8 research outputs found

    Glass-Vault: A Generic Transparent Privacy-preserving Exposure Notification Analytics Platform

    Get PDF
    The highly transmissible COVID-19 disease is a serious threat to people’s health and life. To automate tracing those who have been in close physical contact with newly infected people and/or to analyse tracing-related data, researchers have proposed various ad-hoc programs that require being executed on users’ smartphones. Nevertheless, the existing solutions have two primary limitations: (1) lack of generality: for each type of analytic task, a certain kind of data needs to be sent to an analyst; (2) lack of transparency: parties who provide data to an analyst are not necessarily infected individuals; therefore, infected individuals’ data can be shared with others (e.g., the analyst) without their fine-grained and direct consent. In this work, we present Glass-Vault, a protocol that addresses both limitations simultaneously. It allows an analyst to run authorised programs over the collected data of infectious users, without learning the input data. Glass-Vault relies on a new variant of generic Functional Encryption that we propose in this work. This new variant, called DD-Steel, offers these two additional properties: dynamic and decentralised. We illustrate the security of both Glass-Vault and DD-Steel in the Universal Composability setting. Glass-Vault is the first UC-secure protocol that allows analysing the data of Exposure Notification users in a privacy-preserving manner. As a sample application, we indicate how it can be used to generate “infection heatmaps”

    AGATE: Augmented Global Attested Trusted Execution in the Universal Composability framework

    Get PDF
    A Trusted Execution Environment (TEE) is a new type of security technology, implemented by CPU manufacturers, which guarantees integrity and confidentiality on a restricted execution environment to any remote verifier. TEEs are deployed on various consumer and commercial hardwareplatforms, and have been widely adopted as a component in the design of cryptographic protocols both theoretical and practical. Within the provable security community, the use of TEEs as a setup assumption has converged to a standard ideal definition in the Universal Composability setting (GattG_\mathsf{att}, defined by Pass et al., Eurocrypt \u2717). However, it is unclear whether any real TEE design can actually implement this, or whether the diverse capabilities of today\u27s TEE implementations will in fact converge to a single standard. Therefore, it is necessary for cryptographers and protocol designers to specify what assumptions are necessary for the TEE they are using to support the correctness and security of their protocol. To this end, this paper provides a more careful treatment of trusted execution than the existing literature, focusing on the capabilities of enclaves and adversaries. Our goal is to provide meaningful patterns for comparing different classes of TEEs , particularly how a weaker TEE functionality can UC-emulate a stronger one given an appropriate mechanism to bridge the two. We introduce a new, ``modular\u27\u27 definition of TEEsthat captures a broad range of pre-existing functionalities defined in the literature while maintaining their high level of abstraction. While our goal is not directly to model implementations of specific commercial TEE providers, our modular definition provides a way to capture more meaningful and realistic hardware capabilities. We provide a language to characterise TEE capabilities along the following terms: - a set of trusted features available to the enclave; - the set of allowed attacks for malicious interactions with the enclaves; - the contents of attestation signatures. We then define various possible ideal modular GattG_\mathsf{att} functionality instantiations that capture existing variants in the literature, and provide generic constructions to implement stronger enclave functionalities from an existing setup. Finally, we conclude the paper with a simple example of how to protect against rollback attacks given access to a trusted storage feature

    Steel: Composable Hardware-based Stateful and Randomised Functional Encryption

    Get PDF
    Trusted execution enviroments (TEEs) enable secure execution of program on untrusted hosts and cryptographically attest the correctness of outputs. As these are complex systems, it is hard to capture the exact security achieved by protocols employing TEEs. Crucially TEEs are typically employed in multiple protocols at the same time, thus composable security (with global subroutines) is a natural goal for such systems. We show that under an attested execution setup GattG_\mathsf{att} we can realise cryptographic functionalities that are unrealizable in the standard model. We propose a new primitive of Functional Encryption for Stateful and Randomised functionalities (FESR) and an associated protocol, Steel, that realizes it. We show that Steel UC-realises FESR in the universal composition with global subroutines model (TCC 2020). Our work is also a validation of the compositionality of earlier work (Iron), CCS 2017) capturing (non-stateful) hardware-based functional encryption. As the existing functionality for attested execution of Pass et al. (Eurocrypt 2017) is too strong for real world use, we propose a weaker functionality that allows the adversary to conduct rollback and forking attacks. We show that the stateful variant of Steel, contrary to the stateless variant corresponding to Iron, is not secure in this setting and propose several mitigation techniques

