Feasibility, Efficiency, and Robustness of Secure Computation

Hai H Nguyen (14206922)

02 December 2022

<p>Secure computation allows mutually distrusting parties to compute over private data. Such collaborations have widespread applications in social, scientific, commercial, and security domains. However, the overhead of achieving security is a major bottleneck to the adoption of such technologies. In this context, this thesis aims to design the most secure protocol within budgeted computational or network resources by mathematically formulating it as an optimization problem. </p> <p>With the rise in CPU power and cheap RAM, the offline-online model for secure computation has become the prominent model for real-world security systems. This thesis investigates the above-mentioned optimization problem in the information-theoretic offline-online model. In particular, this thesis presents the following selected sample of our research in greater detail. </p> <p>Round and Communication Complexity: Chor-Kushilevitz-Beaver characterized the round and communication complexity of secure two-party computation. Since then, the case of functions with randomized output remained unexplored. We proved the decidability of determining these complexities. Next, if such a protocol exists, we construct the optimal protocol; otherwise, we present an obstruction to achieving security. </p> <p>Rate and Capacity of secure computation: The efficiency of converting the offline samples into secure computation during the online phase is essential. However, investigating this ``production rate'' for general secure computations seems analytically intractable. Towards this objective, we introduce a new model of secure computation -- one without any communication -- that has several practical applications. We lay the mathematical foundations of formulating rate and capacity questions in this framework. Our research identifies the first tight rate and capacity results (a la Shannon) in secure computation. </p> <p>Reverse multiplication embedding: We identify a new problem in algebraic complexity theory that unifies several efficiency objectives in cryptography. Reverse multiplication embedding seeks to implement as many (base field) multiplications as possible using one extension field multiplication. We present optimal construction using algebraic function fields. This embedding has subsequently led to efficient improvement of secure computation, homomorphic encryption, proof systems, and leakage-resilient cryptography. </p> <p>Characterizing the robustness to side-channel attacks: Side-channel attacks present a significant threat to the offline phase. We introduce the cryptographic analog of common information to characterize the offline phase's robustness quantitatively. We build a framework for security and attack analysis. In the context of robust threshold cryptography, we present a state-of-the-art attack, threat assessment, and security fix for Shamir's secret-sharing. </p> <p><br></p>

Cryptography

Secure computation

MPC

offline-online paradigm

reverse multiplication embedding

round and communication complexity

secure non-interactive simulation

rate and capacity

leakage resilience

secret sharing scheme

DIGITAL LITERACY AND THE PERCEPTIONS OF ONLINE GROOMING

Motunrola Mutiat Afolabi (17199070)

18 October 2023

<p dir="ltr">Recent developments in computer technology have increased the number of internet stalkers, child pornographers, traffickers and sexual predators. In a world where digital literacy is on the rise and people strive to keep up with the latest technology, this paper explores the relationship between digital literacy and online grooming(computer-mediated sexual grooming) and offline grooming (localized sexual grooming) and the effect of age, gender, marital status and parental status on the way individuals perceive grooming. This data was collected via a survey from 256 respondents who are 18 years and above and classified as parents within the United States. Several analyses such as correlations, Mann-Whitney U test and Kruskal Wallis H test were conducted, and our results suggest that there is a relationship between digital literacy and the perceptions of grooming, which may have implications on cybersecurity awareness training. The results highlight the importance of digital literacy in the perception of computer-mediated sexual grooming and familial sexual grooming, with enough evidence to support its essential role in people’s sense of safety. In conclusion, this study emphasized the need for targeted programs and campaigns to create education and awareness with the aim of improving parental digital literacy skills, understanding of grooming risks, and responsible Internet use education across society.</p>

digital literacy

minors

computer-mediated sexual grooming

familial sexual grooming

localized sexual grooming

online grooming

offline grooming

perception

prevalence

THE ROLE OF MORALITY, SELF-CONTROL, AND ENVIRONMENTAL EXPOSURE, ON OFFLINE- AND ONLINE AGGRESSIVE CRIMINOGENIC BEHAVIOUR: : A QUANTITATIVE STUDY ON SITUATIONAL ACTION THEORY AND ITS APPLICABILITY IN DIFFERENT ENVIRONMENTAL CONTEXTS

