Visible to the public Biblio

Found 2047 results

Filters: Keyword is Scalability  [Clear All Filters]
2019-10-15
Pan, Y., He, F., Yu, H..  2018.  An Adaptive Method to Learn Directive Trust Strength for Trust-Aware Recommender Systems. 2018 IEEE 22nd International Conference on Computer Supported Cooperative Work in Design ((CSCWD)). :10–16.

Trust Relationships have shown great potential to improve recommendation quality, especially for cold start and sparse users. Since each user trust their friends in different degrees, there are numbers of works been proposed to take Trust Strength into account for recommender systems. However, these methods ignore the information of trust directions between users. In this paper, we propose a novel method to adaptively learn directive trust strength to improve trust-aware recommender systems. Advancing previous works, we propose to establish direction of trust strength by modeling the implicit relationships between users with roles of trusters and trustees. Specially, under new trust strength with directions, how to compute the directive trust strength is becoming a new challenge. Therefore, we present a novel method to adaptively learn directive trust strengths in a unified framework by enforcing the trust strength into range of [0, 1] through a mapping function. Our experiments on Epinions and Ciao datasets demonstrate that the proposed algorithm can effectively outperform several state-of-art algorithms on both MAE and RMSE metrics.

Coleman, M. S., Doody, D. P., Shields, M. A..  2018.  Machine Learning for Real-Time Data-Driven Security Practices. 2018 29th Irish Signals and Systems Conference (ISSC). :1–6.

The risk of cyber-attacks exploiting vulnerable organisations has increased significantly over the past several years. These attacks may combine to exploit a vulnerability breach within a system's protection strategy, which has the potential for loss, damage or destruction of assets. Consequently, every vulnerability has an accompanying risk, which is defined as the "intersection of assets, threats, and vulnerabilities" [1]. This research project aims to experimentally compare the similarity-based ranking of cyber security information utilising a recommendation environment. The Memory-Based Collaborative Filtering technique was employed, specifically the User-Based and Item-Based approaches. These systems utilised information from the National Vulnerability Database, specifically for the identification and similarity-based ranking of cyber-security vulnerability information, relating to hardware and software applications. Experiments were performed using the Item-Based technique, to identify the optimum system parameters, evaluated through the AUC evaluation metric. Once identified, the Item-Based technique was compared with the User-Based technique which utilised the parameters identified from the previous experiments. During these experiments, the Pearson's Correlation Coefficient and the Cosine similarity measure was used. From these experiments, it was identified that utilised the Item-Based technique which employed the Cosine similarity measure, an AUC evaluation metric of 0.80225 was achieved.

Qi, L. T., Huang, H. P., Wang, P., Wang, R. C..  2018.  Abnormal Item Detection Based on Time Window Merging for Recommender Systems. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :252–259.

CFRS (Collaborative Filtering Recommendation System) is one of the most widely used individualized recommendation systems. However, CFRS is susceptible to shilling attacks based on profile injection. The current research on shilling attack mainly focuses on the recognition of false user profiles, but these methods depend on the specific attack models and the computational cost is huge. From the view of item, some abnormal item detection methods are proposed which are independent of attack models and overcome the defects of user profiles model, but its detection rate, false alarm rate and time overhead need to be further improved. In order to solve these problems, it proposes an abnormal item detection method based on time window merging. This method first uses the small window to partition rating time series, and determine whether the window is suspicious in terms of the number of abnormal ratings within it. Then, the suspicious small windows are merged to form suspicious intervals. We use the rating distribution characteristics RAR (Ratio of Abnormal Rating), ATIAR (Average Time Interval of Abnormal Rating), DAR(Deviation of Abnormal Rating) and DTIAR (Deviation of Time Interval of Abnormal Rating) in the suspicious intervals to determine whether the item is subject to attacks. Experiment results on the MovieLens 100K data set show that the method has a high detection rate and a low false alarm rate.

