1,041 research outputs found
Constructing Independently Verifiable Privacy-Compliant Type Systems for Message Passing between Black-Box Components
Privacy by design (PbD) is the principle that privacy should be considered at
every stage of the software engineering process. It is increasingly both viewed
as best practice and required by law. It is therefore desirable to have formal
methods that provide guarantees that certain privacy-relevant properties hold.
We propose an approach that can be used to design a privacy-compliant
architecture without needing to know the source code or internal structure of
any individual component. We model an architecture as a set of agents or
components that pass messages to each other. We present in this paper
algorithms that take as input an architecture and a set of privacy constraints,
and output an extension of the original architecture that satisfies the privacy
constraints
PCD
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2010.Page 96 blank. Cataloged from PDF version of thesis.Includes bibliographical references (p. 87-95).The security of systems can often be expressed as ensuring that some property is maintained at every step of a distributed computation conducted by untrusted parties. Special cases include integrity of programs running on untrusted platforms, various forms of confidentiality and side-channel resilience, and domain-specific invariants. We propose a new approach, proof-carrying data (PCD), which sidesteps the threat of faults and leakage by reasoning about properties of a computation's output data, regardless of the process that produced it. In PCD, the system designer prescribes the desired properties of a computation's outputs. Corresponding proofs are attached to every message flowing through the system, and are mutually verified by the system's components. Each such proof attests that the message's data and all of its history comply with the prescribed properties. We construct a general protocol compiler that generates, propagates, and verifies such proofs of compliance, while preserving the dynamics and efficiency of the original computation. Our main technical tool is the cryptographic construction of short non-interactive arguments (computationally-sound proofs) for statements whose truth depends on "hearsay evidence": previous arguments about other statements. To this end, we attain a particularly strong proof-of-knowledge property. We realize the above, under standard cryptographic assumptions, in a model where the prover has blackbox access to some simple functionality - essentially, a signature card.by Alessandro Chiesa.M.Eng
Seventh International Joint Conference on Electronic Voting
This volume contains papers presented at E-Vote-ID 2022, the Seventh International JointConference on Electronic Voting, held during October 4–7, 2022. This was the first in-personconference following the COVID-19 pandemic, and, as such, it was a very special event forthe community since we returned to the traditional venue in Bregenz, Austria. The E-Vote-IDconference resulted from merging EVOTE and Vote-ID, and 18 years have now elapsed sincethe first EVOTE conference in Austria.Since that conference in 2004, over 1500 experts have attended the venue, including scholars,practitioners, authorities, electoral managers, vendors, and PhD students. E-Vote-ID collectsthe most relevant debates on the development of electronic voting, from aspects relating tosecurity and usability through to practical experiences and applications of voting systems, alsoincluding legal, social, or political aspects, amongst others, turning out to be an importantglobal referent on these issues
Enforcing Language Semantics Using Proof-Carrying Data
Sound reasoning about the behavior of programs relies on program execution adhering to the language semantics. However, in a distributed computation, when a value is sent from one party to another, the receiver faces the question of whether the value is well-traced: could it have been produced by a computation that respects the language semantics? If not, then accepting the non-well-traced value may invalidate the receiver\u27s reasoning, leading to bugs or vulnerabilities.
Proof-Carrying Data (PCD) is a recently-introduced cryptographic mechanism that allows messages in a distributed computation to be accompanied by proof that the message, and the history leading to it, complies with a specified predicate. Using PCD, a verifier can be convinced that the predicate held throughout the distributed computation, even in the presence of malicious parties, and at a verification cost that is independent of the size of the computation producing the value. Unfortunately, previous approaches to using PCD required tailoring a specialized predicate for each application, using an inconvenient formalism and with little methodological support.
We connect these two threads by introducing a novel, PCD-based approach to enforcing language semantics in distributed computations. We show how to construct an object-oriented language runtime that ensures that objects received from potentially untrusted parties are well-traced with respect to a set of class definitions. Programmers can then soundly reason about program behavior, despite values received from untrusted parties, without needing to be aware of the underlying cryptographic techniques
Democracy Enhancing Technologies: Toward deployable and incoercible E2E elections
End-to-end verifiable election systems (E2E systems) provide a provably correct tally while maintaining the secrecy of each voter's ballot, even if the voter is complicit in demonstrating how they voted. Providing voter incoercibility is one of the main challenges of designing E2E systems, particularly in the case of internet voting. A second challenge is building deployable, human-voteable E2E systems that conform to election laws and conventions. This dissertation examines deployability, coercion-resistance, and their intersection in election systems. In the course of this study, we introduce three new election systems, (Scantegrity, Eperio, and Selections), report on two real-world elections using E2E systems (Punchscan and Scantegrity), and study incoercibility issues in one deployed system (Punchscan). In addition, we propose and study new practical primitives for random beacons, secret printing, and panic passwords. These are tools that can be used in an election to, respectively, generate publicly verifiable random numbers, distribute the printing of secrets between non-colluding printers, and to covertly signal duress during authentication. While developed to solve specific problems in deployable and incoercible E2E systems, these techniques may be of independent interest
Linked Research on the Decentralised Web
This thesis is about research communication in the context of the Web. I analyse literature which reveals how researchers are making use of Web technologies for knowledge dissemination, as well as how individuals are disempowered by the centralisation of certain systems, such as academic publishing platforms and social media. I share my findings on the feasibility of a decentralised and interoperable information space where researchers can control their identifiers whilst fulfilling the core functions of scientific communication: registration, awareness, certification, and archiving.