Riekwel, Annika

January 2023

According to Wikstörm’s (2012) Situational Action Theory (SAT), engaging incriminogenic behaviour is influenced by a person’s crime propensity, such as self-control and morality. Moral rules applied to a setting, and their degree ofenforcement, are stated as crucial since individuals are in constant interaction withtheir surroundings. Criminogenic exposure, such as having criminal friends and thetime spent with friends, is according to SAT (ibid.) influential on criminogenicbehaviour. The purpose of this study was, through hypothesis testing, to investigatethe applicability of SAT based on different environmental contexts. Aggressivecriminogenic behaviour was measured through bullying. Offline- andcyberbullying corresponded to aggressive criminogenic behaviour in differentenvironmental contexts. This study found that morality, self-control, andcriminogenic exposure, were significant in relation to offline bullying. Self-controland having criminal friends were significant in relation to cyberbullying. Genderwas used as a confounding variable and showed that girls are more prone tocyberbullying than boys, and that boys were more prone to offline bullying thangirls. Testing SAT applicability by comparing online and offline criminogenicbehaviour is understudied, further research on other online criminogenic behavioursis therefore encouraged, as well as the relationship between gender and anonymityas well as their influence in SAT.

Situational Action Theory

Criminogenic Behaviour

Morality

Self- Control

Environmental context

offline bullying

cyberbullying

PEA-model

Self- Report

Social Sciences Interdisciplinary

Robotic 3D Printing of sustainable structures / Robot 3D-printing med hållbara strukturer

Alkhatib, Tammam

January 2023

This bachelor thesis aims to integrate and evaluate a 3D printing robotic cell at the SmartIndustry Group – SIG lab at Linnaeus University (LNU).A sustainable structure consisting of wood fiber polymer composites was 3D printed withan industrial robot. Sustainable 3D printing material can be recycled or burned for energyafterwards. The 3D printing material used in this thesis stems from certificated forests. The objective is to utilise this technology in manufacturing courses and research projectsat the SIG lab at LNU. This objective is achieved by creating an operation manual and avideo tutorial in this thesis.The integration and evaluation process will involve offline robot programming,simulation, and practical experiments on the 3D printing robotic cell.

3D printing

Robotic 3D printing

ABB Robotstudio

Robot simulation

Offline robot programming

3DP PowerPac

Robotics

Robotteknik och automation

Simulating Large Scale Memristor Based Crossbar for Neuromorphic Applications

Uppala, Roshni

03 June 2015

No description available.

