Month: February 2019

DOCSDN: Dynamic and Optimal Configuration of Software-Defined Networks

New work on finding good network configurations with Tim, Devon, and Laurent.  This will appear this year at ACISP.

Abstract—Networks are designed with functionality, security, performance, and cost in mind. Tools exist to check or optimize individual properties of a network. These properties may conflict, so it is not always possible to run these tools in series to find a configuration that meets all requirements. This leads to network administrators manually searching for a configuration.

This need not be the case. In this paper, we introduce a layered framework for optimizing network configuration for functional and security requirements. Our framework is able to output configurations that meet reachability, bandwidth, and risk requirements. Each layer of our framework optimizes over a single property. A lower layer can constrain the search problem of a higher layer allowing the framework to converge on a joint solution.

Our approach has the most promise for software-defined networks which can easily reconfigure their logical configuration. Our approach is validated with experiments over the fat tree topology, which is commonly used in data center networks. Search terminates in between 1-5 minutes in experiments. Thus, our solution can propose new configurations for short term events such as defending against a focused network attack.

Iris Segmentation using CNNs

Sohaib (who’s awesome!) just gave his first presentation on performing iris segmentation using fully convolutional neural nets. The paper was published at AMV 2018 which is a workshop at ACCV.

AbstractThe extraction of consistent and identifiable features from an image of the human iris is known as iris recognition. Identifying which pixels belong to the iris, known as segmentation, is the first stage of iris recognition. Errors in segmentation propagate to later stages. Current segmentation approaches are tuned to specific environments. We propose using a convolution neural network for iris segmentation. Our algorithm is accurate when trained in a single environment and tested in multiple environments. Our network builds on the Mask R-CNN framework (He et al., ICCV 2017). Our approach segments faster than previous approaches including the Mask R-CNN network. Our network is accurate when trained on a single environment and tested with a different sensors (either visible light or near-infrared). Its accuracy degrades when trained with a visible light sensor and tested with a near-infrared sensor (and vice versa). A small amount of retraining of the visible light model (using a few samples from a near-infrared dataset) yields a tuned network accurate in both settings. For training and testing, this work uses the Casia v4 Interval, Notre Dame 0405, Ubiris v2, and IITD datasets.

Non-malleable digital Lockers

This is a paper I’m very excited about with Peter Fenteany, a great undergrad at UConn.

Abstract: An obfuscated program reveals nothing about its design other than its input/output behavior. A digital locker is an obfuscated program that outputs a stored cryptographic key if and only if a user enters a previously stored password. A digital locker is private if it provides an adversary with no information with high probability. An ideal digital locker would also prevent an adversary from mauling an obfuscation on one password and key into a new program that obfuscates a related password or key. Such a primitive is achievable in the random oracle model. Komargodski and Yogev (Eurocrypt, 2018) constructed a simpler primitive: a non-malleable point function which is a digital locker with no key.

This work describes the first non-malleable digital locker. This construction is built in two main steps:

  1. Constructing non-malleable digital lockers for short keys. We present one construction for a single bit key and a second for a logarithmic length keys. These constructions can be safely composed with the same input password. This composed construction is non-malleable with respect to the password. Security relies on variants of the strong and power DDH assumptions.
  2. An extension to polynomial length keys that additionally provides nonmalleability over the stored key. This extension combines the digital locker for short keys and non-malleable codes, and seed- dependent condensers. Our use of seed-dependent condensers require the password distribution to be efficient sampleable. The seed condenser must be public and random but programmability is not required.

Nonmalleability for the password is ensured for functions that can be represented as low degree polynomials. Key nonmalleability is ensured for the class of functions prevented by the non-malleable code.