Jean-Marc Robert

Privacy amplification by public discussion

In this paper, we investigate how the use of a channel with perfect authenticity but no privacy can be used to repair the defects of a channel with imperfect privacy but no authenticity. More preci...

All-or-nothing disclosure of secrets

Alice disposes of some number of secrets. She is willing to disclose one of them to Bob. Although she agrees to let him choose wich secret he wants, she is not willing to allow him to gain any information on more than one secret. On the other hand, Bob does not want Alice to know which secret he wishes. This is a useful building block in crypto-protocols. For instance, it can be used to easily implement a multi-party mental Poker protocol similar to that of [Cr1], i.e. : safe against player coalitions. An all-or-nothing disclosure is one by which, as soon as Bob has gained any information whatsoever on one of Alice’s secrets, he has wasted his chances to learn anything about the other secrets. In particular, it must be impossible for Bob to gain joint information on several secrets, such as their exclusive-or. Notice that this is crucial, because it is well-known in classical cryptography that the exclusive-or of two plaintext English messages allows easy recovery of them both, just as a running stream Vigenère would [D].

Empirical Study on Collaborative Writing: What Do Co-authors Do, Use, and Like?

How do people work when they are collaborating to write a document? What kind of tools do they use and, in particular, do they resort to groupware for this task? Forty-one people filled out a questionnaire placed on the World Wide Web. In spite of the existence of specialized collaborative writing tools, most respondents reported using individual word processors and email as their main tools for writing joint documents. Respondents noted the importance of functions such as change tracking, version control, and synchronous work for collaborative writing tools. This study also confirmed the great variability that exists between collaborative writing projects, whether it be group membership, management, writing strategy, or scheduling issues.

Information theoretic reductions among disclosure problems

Alice disposes of some number of secrets. She is willing to disclose one of them to Bob. Although she agrees to let him choose which secret he wants, she is not willing to allow him to gain any information on more than one secret. On the other hand, Bob does not want Alice to know which secret he wishes. An all-or-nothing disclosure is one by which, as soon as Bob has gained any information whatsoever on one of Alices secrets, he has wasted his chances to learn anything about the other secrets. We assume that Alice is honest when she claims to be willing to disclose one secret to Bob (i.e. she is not about to send junk). The only cheating Alice is susceptible of trying is to figure out which secret is of interest to Bob. We address the following question from an information theoretic point of view: what is the most elementary disclosure problem? The main result is that the general all-or-nothing disclosure of secrets is equivalent to a much simpler problem, which we call the two-bit problem.

Security and usability: the case of the user authentication methods

The usability of security systems has become a major issue in research on the efficiency and user acceptance of security systems. The authentication process is essential for controlling the access to various resources and facilities. The design of usable yet secure user authentication methods raises crucial questions concerning how to solve conflicts between security and usability goals.

Investigating mobile payment: supporting technologies, methods, and use

In this paper we present a classification of mobile payment methods with their characteristics, advantages and disadvantages, and the results of a questionnaire-based survey on the interest of 130 youths in mobile payment for a movie ticket purchase service. We describe four mobile payment methods: Internet payment method, point of sale mobile payment method, payments for mobile commerce applications, and person-to-person mobile payment. The main results of the survey show that 76% of the respondents would be interested in buying movie tickets with a mobile phone, and 78% would use a service whereby their buying transactions would be charged on their mobile carrier bill.

Worm epidemics in high-speed networks

Future worm epidemics might spread at unprecedented rates in high-speed networks. A comprehensive automated defense system will be the only way to contain new threats but could be too risky to implement without more reliable detection accuracy and better real-time traffic analysis. Although researchers continue to work on improving worm detection accuracy and real-time traffic analysis, a practical solution thus far remains elusive. One possible alternative is to try to prevent a worm from spreading rather than react to an existing epidemic.

Trust in new decision aid systems

One of the main challenges to face concerning the safe utilization of new technologies in complex systems concerns the level of trust the operators have in the system. Danger exists when the operators have a low level of trust in it, as well as it also exists when they overtrust the system. This paper presents an extensive review of theoretical, empirical, and experimental studies on trust in systems. Its goal is to help system designers by proposing a set of design rules and guidelines on how to support appropriate trust tuning in new decision aid systems.

Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures?

Botnets, in particular the Storm botnet, have been garnering much attention as vehicles for Internet crime. Storm uses a modified version of Overnet, a structured peer-to-peer (P2P) overlay network protocol, to build its command and control (C&C) infrastructure. In this study, we use simulation to determine whether there are any significant advantages or disadvantages to employing structured P2P overlay networks for botnet C&C, in comparison to using unstructured P2P networks or other complex network models. First, we identify some key measures to assess the C&C performance of such infrastructures, and employ these measures to evaluate Overnet, Gnutella (a popular, unstructured P2P overlay network), the Erdős-Renyi random graph model and the Barabasi-Albert scale-free network model. Further, we consider the three following disinfection strategies: a) a randomstrategy that, with effort, can remove randomly selected bots and uses no knowledge of the C&C infrastructure, b) a tree-likestrategy where local information obtained from a disinfected bot (e.g. its peer list) is used to more precisely disinfect new machines, and c) a globalstrategy, where global information such as the degree of connectivity of bots within the C&C infrastructure, is used to target bots whose disinfection will have maximum impact. Our study reveals that while Overnet is less robust to random node failures or disinfections than the other infrastructures modelled, it outperforms them in terms of resilience against the targeted disinfection strategies introduced above. In that sense, Storm designers seem to have made a prudent choice! This work underlines the need to better understand how P2P networks are used, and can be used, within the botnet context, with this domain being quite distinct from their more commonplace usages.

How the Web is used to support collaborative writing

We present 19 systems that have been developed over the past decade to support collaborative writing over the Web. The aim of this article is to present the state of the art on the use of the Web for collaborative writing and thus (1) help designers improve current systems or define future systems, and (2) help users choose the most appropriate system to support their needs. Among available systems, groups can select from tools to write a document (on- or off-line), collect comments about a document, or maintain a Web site. The lack of experimental data concerning Web-based applications forces designers to use other sources of information to guide their design choices, such as a list of functions that an ideal collaborative writing tool should offer. This list has revealed several potential points for improvement.