Panagiotakis, C., Papadakis, H., Fragopoulou, P..  2018.  Detection of Hurriedly Created Abnormal Profiles in Recommender Systems. 2018 International Conference on Intelligent Systems (IS). :499–506.

Recommender systems try to predict the preferences of users for specific items. These systems suffer from profile injection attacks, where the attackers have some prior knowledge of the system ratings and their goal is to promote or demote a particular item introducing abnormal (anomalous) ratings. The detection of both cases is a challenging problem. In this paper, we propose a framework to spot anomalous rating profiles (outliers), where the outliers hurriedly create a profile that injects into the system either random ratings or specific ratings, without any prior knowledge of the existing ratings. The proposed detection method is based on the unpredictable behavior of the outliers in a validation set, on the user-item rating matrix and on the similarity between users. The proposed system is totally unsupervised, and in the last step it uses the k-means clustering method automatically spotting the spurious profiles. For the cases where labeling sample data is available, a random forest classifier is trained to show how supervised methods outperforms unsupervised ones. Experimental results on the MovieLens 100k and the MovieLens 1M datasets demonstrate the high performance of the proposed schemata.

Zhang, F., Deng, Z., He, Z., Lin, X., Sun, L..  2018.  Detection Of Shilling Attack In Collaborative Filtering Recommender System By Pca And Data Complexity. 2018 International Conference on Machine Learning and Cybernetics (ICMLC). 2:673–678.

Collaborative filtering (CF) recommender system has been widely used for its well performing in personalized recommendation, but CF recommender system is vulnerable to shilling attacks in which shilling attack profiles are injected into the system by attackers to affect recommendations. Design robust recommender system and propose attack detection methods are the main research direction to handle shilling attacks, among which unsupervised PCA is particularly effective in experiment, but if we have no information about the number of shilling attack profiles, the unsupervised PCA will be suffered. In this paper, a new unsupervised detection method which combine PCA and data complexity has been proposed to detect shilling attacks. In the proposed method, PCA is used to select suspected attack profiles, and data complexity is used to pick out the authentic profiles from suspected attack profiles. Compared with the traditional PCA, the proposed method could perform well and there is no need to determine the number of shilling attack profiles in advance.

Li, Gaochao, Jin, Xin, Wang, Zhonghua, Chen, Xunxun, Wu, Xiao.  2018.  Expert Recommendation Based on Collaborative Filtering in Subject Research. Proceedings of the 2018 International Conference on Information Science and System. :291–298.

This article implements a method for expert recommendation based on collaborative filtering. The recommendation model extracts potential evaluation experts from historical data, figures out the relevance between past subjects and current subjects, obtains the evaluation experience index and personal ability index of experts, calculates the relevance of research direction between experts and subjects and finally recommends the most proper experts.

Abdelhakim, Boudhir Anouar, Mohamed, Ben Ahmed, Mohammed, Bouhorma, Ikram, Ben Abdel Ouahab.  2018.  New Security Approach for IoT Communication Systems. Proceedings of the 3rd International Conference on Smart City Applications. :2:1–2:8.

The Security is a real permanent problem in wired and wireless communication systems. This issue becomes more and more complex in the internet of things context where the security solution still poor and insufficient where the number of these noeud hugely increase (around 26 milliards in 2020). In this paper we propose a new security schema which avoid the use of cryptography mechanism based on the exchange of symmetric or asymmetric keys which aren't recommended in IoT devices due to their limitation in processing, stockage and energy. The proposed solution is based on the use of the multi-agent ensuring the security of connected objects. These objects programmed with agents are able to communicate with other objects without any need to compute keys. The main objective in this work is to maintain a high level of security with an optimization of the energy consumption of IoT devices.

Pejo, Balazs, Tang, Qiang, Biczók, Gergely.  2018.  The Price of Privacy in Collaborative Learning. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :2261–2263.

