Mathematics / Matematik
Permanent URI for this collectionhttps://hdl.handle.net/11147/8
Browse
20 results
Search Results
Research Project Yürüme verisi ve konum mahremiyeti(2019) Ustaoğlu, BerkantAkıllı giysiler, giydirilebilir sensörler ve benzeri küçük cihazlar askeri, sağlık ve kişisel uygulamaların geliştirilmesinde çok değerli geri bildirimler sağlar. Bu bildirimler, toplanan bilgilerin basit kullanımlarının ötesinde, istenmeyen sonuçlarda çıkarılabilir. Temel konular insanlar olduğunda, bu tür çıkarımlar, bireylerin yasal gizliliğiyle beklenen ve korunanları kolayca ihlal edebilir. Bu tür veri analizi hakkında bir fikir edinmek için projemiz yürüyüş verileri ve yer gizliliği konusunda seçildi. Yürüme verileri genellikle koşma, yürüme, merdiven çıkma, düşme gibi aktivite tanımlama veya osteoartrit gibi tıbbi durumların izlenmesi ile ilgilidir. Buna rağmen; bireylerin günlük fiziksel aktivitelerini (adım sayısı vb.) izlemek için çeşitli mobil uygulama formunda çeşitli kişisel asistanlar var. Tartıştığımız bu veriler, küresel konumlandırma (GPS) verilerine başvurmadan bir bireyin konumunu belirlemek için kullanılabilir. Bu proje bu sorunu ele aldı. Gönüllü bireyler üzerinden pil ile beslenen IMU sensor ve kablosuz WiFi modüller kullanılarak 3-eksen ivme verileri toplandı. Bu amaçla tasarlanan elektronik devre kişinin her bir ayağı için dizüstü ve dizaltına bölgelerine yerleştirildi (toplam 4 adet). Kablosuz tasarım birden fazla bireyden veri toplamaya izin verdi. Veri toplama işlemi eğimli yolda yukarı çıkma, eğimli yolda aşağı inme, merdiven inme, merdiven çıkma ve düz yolda gerçekleştirildi. Toplanan veriler eğitim, validasyon ve test verisi olarak 3'e ayrıldı. Şu aşamada veriler kullanıcı konumunu belirlemek için graf algoritmalarının yanısıra çeşitli makine öğrenmesi algoritmaları ile sınıflandırma için kullanılmaktadır. Abstract Smart garments, wearable sensors and similar small devices provide invaluable feedback in development, be it military, health or personal satisfaction. Beyond the straightforward use of collected information one can infer unintended knowledge. When the underlying subjects are people such deductions can easily violate the expected and protected by law privacy of individuals. To get an insight of what seemingly unrelated information can be extracted our project selected gait data and location privacy. Gait data is usually associated with activity recognition, such as running, walking, climbing stairs, falling; or with monitoring certain medical conditions such as osteoarthritis. However, there are various personal assistants in the form of say mobile applications that keep track of daily physical activity of individuals (such as steps count). Such data we argue can be used to locate the position of an individual without resorting to global positioning (GPS) data. This project takes on that problem. Using battery powered wireless modules with soldered accelerometers we collected the sensor data in a central processing unit (also battery powered). The wireless modules were attached to human subjects four units per person one below the knee one above the knee on each leg. Data was gathered on different terrains: slope going up and down, stairs going up and down, and level surface. The wireless nature allowed as to collect gait data by more than on subject at a time usually two. During collection the data is recorded based on the terrain the data is gathered and is treated as learning, validation and test data. At the current stage we have moved on on developing various Machine Learning algorithms to classify data as well as graph algorithms to deduce user location.Article Malleability and Ownership of Proxy Signatures: Towards a Stronger Definiton and Its Limitations(American Institute of Mathematical Sciences, 2020) Chatterjee, Sanjit; Ustaoğlu, BerkantProxy signature is a cryptographic primitive that allows an entity to delegate singing rights to another entity. Noticing the ad-hoc nature of security analysis prevalent in the existing literature, Boldyreva, Palacio and Warinschi proposed a formal security model for proxy signature. We revisit their proposed security definition in the context of the most natural construction of proxy signature - delegation-by-certificate. Our analysis indicates certain limitations of their definition that arise due to malleability of proxy signature as well as signature ownership in the context of standard signature. We propose a stronger definition of proxy signature to address these issues. However, we observe that the natural reductionist security argument of the delegation-by certificate proxy signature construction under this definition seems to require a rather unnatural security property for a standard signature.Article Citation - WoS: 89Obtaining a Secure and