SoK: Delegation and Revocation, the Missing Links in the Web's Chain of Trust

The ability to quickly revoke a compromised key is critical to the security of any public-key infrastructure. Regrettably, most traditional certificate revocation schemes suffer from latency, availability, or privacy problems. These problems are exacerbated by the lack of a native delegation mechanism in TLS, which increasingly leads domain owners to engage in dangerous practices such as sharing their private keys with third parties. We analyze solutions that address the long-standing delegation and revocation shortcomings of the web PKI, with a focus on approaches that directly affect the chain of trust (i.e., the X.509 certification path). For this purpose, we propose a 19-criteria framework for characterizing revocation and delegation schemes. We also show that combining short-lived delegated credentials or proxy certificates with an appropriate revocation system would solve several pressing problems.Comment: IEEE European Symposium on Security and Privacy (EuroS&P) 202

An Energy Aware and Secure MAC Protocol for Tackling Denial of Sleep Attacks in Wireless Sensor Networks

Wireless sensor networks which form part of the core for the Internet of Things consist of resource constrained sensors that are usually powered by batteries. Therefore, careful energy awareness is essential when working with these devices. Indeed,the introduction of security techniques such as authentication and encryption, to ensure confidentiality and integrity of data, can place higher energy load on the sensors. However, the absence of security protection c ould give room for energy drain attacks such as denial of sleep attacks which have a higher negative impact on the life span ( of the sensors than the presence of security features. This thesis, therefore, focuses on tackling denial of sleep attacks from two perspectives A security perspective and an energy efficiency perspective. The security perspective involves evaluating and ranking a number of security based techniques to curbing denial of sleep attacks. The energy efficiency perspective, on the other hand, involves exploring duty cycling and simulating three Media Access Control ( protocols Sensor MAC, Timeout MAC andTunableMAC under different network sizes and measuring different parameters such as the Received Signal Strength RSSI) and Link Quality Indicator ( Transmit power, throughput and energy efficiency Duty cycling happens to be one of the major techniques for conserving energy in wireless sensor networks and this research aims to answer questions with regards to the effect of duty cycles on the energy efficiency as well as the throughput of three duty cycle protocols Sensor MAC ( Timeout MAC ( and TunableMAC in addition to creating a novel MAC protocol that is also more resilient to denial of sleep a ttacks than existing protocols. The main contributions to knowledge from this thesis are the developed framework used for evaluation of existing denial of sleep attack solutions and the algorithms which fuel the other contribution to knowledge a newly developed protocol tested on the Castalia Simulator on the OMNET++ platform. The new protocol has been compared with existing protocols and has been found to have significant improvement in energy efficiency and also better resilience to denial of sleep at tacks Part of this research has been published Two conference publications in IEEE Explore and one workshop paper

Accuracy-aware privacy mechanisms for distributed computation

Distributed computing systems involve a network of devices or agents that use locally stored private information to solve a common problem. Distributed algorithms fundamentally require communication between devices leaving the system vulnerable to "privacy attacks" perpetrated by adversarial agents. In this dissertation, we focus on designing privacy-preserving distributed algorithms for -- (a) solving distributed optimization problems, (b) computing equilibrium of network aggregate games, and (c) solving a distributed system of linear equations. Specifically, we propose a privacy definition for distributed computation "non-identifiability", that allow us to simultaneously guarantee privacy and the accuracy of the computed solution. This definition involves showing that information observed by the adversary is compatible with several distributed computing problems and the associated ambiguity provides privacy. Distributed Optimization: We propose the Function Sharing strategy that involves using correlated random functions to obfuscate private objective functions followed by using a standard distributed optimization algorithm. We characterize a tight graph connectivity condition for proving privacy via non-identifiability of local objective functions. We also prove correctness of our algorithm and show that we can achieve privacy and accuracy simultaneously. Network Aggregate Games: We design a distributed Nash equilibrium computation algorithm for network aggregate games. Our algorithm uses locally balanced correlated random perturbations to hide information shared with neighbors for aggregate estimation. This step is followed by descent along the negative gradient of the local cost function. We show that if the graph of non-adversarial agents is connected and non-bipartite, then our algorithm keeps private local cost information non-identifiable while asymptotically converging to the accurate Nash equilibrium. Average Consensus and System of Linear Equations: Finally, we design a finite-time algorithm for solving the average consensus problem over directed graphs with information-theoretic privacy. We use this algorithm to solve a distributed system of linear equations in finite-time while protecting the privacy of local equations. We characterize computation, communication, memory and iteration cost of our algorithm and characterize graph conditions for guaranteeing information-theoretic privacy of local data

A study of two problems in data mining: anomaly monitoring and privacy preservation.