Machine learning algorithms have reached mainstream status and are widely deployed in many applications. The accuracy of such algorithms depends significantly on the size of the underlying training dataset; in reality a small or medium sized organization often does not have enough data to train a reasonably accurate model. For such organizations, a realistic solution is to train machine learning models based on a joint dataset (which is a union of the individual ones). Unfortunately, privacy concerns prevent them from straightforwardly doing so. While a number of privacy-preserving solutions exist for collaborating organizations to securely aggregate the parameters in the process of training the models, we are not aware of any work that provides a rational framework for the participants to precisely balance the privacy loss and accuracy gain in their collaboration. In this paper, we model the collaborative training process as a two-player game where each player aims to achieve higher accuracy while preserving the privacy of its own dataset. We introduce the notion of Price of Privacy, a novel approach for measuring the impact of privacy protection on the accuracy in the proposed framework. Furthermore, we develop a game-theoretical model for different player types, and then either find or prove the existence of a Nash Equilibrium with regard to the strength of privacy protection for each player.

Wang, Jun, Arriaga, Afonso, Tang, Qiang, Ryan, Peter Y.A..  2018.  Facilitating Privacy-Preserving Recommendation-as-a-Service with Machine Learning. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :2306–2308.

Machine-Learning-as-a-Service has become increasingly popular, with Recommendation-as-a-Service as one of the representative examples. In such services, providing privacy protection for the users is an important topic. Reviewing privacy-preserving solutions which were proposed in the past decade, privacy and machine learning are often seen as two competing goals at stake. Though improving cryptographic primitives (e.g., secure multi-party computation (SMC) or homomorphic encryption (HE)) or devising sophisticated secure protocols has made a remarkable achievement, but in conjunction with state-of-the-art recommender systems often yields far-from-practical solutions. We tackle this problem from the direction of machine learning. We aim to design crypto-friendly recommendation algorithms, thus to obtain efficient solutions by directly using existing cryptographic tools. In particular, we propose an HE-friendly recommender system, refer to as CryptoRec, which (1) decouples user features from latent feature space, avoiding training the recommendation model on encrypted data; (2) only relies on addition and multiplication operations, making the model straightforwardly compatible with HE schemes. The properties turn recommendation-computations into a simple matrix-multiplication operation. To further improve efficiency, we introduce a sparse-quantization-reuse method which reduces the recommendation-computation time by \$9$\backslash$times\$ (compared to using CryptoRec directly), without compromising the accuracy. We demonstrate the efficiency and accuracy of CryptoRec on three real-world datasets. CryptoRec allows a server to estimate a user's preferences on thousands of items within a few seconds on a single PC, with the user's data homomorphically encrypted, while its prediction accuracy is still competitive with state-of-the-art recommender systems computing over clear data. Our solution enables Recommendation-as-a-Service on large datasets in a nearly real-time (seconds) level.

