Information Security Commons^™

On The Cryptographic Deniability Of The Signal Protocol, Nihal Vatandas

Dissertations, Theses, and Capstone Projects

Offline deniability is the ability to a posteriori deny having participated in a particular communication session. This property has been widely assumed for the Signal messaging application, yet no formal proof has appeared in the literature. In this work, we present the first formal study of the offline deniability of the Signal protocol. Our analysis shows that building a deniability proof for Signal is non-trivial and requires strong assumptions on the underlying mathematical groups where the protocol is run.

To do so, we study various implicitly authenticated key exchange protocols, including MQV, HMQV, and 3DH/X3DH, the latter being the core …

Witness-Authenticated Key Exchange, Kelsey G. Melissaris

Dissertations, Theses, and Capstone Projects

In this dissertation we investigate Witness-Authenticated Key Exchange (WAKE), a key agreement protocol in which each party is authenticated through knowledge of a witness to an arbitrary NP statement. We provide both game-based and universally composable definitions. Thereby, this thesis presents solutions for the most flexible and general method of authentication for group key exchange, providing simple constructions from (succinct) signatures of knowledge (SOK) and a two round UC-secure protocol.

After a discussion of flaws in previous definitions for WAKE we supply a new and improved game-based definition along with the first definition for witness-authenticated key exchange between groups of …

Formal Verification Applications For The Treekem Continuous Group Key Agreement Protocol, Alexander J. Washburn

Theses and Dissertations

The features of Secure Group Messaging, the security guarantees of Message Layer Security, and the TreeKEM protocol designed to satisfy these guarantees and features are explored. A motivation and methodology for verification via explicit model checking is presented. Subsequently, a translation of the TreeKEM protocol into a Promela reference model is described, examining the nuances explicit model checking brings. Finally the results of the formal verification methods are discussed.

An Adaptive Cryptosystem On A Finite Field, Awnon Bhowmik, Unnikrishnan Menon

Publications and Research

Owing to mathematical theory and computational power evolution, modern cryptosystems demand ingenious trapdoor functions as their foundation to extend the gap between an enthusiastic interceptor and sensitive information. This paper introduces an adaptive block encryption scheme. This system is based on product, exponent, and modulo operation on a finite field. At the heart of this algorithm lies an innovative and robust trapdoor function that operates in the Galois Field and is responsible for the superior speed and security offered by it. Prime number theorem plays a fundamental role in this system, to keep unwelcome adversaries at bay. This is a …

Shedding Light On Dark Patterns: A Case Study On Digital Harms, Noreen Y. Whysel

Publications and Research

You’ve been there before. You thought you could trust someone with a secret. You thought it would be safe, but found out later that they blabbed to everyone. Or maybe they didn’t share it, but the way they used it felt manipulative. You gave more than you got and it didn’t feel fair. But now that it’s out there, do you even have control anymore?

Ok. Now imagine that person was your supermarket. Or your bank. Or your boss.

As designers of digital spaces for consumer products and services, how often do we consider the relationship we have with our …

Lecture - Csci 275: Linux Systems Administration And Security, Moe Hassan, Nyc Tech-In-Residence Corps

Open Educational Resources

Lecture for CSCI 275: Linux Systems Administration and Security

The Internet Never Forgets: Image-Based Sexual Abuse And The Workplace, John Schriner, Melody Lee Rood

Publications and Research

Image-based sexual abuse (IBSA), commonly known as revenge pornography, is a type of cyberharassment that often results in detrimental effects to an individual's career and livelihood. Although there exists valuable research concerning cyberharassment in the workplace generally, there is little written about specifically IBSA and the workplace. This chapter examines current academic research on IBSA, the issues with defining this type of abuse, victim blaming, workplace policy, and challenges to victim-survivors' redress. The authors explore monetary motivation for websites that host revenge pornography and unpack how the dark web presents new challenges to seeking justice. Additionally, this chapter presents recommendations …

Csci 380 - Digital Operations And Cybersecurity Management (Syllabus), Eric Spector, Nyc Tech-In-Residence Corps

Open Educational Resources

Syllabus for the course "CSCI 380 - Digital Operations and Cybersecurity Management" delivered at the John Jay COllege in Spring 2020 by Eric Spector as part of the Tech-in-Residence Corps program.

Cis 356 - Fundamentals Of Cybersecurity And Intelligence Gathering, Fahad Chowdhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Syllabus for the course: CIS 356: "Fundamentals of Cybersecurity and Intelligence Gathering" delivered at Lehman College in Spring 2020 by Fahad Chowdhury as part of the Tech-in-Residence Corps program.