The contemporary research communication paradigm operates under a diverse set of sociotechnical constraints, which influence how units of research information and personal data are created and exchanged. Economic forces and non-interoperable system designs mean that researcher identifiers and research contributions are largely shaped and controlled by third-party entities; participation requires the use of proprietary systems.
From a technical standpoint, this thesis takes a deep look at semantic structure of research artifacts, and how they can be stored, linked and shared in a way that is controlled by individual researchers, or delegated to trusted parties. Further, I find that the ecosystem was lacking a technical Web standard able to fulfill the awareness function of research communication. Thus, I contribute a new communication protocol, Linked Data Notifications (published as a W3C Recommendation) which enables decentralised notifications on the Web, and provide implementations pertinent to the academic publishing use case. So far we have seen decentralised notifications applied in research dissemination or collaboration scenarios, as well as for archival activities and scientific experiments.
Another core contribution of this work is a Web standards-based implementation of a clientside tool, dokieli, for decentralised article publishing, annotations and social interactions. dokieli can be used to fulfill the scholarly functions of registration, awareness, certification, and archiving, all in a decentralised manner, returning control of research contributions and discourse to individual researchers.
The overarching conclusion of the thesis is that Web technologies can be used to create a fully functioning ecosystem for research communication. Using the framework of Web architecture, and loosely coupling the four functions, an accessible and inclusive ecosystem can be realised whereby users are able to use and switch between interoperable applications without interfering with existing data.
Technical solutions alone do not suffice of course, so this thesis also takes into account the need for a change in the traditional mode of thinking amongst scholars, and presents the Linked Research initiative as an ongoing effort toward researcher autonomy in a social system, and universal access to human- and machine-readable information. Outcomes of this outreach work so far include an increase in the number of individuals self-hosting their research artifacts, workshops publishing accessible proceedings on the Web, in-the-wild experiments with open and public peer-review, and semantic graphs of contributions to conference proceedings and journals (the Linked Open Research Cloud).
Some of the future challenges include: addressing the social implications of decentralised Web publishing, as well as the design of ethically grounded interoperable mechanisms; cultivating privacy aware information spaces; personal or community-controlled on-demand archiving services; and further design of decentralised applications that are aware of the core functions of scientific communication
Behavior Compliance Control for More Trustworthy Computation Outsourcing
Computation outsourcing has become a hot topic in both academic research and industry.
This is because of the benefits accompanied with outsourcing, such as cost reduction,
focusing on core businesses and possibility for benefiting from modern payment
models like the pay-per-use model.
Unfortunately, outsourcing to potentially untrusted third parties' hosting
platforms requires a lot of trust. Clients need assurance that the intended
code was loaded and executed, and that the application behaves correctly and
trustworthy at runtime. That is, techniques from Trusted Computing which
are used to allow issuing evidence about the execution of binaries and reporting it
to a challenger are not sufficient. Challengers are more interested
in evidence which allows detecting misbehavior while the outsourced
computation is running on the hosting platform.
Another challenging issue is providing a secure data storage for collected
evidence information. Such a secure data storage is provided by
the Trusted Platform Module (TPM). In outsourcing scenarios where
virtualizations technologies are applied, the use of virtual TPMs (vTPMs)
comes into consideration. However, researcher identified some drawbacks
and limitations of the use of TPMs. These problems include privacy and maintainability
issues, problems with the sealing functionality and the high communication
and management efforts. On the other hand, virtualizing TPMs, especially virutalizing the Platform
Configuration Registers (PCRs), strikes against one of the core principles of
Trusted Computing, namely the need for a hardware-based secure storage.
In this thesis, we propose different approaches and architectures which
can be used to mitigate the problems above. In particular, in the first
part of our thesis we propose an approach called Behavior Compliance
Control (BCC) to defines architectures to describe how the behavior of
such outsourced computations is captured and controlled as well as how to
judge the compliance of it compared to a trusted behavior model. We present
approaches for two abstraction levels; one on a program code level and the
other is on the level of abstract executable business processes.
In the second part of this thesis, we propose approaches to solve
the aforementioned problems related to TPMs and vTPMs, which are used
as storage for evidence data collected as assurance for behavior compliance. In particular,
we recognized that the use of the SHA-1 hash to measure system components requires
maintenance of a large set of hashes of presumably trustworthy
software; furthermore, during attestation, the full configuration of the
platform is revealed. Thus, our approach shows how the use of chameleon hashes allows
to mitigate the impact of these two problems. To increase the security of vTPM,
we show in another approach how strength of hardware-based security can be gained in
virtual PCRs by binding them to their corresponding hardware PCRs. We propose two approaches
for such a binding. For this purpose, the first variant uses binary hash trees, whereas the other
variant uses incremental hashing.
We further provide implementations of the proposed approach and evaluate
their impact in practice. Furthermore, we empirically evaluate the
relative efficacy of the different behavioral abstractions of BCC that we define
based on different real world applications. In particular, we examined
the feasibility, the effectiveness, the scalability and efficiency of the
approach. To this end, we chose two kinds of applications, a web-based
and a desktop application, performing different attacks on them, such
as malicious input attach and SQL injection attack. The results show
that such attacks can be detected so that the application of our approach
can increase the protection against them
- …