Efficient Key Agreement Protocol From (h)mqv and Naxos (extended Version)(International Association for Cryptologic Research, 2009) Ustaoğlu, BerkantLaMacchia, Lauter and Mityagin recently presented a strong security definition for authenticated key agreement strengthening the well-known Canetti-Krawczyk definition. They also described a protocol, called NAXOS, that enjoys a simple security proof in the new model. Compared to MQV and HMQV, NAXOS is less efficient and cannot be readily modified to obtain a one-pass protocol. On the other hand MQV does not have a security proof, and the HMQV security proof is extremely complicated. This paper proposes a new authenticated key agreement protocol, called CMQV (`Combined' MQV), which incorporates design principles from MQV, HMQV and NAXOS. The new protocol achieves the efficiency of HMQV and admits a natural one-pass variant. Moreover, we present a simple and intuitive proof that CMQV is secure in the LaMacchia-Lauter-Mityagin model.Article Efficient Key Exchange With Tight Security Reduction(International Association for Cryptologic Research, 2009) Wu, Jiang; Ustaoğlu, BerkantIn this paper, we propose two authenticated key exchange (AKE) protocols, SMEN and SMEN−, which have efficient online computation and tight security proof in the extended Canetti-Krawczyk (eCK) model. SMEN takes 1.25 exponentiations in online computation, close to that (1.17 exponentiations) of the most efficient AKEs MQV and its variants HMQV and CMQV. SMEN has a security reduction as tight as that of NAXOS, which is the first AKE having a tight security reduction in the eCK model. As a comparison, MQV does not have a security proof; both HMQV and CMQV have a highly non-tight security reduction, and HMQV needs a non-standard assumption; NAXOS takes 2.17 exponentiations in online computation; NETS, a NAXOS variant, takes two online exponentiations in online computation. SMEN simultaneously achieves online efficiency and a tight security proof at a cost of 0.17 more exponentiations in offline computation and the restriction that one party is not allowed to establish a key with itself. SMEN− takes 1.29 exponentiations in online computation, but SMEN− does not use the static private key to compute the ephemeral public key (as does in SMEN, NAXOS, CMQV, and NETS), and hence reduces the risk of leaking the static private key.Article Citation - WoS: 25Comparing Sessionstatereveal and Ephemeralkeyreveal for Diffie-Hellman Protocols (extended Version)(International Association for Cryptologic Research, 2009) Ustaoğlu, BerkantBoth the ``eCK'' model, by LaMacchia, Lauter and Mityagin, and the ``CK01'' model, by Canetti and Krawczyk, address the effect of leaking session specific ephemeral data on the security of key establishment schemes. The CK01-adversary is given a \SessionStateReveal{} query to learn session specific private data defined by the protocol specification, whereas the eCK-adversary is equipped with an \RevealEphemeralKey{} query to access all ephemeral private input required to carry session computations. \SessionStateReveal{} \emph{cannot} be issued against the test session; by contrast \RevealEphemeralKey{} \emph{can} be used against the test session under certain conditions. On the other hand, it is not obvious how \RevealEphemeralKey{} compares to \SessionStateReveal{}. Thus it is natural to ask which model is more useful and practically relevant. While formally the models are not comparable, we show that recent analysis utilizing \SessionStateReveal{} and \RevealEphemeralKey{} have a similar approach to ephemeral data leakage. First we pinpoint the features that determine the approach. Then by examining common motives for ephemeral data leakage we conclude that the approach is meaningful, but does not take into account timing, which turns out to be critical for security. Lastly, for Diffie-Hellman protocols we argue that it is important to consider security when discrete logarithm values of the outgoing ephemeral public keys are leaked and offer a method to achieve security even if the values are exposed.Article Utilizing Postponed Ephemeral and Pseudo-Static Keys in Tripartite and Identity-Based Key Agreement Protocols(International Association for Cryptologic Research, 2009) Fujioka, Atsushi; Suzuki, Koutarou; Ustaoğlu, BerkantWe propose an new one-round implicitly authenticated three-party protocol that extends Joux's protocol as well as a two-party identity-based protocol. Our protocols have a single communication round that consists of ephemeral (one-time) public keys along with certificates in the tripartite protocol, and identities in the identity-based setting. As such our protocols are communication efficient and furthermore do not require enhanced message format.Conference Object Citation - WoS: 34On the Importance of Public-Key Validation in the Mqv and Hmqv Key Agreement Protocols(Springer Verlag, 2006) Menezes, Alfred; Ustaoğlu, BerkantHMQV is a hashed variant of the MQV key agreement protocol proposed by Krawczyk at CRYPTO 2005. In this paper, we present some attacks on HMQV and MQV that are successful if public keys are not properly validated. In particular, we present an attack on the two-pass HMQV protocol that does not require knowledge of the victim's ephemeral private keys. The attacks illustrate the importance of performing some form of public-key validation in Diffie-Hellman key agreement protocols, and furthermore highlight the dangers of relying on security proofs for discrete-logarithm protocols where a concrete representation for the underlying group is not specified.Article Citation - WoS: 1Citation - Scopus: 4A Practical Privacy-Preserving Targeted Advertising Scheme for Iptv Users(Springer Verlag, 2016) Khayati, Leyli Javid; Örencik, Cengiz; Savaş, Erkay; Ustaoğlu, BerkantIn this work, we present a privacy-preserving scheme for targeted advertising via the Internet Protocol TV (IPTV). The scheme uses a communication model involving a collection of subscribers, a content provider (IPTV), advertisers and a semi-trusted server. To target potential customers, the advertiser can utilize not only demographic information of subscribers, but also their watching habits. The latter includes watching history, preferences for IPTV content and watching rate, which are periodically (e.g., weekly) published on a semi-trusted server (e.g., cloud server) along with anonymized demographics. Since the published data may leak sensitive information about subscribers, it is safeguarded using cryptographic techniques in addition to the anonymization of demographics. The techniques used by the advertiser, which can be manifested in its queries to the server, are considered (trade) secrets and therefore are protected as well. The server is oblivious to the published data and the queries of the advertiser as well as its own responses to these queries. Only a legitimate advertiser, endorsed with so-called trapdoors by the IPTV, can query the cloud server and access the query results. Even when some background information about users is available, query responses do not leak sensitive information about the IPTV users. The performance of the proposed scheme is evaluated with experiments, which show that the scheme is practical. The algorithms demonstrate both weak and strong scaling property and take advantage of high level of parallelism. The scheme can also be applied as a recommendation system. © 2015, Springer-Verlag Berlin Heidelberg.Conference Object Citation - WoS: 25Citation - Scopus: 26Quantum Key Distribution in the Classical Authenticated Key Exchange Framework(Springer, 2013) Mosca, Michele; Stebila, Douglas; Ustaoğlu, BerkantKey establishment is a crucial primitive for building secure channels in a multi-party setting. Without quantum mechanics, key establishment can only be done under the assumption that some computational problem is hard. Since digital communication can be easily eavesdropped and recorded, it is important to consider the secrecy of information anticipating future algorithmic and computational discoveries which could break the secrecy of past keys, violating the secrecy of the confidential channel. Quantum key distribution (QKD) can be used generate secret keys that are secure against any future algorithmic or computational improvements. QKD protocols still require authentication of classical communication, although existing security proofs of QKD typically assume idealized authentication. It is generally considered folklore that QKD when used with computationally secure authentication is still secure against an unbounded adversary, provided the adversary did not break the authentication during the run of the protocol. We describe a security model for quantum key distribution extending classical authenticated key exchange (AKE) security models. Using our model, we characterize the long-term security of the BB84 QKD protocol with computationally secure authentication against an eventually unbounded adversary. By basing our model on traditional AKE models, we can more readily compare the relative merits of various forms of QKD and existing classical AKE protocols. This comparison illustrates in which types of adversarial environments different quantum and classical key agreement protocols can be secure. © 2013 Springer-Verlag.Article Citation - WoS: 22Anonymity and One-Way Authentication in Key Exchange Protocols(Springer Verlag, 2013) Goldberg, Ian; Stebila, Douglas; Ustaoğlu, BerkantKey establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity. © 2012 Springer Science+Business Media, LLC.