Saarland University

Displaying 1-20 of 20 results

  • White Papers // Nov 2014

    ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data

    "The authors study the problem of privacy-preserving proofs on authenticated data, where a party receives data from a trusted source and is requested to prove computations over the data to third parties in a correct and private way, i.e., the third party learns no information on the data but is...

    Provided By Saarland University

  • White Papers // Feb 2012

    Computational Soundness of Symbolic Zero-knowledge Proofs: Weaker Assumptions and Mechanized Verification

    The abstraction of cryptographic operations by term algebras, called symbolic models, is essential in almost all tool-supported methods for analyzing security protocols. Significant progress was made in proving that symbolic models offering basic cryptographic operations such as encryption and digital signatures can be sound with respect to actual cryptographic realizations...

    Provided By Saarland University

  • White Papers // Jan 2012

    On the Development and Formalization of an Extensible Code Generator for Real Life Security Protocols

    This paper introduces Expi2Java, a new code generator for cryptographic protocols that translates models written in an extensible variant of the Spi calculus into executable code in a substantial fragment of Java, featuring concurrency, synchronization between threads, exception handling and a sophisticated type system with generics and wildcards. The authors'...

    Provided By Saarland University

  • White Papers // Jan 2012

    Multimodal Person Authentication on a Smartphone Under Realistic Conditions

    Verification of a person's identity by the combination of more than one biometric trait strongly increases the robustness of person authentication in real applications. This is particularly the case in applications involving signals of degraded quality, as for person authentication on mobile platforms. The context of mobility generates degradations of...

    Provided By Saarland University

  • White Papers // Dec 2011

    Automated Synthesis of Privacy-Preserving Distributed Applications

    One of the central challenges in the development of distributed systems is the design of cryptographic protocols that meet the desired functional requirements and enforce the intended security properties. There is a common understanding that basic security properties such as secrecy and authentication can easily be enforced via encryption and...

    Provided By Saarland University

  • White Papers // Oct 2011

    EXSYST: Search-Based GUI Testing

    Test generation tools commonly aim to cover structural artefacts of software, such as the source code or the user interface. However, focusing only on source code can lead to unrealistic or irrelevant test cases, while exploring a user interface often misses much of the underlying program behavior. The authors' EXSYST...

    Provided By Saarland University

  • White Papers // Sep 2011

    Nested Hoare Triples and Frame Rules for Higher-Order Store

    Separation logic is a Hoare-style logic for reasoning about programs with heap-allocated mutable data structures. As a step toward extending separation logic to high-level languages with ML-style general (higher-order) storage, the authors investigate the compatibility of nested Hoare triples with several variations of higher-order frame rules. The interaction of nested...

    Provided By Saarland University

  • White Papers // Jul 2011

    Comparing UC Security Variants

    In this paper, the authors investigate the relations among various security notions. More precisely, they present a separation result between two variants of UC security definition: 1-bit specialized simulator UC security and specialized simulator UC security. This solves an open question and comes in contrast with the well-known equivalence result...

    Provided By Saarland University

  • White Papers // Jun 2011

    Bytecode Testability Transformation

    Bytecode as produced by modern programming languages is well suited for search-based testing: Different languages compile to the same bytecode, bytecode is available also for third party libraries, all predicates are atomic and side-effect free, and instrumentation can be performed without recompilation. However, bytecode is also susceptible to the flag...

    Provided By Saarland University

  • White Papers // Jun 2011

    A Security API for Distributed Social Networks

    The authors present a cryptographic framework to achieve access control, privacy of social relations, secrecy of resources, and anonymity of users in social networks. They illustrate their technique on a core API for social networking, which includes methods for establishing social relations and for sharing resources. The cryptographic protocols implementing...

    Provided By Saarland University

  • White Papers // Jun 2011

    Provably Secure and Practical Onion Routing

    The onion routing network, Tor, is undoubtedly the most widely employed technology for anonymous web access. Although the underlying Onion Routing (OR) protocol's multi-pass cryptographic circuit construction appears satisfactory, a comprehensive formal analysis of its security guarantees is still lacking. Moreover, in practice the current Tor circuit construction suffers from...

    Provided By Saarland University

  • White Papers // May 2011

    Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols

    Type systems for authorization are a popular device for the specification and verification of security properties in cryptographic applications. Though promising, existing frameworks exhibit limited expressive power, as the underlying specification languages fail to account for powerful notions of authorization based on access counts, usage bounds, and mechanisms of resource...

    Provided By Saarland University

  • White Papers // Feb 2011

    G2C: Cryptographic Protocols From Goal-Driven Specifications

    The authors present G2C, a goal-driven specification language for distributed applications. This language offers support for the declarative specification of functionality goals and security properties. The former comprise the parties, their inputs, and the goal of the communication protocol. The latter comprise secrecy, access control, and anonymity requirements. A key...