2019-10-14
Yu, M., Halak, B., Zwolinski, M..  2019.  Using Hardware Performance Counters to Detect Control Hijacking Attacks. 2019 IEEE 4th International Verification and Security Workshop (IVSW). :1–6.
Code reuse techniques can circumvent existing security measures. For example, attacks such as Return Oriented Programming (ROP) use fragments of the existing code base to create an attack. Since this code is already in the system, the Data Execution Prevention methods cannot prevent the execution of this reorganised code. Existing software-based Control Flow Integrity can prevent this attack, but the overhead is enormous. Most of the improved methods utilise reduced granularity in exchange for a small performance overhead. Hardware-based detection also faces the same performance overhead and accuracy issues. Benefit from HPC's large-area loading on modern CPU chips, we propose a detection method based on the monitoring of hardware performance counters, which is a lightweight system-level detection for malicious code execution to solve the restrictions of other software and hardware security measures, and is not as complicated as Control Flow Integrity.
Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T. et al..  2019.  Spectre Attacks: Exploiting Speculative Execution. 2019 IEEE Symposium on Security and Privacy (SP). :1–19.
Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try to guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access the victim's memory and registers, and can perform operations with measurable side effects. Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim's process. More broadly, the paper shows that speculative execution implementations violate the security assumptions underpinning numerous software security mechanisms, including operating system process separation, containerization, just-in-time (JIT) compilation, and countermeasures to cache timing and side-channel attacks. These attacks represent a serious threat to actual systems since vulnerable speculative execution capabilities are found in microprocessors from Intel, AMD, and ARM that are used in billions of devices. While makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs as well as updates to instruction set architectures (ISAs) to give hardware architects and software developers a common understanding as to what computation state CPU implementations are (and are not) permitted to leak.
Angelini, M., Blasilli, G., Borrello, P., Coppa, E., D’Elia, D. C., Ferracci, S., Lenti, S., Santucci, G..  2018.  ROPMate: Visually Assisting the Creation of ROP-based Exploits. 2018 IEEE Symposium on Visualization for Cyber Security (VizSec). :1–8.
Exploits based on ROP (Return-Oriented Programming) are increasingly present in advanced attack scenarios. Testing systems for ROP-based attacks can be valuable for improving the security and reliability of software. In this paper, we propose ROPMATE, the first Visual Analytics system specifically designed to assist human red team ROP exploit builders. In contrast, previous ROP tools typically require users to inspect a puzzle of hundreds or thousands of lines of textual information, making it a daunting task. ROPMATE presents builders with a clear interface of well-defined and semantically meaningful gadgets, i.e., fragments of code already present in the binary application that can be chained to form fully-functional exploits. The system supports incrementally building exploits by suggesting gadget candidates filtered according to constraints on preserved registers and accessed memory. Several visual aids are offered to identify suitable gadgets and assemble them into semantically correct chains. We report on a preliminary user study that shows how ROPMATE can assist users in building ROP chains.
Li, W., Ma, Y., Yang, Q., Li, M..  2018.  Hardware-Based Adversary-Controlled States Tracking. 2018 IEEE 4th International Conference on Computer and Communications (ICCC). :1366–1370.
Return Oriented Programming is one of the most important software security challenges nowadays. It exploits memory vulnerabilities to control the state of the program and hijacks its control flow. Existing defenses usually focus on how to protect the control flow or face the challenge of how to maintain the taint markings for memory data. In this paper, we directly focus on the adversary-controlled states, simplify the classic dynamic taint analysis method to only track registers and propose Hardware-based Adversary-controlled States Tracking (HAST). HAST dynamically tracks registers that may be controlled by the adversary to detect ROP attack. It is transparent to user application and makes few modifications to existing hardware. Our evaluation demonstrates that HAST will introduce almost no performance overhead and can effectively detect ROP attacks without false positives on the tested common Linux applications.
Tymburibá, M., Sousa, H., Pereira, F..  2019.  Multilayer ROP Protection Via Microarchitectural Units Available in Commodity Hardware. 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :315–327.
This paper presents a multilayer protection approach to guard programs against Return-Oriented Programming (ROP) attacks. Upper layers validate most of a program's control flow at a low computational cost; thus, not compromising runtime. Lower layers provide strong enforcement guarantees to handle more suspicious flows; thus, enhancing security. Our multilayer system combines techniques already described in the literature with verifications that we introduce in this paper. We argue that modern versions of x86 processors already provide the microarchitectural units necessary to implement our technique. We demonstrate the effectiveness of our multilayer protection on a extensive suite of benchmarks, which includes: SPEC CPU2006; the three most popular web browsers; 209 benchmarks distributed with LLVM and four well-known systems shown to be vulnerable to ROP exploits. Our experiments indicate that we can protect programs with almost no overhead in practice, allying the good performance of lightweight security techniques with the high dependability of heavyweight approaches.
