Challenges for Trusted Computing

This article identifies and discusses some of the key challenges that need to be addressed if the vision of Trusted Computing is to become reality. Topics addressed include issues with setting up and maintaining the PKI required to support the full set of Trusted Computing functionality, the practical use and verification of attestation evidence, and backwards compatibility, usability and compliance issues

Cybersecurity Issues in the Context of Cryptographic Shuffling Algorithms and Concept Drift: Challenges and Solutions

In this dissertation, we investigate and address two kinds of data integrity threats. We first study the limitations of secure cryptographic shuffling algorithms regarding preservation of data dependencies. We then study the limitations of machine learning models regarding concept drift detection. We propose solutions to address these threats. Shuffling Algorithms have been used to protect the confidentiality of sensitive data. However, these algorithms may not preserve data dependencies, such as functional de- pendencies and data-driven associations. We present two solutions for addressing these shortcomings: (1) Functional dependencies preserving shuffle, and (2) Data-driven asso- ciations preserving shuffle. For preserving functional dependencies, we propose a method using Boyce-Codd Normal Form (BCNF) decomposition. Instead of shuffling the original relation, we recommend to shuffle each BCNF decomposition. The final shuffled rela- tion is constructed by joining the shuffled decompositions. We show that our approach is lossless and preserves functional dependencies if the BCNF decomposition is dependency preserving. For preserving data-driven associations, we generate the transitive closure of the sets of attributes that are associated. Attributes of each set are bundled together during shuffling. Concept drift is a significant challenge that greatly influences the accuracy and relia- bility of machine learning models. There is, therefore, a need to detect concept drift in order to ensure the validity of learned models. We study the issue of concept drift in the context of discrete Bayesian networks. We propose a probabilistic graphical model frame- work to explicitly detect the presence of concept drift using latent variables. We employ latent variables to model real concept drift and uncertainty drift over time. For modeling real concept drift, we propose to monitor the mean of the distribution of the latent variable over time. For modeling uncertainty drift, we suggest to monitor the change in belief of the latent variable over time, i.e., we monitor the maximum value that the probability den- sity function of the distribution takes over time. We also propose a probabilistic graphical model framework that is based on using latent variables to provide an explanation of the detected posterior probability drift across time. Our results show that neither cryptographic shuffling algorithms nor machine learning models are robust against data integrity threats. However, our proposed approaches are capable of detecting and mitigating such threats

Digital Rights Management for Personal Networks

The thesis is concerned with Digital Rights Management (DRM), and in particular with DRM for networks of devices owned by a single individual. This thesis focuses on the problem of preventing illegal copying of digital assets without jeopardising the right of legitimate licence holders to transfer content between their own devices, which collectively make up what we refer to as an authorised domain. An ideal list of DRM requirements is specified, which takes into account the points of view of users, content providers and copyright law. An approach is then developed for assessing DRM systems based on the defined DRM requirements; the most widely discussed DRM schemes are then analysed and assessed, where the main focus is on schemes which address the concept of an authorised domain. Based on this analysis we isolate the issues underlying the content piracy problem, and then provide a generic framework for a DRM system addressing the identified content piracy issues. The defined generic framework has been designed to avoid the weaknesses found in other schemes. The main contributions of this thesis include developing four new approaches that can be used to implement the proposed generic framework for managing an authorised domain. The four novel solutions all involve secure means for creating, managing and using a secure domain, which consists of all devices owned by a single owner. The schemes allow secure content sharing between devices in a domain, and prevent the illegal copying of content to devices outside the domain. In addition, each solution incorporates a method for binding a domain to a single owner, ensuring that only a single consumer owns and manages a domain. This enables binding of content licences to a single owner, thereby limiting illicit content proliferation. In the first solution, domain owners are authenticated using two-factor authentication, which involves "something the domain owner has", i.e. a master control device that controls and manages consumers domains, and binds devices joining a domain to itself, and "something the domain owner is or knows", i.e. a biometric or password/PIN authentication mechanism that is implemented by the master control device. In the second solution, domain owners are authenticated using their payment cards, building on existing electronic payment systems by ensuring that the name and the date of birth of a domain creator are the same for all devices joining a domain. In addition, this solution helps to protect consumers' privacy; unlike in existing electronic payment systems, payment card details are not exposed to third parties. The third solution involves the use of a domain-specific mobile phone and the mobile phone network operator to authenticate a domain owner before devices can join a domain. The fourth solution involves the use of location-based services, ensuring that devices joining a consumer domain are located in physical proximity to the addresses registered for this domain. This restricts domain membership to devices in predefined geographical locations, helping to ensure that a single consumer owns and manages each domain