Aritra Dhar

Increasing Anonymity in Bitcoin

Bitcoin prevents double-spending using the blockchain, a public ledger kept with every client. Every single transaction till date is present in this ledger. Due to this, true anonymity is not present in bitcoin. We present a method to enhance anonymity in bitcoin-type cryptocurrencies. In the blockchain, each block holds a list of transactions linking the sending and receiving addresses. In our modified protocol the transactions (and blocks) do not contain any such links. Using this, we obtain a far higher degree of anonymity. Our method uses a new primitive known as composite signatures. Our security is based on the hardness of the Computation Diffie-Hellman assumption in bilinear maps.

100% connectivity for location aware code based KPD in clustered WSN: merging blocks

Key management in wireless sensor networks (WSN) is a challenging task because of the stringent resource available to the nodes. As such key predistribution (KPD) is regarded as one of the best option for key management in WSN. This work analyzes an existing work by Simonova et al. that makes use of deployment knowledge where the deployment zone consists of clusters of nodes. Transversal design (TD) based KPD scheme of Lee and Stinson is used to distribute the keys in these clusters. However Simonova et al. points out that any KPD could have been used. This leads the current authors to investigates the applicability of Ruj and Roys Reed Solomon (RS) code based KPD , similar to the TD based KPD in distributing the key in each cluster. Much like the TD based KPD, the RS code based KPD does not offer full connectivity among nodes in the clusters amounting to lack of full connectivity in the amalgamated network. Full connectivity among nodes in each cluster and thus the entire network can be achieved by a deterministically merging strategy using exactly two nodes. This merging strategy is certainly better than a random approach by Chakrabarti et al. where the exact number of nodes being merged is not specified and does not ensure full connectivity. Since the scheme of Simonova et al. uses too many keys after amalgamation, a modified approach using Cluster Head (CH) is proposed to provide full communication in the network. Comparative study establishes the proposed Cluster Head design perform better than the KPD of Simonova et al. while proving the efficiency of the merging strategy.

Connecting, scaling and securing RS code and TD based KPDs in WSNs: deterministic merging

Key management, one of the most challenging problems in Wireless Sensor Network (WSN) has been efficiently addressed using Key Predistribution (KPD) schemes. This paper analyzes a localized KPD based on the Transversal Design (TD) design or Reed Solomon (RS) codes schemes; later two shown to be similar. They lack full direct communications among their constituent nodes and so, rely on multi-hop involving other nodes reducing the overall efficiency of the system. The communication issue for TD or RS and hence the localized KPD gets resolved by Deterministic Merging of exactly two nodes. The weakness of `selective node attack of the merged designs, similar to their original KPDs, is overcome by invoking the novel trick of Sarkar emph{et al.} Simulation results confirm that the various network parameters of the proposed schemes improves significantly over a random counterpart among other existing schemes.

CoverUp: Privacy Through "Forced" Participation in Anonymous Communication Networks

Many privacy-enhancing technologies, in particular anonymous communication networks (ACNs) as a key building block, suffer from a lack of a sufficient number of participants. Without high user participation, ACNs are vulnerable to traffic analysis attacks. The only ACN with a high number of participants (around 1.5 million users) is Tor. Yet, Tor is prone to traffic analysis attacks traffic pattern attacks. While other ACNs have been proposed that are even secure against global attackers, they are not scalable and suffer from a low number of participants, since even a perfect ACN can at most hide a user among all participating users. These ACNs are in a vicious circle: the lack of participants leads to low degree of anonymity, and a low degree of anonymity makes these ACNs unattractive for users. In this work, we break this vicious cycle by studying the question: Can an anonymous communication network be strengthened by forced participation? What privacy guarantees and performance can such an ACN provide? We develop CoverUp, a system that forces visitors of highly accessed websites (entry servers) to become involuntary participants of an ACN. CoverUp triggers users to participate in a centralized, constant-rate mix by leveraging basic functionality of their browsers to execute (JavaScript) code served by the entry servers. Candidates for entry servers could be universities or news sites. They would let a distinct CoverUp server provide (via an iframe) JavaScript code to the end-users browsers, which in turn makes them participate in the ACN via a mix server. Visitors of these entry servers websites become (involuntary) participants of an ACN, creating cover traffic for voluntary participants. For voluntary participants, we developed a browser extension that renders their CoverUp requests indistinguishable from the cover traffic of involuntary participants. We build two applications on top of CoverUp: an anonymous feed and a chat-both use an additional external CoverUp application. As the feed is uni-directional, we do not need to trust more than the clients machine. As the chat is bi-directional, we do need to trust the CoverUp and the mix server. We show that both achieve practical performance and strong privacy properties via experimental evaluations and an analysis. CoverUp renders voluntary and involuntary participants indistinguishable, thereby including all voluntary and involuntary participants into an anonymity set. Given this, CoverUp provides even more than mere anonymity: the voluntary participants can hide the very intention to use the ACN. As the concept of forced participation raises ethical and legal concerns, we discuss these concerns and describe how these can be addressed.

CLOTHO: saving programs from malformed strings and incorrect string-handling

Software is susceptible to malformed data originating from untrusted sources. Occasionally the programming logic or constructs used are inappropriate to handle the varied constraints imposed by legal and well-formed data. Consequently, softwares may produce unexpected results or even crash. In this paper, we present CLOTHO, a novel hybrid approach that saves such softwares from crashing when failures originate from malformed strings or inappropriate handling of strings. CLOTHO statically analyses a program to identify statements that are vulnerable to failures related to associated string data. CLOTHO then generates patches that are likely to satisfy constraints on the data, and in case of failures produces program behavior which would be close to the expected. The precision of the patches is improved with the help of a dynamic analysis. We have implemented CLOTHO for the JAVA String API, and our evaluation based on several popular open-source libraries shows that CLOTHO generates patches that are semantically similar to the patches generated by the programmers in the later versions. Additionally, these patches are activated only when a failure is detected, and thus CLOTHO incurs no runtime overhead during normal execution, and negligible overhead in case of failures.

T act B ack : VibroTactile braille output using smartphone and smartwatch for visually impaired

In this paper, we present TactBack, a novel way to haptically represent braille characters on a off-the-shelf mobile device and a smartwatch using vibration. TactBack can be used for a wide variety of scenarios such as training braille characters to the deaf-blind, providing secure non-audio feedback for pin/password entry, and as an educational tool for learning braille. We discuss the details of design and implementation of TactBack, and report on a preliminary user study with 15 participants. Our evaluation shows that participants could recognize individual braille characters with minimal training using TactBack. We present some of the scenarios where TactBack could provide substantial benefit over traditional talkback.

Code based KPD scheme with full connectivity: deterministic merging

Key PreDistribution (KPD) is one of the standard key management techniques of distributing the symmetric cryptographic keys among the resource constrained nodes of a Wireless Sensor Network (WSN). To optimize the security and energy in a WSN, the nodes must possess common key(s) between themselves. However there exists KPDs like the Reed Solomon (RS) code based schemes, which lacks this property. The current work proposes a deterministic method of overcoming this hazard by merging exactly two nodes of the said KPD to form blocks. The resultant merged block network is fully connected and comparative results exhibit the improvement achieved over existing schemes. Further analysis reveal that this concept can yield larger networks with small key rings.