Koo, H., Chen, Y., Lu, L., Kemerlis, V. P., Polychronakis, M..  2018.  Compiler-Assisted Code Randomization. 2018 IEEE Symposium on Security and Privacy (SP). :461–477.
Despite decades of research on software diversification, only address space layout randomization has seen widespread adoption. Code randomization, an effective defense against return-oriented programming exploits, has remained an academic exercise mainly due to i) the lack of a transparent and streamlined deployment model that does not disrupt existing software distribution norms, and ii) the inherent incompatibility of program variants with error reporting, whitelisting, patching, and other operations that rely on code uniformity. In this work we present compiler-assisted code randomization (CCR), a hybrid approach that relies on compiler-rewriter cooperation to enable fast and robust fine-grained code randomization on end-user systems, while maintaining compatibility with existing software distribution models. The main concept behind CCR is to augment binaries with a minimal set of transformation-assisting metadata, which i) facilitate rapid fine-grained code transformation at installation or load time, and ii) form the basis for reversing any applied code transformation when needed, to maintain compatibility with existing mechanisms that rely on referencing the original code. We have implemented a prototype of this approach by extending the LLVM compiler toolchain, and developing a simple binary rewriter that leverages the embedded metadata to generate randomized variants using basic block reordering. The results of our experimental evaluation demonstrate the feasibility and practicality of CCR, as on average it incurs a modest file size increase of 11.46% and a negligible runtime overhead of 0.28%, while it is compatible with link-time optimization and control flow integrity.
Rong, Z., Xie, P., Wang, J., Xu, S., Wang, Y..  2018.  Clean the Scratch Registers: A Way to Mitigate Return-Oriented Programming Attacks. 2018 IEEE 29th International Conference on Application-specific Systems, Architectures and Processors (ASAP). :1–8.
With the implementation of W ⊕ X security model on computer system, Return-Oriented Programming(ROP) has become the primary exploitation technique for adversaries. Although many solutions that defend against ROP exploits have been proposed, they still suffer from various shortcomings. In this paper, we propose a new way to mitigate ROP attacks that are based on return instructions. We clean the scratch registers which are also the parameter registers based on the features of ROP malicious code and calling convention. A prototype is implemented on x64-based Linux platform based on Pin. Preliminary experimental results show that our method can efficiently mitigate conventional ROP attacks.
Li, W., Li, M., Ma, Y., Yang, Q..  2018.  PMU-extended Hardware ROP Attack Detection. 2018 12th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID). :183–187.
Return Oriented Programming is one of the major challenges for software security nowadays. It can bypass Data Execution Prevention (DEP) mechanism by chaining short instruction sequences from existing code together to induce arbitrary code execution. Existing defenses are usually trade-offs between practicality, security, and performance. In this paper, we propose PMUe, a low-cost hardware ROP detection approach that detects ROP attack based on three inherent properties of ROP. It is transparent to user applications and can be regarded as a small extension to existing Performance Monitoring Unit in commodity processors. Our evaluation demonstrates that PMUe can effectively detect ROP attack with negligible performance overhead.
Guo, Y., Chen, L., Shi, G..  2018.  Function-Oriented Programming: A New Class of Code Reuse Attack in C Applications. 2018 IEEE Conference on Communications and Network Security (CNS). :1–9.
Control-hijacking attacks include code injection attacks and code reuse attacks. In recent years, with the emergence of the defense mechanism data-execution prevention(DEP), code reuse attacks have become mainstream, such as return-oriented programming(ROP), Jump-Oriented Programming(JOP), and Counterfeit Object-oriented Programming(COOP). And a series of defensive measures have been proposed, such as DEP, address space layout randomization (ASLR), coarse-grained Control-Flow Integrity(CFI) and fine-grained CFI. In this paper, we propose a new attack called function-oriented programming(FOP) to construct malicious program behavior. FOP takes advantage of the existing function of the C program to induce attack. We propose concrete algorithms for FOP gadgets and build a tool to identify FOP gadgets. FOP can successfully bypass coarse-grained CFI, and FOP also can bypass some existing fine-grained CFI technologies, such as shadow stack technology. We show a real-world attack for proftpd1.3.0 server in the Linux x64 environment. We believe that the FOP attack will encourage people to come up with more effective defense measures.
2019-10-08
Kim, S., Jin, S., Lee, Y., Park, B., Kim, H., Hong, S..  2018.  Single Trace Side Channel Analysis on Quantum Key Distribution. 2018 International Conference on Information and Communication Technology Convergence (ICTC). :736–739.