    Provided By Saarland University

  • White Papers // Feb 2011

    Union and Intersection Types for Secure Protocol Implementations

    The authors present a new type system for verifying the security of cryptographic protocol implementations. The type system combines prior work on refinement types, with union, intersection, and polymorphic types, and with the novel ability to reason statically about the disjointness of types. The increased expressivity enables the analysis of...

    Provided By Saarland University

  • White Papers // Jul 2010

    Flying Yellow Elephant: Predictable and Efficient MapReduce in the Cloud

    Today, growing datasets require new technologies as standard technologies - such as parallel DBMSs - do not easily scale to such level. On the one side, there is the MapReduce paradigm allowing non-expert users to easily define large distributed jobs. On the other side, there is Cloud Computing providing a...

    Provided By Saarland University

  • White Papers // Jul 2010

    Speaker Recognition in Encrypted Voice Streams

    Transmitting voice communication over untrusted networks puts personal information at risk. Although voice streams are typically encrypted to prevent unwanted eavesdropping, additional features of voice communication protocols might still allow eavesdroppers to discover information on the transmitted content and the speaker. The authors develop a novel approach for unveiling the...

    Provided By Saarland University

  • White Papers // May 2010

    Acoustic Side-Channel Attacks on Printers

    This paper examines the problem of acoustic emanations of printers. The authors present a novel attack that recovers what a dot-matrix printer processing English text is printing based on a record of the sound it makes, if the microphone is close enough to the printer. In the experiments, the attack...

    Provided By Saarland University

  • White Papers // Apr 2010

    Long-Term Security and Universal Composability

    Algorithmic progress and future technological advances threaten today's cryptographic protocols. This may allow adversaries to break a protocol retrospectively by breaking the underlying complexity assumptions long after the execution of the protocol. Long-term secure protocols, protocols that after the end of the execution do not reveal any information to a...

    Provided By Saarland University

  • White Papers // Apr 2010

    Concurrent Composition in the Bounded Quantum Storage Model

    The authors define the BQS-UC model, a variant of the UC model that deals with protocols in the bounded quantum storage model. This paper presents a statistically secure commitment protocol in the BQS-UC model that composes concurrently with other protocols and an (A-priori) polynomially-bounded number of instances of it. The...

    Provided By Saarland University

  • White Papers // Nov 2009

    Types for Security Protocols

    The authors revise existing type-based analyses of security protocols by devising a core type system for secrecy, integrity and authentication in the setting of spi-calculus processes. These fundamental security properties are usually studied independently. Their exercise of considering all of them in a uniform framework is interesting under different perspectives:...

    Provided By Saarland University

  • White Papers // Apr 2010

    Concurrent Composition in the Bounded Quantum Storage Model

    The authors define the BQS-UC model, a variant of the UC model that deals with protocols in the bounded quantum storage model. This paper presents a statistically secure commitment protocol in the BQS-UC model that composes concurrently with other protocols and an (A-priori) polynomially-bounded number of instances of it. The...

    Provided By Saarland University

  • White Papers // Apr 2010

    Long-Term Security and Universal Composability

    Algorithmic progress and future technological advances threaten today's cryptographic protocols. This may allow adversaries to break a protocol retrospectively by breaking the underlying complexity assumptions long after the execution of the protocol. Long-term secure protocols, protocols that after the end of the execution do not reveal any information to a...

    Provided By Saarland University

  • White Papers // May 2010

    Acoustic Side-Channel Attacks on Printers

    This paper examines the problem of acoustic emanations of printers. The authors present a novel attack that recovers what a dot-matrix printer processing English text is printing based on a record of the sound it makes, if the microphone is close enough to the printer. In the experiments, the attack...

    Provided By Saarland University

  • White Papers // Jul 2011

    Comparing UC Security Variants

    In this paper, the authors investigate the relations among various security notions. More precisely, they present a separation result between two variants of UC security definition: 1-bit specialized simulator UC security and specialized simulator UC security. This solves an open question and comes in contrast with the well-known equivalence result...

    Provided By Saarland University

  • White Papers // Jul 2010

    Speaker Recognition in Encrypted Voice Streams

    Transmitting voice communication over untrusted networks puts personal information at risk. Although voice streams are typically encrypted to prevent unwanted eavesdropping, additional features of voice communication protocols might still allow eavesdroppers to discover information on the transmitted content and the speaker. The authors develop a novel approach for unveiling the...

    Provided By Saarland University

  • White Papers // Jun 2011

    Provably Secure and Practical Onion Routing

    The onion routing network, Tor, is undoubtedly the most widely employed technology for anonymous web access. Although the underlying Onion Routing (OR) protocol's multi-pass cryptographic circuit construction appears satisfactory, a comprehensive formal analysis of its security guarantees is still lacking. Moreover, in practice the current Tor circuit construction suffers from...

    Provided By Saarland University

  • White Papers // Jan 2012

    On the Development and Formalization of an Extensible Code Generator for Real Life Security Protocols

    This paper introduces Expi2Java, a new code generator for cryptographic protocols that translates models written in an extensible variant of the Spi calculus into executable code in a substantial fragment of Java, featuring concurrency, synchronization between threads, exception handling and a sophisticated type system with generics and wildcards. The authors'...

