Search for: All records

Abstract Quantum Key Distribution allows two parties to establish a secret key that is secure against computationally unbounded adversaries. To extend the distance between parties, quantum networks are vital. Typically, security in such scenarios assumes the absolute worst case: namely, an adversary has complete control over all repeaters and fiber links in a network and is able to replace them with perfect devices, thus allowing her to hide her attack within the expected natural noise. In a large-scale network, however, such a powerful attack may be infeasible. In this paper, we analyze the case where the adversary can only corrupt a subset of the repeater network connecting Alice and Bob, while some portion of the network near Alice and Bob may be considered safe from attack (though still noisy). We derive a rigorous finite key proof of security assuming this attack model, and show that improved performance and noise tolerances are possible. Our proof methods may be useful to other researchers investigating partially corrupted quantum networks, and our main result may be beneficial to future network operators. 

We present BGP-iSec, an enhancement of the BGPsec protocol for securing BGP, the Internet’s inter-domain routing protocol. BGP-iSec ensures additional and stronger security properties, compared to BGPsec, without significant extra overhead. The main improvements are: (i) Security for partial adoption: BGP-iSec provides significant security benefits for early adopters, in contrast to BGPsec, which requires universal adoption. (ii) Defense against route leakage: BGP-iSec defends against route leakage, a common cause of misrouting that is not prevented by BGPsec. (iii) Integrity of attributes: BGP-iSec ensures the integrity of integrity-protected attributes, thereby preventing announcement manipulation attacks not prevented by BGPsec. We argue that BGP-iSec achieves these goals using extensive simulations as well as security analysis. The BGP-iSec design conforms, where possible, with the BGPsec design, modifying it only where necessary to improve security or ease deployment. By providing stronger security guarantees, especially for partial adoption, we hope BGP-iSec will be a step towards finally protecting interdomain routing, which remains, for many years, a vulnerability of the Internet’s infrastructure. 

The security of Border Gateway Protocol (BGP), and inter-domain routing in general, remains a challenge, in spite of its well-known importance, repeated attacks and incidents, and extensive efforts and research over decades. We present BGPy, an open-source, extensible, robust, easy-to-use and efficient BGP security simulator, to be used for research and education. BGPy allows realistic simulations of a large variety of BGP attacks and defenses. It is provided as a Python package, and can be further customized and extended, e.g., to investigate new attacks and new defense mechanisms. We describe how BGPy is currently used by multiple BGP security projects. 

Mobile wireless networks present several challenges for any learning system, due to uncertain and variable device movement, a decentralized network architecture, and constraints on network resources. In this work, we use deep reinforcement learning (DRL) to learn a scalable and generalizable forwarding strategy for such networks. We make the following contributions: i) we use hierarchical RL to design DRL packet agents rather than device agents, to capture the packet forwarding decisions that are made over time and improve training efficiency; ii) we use relational features to ensure generalizability of the learned forwarding strategy to a wide range of network dynamics and enable offline training; and iii) we incorporate both forwarding goals and network resource considerations into packet decision-making by designing a weighted DRL reward function. Our results show that our DRL agent often achieves a similar delay per packet delivered as the optimal forwarding strategy and outperforms all other strategies including state-of-the-art strategies, even on scenarios on which the DRL agent was not trained. 

Kaposi's sarcoma–associated herpesvirus (KSHV) inhibitor of cyclic GMP–AMP synthase (cGAS) (KicGAS) encoded by ORF52 is a conserved major tegument protein of KSHV and the first reported viral inhibitor of cGAS. In our previous study, we found that KicGAS is highly oligomerized in solution and that oligomerization is required for its cooperative DNA binding and for inhibiting DNA-induced phase separation and activation of cGAS. However, how KicGAS oligomerizes remained unclear. Here, we present the crystal structure of KicGAS at 2.5 Å resolution, which reveals an “L”-shaped molecule with each arm of the L essentially formed by a single α helix (α1 and α2). Antiparallel dimerization of α2 helices from two KicGAS molecules leads to a unique “Z”-shaped dimer. Surprisingly, α1 is also a dimerization domain. It forms a parallel dimeric leucine zipper with the α1 from a neighboring dimer, leading to the formation of an infinite chain of KicGAS dimers. Residues involved in leucine zipper dimer formation are among the most conserved residues across ORF52 homologs of gammaherpesviruses. The self-oligomerization increases the valence and cooperativity of interaction with DNA. The resultant multivalent interaction is critical for the formation of liquid condensates with DNA and consequent sequestration of DNA from being sensed by cGAS, explaining its role in restricting cGAS activation. The structure presented here not only provides a mechanistic understanding of the function of KicGAS but also informs a molecular target for rational design of antivirals against KSHV and related viruses. 

Crowd mobility prediction, in particular, forecasting flows at and transitions across different locations, is essential for crowd analytics and management in spacious environments featured with large gathering. We propose GAEFT, a novel crowd mobility analytics system based on the multi-task graph attention neural network to forecast crowd flows (inflows/outflows) and transitions. Specifically, we leverage the collective and sanitized campus Wi-Fi association data provided by our university information technology service and conduct a relatable case study. Our comprehensive data analysis reveals the important challenges of sparsity and skewness, as well as the complex spatio-temporal variations within the crowd mobility data. Therefore, we design a novel spatio-temporal clustering method to group Wi-Fi access points (APs) with similar transition features, and obtain more regular mobility features for model inputs. We then propose an attention-based graph embedding design to capture the correlations among the crowd flows and transitions, and jointly predict the AP-level flows as well as transitions across buildings and clusters through a multi-task formulation. Extensive experimental studies using more than 28 million association records collected during 2020-2021 academic year validate the excellent accuracy of GAEFT in forecasting dynamic and complex crowd mobility.