The security of current key exchange protocols such as Diffie-Hellman key exchange is based on the hardness of number theoretic problems. However, these key exchange protocols are threatened by weak random number generators, advances to CPU power, a new attack from the eavesdropper, and the emergence of a quantum computer. Quantum Key Distribution (QKD) addresses these challenges by using quantum properties to exchange a secret key without the risk of being intercepted. Recent developments on the QKD system resulted in a stable key generation with fewer errors so that the QKD system is rapidly becoming a solid commercial proposition. However, although the security of the QKD system is guaranteed by quantum physics, its careless implementation could make the system vulnerable. In this paper, we proposed the first side-channel attack on plug-and-play QKD system. Through a single electromagnetic trace obtained from the phase modulator on Alice's side, we were able to classify the electromagnetic trace into four classes, which corresponds to the number of bit and basis combination in the BB84 protocol. We concluded that the plug-and-play QKD system is vulnerable to side-channel attack so that the countermeasure must be considered.

Agrawal, Shashank, Mohassel, Payman, Mukherjee, Pratyay, Rindal, Peter.  2018.  DiSE: Distributed Symmetric-Key Encryption. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1993–2010.

Threshold cryptography provides a mechanism for protecting secret keys by sharing them among multiple parties, who then jointly perform cryptographic operations. An attacker who corrupts up to a threshold number of parties cannot recover the secrets or violate security. Prior works in this space have mostly focused on definitions and constructions for public-key cryptography and digital signatures, and thus do not capture the security concerns and efficiency challenges of symmetric-key based applications which commonly use long-term (unprotected) master keys to protect data at rest, authenticate clients on enterprise networks, and secure data and payments on IoT devices. We put forth the first formal treatment for distributed symmetric-key encryption, proposing new notions of correctness, privacy and authenticity in presence of malicious attackers. We provide strong and intuitive game-based definitions that are easy to understand and yield efficient constructions. We propose a generic construction of threshold authenticated encryption based on any distributed pseudorandom function (DPRF). When instantiated with the two different DPRF constructions proposed by Naor, Pinkas and Reingold (Eurocrypt 1999) and our enhanced versions, we obtain several efficient constructions meeting different security definitions. We implement these variants and provide extensive performance comparisons. Our most efficient instantiation uses only symmetric-key primitives and achieves a throughput of upto 1 million encryptions/decryptions per seconds, or alternatively a sub-millisecond latency with upto 18 participating parties.

Hajomer, A. A. E., Yang, X., Sultan, A., Sun, W., Hu, W..  2018.  Key Generation and Distribution Using Phase Fluctuation in Classical Fiber Channel. 2018 20th International Conference on Transparent Optical Networks (ICTON). :1–3.

We propose a secure key generation and distribution scheme for data encryption in classical optical fiber channel. A Delay interferometer (DI) is used to track the random phase fluctuation inside fiber, while the reconfigurable lengths of polarization-maintaining (PM) fiber are set as the source of optical phase fluctuations. The output signals from DI are extracted as the secret key and shared between the two-legal transmitter and receiver. Because of the randomness of local environment and the uniqueness of fiber channel, the phase fluctuation between orthogonal polarization modes (OPMs) can be used as secure keys to enhance the level of security in physical layer. Experimentally, we realize the random key generation and distribution over 25-km standard single-mode fiber (SSMF). Moreover, the proposed key generation scheme has the advantages of low cost, compatible with current optical fiber networks and long distance transmission with optical amplifiers.

Tripathi, S. K., Pandian, K. K. S., Gupta, B..  2018.  Hardware Implementation of Dynamic Key Value Based Stream Cipher Using Chaotic Logistic Map. 2018 2nd International Conference on Trends in Electronics and Informatics (ICOEI). :1104–1108.

