15,437 research outputs found
ARPA Whitepaper
We propose a secure computation solution for blockchain networks. The
correctness of computation is verifiable even under malicious majority
condition using information-theoretic Message Authentication Code (MAC), and
the privacy is preserved using Secret-Sharing. With state-of-the-art multiparty
computation protocol and a layer2 solution, our privacy-preserving computation
guarantees data security on blockchain, cryptographically, while reducing the
heavy-lifting computation job to a few nodes. This breakthrough has several
implications on the future of decentralized networks. First, secure computation
can be used to support Private Smart Contracts, where consensus is reached
without exposing the information in the public contract. Second, it enables
data to be shared and used in trustless network, without disclosing the raw
data during data-at-use, where data ownership and data usage is safely
separated. Last but not least, computation and verification processes are
separated, which can be perceived as computational sharding, this effectively
makes the transaction processing speed linear to the number of participating
nodes. Our objective is to deploy our secure computation network as an layer2
solution to any blockchain system. Smart Contracts\cite{smartcontract} will be
used as bridge to link the blockchain and computation networks. Additionally,
they will be used as verifier to ensure that outsourced computation is
completed correctly. In order to achieve this, we first develop a general MPC
network with advanced features, such as: 1) Secure Computation, 2) Off-chain
Computation, 3) Verifiable Computation, and 4)Support dApps' needs like
privacy-preserving data exchange
Dwarna : a blockchain solution for dynamic consent in biobanking
Dynamic consent aims to empower research partners and facilitate active participation in the research process. Used within
the context of biobanking, it gives individuals access to information and control to determine how and where their
biospecimens and data should be used. We present Dwarna—a web portal for ‘dynamic consent’ that acts as a hub
connecting the different stakeholders of the Malta Biobank: biobank managers, researchers, research partners, and the
general public. The portal stores research partners’ consent in a blockchain to create an immutable audit trail of research
partners’ consent changes. Dwarna’s structure also presents a solution to the European Union’s General Data Protection
Regulation’s right to erasure—a right that is seemingly incompatible with the blockchain model. Dwarna’s transparent
structure increases trustworthiness in the biobanking process by giving research partners more control over which research
studies they participate in, by facilitating the withdrawal of consent and by making it possible to request that the biospecimen
and associated data are destroyed.peer-reviewe
Secure data sharing and processing in heterogeneous clouds
The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors
ClaimChain: Improving the Security and Privacy of In-band Key Distribution for Messaging
The social demand for email end-to-end encryption is barely supported by
mainstream service providers. Autocrypt is a new community-driven open
specification for e-mail encryption that attempts to respond to this demand. In
Autocrypt the encryption keys are attached directly to messages, and thus the
encryption can be implemented by email clients without any collaboration of the
providers. The decentralized nature of this in-band key distribution, however,
makes it prone to man-in-the-middle attacks and can leak the social graph of
users. To address this problem we introduce ClaimChain, a cryptographic
construction for privacy-preserving authentication of public keys. Users store
claims about their identities and keys, as well as their beliefs about others,
in ClaimChains. These chains form authenticated decentralized repositories that
enable users to prove the authenticity of both their keys and the keys of their
contacts. ClaimChains are encrypted, and therefore protect the stored
information, such as keys and contact identities, from prying eyes. At the same
time, ClaimChain implements mechanisms to provide strong non-equivocation
properties, discouraging malicious actors from distributing conflicting or
inauthentic claims. We implemented ClaimChain and we show that it offers
reasonable performance, low overhead, and authenticity guarantees.Comment: Appears in 2018 Workshop on Privacy in the Electronic Society
(WPES'18
Light-Weight Accountable Privacy Preserving Protocol in Cloud Computing Based on a Third-Party Auditor
Cloud computing is emerging as the next disruptive utility paradigm [1]. It provides extensive storage capabilities and an environment for application developers through virtual machines. It is also the home of software and databases that are accessible, on-demand. Cloud computing has drastically transformed the way organizations, and individual consumers access and interact with Information Technology. Despite significant advancements in this technology, concerns about security are holding back businesses from fully adopting this promising information technology trend. Third-party auditors (TPAs) are becoming more common in cloud computing implementations. Hence, involving auditors comes with its issues such as trust and processing overhead. To achieve productive auditing, we need to (1) accomplish efficient auditing without requesting the data location or introducing processing overhead to the cloud client; (2) avoid introducing new security vulnerabilities during the auditing process. There are various security models for safeguarding the CCs (Cloud Client) data in the cloud. The TPA systematically examines the evidence of compliance with established security criteria in the connection between the CC and the Cloud Service Provider (CSP). The CSP provides the clients with cloud storage, access to a database coupled with services. Many security models have been elaborated to make the TPA more reliable so that the clients can trust the third-party auditor with their data. Our study shows that involving a TPA might come with its shortcomings, such as trust concerns, extra overhead, security, and data manipulation breaches; as well as additional processing, which leads to the conclusion that a lightweight and secure protocol is paramount to the solution. As defined in [2] privacy-preserving is making sure that the three cloud stakeholders are not involved in any malicious activities coming from insiders at the CSP level, making sure to remediate to TPA vulnerabilities and that the CC is not deceitfully affecting other clients. In our survey phase, we have put into perspective the privacy-preserving solutions as they fit the lightweight requirements in terms of processing and communication costs, ending up by choosing the most prominent ones to compare with them our simulation results. In this dissertation, we introduce a novel method that can detect a dishonest TPA: The Light-weight Accountable Privacy-Preserving (LAPP) Protocol. The lightweight characteristic has been proven simulations as the minor impact of our protocol in terms of processing and communication costs. This protocol determines the malicious behavior of the TPA. To validate our proposed protocol’s effectiveness, we have conducted simulation experiments by using the GreenCloud simulator. Based on our simulation results, we confirm that our proposed model provides better outcomes as compared to the other known contending methods
- …