Computer Engineering

Electrical Engineering

Engineering

memristor

parallel simulation

neuromorphic computing

Xyce

approximate memristor model

offline training of memristor

pattern classification

face image classification

neural networks

On the Viability of Digital Cash in Offline Payments

Holgersson, Joakim, Enarsson, John

January 2022

Background. As the financial systems around the world become more digitized with the use of a card and mobile payments - we see a decrease in willingness to accept cash payments in many countries. These digital payments require a stable network connection to be processed in real-time. In rural areas or during times of crisis where these network connections may be unavailable there is a need to resort to some payment method that works offline. Paper cash is preferred by some because of its anonymous nature and with the realization of blind signatures the concept of digital cash was constructed. Digital cash is a digitized version of the traditional paper cash that values payer privacy and can be spent while both parties are offline with the use of smart cards or other mobile devices. Unlike physical paper cash, digital cash is without additional mitigations easily copied and forged as they only consist of information. Objectives. The objective of this work is to determine the viability of digital cash as a replacement or complement to today’s paper cash. The results will describe our findings on what technologies are necessary to securely exchange digital cash offline, as well as our findings on whether arbitrary payment amounts can be exchanged efficiently as well as exchanged between users of different banks. Methods. This work consists of threat modeling to identify the necessary technologies to securely exchange digital cash and what they accomplish. An extensive literature study and theoretical evaluations of state-of-the-art digital cash schemes are also part of the work. Results. The results show that digital cash can be constructed and exchanged securely with various optional features that make it more or less resemble its physical counterpart. With payer anonymity in the center and the inevitable risk of fraudulent users’ double-spending coins - the identified technologies do their best to reduce the cost-effectiveness of double-spending. Cryptographic solutions, as well as hard-to-tamper-with hardware, are the two key technologies for this. Advancements in cryptography have enabled more efficient storage and spending of digital cash with compact wallets and divisible digital cash. Conclusions. Digital cash has been a theoretical concept for almost four decades and is becoming more secure and efficient by being reconstructed using more modern cryptographic solutions. Depending on the requirements of the payment system, some schemes support arbitrary amount payment exchanges in constant time, be-tween users of different banks, transferability and some can run efficiently on privacy assuring hard-to-tamper with hardware. No scheme can do it all, but this work shines a light on some important considerations useful for future practical implementation of digital cash. / Bakgrund. Samtidigt som betalningar sker mer digitalt med hjälp av betalkort och mobiltelefoner ser vi hur färre försäljare accepterar kontanter som betalningsmedel. Det är här digitala betalningarna kräver stabil nätverksuppkoppling för att genom-föras och på avlägsna platser och under krissituationer kan den här uppkopplingen bli otillgänglig - vilket leder till ett behov för offline-betalningar. Kontanter används av några på grund av dess anonyma natur och med förverkligandet av blinda signaturer växte konceptet om digitala kontanter fram. Digitala kontanter är som det låter, en digital variant av kontanter som försöker uppnå samma anonymitet samt kunna överföras medan båda parter är offline med hjälp av betalkort eller andra mobila enheter. Till skillnad från fysiska kontanter kan dessa digitala mynt utan speciella åtgärder lätt kopieras och förfalskas eftersom de enbart består av information. Syfte. Syftet med det här arbetet är att ta redo på huruvida digitala kontanter kan ersätta eller fungera som ett komplement till dagens kontanter, samt ta redo på vilka möjligheter det finns för en implementation av ett sådant system idag. Resultatet ska beskriva våra upptäckter om vilka tekniker som behövs för att på ett säkert sätt kunna överföra digitala kontanter offline, samt våra upptäckter om huruvida godtyckliga summor kan överföras på ett effektivt sätt och mellan kunder av olika banker. Metod. Metoden vi använder består av att konstruera en hotmodell för att identifiera nödvändiga tekniker för att på ett säkert sätt kunna överföra digitala kontanter och kunna redogöra vad de uppfyller för funktioner. Arbetet innefattar även en omfattande litteraturstudie och teoretiska utvärderingar av toppmoderna digitala kontantsystem. Resultat. Resultatet visar att digitala kontanter kan konstrueras för att överföras säkert med flera frivilliga funktioner som gör att överföringarna mer eller mindre liknar sin fysiska motsvarighet. Genom att värna om ärliga betalares anonymitet och med en oundviklig risk för dubbelspendering gör de identifierade teknikerna sittbästa för att minska betalningstider och incitamentet att dubbelspendera med hjälp av kryptering och speciell svårmanipulerad hårdvara. Slutsatser. Digitala kontanter har funnits som ett teoretiskt koncept i snart fyradecennier och blir snabbt säkrare samt effektivare när de byggs om och baseras på nya krypteringslösningar. Beroende på vilka krav man har på sitt betalningssystem kan de byggas för att överföra godtyckliga summor i konstant tidskomplexitet, mellan användare av olika banker, överföras flera gånger likt vanliga kontanter eller med hjälp av svårmanipulerad hårdvara. Inget system kan göra allt idag och det här arbetet kan hjälpa den som vill bygga ett produktionssystem med vilka avväganden som kan göras.