In the last few decades, the relative simplicity of the logistic map made it a widely accepted point in the consideration of chaos, which is having the good properties of unpredictability, sensitiveness in the key values and ergodicity. Further, the system parameters fit the requirements of a cipher widely used in the field of cryptography, asymmetric and symmetric key chaos based cryptography, and for pseudorandom sequence generation. Also, the hardware-based embedded system is configured on FPGA devices for high performance. In this paper, a novel stream cipher using chaotic logistic map is proposed. The two chaotic logistic maps are coded using Verilog HDL and implemented on commercially available FPGA hardware using Xilinx device: XC3S250E for the part: FT256 and operated at frequency of 62.20 MHz to generate the non-recursive key which is used in key scheduling of pseudorandom number generation (PRNG) to produce the key stream. The realization of proposed cryptosystem in this FPGA device accomplishes the improved efficiency equal to 0.1186 Mbps/slice. Further, the generated binary sequence from the experiment is analyzed for X-power, thermal analysis, and randomness tests are performed using NIST statistical.

Liu, Y., Yuan, X., Li, M., Zhang, W., Zhao, Q., Zhong, J., Cao, Y., Li, Y., Chen, L., Li, H. et al..  2018.  High Speed Device-Independent Quantum Random Number Generation without Detection Loophole. 2018 Conference on Lasers and Electro-Optics (CLEO). :1–2.

We report a an experimental study of device-independent quantum random number generation based on an detection-loophole free Bell test with entangled photons. After considering statistical fluctuations and applying an 80 Gb × 45.6 Mb Toeplitz matrix hashing, we achieve a final random bit rate of 114 bits/s, with a failure probability less than 10-5.

Lauer, Sebastian.  2018.  On Several Verifiable Random Functions and the Q-Decisional Bilinear Diffie-Hellman Inversion Assumption. Proceedings of the 5th ACM on ASIA Public-Key Cryptography Workshop. :45–51.

In 1999, Micali, Rabin and Vadhan introduced the notion of Verifiable Random Functions (VRF)$\backslash$citeFOCS:MicRabVad99. VRFs compute for a given input x and a secret key \$sk\$ a unique function value \$y=V\_sk (x)\$, and additionally a publicly verifiable proof $π$. Each owner of the corresponding public key \$pk\$ can use the proof to non-interactivly verify that the function value was computed correctly. Furthermore, the function value provides the property of pseudorandomness. Most constructions in the past are based on q-type assumptions. Since these assumptions get stronger for a larger factor q, it is desirable to show the existence of VRFs under static or general assumptions. In this work we will show for the constructions presented in $\backslash$citePKC:DodYam05 $\backslash$citeCCS:BonMonRag10 the equivalence of breaking the VRF and solving the underlying q-type assumption.

Jiang, Zhengshen, Liu, Hongzhi, Fu, Bin, Wu, Zhonghai, Zhang, Tao.  2018.  Recommendation in Heterogeneous Information Networks Based on Generalized Random Walk Model and Bayesian Personalized Ranking. Proceedings of the Eleventh ACM International Conference on Web Search and Data Mining. :288–296.

Recommendation based on heterogeneous information network(HIN) is attracting more and more attention due to its ability to emulate collaborative filtering, content-based filtering, context-aware recommendation and combinations of any of these recommendation semantics. Random walk based methods are usually used to mine the paths, weigh the paths, and compute the closeness or relevance between two nodes in a HIN. A key for the success of these methods is how to properly set the weights of links in a HIN. In existing methods, the weights of links are mostly set heuristically. In this paper, we propose a Bayesian Personalized Ranking(BPR) based machine learning method, called HeteLearn, to learn the weights of links in a HIN. In order to model user preferences for personalized recommendation, we also propose a generalized random walk with restart model on HINs. We evaluate the proposed method in a personalized recommendation task and a tag recommendation task. Experimental results show that our method performs significantly better than both the traditional collaborative filtering and the state-of-the-art HIN-based recommendation methods.