International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2014-12-16
06:04 [PhD][Update] Christophe Tartary: Authentication for Multicast Authentication

  Name: Christophe Tartary
Topic: Authentication for Multicast Authentication
Category:cryptographic protocols

Description:

Multicast communication enables the distribution of digital content from a single source to a large audience via a public channel such as the Internet. Broadcasting has applications in sensor networks, pay-TV, software updates and military defense systems to name a few. As these applications will distribute private or sensitive information, multicast protocols must provide data origin authentication as well as data confidentiality. In this thesis, we focus our investigations on ensuring authentication of the data source.

Large-scale broadcasts normally do not repeat lost contents since the loss of any piece of data could generate a prohibitive number of redistribution requests at the sender. In addition, the communication channel can be under the control of adversaries performing malicious actions on the data stream. Thus, the security of authentication protocols relies on two aspects: the opponents' computational powers and the network properties. Cryptographic protocols without a security proof cannot be considered as secure in practice as many constructions originally thought secure were successfully broken. Many unconditionally secure schemes were designed. Unfortunately their optimal security is at the cost of a large storage requirement or a one-time use which makes these constructions unsuitable for practical applications. In this work, we assume that the adversaries have polynomially bounded computational powers.

The purpose of this thesis is to design provable secure protocols providing non-repudiation of the origin of a data stream over an unsecured communication channel. We will emphasize that our constructions provide practical solutions to the stream authentication problem, i.e. the requirements of provable security are compatible with the settings of broadcasting.

[...]




2014-12-15
17:39 [Job][New] Postdoc, Microsoft Research

  I wanted to bring your attention to the availability of post-doc research positions at MSR Cambridge.

The Constructive Security team within Programming Principles and Tools devises formal techniques and models for understanding cryptographic primitives, protocols and security critical systems, and develops related implementation technology. Our approach is informed by code-based cryptographic reasoning as well as cutting-edge language-based security and program verification. We are looking for exceptional postdoctoral research candidates to join our vibrant research community.

MSR Cambridge: http://research.microsoft.com/en-us/labs/cambridge/

Programming Principles and Tools: http://research.microsoft.com/ppt

Constructive Security: http://research.microsoft.com/security

To apply for a post-doc position, use the tool here: http://research.microsoft.com/en-us/jobs/fulltime/apply_researcher.aspx

The deadline for completed applications and references is January 5 – do start early so your referees can upload their letters in time.

It’s a good idea to drop me (markulf (at) microsoft.com) or Cedric (fournet (at) microsoft.com) an email too, to let us know you plan to apply.





2014-12-11
17:53 [Event][New] EUSIPCO: European Signal Processing Conference, Information Forensics and Security

  Submission: 13 February 2015
Notification: 22 May 2015
From August 31 to September 4
Location: Nice, France
More Information: http://www.eusipco2015.org/content/call-paper




2014-12-10
18:59 [PhD][New]

 

18:58 [PhD][New]

 

18:57 [PhD][New] Miklos Santha

  Name: Miklos Santha


18:57 [PhD][Update] Henri Gilbert: Cryptanalyse des algorithmes de chiffrement symétrique

  Name: Henri Gilbert
Topic: Cryptanalyse des algorithmes de chiffrement symétrique
Category:secret-key cryptography



15:32 [Job][New] Ph.D. student and Post-Doc, University of Luxembourg

  The Laboratory of Algorithms, Cryptology and Security (LACS) at the University of Luxembourg is looking for one post-doc and one Ph.D. student to work on a new project on Fully Homomorphic Encryption (FHE). The goal is to improve existing FHE schemes, and possibly design and implement new ones.

The post-doc candidate should have a Ph.D. in cryptography. Experience with FHE is a plus but not a necessity. The Ph.D. candidate should have a master in computer science or in mathematics. Both positions are for three years.

To apply please follow the link below.