Bu, Yingyi.Thesis (M.Phil.)--Chinese University of Hong Kong, 2008.Includes bibliographical references (leaves 89-94).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.vChapter 1 --- Introduction --- p.1Chapter 1.1 --- Anomaly Monitoring --- p.1Chapter 1.2 --- Privacy Preservation --- p.5Chapter 1.2.1 --- Motivation --- p.7Chapter 1.2.2 --- Contribution --- p.12Chapter 2 --- Anomaly Monitoring --- p.16Chapter 2.1 --- Problem Statement --- p.16Chapter 2.2 --- A Preliminary Solution: Simple Pruning --- p.19Chapter 2.3 --- Efficient Monitoring by Local Clusters --- p.21Chapter 2.3.1 --- Incremental Local Clustering --- p.22Chapter 2.3.2 --- Batch Monitoring by Cluster Join --- p.24Chapter 2.3.3 --- Cost Analysis and Optimization --- p.28Chapter 2.4 --- Piecewise Index and Query Reschedule --- p.31Chapter 2.4.1 --- Piecewise VP-trees --- p.32Chapter 2.4.2 --- Candidate Rescheduling --- p.35Chapter 2.4.3 --- Cost Analysis --- p.36Chapter 2.5 --- Upper Bound Lemma: For Dynamic Time Warping Distance --- p.37Chapter 2.6 --- Experimental Evaluations --- p.39Chapter 2.6.1 --- Effectiveness --- p.40Chapter 2.6.2 --- Efficiency --- p.46Chapter 2.7 --- Related Work --- p.49Chapter 3 --- Privacy Preservation --- p.52Chapter 3.1 --- Problem Definition --- p.52Chapter 3.2 --- HD-Composition --- p.58Chapter 3.2.1 --- Role-based Partition --- p.59Chapter 3.2.2 --- Cohort-based Partition --- p.61Chapter 3.2.3 --- Privacy Guarantee --- p.70Chapter 3.2.4 --- Refinement of HD-composition --- p.75Chapter 3.2.5 --- Anonymization Algorithm --- p.76Chapter 3.3 --- Experiments --- p.77Chapter 3.3.1 --- Failures of Conventional Generalizations --- p.78Chapter 3.3.2 --- Evaluations of HD-Composition --- p.79Chapter 3.4 --- Related Work --- p.85Chapter 4 --- Conclusions --- p.87Bibliography --- p.8

A study of two problems in data mining: anomaly monitoring and privacy preservation.

Bu, Yingyi.Thesis (M.Phil.)--Chinese University of Hong Kong, 2008.Includes bibliographical references (leaves 89-94).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.vChapter 1 --- Introduction --- p.1Chapter 1.1 --- Anomaly Monitoring --- p.1Chapter 1.2 --- Privacy Preservation --- p.5Chapter 1.2.1 --- Motivation --- p.7Chapter 1.2.2 --- Contribution --- p.12Chapter 2 --- Anomaly Monitoring --- p.16Chapter 2.1 --- Problem Statement --- p.16Chapter 2.2 --- A Preliminary Solution: Simple Pruning --- p.19Chapter 2.3 --- Efficient Monitoring by Local Clusters --- p.21Chapter 2.3.1 --- Incremental Local Clustering --- p.22Chapter 2.3.2 --- Batch Monitoring by Cluster Join --- p.24Chapter 2.3.3 --- Cost Analysis and Optimization --- p.28Chapter 2.4 --- Piecewise Index and Query Reschedule --- p.31Chapter 2.4.1 --- Piecewise VP-trees --- p.32Chapter 2.4.2 --- Candidate Rescheduling --- p.35Chapter 2.4.3 --- Cost Analysis --- p.36Chapter 2.5 --- Upper Bound Lemma: For Dynamic Time Warping Distance --- p.37Chapter 2.6 --- Experimental Evaluations --- p.39Chapter 2.6.1 --- Effectiveness --- p.40Chapter 2.6.2 --- Efficiency --- p.46Chapter 2.7 --- Related Work --- p.49Chapter 3 --- Privacy Preservation --- p.52Chapter 3.1 --- Problem Definition --- p.52Chapter 3.2 --- HD-Composition --- p.58Chapter 3.2.1 --- Role-based Partition --- p.59Chapter 3.2.2 --- Cohort-based Partition --- p.61Chapter 3.2.3 --- Privacy Guarantee --- p.70Chapter 3.2.4 --- Refinement of HD-composition --- p.75Chapter 3.2.5 --- Anonymization Algorithm --- p.76Chapter 3.3 --- Experiments --- p.77Chapter 3.3.1 --- Failures of Conventional Generalizations --- p.78Chapter 3.3.2 --- Evaluations of HD-Composition --- p.79Chapter 3.4 --- Related Work --- p.85Chapter 4 --- Conclusions --- p.87Bibliography --- p.8

