Embedding Privacy Into Design Through Software Developers: Challenges & Solutions

To make privacy a first-class citizen in software, we argue for equipping developers with usable tools, as well as providing support from organizations, educators, and regulators. We discuss the challenges with the successful integration of privacy features and propose solutions for stakeholders to help developers perform privacy-related tasks.Comment: To be published in "IEEE Security & Privacy: Special Issue on Usable Security for Security Workers" 11 pages, 4 figure

AnonyControl: Control Cloud Data Anonymously with Multi-Authority Attribute-Based Encryption

Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. However, those advantages, ironically, are the causes of security and privacy problems, which emerge because the data owned by different users are stored in some cloud servers instead of under their own control. To deal with security problems, various schemes based on the Attribute- Based Encryption (ABE) have been proposed recently. However, the privacy problem of cloud computing is yet to be solved. This paper presents an anonymous privilege control scheme AnonyControl to address the user and data privacy problem in a cloud. By using multiple authorities in cloud computing system, our proposed scheme achieves anonymous cloud data access, finegrained privilege control, and more importantly, tolerance to up to (N -2) authority compromise. Our security and performance analysis show that AnonyControl is both secure and efficient for cloud computing environment.Comment: 9 pages, 6 figures, 3 tables, conference, IEEE INFOCOM 201

SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems

Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming Vehicular Communication (VC) systems. There is a growing consensus towards deploying a special-purpose identity and credential management infrastructure, i.e., a Vehicular Public-Key Infrastructure (VPKI), enabling pseudonymous authentication, with standardization efforts towards that direction. In spite of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and harmonization efforts (Car2Car Communication Consortium (C2C-CC)), significant questions remain unanswered towards deploying a VPKI. Deep understanding of the VPKI, a central building block of secure and privacy-preserving VC systems, is still lacking. This paper contributes to the closing of this gap. We present SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI standards specifications. We provide a detailed description of our state-of-the-art VPKI that improves upon existing proposals in terms of security and privacy protection, and efficiency. SECMACE facilitates multi-domain operations in the VC systems and enhances user privacy, notably preventing linking pseudonyms based on timing information and offering increased protection even against honest-but-curious VPKI entities. We propose multiple policies for the vehicle-VPKI interactions, based on which and two large-scale mobility trace datasets, we evaluate the full-blown implementation of SECMACE. With very little attention on the VPKI performance thus far, our results reveal that modest computing resources can support a large area of vehicles with very low delays and the most promising policy in terms of privacy protection can be supported with moderate overhead.Comment: 14 pages, 9 figures, 10 tables, IEEE Transactions on Intelligent Transportation System

Strongly Secure Privacy Amplification Cannot Be Obtained by Encoder of Slepian-Wolf Code

The privacy amplification is a technique to distill a secret key from a random variable by a function so that the distilled key and eavesdropper's random variable are statistically independent. There are three kinds of security criteria for the key distilled by the privacy amplification: the normalized divergence criterion, which is also known as the weak security criterion, the variational distance criterion, and the divergence criterion, which is also known as the strong security criterion. As a technique to distill a secret key, it is known that the encoder of a Slepian-Wolf (the source coding with full side-information at the decoder) code can be used as a function for the privacy amplification if we employ the weak security criterion. In this paper, we show that the encoder of a Slepian-Wolf code cannot be used as a function for the privacy amplification if we employ the criteria other than the weak one.Comment: 10 pages, no figure, A part of this paper will be presented at 2009 IEEE International Symposium on Information Theory in Seoul, Korea. Version 2 is a published version. The results are not changed from version 1. Explanations are polished and some references are added. In version 3, only style and DOI are edite

Construction of wiretap codes from ordinary channel codes

From an arbitrary given channel code over a discrete or Gaussian memoryless channel, we construct a wiretap code with the strong security. Our construction can achieve the wiretap capacity under mild assumptions. The key tool is the new privacy amplification theorem bounding the eavesdropped information in terms of the Gallager function.Comment: 5 pages, no figure, IEEEtran.cls. Submitted to 2010 IEEE ISI