Danilo Gligoroski

Danilo Gligoroski, Mayank Raikwar, Sonu Kumar Jha

Recent advancements in Large Language Models (LLMs) have transformed communication, yet their role in secure messaging remains underexplored, especially in surveillance-heavy environments. At the same time, many governments all over the world are proposing legislation to detect, backdoor, or even ban encrypted communication. That emphasizes the need for alternative ways to communicate securely and covertly over open channels. We propose a novel cryptographic embedding framework that enables covert Public Key or Symmetric Key encrypted communication over public chat channels with humanlike produced texts. Some unique properties of our framework are: 1. It is LLM agnostic, i.e., it allows participants to use different local LLM models independently; 2. It is pre- or post-quantum agnostic; 3. It ensures indistinguishability from human-like chat-produced texts. Thus, it offers a viable alternative where traditional encryption is detectable and restricted.

Danilo Gligoroski

By analogy with the developed cryptographic theory of discrete logarithm problems, we define several hard problems in Entropoid based cryptography, such as Discrete Entropoid Logarithm Problem (DELP), Computational Entropoid Diffie-Hellman problem (CEDHP), and Decisional Entropoid Diffie-Hellman Problem (DEDHP). We post a conjecture that DEDHP is hard in Sylow $q$-subquasigroups. Next, we instantiate an entropoid Diffie-Hellman key exchange protocol. Due to the non-commutativity and non-associativity, the entropoid based cryptographic primitives are supposed to be resistant to quantum algorithms. At the same time, due to the proposed succinct notation for the power indices, the communication overhead in the entropoid based Diffie-Hellman key exchange is very low: for 128 bits of security, 64 bytes in total are communicated in both directions, and for 256 bits of security, 128 bytes in total are communicated in both directions. Our final contribution is in proposing two entropoid based digital signature schemes. The schemes are constructed with the Fiat-Shamir transformation of an identification scheme which security relies on a new hardness assumption: computing roots in finite entropoids is hard. If this assumption withstands the time's test, the first proposed signature scheme has excellent properties: for the classical security levels between 128 and 256 bits, the public and private key sizes are between 32 and 64, and the signature sizes are between 64 and 128 bytes. The second signature scheme reduces the finding of the roots in finite entropoids to computing discrete entropoid logarithms. In our opinion, this is a safer but more conservative design, and it pays the price in doubling the key sizes and the signature sizes. We give a proof-of-concept implementation in SageMath 9.2 for all proposed algorithms and schemes in an appendix.

Simen Haga, Ali Esmaeily, Katina Kralevska et al.

The fifth-generation (5G) mobile networks aim to host different types of services on the same physical infrastructure. Network slicing is considered as the key enabler for achieving this goal. Although there is some progress in applying and implementing network slicing in the context of 5G, the security and performance of network slicing still have many open research questions. In this paper, we propose the first OSM-WireGuard framework and its lifecycle. We implement the WireGuard secure network tunneling protocol in a 5G network to provide a VPN-as-a-Service (VPNaaS) functionality for virtualized network functions. We demonstrate that OSM instantiates WireGuard-enabled services up and running in 4 min 26 sec, with potential the initialization time to go down to 2 min 44 sec if the operator prepares images with a pre-installed and up-to-date version of WireGuard before the on-boarding process. We also show that the OSM-WireGuard framework provides considerable enhancement of up to 5.3 times higher network throughput and up to 41% lower latency compared to OpenVPN. The reported results show that the proposed framework is a promising solution for providing traffic isolation with strict latency and throughput requirements.

Anton Hasselgren, Paul Kengfai Wan, Margareth Horn et al.

The transparent and decentralized characteristics associated with blockchain can be both appealing and problematic when applied to a healthcare use-case. As health data is highly sensitive, it is also highly regulated to ensure the privacy of patients. At the same time, access to health data and interoperability is in high demand. Regulatory frameworks such as GDPR and HIPAA are, amongst other objectives, meant to contribute to mitigating the risk of privacy violations in health data. Blockchain features can likely improve interoperability and access control to health data, and at the same time, preserve or even increase, the privacy of patients. Blockchain applications should address compliance with the current regulatory framework to increase real-world feasibility. This exploratory work indicates that published proof-of-concepts in the health domain comply with GDRP, to an extent. Blockchain developers need to make design choices to be compliant with GDPR since currently, none available blockchain platform can show compliance out of the box.

Katrine Wist, Malene Helsem, Danilo Gligoroski

The use of container technology has skyrocketed during the last few years, with Docker as the leading container platform. Docker's online repository for publicly available container images, called Docker Hub, hosts over 3.5 million images at the time of writing, making it the world's largest community of container images. We perform an extensive vulnerability analysis of 2500 Docker images. It is of particular interest to perform this type of analysis because the vulnerability landscape is a rapidly changing category, the vulnerability scanners are constantly developed and updated, new vulnerabilities are discovered, and the volume of images on Docker Hub is increasing every day. Our main findings reveal that (1) the number of newly introduced vulnerabilities on Docker Hub is rapidly increasing; (2) certified images are the most vulnerable; (3) official images are the least vulnerable; (4) there is no correlation between the number of vulnerabilities and image features (i.e., number of pulls, number of stars, and days since the last update); (5) the most severe vulnerabilities originate from two of the most popular scripting languages, JavaScript and Python; and (6) Python 2.x packages and jackson-databind packages contain the highest number of severe vulnerabilities. We perceive our study as the most extensive vulnerability analysis published in the open literature in the last couple of years.

