Abstract-The secret keys of critical network authoritiessuch as time, name, certificate, and software update services -represent high-value targets for hackers, criminals, and spy agencies wishing to use these keys secretly to compromise other hosts. To protect authorities and their clients proactively from undetected exploits and misuse, we introduce CoSi, a scalable witness cosigning protocol ensuring that every authoritative statement is validated and publicly logged by a diverse group of witnesses before any client will accept it. A statement S collectively signed by W witnesses assures clients that S has been seen, and not immediately found erroneous, by those W observers. Even if S is compromised in a fashion not readily detectable by the witnesses, CoSi still guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to risk that the compromise will soon be detected by one of the W witnesses. Because clients can verify collective signatures efficiently without communication, CoSi protects clients' privacy, and offers the first transparency mechanism effective against persistent man-inthe-middle attackers who control a victim's Internet access, the authority's secret key, and several witnesses' secret keys. CoSi builds on existing cryptographic multisignature methods, scaling them to support thousands of witnesses via signature aggregation over efficient communication trees. A working prototype demonstrates CoSi in the context of timestamping and logging authorities, enabling groups of over 8,000 distributed witnesses to cosign authoritative statements in under two seconds.
Developing predictive animal models to assess how candidate vaccines and infection influence the ontogenies of Envelope (Env)-specific antibodies is critical for the development of an HIV vaccine. Here we use two nonhuman primate models to compare the roles of antigen persistence, diversity and innate immunity. We perform longitudinal analyses of HIV Env-specific B-cell receptor responses to SHIVAD8 infection and Env protein vaccination with eight different adjuvants. A subset of the SHIVAD8-infected animals with higher viral loads and greater Env diversity show increased neutralization associated with increasing somatic hypermutation (SHM) levels over time. The use of adjuvants results in increased ELISA titres but does not affect the mean SHM levels or CDR H3 lengths. Our study shows how the ontogeny of Env-specific B cells can be tracked, and provides insights into the requirements for developing neutralizing antibodies that should facilitate translation to human vaccine studies.
The goal of an effective AIDS vaccine is to generate immunity that will prevent human immunodeficiency virus 1 (HIV-1) acquisition. Despite limited progress toward this goal, renewed optimism has followed the recent success of the RV144 vaccine trial in Thailand. However, the lack of complete protection in this trial suggests that breakthroughs, where infection occurs despite adequate vaccination, will be a reality for many vaccine candidates. We previously reported that neutralizing antibodies elicited by DNA prime-recombinant adenovirus serotype 5 (rAd5) boost vaccination with simian immunodeficiency virus strain mac239 (SIVmac239) Gag-Pol and Env provided protection against pathogenic SIVsmE660 acquisition after repeated mucosal challenge. Here, we report that SIV-specific CD8 + T cells elicited by that vaccine lowered both peak and set-point viral loads in macaques that became infected despite vaccination. These SIV-specific CD8 + T cells showed strong virus-inhibitory activity (VIA) and displayed an effector memory (EM) phenotype. VIA correlated with high levels of CD107a mobilization and perforin expression in SIV-specific CD8 + T cells. Remarkably, both the frequency and the number of Gag CM9-specific public clonotypes were strongly correlated with VIA mediated by EM CD8 + T cells. The ability to elicit such virus-specific EM CD8 + T cells might contribute substantially to an efficacious HIV/AIDS vaccine, even after breakthrough infection.
With recent advances in virtual computing and the revelation that compute-intensive tasks run well on system virtual machines (VMs), the ability to develop, deploy, and manage distributed systems has been ameliorated. This paper explores the design space of VM-based sandboxes where the following techniques that facilitate the deployment of secure nodes in Widearea Overlays of virtual Workstations (WOWs) are employed: DHCP-based virtual IP address allocation, self-configuring virtual networks supporting peer-to-peer NAT traversal, stacked file systems, and IPsec-based host authentication and end-to-end encryption of communication channels.Experiments with implementations of single-image VM sandboxes, which incorporate the above features and are easily deployable on hosted I/O VMMs, show execution time overheads of 10.6% or less for a batchoriented CPU-intensive benchmark.
Some anonymity schemes might in principle protect users from pervasive network surveillance-but only if all messages are independent and unlinkable. Users in practice often need pseudonymity-sending messages intentionally linkable to each other but not to the sender-but pseudonymity in dynamic networks exposes users to intersection attacks. We present Buddies, the first systematic design for intersection attack resistance in practical anonymity systems. Buddies groups users dynamically into buddy sets, controlling message transmission to make buddies within a set behaviorally indistinguishable under traffic analysis. To manage the inevitable tradeoffs between anonymity guarantees and communication responsiveness, Buddies enables users to select independent attack mitigation policies for each pseudonym. Using trace-based simulations and a working prototype, we find that Buddies can guarantee non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for both short-lived and long-lived pseudonyms.
Virtual networks (VNs) provide methods that simplify resource management, deal with connectivity constraints, and support legacy applications in distributed systems, by enabling global addressability of VN-connected machines through either a common layer 2 Ethernet or a NAT-free layer 3 IP network. This paper presents a novel VN design that supports dynamic, seamless addition of new resources with emphasis on scalability in a unified private IP address space. Key features of this system are: (1) Scalable connectivity via a P2P overlay with the ability to bypass overlay routing in LAN communications, (2) support for static and dynamic address allocation in conjunction with virtual nameservers through a distributed data store, and (3) support for transparent migration of IP endpoints across widearea networks.The approach is validated by a prototype implementation which has been deployed in grid and cloud environments. We present both a quantitative and qualitative discussion of our findings.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.