Digital cash

offline payments

anonymous payments

digital coin

electronic coin

Digitala kontanter

offlinebetalningar

anonyma betalningar

digitala mynt

elektroniska mynt

Computer Sciences

Datavetenskap (datalogi)

Implementing offline functionality to a web-based module : A proof of concept with the help of a Service Worker API

Madrén, Daniel

January 2024

The software company AFRY licenses out a Product Support System (PSS) called AFRY Pulse, which serves as a backbone for businesses to deliver value to customers, employees, and stakeholders. Currently, AFRY Pulse lacks offline support, putting them at a disadvantage compared to competitors offering similar PSS solutions. Therefore, this study aims to implement offline support for one of AFRY Pulse's modules, called the Round Module, with the help of Service Worker API.  Based on the problem formulation, the study investigated how well the implementation of the Service Worker API matched the “Must have” requirements, specified in the requirement specification and identified complications that arose during implementation, along with their solutions.  The implementation of offline support followed an agile software development approach with three and a half sprint iterations. Each sprint involved specifying requirements, implementation, and evaluation sessions. The data collection methods used includes maintaining a journal, with notes taken during the implementation and the evaluation sessions. The evaluation sessions included manual black-box testing, manual code-review, and semi-structured interviews.  The results from the evaluations produced two themes Implemented correct functionality and Improving visual response. Furthermore, the complications that were found during the implementation were Service Worker going to the redundant state, Service Worker not being able to stop fetch requests and AbortController being redundant within the Service Worker.

Offline Support

Service Worker

Web Application

Evaluation

JavaScript

C#

ASP.NET Core

Information Systems, Social aspects

The trends in the offline password-guessing field : Offline guessing attack on Swedish real-life passwords / Trenderna inom fältet för offline-gissning av lösenord : Offline-gissningsattack på svenska verkliga lösenord

Zarzour, Yasser, Alchtiwi, Mohamad

January 2023

Password security is one of the most critical aspects of IT security, as password-based authentication is still the primary authentication method. Unfortunately, our passwords are subject to different types of weaknesses and various types of password-guessing attacks. The first objective of this thesis is to provide a general perception of the trends in offline password-guessing tools, methods, and techniques. The study shows that the most cited tools are Hashcat, John the Ripper, Ordered Markov ENumerator (OMEN), and PassGan. Methods are increasingly evolving and becoming more sophisticated by emerging Deep Learning and Neural Networks. Unlike methods and tools, techniques are not subject to significant development, noting that dictionary and rule-based attacks are at the top of used techniques. The second objective of this thesis is to explore to what extent Swedish personal names are used in real-life passwords. Hence, an experiment is conducted for this purpose. The experiment results show that about 26% of Swedish users use their personal names when they create passwords, making them vulnerable to easy guessing by password-guessing tools. Furthermore, a simple analysis of the resulting password recovery file is performed in terms of password length and complexity. The resulting numbers show that more than half of guessed passwords are shorter than eight characters, indicating incompliance with the recommendations from standard organizations. In addition, results show a weak combination of letters, digits, and special characters, indicating that many Swedish users do not maintain sufficient diversity when composing their passwords. This means less password complexity, making passwords an easy target to guess. This study may serve as a quick reference to getting an overview of trends in the password-guessing field. On the other side, the resulting rate of Swedish personal names in Swedish password leaks may draw the attention of active social actors regarding information security to improve password security measures in Sweden. / Lösenordssäkerhet är en av de mest kritiska aspekterna av IT-säkerhet eftersom  lösenordsbaserad autentisering fortfarande är den viktigaste metoden för autentisering. Tyvärr är våra lösenord föremål för olika typer av svagheter och olika typer av lösenordsgissningsattacker. Det första syftet med detta arbete är att ge en allmän uppfattning om trenderna inom verktyg,metoder och tekniker angående offline lösenordsgissning. Studien visar att Hashcat, John the Ripper, Ordered Markov ENumerator OMEN och PassGan är de mest citerade verktygen. Medan metoderna alltmer utvecklas och blir mer sofistikerade genom framväxande “DeepLearning”, och “Neural Networks”. Till skillnad från metoder och verktyg är tekniker inte föremål för stor utveckling, och notera att “dictionary” attacker och “rule-based” attacker är överst bland använda tekniker. Det andra syftet är att utforska i vilken utsträckning svenska personnamn används i verkliga lösenord. Därför genomförs ett experiment för detta ändamål. Resultaten av experimentet visar att cirka 26 % av svenska användare använder sina personnamn när de skapar lösenord, vilket gör lösenord sårbara för enkel gissning med hjälp av lösenordsgissningsverktyg. Dessutom utförs en enkel analys av den resulterande lösenordsåterställningsfilen vad gäller lösenordslängd och komplexitet. De resulterande siffrorna visar att mer än hälften av de gissade lösenorden är kortare än åtta tecken, vilket är en indikation på att de inte följer rekommendationerna från standardorganisationer. Resultaten visar också en svag kombination av bokstäver, siffror och specialtecken vilket indikerar att många svenskar inte upprätthåller tillräcklig variation när de komponerar sina lösenord. Detta innebär mindre lösenordskomplexitet, vilket gör lösenord till ett mål för enkel gissning. Arbetet kan fungera som en snabbreferens för att få en överblick över trender inom lösenordsgissningsfältet. Å andra sidan kan den resulterande andelen svenska personnamn i  svenska lösenordsläckor uppmärksamma de aktiva aktörerna i samhället gällande informationssäkerhet för att förbättra lösenordssäkerhetsåtgärderna i Sverige.