    Glass-Vault: A Generic Transparent Privacy-preserving Exposure Notification Analytics Platform

    Get PDF
    The highly transmissible COVID-19 disease is a serious threat to people’s health and life. To automate tracing those who have been in close physical contact with newly infected people and/or to analyse tracing-related data, researchers have proposed various ad-hoc programs that require being executed on users’ smartphones. Nevertheless, the existing solutions have two primary limitations: (1) lack of generality: for each type of analytic task, a certain kind of data needs to be sent to an analyst; (2) lack of transparency: parties who provide data to an analyst are not necessarily infected individuals; therefore, infected individuals’ data can be shared with others (e.g., the analyst) without their fine-grained and direct consent. In this work, we present Glass-Vault, a protocol that addresses both limitations simultaneously. It allows an analyst to run authorised programs over the collected data of infectious users, without learning the input data. Glass-Vault relies on a new variant of generic Functional Encryption that we propose in this work. This new variant, called DD-Steel, offers these two additional properties: dynamic and decentralised. We illustrate the security of both Glass-Vault and DD-Steel in the Universal Composability setting. Glass-Vault is the first UC-secure protocol that allows analysing the data of Exposure Notification users in a privacy-preserving manner. As a sample application, we indicate how it can be used to generate “infection heatmaps”

    Per citt\ue0 pi\uf9 resilienti : progetto urbano per l\u2019efficienza energetica e i cambiamenti climatici

    No full text
    Il workshop ha esplorato la dimensione progettuale della citt\ue0 resiliente attraverso la rilettura critica di esperienze di pianificazione e di progettazione dello spazio urbano, elaborate in ambito nazionale e internazionale, significative sia sul fronte della mitigazione che dell\u2019adattamento, attraverso un repertorio di buone pratiche riferite a strumenti di pianificazione e progetti di spazi aperti, nella duplice prospettiva della mitigazione e adattamento ai cambiamenti climatici e dell\u2019efficienza energetica delle citt\ue0. In particolare, la sfida per l\u2019efficienza energetica della citt\ue0, che richiede di andare oltre la scala edilizia, obbliga a uno sguardo olistico, attento alla citt\ue0 come luogo dove integrare politiche di riduzione dei consumi energetici e di produzione di energia da fonti rinnovabili. Obiettivo del workshop era la verifica di questa impostazione indagando aspetti e pratiche di pianificazione e progetto che riguardano la mobilit\ue0, le infrastrutture verdi nonch\ue9 forme di compensazione e di incentivazione che fanno leva sui meccanismi di mercato. In questo senso la resilienza \u2013 il successo che l\u2019uso del termine ha nella letteratura disciplinare lo dimostra \u2013 pu\uf2 diventare un paradigma potente, capace di costruire un quadro interpretativo e di sintesi in cui il complesso di progetti e strategie di contrasto e adattamento ai cambiamenti possa collocarsi. Come i lavori dell\u2019atelier hanno efficace- mente mostrato, perch\ue9 questo accada bisogna tuttavia riflettere pi\uf9 e meglio sul senso del termine e sulle sue possibili implicazioni, evitando che esso resti un grande ombrello entro il quale, pi\uf9 o meno tutto pu\uf2 essere facilmente collocato

    Student housing options and experiences of homelessness in Scotland: a report by the Cross-Party Group on Housing

    No full text
    There is a shortage of student housing in Scotland. This is due to rising student numbers and an imbalance between supply and demand. Rising higher education (HE) costs and a lack of affordable housing options contribute to student housing insecurity and homelessness. Increased participation in HE has worsened these pressures. International students face additional challenges such as guarantor requirements and a lack of family support. PBSA developments are often high-end and can price out students with limited economic resources. The inflow of students in certain areas can lead to tension with residents, negative societal perceptions, and policies that marginalise student renters. Other structural issues include limited tenancy lengths, unaffordable rents, and discrimination against students by landlords. Many students may be engaged in hidden homelessness behaviours like sofa-surfing due to stigma and inadequate support. This makes it difficult to gauge the extent of the issue
    corecore