    Provided By Saarland University

  • White Papers // Feb 2012

    Computational Soundness of Symbolic Zero-knowledge Proofs: Weaker Assumptions and Mechanized Verification

    The abstraction of cryptographic operations by term algebras, called symbolic models, is essential in almost all tool-supported methods for analyzing security protocols. Significant progress was made in proving that symbolic models offering basic cryptographic operations such as encryption and digital signatures can be sound with respect to actual cryptographic realizations...

    Provided By Saarland University

  • White Papers // Jan 2012

    Multimodal Person Authentication on a Smartphone Under Realistic Conditions

    Verification of a person's identity by the combination of more than one biometric trait strongly increases the robustness of person authentication in real applications. This is particularly the case in applications involving signals of degraded quality, as for person authentication on mobile platforms. The context of mobility generates degradations of...

    Provided By Saarland University

  • White Papers // Sep 2011

    Nested Hoare Triples and Frame Rules for Higher-Order Store

    Separation logic is a Hoare-style logic for reasoning about programs with heap-allocated mutable data structures. As a step toward extending separation logic to high-level languages with ML-style general (higher-order) storage, the authors investigate the compatibility of nested Hoare triples with several variations of higher-order frame rules. The interaction of nested...

    Provided By Saarland University

  • White Papers // Dec 2011

    Automated Synthesis of Privacy-Preserving Distributed Applications

    One of the central challenges in the development of distributed systems is the design of cryptographic protocols that meet the desired functional requirements and enforce the intended security properties. There is a common understanding that basic security properties such as secrecy and authentication can easily be enforced via encryption and...

    Provided By Saarland University

  • White Papers // May 2011

    Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols

    Type systems for authorization are a popular device for the specification and verification of security properties in cryptographic applications. Though promising, existing frameworks exhibit limited expressive power, as the underlying specification languages fail to account for powerful notions of authorization based on access counts, usage bounds, and mechanisms of resource...

    Provided By Saarland University

  • White Papers // Nov 2009

    Types for Security Protocols

    The authors revise existing type-based analyses of security protocols by devising a core type system for secrecy, integrity and authentication in the setting of spi-calculus processes. These fundamental security properties are usually studied independently. Their exercise of considering all of them in a uniform framework is interesting under different perspectives:...

    Provided By Saarland University

  • White Papers // Feb 2011

    Union and Intersection Types for Secure Protocol Implementations

    The authors present a new type system for verifying the security of cryptographic protocol implementations. The type system combines prior work on refinement types, with union, intersection, and polymorphic types, and with the novel ability to reason statically about the disjointness of types. The increased expressivity enables the analysis of...

    Provided By Saarland University

  • White Papers // Feb 2011

    G2C: Cryptographic Protocols From Goal-Driven Specifications

    The authors present G2C, a goal-driven specification language for distributed applications. This language offers support for the declarative specification of functionality goals and security properties. The former comprise the parties, their inputs, and the goal of the communication protocol. The latter comprise secrecy, access control, and anonymity requirements. A key...

    Provided By Saarland University

  • White Papers // Jun 2011

    A Security API for Distributed Social Networks

    The authors present a cryptographic framework to achieve access control, privacy of social relations, secrecy of resources, and anonymity of users in social networks. They illustrate their technique on a core API for social networking, which includes methods for establishing social relations and for sharing resources. The cryptographic protocols implementing...

    Provided By Saarland University

  • White Papers // Jul 2010

    Flying Yellow Elephant: Predictable and Efficient MapReduce in the Cloud

    Today, growing datasets require new technologies as standard technologies - such as parallel DBMSs - do not easily scale to such level. On the one side, there is the MapReduce paradigm allowing non-expert users to easily define large distributed jobs. On the other side, there is Cloud Computing providing a...

    Provided By Saarland University

  • White Papers // Jun 2011

    Bytecode Testability Transformation

    Bytecode as produced by modern programming languages is well suited for search-based testing: Different languages compile to the same bytecode, bytecode is available also for third party libraries, all predicates are atomic and side-effect free, and instrumentation can be performed without recompilation. However, bytecode is also susceptible to the flag...

    Provided By Saarland University

  • White Papers // Oct 2011

    EXSYST: Search-Based GUI Testing

    Test generation tools commonly aim to cover structural artefacts of software, such as the source code or the user interface. However, focusing only on source code can lead to unrealistic or irrelevant test cases, while exploring a user interface often misses much of the underlying program behavior. The authors' EXSYST...

    Provided By Saarland University

  • White Papers // Nov 2014

    ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data

    "The authors study the problem of privacy-preserving proofs on authenticated data, where a party receives data from a trusted source and is requested to prove computations over the data to third parties in a correct and private way, i.e., the third party learns no information on the data but is...

    Provided By Saarland University