Cis 356: Fundamentals Of Cybersecurity And Intelligence Gathering - Case Study Assignment, Fahad Chowdhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Assignment for the course: CIS 356: Fundamentals of Cybersecurity and Intelligence Gathering - "Case Study Assignment" delivered at Lehman College in Spring 2020 by Fahad Chowdhury as part of the Tech-in-Residence Corps program.

Cis 356-Zi81: Intermediate-Level Topics In Computer Applications (Spring 2020), Fahad Choudhury, Nyc Tech-In-Residence Corps

Open Educational Resources

Syllabus for CIS 356-ZI81: Intermediate-Level Topics in Computer Applications (Spring 2020)

Technological Challenges And Innovations In Cybersecurity And Networking Technology Program, Syed R. Zaidi, Ajaz Sana, Aparicio Carranza

Publications and Research

This era is posing a unique challenge to the Cybersecurity and related Engineering Technology areas, stimulated by the multifaceted technological boom expressed in accelerated globalization, digital transformation, the cloud, mobile access apps, and the Internet of Things (IoT)—where more and more devices are connected to the Internet every day. As the use of new Internet-based technologies increase; so does the risk of theft and misuse of sensitive information. This demands the awareness of cyber-criminality and the need for cyber hygiene in corporations, small businesses, and the government. As the need for experienced cybersecurity specialists has skyrocketed in recent years and …

Weaving The Dark Web: Legitimacy On Freenet, Tor, And I2p, John Schriner

Publications and Research

This is a book review of Robert W. Gehl's Weaving the Dark Web: Legitimacy on Freenet, Tor, and I2P (2018). The book explores these anonymity networks and the concept of legitimacy throughout. Using a multidisciplinary approach and interviews with network-builders and users, Gehl helps to demystify the dark web and critically examine these networks and technologies.

Analysis Of A Group Of Automorphisms Of A Free Group As A Platform For Conjugacy-Based Group Cryptography, Pavel Shostak

Dissertations, Theses, and Capstone Projects

Let F be a finitely generated free group and Aut(F) its group of automorphisms.

In this monograph we discuss potential uses of Aut(F) in group-based cryptography.

Our main focus is on using Aut(F) as a platform group for the Anshel-Anshel-Goldfeld protocol, Ko-Lee protocol, and other protocols based on different versions of the conjugacy search problem or decomposition problem, such as Shpilrain-Ushakov protocol.

We attack the Anshel-Anshel-Goldfeld and Ko-Lee protocols by adapting the existing types of the length-based attack to the specifics of Aut(F). We also present our own version of the length-based attack that significantly increases the attack' success …

Revolution In Crime: How Cryptocurrencies Have Changed The Criminal Landscape, Igor Groysman

Student Theses

This thesis will examine the ways in which various cryptocurrencies have impacted certain traditional crimes. While crime is always evolving with technology, cryptocurrencies are a game changer in that they provide anonymous and decentralized payment systems which, while they can be tracked in a reactive sense via the blockchain, are seen by criminals as having better uses for them than traditional fiat currencies, such as the ability to send money relatively fast to another party without going through an intermediary, or the ability to obscure the origin of the money for money laundering purposes. Every week there are new cryptocurrencies …

Rationality And Efficient Verifiable Computation, Matteo Campanelli

Dissertations, Theses, and Capstone Projects

In this thesis, we study protocols for delegating computation in a model where one of the parties is rational. In our model, a delegator outsources the computation of a function f on input x to a worker, who receives a (possibly monetary) reward. Our goal is to design very efficient delegation schemes where a worker is economically incentivized to provide the correct result f(x). In this work we strive for not relying on cryptographic assumptions, in particular our results do not require the existence of one-way functions.

We provide several results within the framework of rational proofs introduced by Azar …

Building Test Anonymity Networks In A Cybersecurity Lab Environment, John Schriner

Student Theses

This paper explores current methods for creating test anonymity networks in a laboratory environment for the purpose of improving these networks while protecting user privacy. We first consider how each of these networks is research-driven and interested in helping researchers to conduct their research ethically. We then look to the software currently available for researchers to set up in their labs. Lastly we explore ways in which digital forensics and cybersecurity students could get involved with these projects and look at several class exercises that help students to understand particular attacks on these networks and ways they can help to …

The Legacy Of Multics And Secure Operating Systems Today, John Schriner

Publications and Research

This paper looks to the legacy of Multics from 1963 and its influence on computer security. It discusses kernel-based and virtualization-based containment in projects like SELinux and Qubes, respectively. The paper notes the importance of collaborative and research-driven projects like Qubes and Tor Project.

Secure And Efficient Delegation Of A Single And Multiple Exponentiations To A Single Malicious Server, Matluba Khodjaeva

Dissertations, Theses, and Capstone Projects

Group exponentiation is an important operation used in many cryptographic protocols, specifically public-key cryptosystems such as RSA, Diffie Hellman, ElGamal, etc. To expand the applicability of group exponentiation to computationally weaker devices, procedures were established by which to delegate this operation from a computationally weaker client to a computationally stronger server. However, solving this problem with a single, possibly malicious, server, has remained open since a formal cryptographic model was introduced by Hohenberger and Lysyanskaya in 2005. Several later attempts either failed to achieve privacy or only achieved constant security probability.