Jens-Andreas Hanssen Rensaa, Danilo Gligoroski, Katina Kralevska et al.

Patients living in a digitized world can now interact with medical professionals through online services such as chat applications, video conferencing or indirectly through consulting services. These applications need to tackle several fundamental trust issues: 1. Checking and confirming that the person they are interacting with is a real person; 2. Validating that the healthcare professional has competence within the field in question; and 3. Confirming that the healthcare professional has a valid license to practice. In this paper, we present VerifyMed -- the first proof-of-concept platform, built on Ethereum, for transparently validating the authorization and competence of medical professionals using blockchain technology. Our platform models trust relationships within the healthcare industry to validate professional clinical authorization. Furthermore, it enables a healthcare professional to build a portfolio of real-life work experience and further validates the competence by storing outcome metrics reported by the patients. The extensive realistic simulations show that with our platform, an average cost for creating a smart contract for a treatment and getting it approved is around 1 USD, and the cost for evaluating a treatment is around 50 cents.

Mayank Raikwar, Danilo Gligoroski, Goran Velinov

This work is about the mutual influence between two technologies: Databases and Blockchain. It addresses two questions: 1. How the database technology has influenced the development of blockchain technology?, and 2. How blockchain technology has influenced the introduction of new functionalities in some modern databases? For the first question, we explain how database technology contributes to blockchain technology by unlocking different features such as ACID (Atomicity, Consistency, Isolation, and Durability) transactional consistency, rich queries, real-time analytics, and low latency. We explain how the CAP (Consistency, Availability, Partition tolerance) theorem known for databases influenced the DCS (Decentralization, Consistency, Scalability) theorem for the blockchain systems. By using an analogous relaxation approach as it was used for the proof of the CAP theorem, we postulate a "DCS-satisfiability conjecture." For the second question, we review different databases that are designed specifically for blockchain and provide most of the blockchain functionality like immutability, privacy, censorship resistance, along with database features.

Mayank Raikwar, Danilo Gligoroski, Katina Kralevska

The underlying fundaments of blockchain are cryptography and cryptographic concepts that provide reliable and secure decentralized solutions. Although many recent papers study the use-cases of blockchain in different industrial areas, such as finance, health care, legal relations, IoT, information security, and consensus building systems, only few studies scrutinize the cryptographic concepts used in blockchain. To the best of our knowledge, there is no Systematization of Knowledge (SoK) that gives a complete picture of the existing cryptographic concepts which have been deployed or have the potential to be deployed in blockchain. In this paper, we thoroughly review and systematize all cryptographic concepts which are already used in blockchain. Additionally, we give a list of cryptographic concepts which have not yet been applied but have big potentials to improve the current blockchain solutions. We also include possible instantiations of these cryptographic concepts in the blockchain domain. Last but not least, we explicitly postulate 21 challenging problems that cryptographers interested in blockchain can work on.

Danilo Gligoroski, Kristian Gjosteen, Katina Kralevska

Orthogonal and quasi-orthogonal matrices have a long history of use in digital image processing, digital and wireless communications, cryptography and many other areas of computer science and coding theory. The practical benefits of using orthogonal matrices come from the fact that the computation of inverse matrices is avoided, by simply using the transpose of the orthogonal matrix. In this paper, we introduce a new family of matrices over finite fields that we call \emph{Quasi-Binary and Quasi-Orthogonal Matrices}. We call the matrices quasi-binary due to the fact that matrices have only two elements $a, b \in \mathbb{F}_q$, but those elements are not $0$ and $1$. In addition, the reason why we call them quasi-orthogonal is due to the fact that their inverses are obtained not just by a simple transposition, but there is a need for an additional operation: a replacement of $a$ and $b$ by two other values $c$ and $d$. We give a simple relation between the values $a, b, c$ and $d$ for any finite field and especially for finite fields with characteristic 2. Our construction is based on incident matrices from cyclic Latin Rectangles and the efficiency of the proposed algorithm comes from the avoidance of matrix-matrix or matrix-vector multiplications.

Simona Samardjiska, Danilo Gligoroski

We introduce a new family of binary linear codes suitable for steganographic matrix embedding. The main characteristic of the codes is the staircase random block structure of the generator matrix. We propose an efficient list decoding algorithm for the codes that finds a close codeword to a given random word. We provide both theoretical analysis of the performance and stability of the decoding algorithm, as well as practical results. Used for matrix embedding, these codes achieve almost the upper theoretical bound of the embedding efficiency for covers in the range of 1000 - 1500 bits, which is at least an order of magnitude smaller than the values reported in related works.