– This work presents a software solution to the problem of remotely authenticating software during execution, which aims at assuring that the software is not changed prior to and during execution. The solution is based on a flow of idiosyncratic signatures that is generated by a function hidden in the software to be authenticated and validated by a remote computing component. The TrustedFlow™ a...

Securely associating, or“pairing,”wireless devices via out-ofband communication channels is a well established approach. Unfortunately, this technique is prone to human errors that lead to security problems such as man-in-the-middle attacks. To address this problem by motivating users, a previous proposal suggested the use of computer games. Games can make the pairing process rewarding, thus po...

Joux’s protocol [29] is a one round, tripartite key agreement protocol that is more bandwidth-efficient than any previous three-party key agreement protocol. But it is insecure, suffering from a simple man-inthe-middle attack. This paper shows how to make Joux’s protocol secure, presenting several tripartite, authenticated key agreement protocols that still require only one round of communicati...

In this paper we review and comment on “A novel protocol-authentication algorithm ruling out a man-in-the-middle attack in quantum cryptography”, [M. Peev et al., Int. J. Quant. Inform., 3, 225, (2005)]. In particular, we point out that the proposed primitive is not secure when used in a generic protocol, and needs additional authenticating properties of the surrounding quantum-cryptographic pr...

Building software systems is hard; evolving them is harder. Even with complete requirements, architecture and design documentation, comprehending a system, or even a part of a system, in such a way as to understand the implications of the changes we make is a difficult task. I believe that the separation of architecture from design helps us with the problem of system comprehension: identifying ...

Man-in-the-middle attacks in TLS due to compromised CAs have been mitigated by log-based PKI enhancements such as Certificate Transparency. However, these log-based schemes do not offer sufficient incentives to logs and monitors, and do not offer any actions that domains can take in response to CA misbehavior. We propose IKP, a blockchain-based PKI enhancement that offers automatic responses to...

Network level surveillance, censorship, and various man-in-the-middle attacks target only specific types of network traffic (e.g., HTTP, HTTPS, VoIP, or Email). Therefore packets of these types will likely receive ”special” treatment by a transit network or a man-in-the-middle attacker. A transit ISP or an attacker may pass the targeted traffic through special software or equipment to gather da...

Strong notions of security for unconditionally secure digital signature schemes (USDS) were recently proposed where security is defined based on notions of security in computationally–secure digital signatures. The traditional area of unconditionally secure authentication, however, is that of “authentication codes” (A–codes). Relations between primitives is central to cryptographic research. To...

As traditional oblivious transfer protocols are treated as cryptographic primitives in most cases, they are usually executed without the consideration of possible attacks, e.g., impersonation, replaying, and man-in-the-middle attacks. Therefore, when these protocols are applied in certain applications, such as mental poker game playing and fairly contracts signing, some extra mechanisms must be...

Nanoscale Zero Valent Iron (nZVI) represents a promising material for subsurface water remediation technology. However, dry, bare nZVI particles are highly reactive, being pyrophoric when they are in contact with air. The current trends of nZVI manufacturing lead to the surface passivation of dry nZVI particles with a thin oxide layer, which entails a decrease in their reactivity. In this work ...