In this dissertation, we study and solve this problem …

Monitoring The Dark Web And Securing Onion Services, John Schriner

Publications and Research

This paper focuses on how researchers monitor the Dark Web. After defining what onion services and Tor are, we discuss tools for monitoring and securing onion services. As Tor Project itself is research-driven, we find that the development and use of these tools help us to project where use of the Dark Web is headed.

Rationality, Parapsychology, And Artificial Intelligence In Military And Intelligence Research By The United States Government In The Cold War, Guy M. Lomeo

Theses and Dissertations

A study analyzing the roles of rationality, parapsychology, and artificial intelligence in military and intelligence research by the United States Government in the Cold War. An examination of the methodology behind the decisions to pursue research in two fields that were initially considered irrational.

Cayley Graphs Of Semigroups And Applications To Hashing, Bianca Sosnovski

Dissertations, Theses, and Capstone Projects

In 1994, Tillich and Zemor proposed a scheme for a family of hash functions that uses products of matrices in groups of the form $SL_2(F_{2^n})$. In 2009, Grassl et al. developed an attack to obtain collisions for palindromic bit strings by exploring a connection between the Tillich-Zemor functions and maximal length chains in the Euclidean algorithm for polynomials over $F_2$.

In this work, we present a new proposal for hash functions based on Cayley graphs of semigroups. In our proposed hash function, the noncommutative semigroup of linear functions under composition is considered as platform for the scheme. We will also …

Cryptography With Right-Angled Artin Groups, Ramon Flores, Delaram Kahrobaei

Publications and Research

In this paper we propose right-angled Artin groups as a platform for secret sharing schemes based on the efficiency (linear time) of the word problem. Inspired by previous work of Grigoriev-Shpilrain in the context of graphs, we define two new problems: Subgroup Isomorphism Problem and Group Homomorphism Problem. Based on them, we also propose two new authentication schemes. For right-angled Artin groups, the Group Homomorphism and Graph Homomorphism problems are equivalent, and the later is known to be NP-complete. In the case of the Subgroup Isomorphism problem, we bring some results due to Bridson who shows there are right-angled Artin …

Technetium: Productivity Tracking For Version Control Systems, David Leonard

Dissertations and Theses

In recent years, the City College of New York has seen its Computer Science program grow immensely, to the point of overcrowding. This has negative implications for both students and professors, particularly in introductory computer science courses in which constant feedback, iteration and collaboration with others is key to success. In this paper we propose various models for collaboration among students in all course levels using distributed version control systems and implement a secure and efficient tool for visualizing collaborative efforts by observing past work [5]. Lastly, we lay the foundation for future work around additional collaborative metrics, features and …

An Approach To Automatic Detection Of Suspicious Individuals In A Crowd, Satabdi Mukherjee

Dissertations and Theses

This paper describes an approach to identify individuals with suspicious objects in a crowd. It is based on a well-known image retrieval problem as applied to mobile visual search. In many cases, the process of building a hierarchical tree uses k-means clustering followed by geometric verification. However, the number of clusters is not known in advance, and sometimes it is randomly generated. This may lead to a congested clustering which can cause problems in grouping large real-time data. To overcome this problem we have applied the Indian Buffet stochastic process approach in this paper to the clustering problem. We present …

Framing The Question, "Who Governs The Internet?", Robert J. Domanski

Publications and Research

There remains a widespread perception among both the public and elements of academia that the Internet is “ungovernable”. However, this idea, as well as the notion that the Internet has become some type of cyber-libertarian utopia, is wholly inaccurate. Governments may certainly encounter tremendous difficulty in attempting to regulate the Internet, but numerous types of authority have nevertheless become pervasive. So who, then, governs the Internet? This book will contend that the Internet is, in fact, being governed, that it is being governed by specific and identifiable networks of policy actors, and that an argument can be made as to …

Nearest Neighbor Search With Strong Location Privacy, Stavros Papadopoulos, Spiridon Bakiras, Dimitris Papadias

Publications and Research

The tremendous growth of the Internet has significantly reduced the cost of obtaining and sharing information about individuals, raising many concerns about user privacy. Spatial queries pose an additional threat to privacy because the location of a query may be sufficient to reveal sensitive information about the querier. In this paper we focus on k nearest neighbor (kNN) queries and define the notion of strong location privacy, which renders a query indistinguishable from any location in the data space. We argue that previous work fails to support this property for arbitrary kNN search. Towards this end, we introduce methods that …