Ph.D. student: http://recruitment.uni.lu/en/details.html?nPostingTargetID=5414

Post-doc: http://recruitment.uni.lu/en/details.html?nPostingTargetId=5426



15:32 [Job][New] Postdoc, Saarland University, Germany

  Starting 2015 the Information Security & Cryptography Group at Saarland

University, Germany, has several open positions for postdocs and we are

looking forward to your application.

Our major current research focus is on the recently awarded ERC Synergy

Grant imPACT, which aims at providing foundations for privacy,

accountability, compliance and trust in the Internet of the Future,

including cutting-edge methods and tools for assessing and enhancing

customer privacy.

You have the chance to work at one of Europe\'s top sites for IT security

and privacy research, in the beautiful region between Germany, France

and Luxembourg with a high quality of life. Postdocs are paid employees

of Saarland University. Salary and employment conditions are attractive.

We encourage the application of outstanding PhDs in computer science or

IT security, who would like to work with us in the field of next

generation privacy techniques. The positions start from February 1, 2015

or later and are funded for two years, with a possible extension by one

year. We solicit applications by January 15, 2015, but we will consider

applications until the positions are filled. Applications should include a

curriculum vitae, a brief description of research interests, three

selected own publications, and, if available, letters of recommendation.

Applications and informal inquiries should be sent to Michael Backes at

the following email address: application-erc (at) mail-infsec.cs.uni-saarland.de

Further information:

Center for IT Security, Privacy and Accountability - http://cispa.saarland

Information Security & Cryptography Group -

http://www.infsec.cs.uni-saarland.de

ERC Synergy Grant imPACT - http://www.impact-erc.eu



04:17 [Pub][ePrint] Undermining Isolation through Covert Channels in the Fiasco.OC Microkernel, by Michael Peter and Jan Nordholz and Matthias Petschick and Janis Danisevskis and Julian Vetter and Jean-Pierre Seifert

  In the new age of cyberwars, system designers have

come to recognize the merits of building critical systems on top

of small kernels for their ability to provide strong isolation at

system level. This is due to the fact that enforceable isolation is

the prerequisite for any reasonable security policy. Towards this

goal we examine some internals of Fiasco.OC, a microkernel of

the prominent L4 family. Despite its recent success in certain highsecurity

projects for governmental use, we prove that Fiasco.OC

is not suited to ensure strict isolation between components meant

to be separated.

Unfortunately, in addition to the construction of system-wide

denial of service attacks, our identified weaknesses of Fiasco.OC

also allow covert channels across security perimeters with high

bandwidth. We verified our results in a strong affirmative way

through many practical experiments. Indeed, for all potential use

cases of Fiasco.OC we implemented a full-fledged system on its

respective archetypical hardware: Desktop server/workstation on

AMD64 x86 CPU, Tablet on Intel Atom CPU, Smartphone on

ARM Cortex A9 CPU. The measured peak channel capacities

ranging from 13500 bits/s (Cortex-A9 device) to 30500 bits/s

(desktop system) lay bare the feeble meaningfulness of Fiasco.

OC\'s isolation guarantee. This proves that Fiasco.OC cannot

be used as a separation kernel within high-security areas.



04:17 [Pub][ePrint] Statistical weakness in Spritz against VMPC-R: in search for the RC4 replacement, by Bartosz Zoltak

  We found a statistical weakness in the Spritz algorithm designed by Ronald L. Rivest and Jacob C. N. Schuldt. For N=8: Prob(output(x)=output(x+2)) = 1/N + 0.000498. The bias becomes statistically significant (for N=8) after observing about 2^21.9 outputs. Analogous bias occurs for N=16. We propose an algorithm (VMPC-R) which for N=8 produced 2^46.8 (31 million times more) outputs which remained undistinguishable from random in the same battery of tests. Supported by a series of additional statistical tests and security analyses we present VMPC-R as an algorithm we hope can be considered a worthwhile replacement for RC4.