ranking. Proceedings of the Eleventh ACM International Conference on Web Search and Data Mining. :288–296.

Recommendation based on heterogeneous information network(HIN) is attracting more and more attention due to its ability to emulate collaborative filtering, content-based filtering, context-aware recommendation and combinations of any of these recommendation semantics. Random walk based methods are usually used to mine the paths, weigh the paths, and compute the closeness or relevance between two nodes in a HIN. A key for the success of these methods is how to properly set the weights of links in a HIN. In existing methods, the weights of links are mostly set heuristically. In this paper, we propose a Bayesian Personalized Ranking(BPR) based machine learning method, called HeteLearn, to learn the weights of links in a HIN. In order to model user preferences for personalized recommendation, we also propose a generalized random walk with restart model on HINs. We evaluate the proposed method in a personalized recommendation task and a tag recommendation task. Experimental results show that our method performs significantly better than both the traditional collaborative filtering and the state-of-the-art HIN-based recommendation methods.