43 research outputs found
MobiPADS: a reflective middleware for context-aware mobile computing
distributed computing services that essentially abstract the underlying network services to a monolithic âblack box. â In a mobile operating environment, the fundamental assumption of middleware abstracting a unified distributed service for all types of applications operating over a static network infrastructure is no longer valid. In particular, mobile applications are not able to leverage the benefits of adaptive computing to optimize its computation based on current contextual situations. In this paper, we introduce the Mobile Platform for Actively Deployable Service (MobiPADS) system. MobiPADS is designed to support context-aware processing by providing an executing platform to enable active service deployment and reconfiguration of the service composition in response to environments of varying contexts. Unlike most mobile middleware, MobiPADS supports dynamic adaptation at both the middleware and application layers to provide flexible configuration of resources to optimize the operations of mobile applications. Within the MobiPADS system, services (known as mobilets) are configured as chained service objects to provide augmented services to the underlying mobile applications so as to alleviate the adverse conditions of a wireless environment. Index TermsâMiddleware, mobile applications, mobile computing support services, mobile environments.
ITR/SY: a distributed programming infrastructure for integrating smart sensors
Issued as final reportNational Science Foundation (U.S.
Security and privacy of incentive-driven mechanisms
While cryptographic tools offer practical security and privacy supported by theory and formal
proofs, there are often gaps between the theory and intricacies of the real world. This is especially
apparent in the realm of game theoretic applications where protocol participants are motivated
by incentives and preferences on the protocol outcome. These incentives can lead to additional
requirements or unexpected attack vectors, making standard cryptographic concepts inapplicable.
The goal of this thesis is to bridge some of the gaps between cryptography and incentive-driven mechanisms. The thesis will consist of three main research threads, each studying the
privacy or security of a game-theoretic scenario in non-standard cryptographic frameworks in
order to satisfy the scenarioâs unique requirements. Our first scenario is preference aggregation,
where we will analyze the privacy of voting rules while requiring the rules to be deterministic. Then, we will study games, and how to achieve collusion-freeness (and its composable
version, collusion-preservation) in the decentralized setting. Finally, we explore the robustness
of Nakamoto-style proof-of-work blockchains against 51% attacks when the main security
assumption of honest majority fails. Most of the results in this thesis are also published in the
following (in order): Ch. 3: [103], Ch. 4: [47], and Ch. 5: [104].
Our first focus is preference aggregationâin particular voting rules. Specifically, we answer
the crucial question: How private is the voting rule we use and the voting information we
release? This natural and seemingly simple question was sidestepped in previous works, where
randomization was added to voting rules in order to achieve the widely-known notion of
differential privacy (DP). Yet, randomness in an election can be undesirable, and may alter
voter incentives and strategies. In this chapter of our thesis, we expand and improve upon
previous works and study deterministic voting rules. In a similarly well-accepted framework of
distributional differential privacy (DDP), we develop new techniques in analyzing and comparing
the privacy of voting rulesâleading to a new measure to contrast different rules in addition to
existing ones in the field of social choice. We learn the positive message that even vote tallies
have very limited privacy leakage that decreases quickly in the number of votes, and a surprising
fact that outputting the winner using different voting rules can result in asymptotically different
privacy leakage.
Having studied privacy in the context of parties with preferences and incentives, we turn our
attention to the secure implementation of games. Specifically, we study the issue of collusion and
how to avoid it. Collusion, or subliminal communication, can introduce undesirable coalitions
in games that allow malicious parties, e.g. cheating poker players, a wider set of strategies.
Standard cryptographic security is insufficient to address the issue, spurring on a line of work that
defined and constructed collusion-free (CF), or its composable version, collusion-preserving (CP)
protocols. Unfortunately, they all required strong assumptions on the communication medium,
such as physical presence of the parties, or a restrictive star-topology network with a trusted
mediator in the center. In fact, CF is impossible without restricted communication, and CP is
conjectured to always require a mediator. Thus, circumventing these impossibilities is necessary
to truly implement games in a decentralized setting. Fortunately, in the rational setting, the
attacker can also be assumed to have utility. By ensuring collusion is only possible by sending
incorrect, penalizable messages, and composing our protocol with a blockchain protocol as the
source of the penalization, we prove our protocol as CP against incentive-driven attackers in a
framework of rational cryptography called rational protocol design (RPD).
Lastly, it is also useful to analyze the security of the blockchain and its associated
cryptocurrenciesâcryptographic transaction ledger protocols with embedded monetary valueâ
using a rational cryptography framework like RPD. Our last chapter studies the incentives of
attackers that perform 51% attacks by breaking the main security assumption of honest majority in proof-of-work (PoW) blockchains such as Bitcoin and Ethereum Classic. Previous works
abstracted the blockchain protocol and the attackerâs actions, analyzing 51% attacks via various
techniques in economics or probability theory. This leads open the question of exploring this
attack in a model closer to standard cryptographic analyses. We answer this question by working in the RPD framework. Improving upon previous analyses that geared towards only mining
rewards, we construct utility functions that model the incentives of 51% attackers. Under the
RPD framework, we are able to determine when an attacker is incentivized to attack a given
instantiation of the blockchain protocol. More importantly, we can make general statements that
indicate changes to protocol parameters to make it secure against all rational attackers under
these incentives
Correctness of services and their composition
We study correctness of services and their composition and investigate how the design of correct service compositions can be systematically supported. We thereby focus on the communication protocol of the service and approach these questions using formal methods and make contributions to three scenarios of SOC.Wir studieren die Korrektheit von Services und Servicekompositionen und untersuchen, wie der Entwurf von korrekten Servicekompositionen systematisch unterstĂŒtzt werden kann. Wir legen dabei den Fokus auf das Kommunikationsprotokoll der Services. Mithilfe von formalen Methoden tragen wir zu drei Szenarien von SOC bei
Tunable Security for Deployable Data Outsourcing
Security mechanisms like encryption negatively affect other software quality characteristics like efficiency. To cope with such trade-offs, it is preferable to build approaches that allow to tune the trade-offs after the implementation and design phase. This book introduces a methodology that can be used to build such tunable approaches. The book shows how the proposed methodology can be applied in the domains of database outsourcing, identity management, and credential management
Internet of Things Strategic Research Roadmap
Internet of Things (IoT) is an integrated part of Future Internet including existing and evolving Internet and network developments and could be conceptually defined as a dynamic global network infrastructure with self configuring capabilities based on standard and interoperable communication protocols where physical and virtual âthingsâ have identities, physical attributes, and virtual personalities, use intelligent interfaces, and are seamlessly integrated into the information network
Correctness of services and their composition
We study correctness of services and their composition and investigate how the design of correct service compositions can be systematically supported. We thereby focus on the communication protocol of the service and approach these questions using formal methods and make contributions to three scenarios of SOC.Wir studieren die Korrektheit von Services und Servicekompositionen und untersuchen, wie der Entwurf von korrekten Servicekompositionen systematisch unterstĂŒtzt werden kann. Wir legen dabei den Fokus auf das Kommunikationsprotokoll der Services. Mithilfe von formalen Methoden tragen wir zu drei Szenarien von SOC bei