Password security

password-guessing tool

password-guessing method

password-guessing technique

offline attack

Swedish password leak

Lösenordssäkerhet

lösenordsgissningsverktyg

lösenordsgissningsmetoder

lösenordsgissningstekniker

offline attack

svenska lösenordsläckor

Computer Sciences

Datavetenskap (datalogi)

Computer Engineering

Datorteknik

Information Systems

Other Computer and Information Science

Annan data- och informationsvetenskap

Probability Theory and Statistics

Sannolikhetsteori och statistik

Computer Systems

Datorsystem

Offline Reinforcement Learning for Downlink Link Adaption : A study on dataset and algorithm requirements for offline reinforcement learning. / Offline Reinforcement Learning för nedlänksanpassning : En studie om krav på en datauppsättning och algoritm för offline reinforcement learning

Dalman, Gabriella

January 2024

This thesis studies offline reinforcement learning as an optimization technique for downlink link adaptation, which is one of many control loops in Radio access networks. The work studies the impact of the quality of pre-collected datasets, in terms of how much the data covers the state-action space and whether it is collected by an expert policy or not. The data quality is evaluated by training three different algorithms: Deep Q-networks, Critic regularized regression, and Monotonic advantage re-weighted imitation learning. The performance is measured for each combination of algorithm and dataset, and their need for hyperparameter tuning and sample efficiency is studied. The results showed Critic regularized regression to be the most robust because it could learn well from any of the datasets that were used in the study and did not require extensive hyperparameter tuning. Deep Q-networks required careful hyperparameter tuning, but paired with the expert data it managed to reach rewards equally as high as the agents trained with Critic Regularized Regression. Monotonic advantage re-weighted imitation learning needed data from an expert policy to reach a high reward. In summary, offline reinforcement learning can perform with success in a telecommunication use case such as downlink link adaptation. Critic regularized regression was the preferred algorithm because it could perform great with all the three different datasets presented in the thesis. / Denna avhandling studerar offline reinforcement learning som en optimeringsteknik för nedlänks länkanpassning, vilket är en av många kontrollcyklar i radio access networks. Arbetet undersöker inverkan av kvaliteten på förinsamlade dataset, i form av hur mycket datan täcker state-action rymden och om den samlats in av en expertpolicy eller inte. Datakvaliteten utvärderas genom att träna tre olika algoritmer: Deep Q-nätverk, Critic regularized regression och Monotonic advantage re-weighted imitation learning. Prestanda mäts för varje kombination av algoritm och dataset, och deras behov av hyperparameterinställning och effektiv användning av data studeras. Resultaten visade att Critic regularized regression var mest robust, eftersom att den lyckades lära sig mycket från alla dataseten som användes i studien och inte krävde omfattande hyperparameterinställning. Deep Q-nätverk krävde noggrann hyperparameterinställning och tillsammans med expertdata lyckades den nå högst prestanda av alla agenter i studien. Monotonic advantage re-weighted imitation learning behövde data från en expertpolicy för att lyckas lära sig problemet. Det datasetet som var mest framgångsrikt var expertdatan. Sammanfattningsvis kan offline reinforcement learning vara framgångsrik inom telekommunikation, specifikt nedlänks länkanpassning. Critic regularized regression var den föredragna algoritmen för att den var stabil och kunde prestera bra med alla tre olika dataseten som presenterades i avhandlingen.