Secure Outsourced Computation on Encrypted Data

Homomorphic encryption (HE) is a promising cryptographic technique that supports computations on encrypted data without requiring decryption first. This ability allows sensitive data, such as genomic, financial, or location data, to be outsourced for evaluation in a resourceful third-party such as the cloud without compromising data privacy. Basic homomorphic primitives support addition and multiplication on ciphertexts. These primitives can be utilized to represent essential computations, such as logic gates, which subsequently can support more complex functions. We propose the construction of efficient cryptographic protocols as building blocks (e.g., equality, comparison, and counting) that are commonly used in data analytics and machine learning. We explore the use of these building blocks in two privacy-preserving applications. One application leverages our secure prefix matching algorithm, which builds on top of the equality operation, to process geospatial queries on encrypted locations. The other applies our secure comparison protocol to perform conditional branching in private evaluation of decision trees. There are many outsourced computations that require joint evaluation on private data owned by multiple parties. For example, Genome-Wide Association Study (GWAS) is becoming feasible because of the recent advances of genome sequencing technology. Due to the sensitivity of genomic data, this data is encrypted using different keys possessed by different data owners. Computing on ciphertexts encrypted with multiple keys is a non-trivial task. Current solutions often require a joint key setup before any computation such as in threshold HE or incur large ciphertext size (at best, grows linearly in the number of involved keys) such as in multi-key HE. We propose a hybrid approach that combines the advantages of threshold and multi-key HE to support computations on ciphertexts encrypted with different keys while vastly reducing ciphertext size. Moreover, we propose the SparkFHE framework to support large-scale secure data analytics in the Cloud. SparkFHE integrates Apache Spark with Fully HE to support secure distributed data analytics and machine learning and make two novel contributions: (1) enabling Spark to perform efficient computation on large datasets while preserving user privacy, and (2) accelerating intensive homomorphic computation through parallelization of tasks across clusters of computing nodes. To our best knowledge, SparkFHE is the first addressing these two needs simultaneously

Privacy-Preserving Distributed SVD via Federated Power

Singular value decomposition (SVD) is one of the most fundamental tools in machine learning and statistics.The modern machine learning community usually assumes that data come from and belong to small-scale device users. The low communication and computation power of such devices, and the possible privacy breaches of users' sensitive data make the computation of SVD challenging. Federated learning (FL) is a paradigm enabling a large number of devices to jointly learn a model in a communication-efficient way without data sharing. In the FL framework, we develop a class of algorithms called FedPower for the computation of partial SVD in the modern setting. Based on the well-known power method, the local devices alternate between multiple local power iterations and one global aggregation to improve communication efficiency. In the aggregation, we propose to weight each local eigenvector matrix with Orthogonal Procrustes Transformation (OPT). Considering the practical stragglers' effect, the aggregation can be fully participated or partially participated, where for the latter we propose two sampling and aggregation schemes. Further, to ensure strong privacy protection, we add Gaussian noise whenever the communication happens by adopting the notion of differential privacy (DP). We theoretically show the convergence bound for FedPower. The resulting bound is interpretable with each part corresponding to the effect of Gaussian noise, parallelization, and random sampling of devices, respectively. We also conduct experiments to demonstrate the merits of FedPower. In particular, the local iterations not only improve communication efficiency but also reduce the chance of privacy breaches

An information privacy compliance model based on configurable software objects

South Africa’s Protection of Personal Information Act (POPIA), Act 4 of 2013 requires that organisations enforce information privacy rules in technology systems handling personally identifiable information (PII). This is in line with other national and regional information privacy legislations across the world. However, the absence of a coherent way to implement this legislation, in the form of software objects in technology systems, has created a gap in organisations around the world. To bridge this gap, this thesis proposes a compliance model based on a conceptual framework, a design framework, and a software-based prototype. The objective of this model is to test how best to enforce information privacy regulations in technology systems handling personally identifiable information. The proposed conceptual framework views information privacy compliance as a context-driven reality enforced by configurable software objects. To refine the conceptual framework, a design framework and a software-based prototype was developed using the design science research methodology as the theoretical construct and the UML ontology language and object-oriented programming paradigms as the underpinning practical construct. This prototype will assist organisational stakeholders in understanding and visualising the theoretical and practical constructs of handling personally identifiable information as software objects in technology systems. The design and implementation of this prototype resulted in some practical and theoretical recommendations. These include the adoption of a decision model notation (DMN) as a formal standard to manage privacy rules and the creation of a context-aware privacy compliance zone (CAP). However, the main contribution of this thesis is a reusable conceptual and contextual design framework and a prototype through which POPIA rules, or those of any similar information privacy law, such as the European General Data Protection Regulation (GDPR), can be encapsulated into software objects used in technology systems to ease compliance with information privacy regulations.Thesis (PhD) -- Faculty of Engineering, the Built Environment, and Technology, 202