Offline Reinforcement Learning

Downlink Link adaptation

data analysis

Deep Q-networks

Critic Regularized Regression

Offline Reinforcement Learning

nedlänksanpassning

data analys

Deep Qnetworks

Critic Regularized Regression

Computer and Information Sciences

Data- och informationsvetenskap

Test and Validation of Web Services

Cao, Tien Dung

06 December 2010

Nous proposons dans cette thèse les approches de test pour la composition de services web. Nous nous intéressons aux test unitaire et d’intégration d’une orchestration de services web. L’aspect de vérification d’exécution en-ligne est aussi consideré. Nous définissons une plateforme de test unitaire pour l’orchestration de services web qui compose une architecture de test, une relation de conformité et deux approches de test basés sur le modèle de machine à l’états finis étendues temporisés: l’approche offline où les activités de test comme la génération de cas de test temporisé, l’exécution de test et l’assignement de verdict sont appliquées en séquentielle tandis que ces activités sont appliquées en parallèle dans l’approche online. Pour le test d’intégration d’une orchestration, nous combinons deux approches: active et passive.Au debut, l’approche active est utilisée pour activer une nouvelle session d’orchestration par l’envoi d’un message de requête SOAP. Après, tous les messages d’entré et de sortie de l’orchestration sont collectés et analysés par l’approche passive.Pour l’aspect de vérification d’exécution en-ligne, nous nous intéressons à la vérification d’une trace qui respecte un ensemble des constraintes, noté règles, ou pas. Nous avons proposé extendre le langage Nomad en définissant des constraintes sur chaque action atomique et un ensemble de corrélation de données entre les actions pour définir des règles pour le service web. Ce langage nous permet de définir des règles avec le temps futur et passé, et d’utiliser des opérations NOT, AND, OR pour combiner quelque conditions dans le contexte de la règle. Ensuite, nous proposons un algorithme pour vérifier l’exactitude d’une séquence des messages en parallèle avec le moteur de collecte de trace. / In this thesis, we propose the testing approaches for web service composition. We focus on unit, integrated testing of an orchestration of web services and also the runtime verification aspect. We defined an unit testing framework for an orchestration that is composed of a test architecture, a conformance relation and two proposed testing approaches based on Timed Extended Finite State Machine (TEFSM) model: offline which test activities as timed test case generation, test execution and verdict assignment are applied in sequential, and online which test activities are applied in parallel. For integrated testing of an orchestration, we combines of two approaches: active and passive. Firstly, active approach is used to start a new session of the orchestration by sending a SOAP request. Then all communicating messages among services are collected and analyzed by a passive approach. On the runtime verification aspect, we are interested in the correctness of an execution trace with a set of defined constraints, called rules. We have proposed to extend the Nomad language, by defining the constraints on each atomic action (fixed conditions) and a set of data correlations between the actions to define the rules for web services. This language allows us to define a rule with future and past time, and to use the operations: NOT, AND, OR to combines some conditions into a context of the rule. Afterwards, we proposed an algorithm to check correctness of a message sequence in parallel with the trace collection engine. Specifically, this algorithm verifies message by message without storing them.

Orchestration de services web

Test en-ligne

Test actif/passif

Vérification d’exécution en-ligne

Génération de cas de test temporisé

Web service orchestration

Timed Extended Finite State Machine

Online/ Offline testing

Active/Passive testing

Runtime verification

Test case generation