Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments

Decentralized systems are a subset of distributed systems where multiple authorities control different components and no authority is fully trusted by all. This implies that any component in a decentralized system is potentially adversarial. We revise fifteen years of research on decentralization and privacy, and provide an overview of key systems, as well as key insights for designers of future systems. We show that decentralized designs can enhance privacy, integrity, and availability but also require careful trade-offs in terms of system complexity, properties provided, and degree of decentralization. These trade-offs need to be understood and navigated by designers. We argue that a combination of insights from cryptography, distributed systems, and mechanism design, aligned with the development of adequate incentives, are necessary to build scalable and successful privacy-preserving decentralized systems

A survey on pseudonym changing strategies for Vehicular Ad-Hoc Networks

The initial phase of the deployment of Vehicular Ad-Hoc Networks (VANETs) has begun and many research challenges still need to be addressed. Location privacy continues to be in the top of these challenges. Indeed, both of academia and industry agreed to apply the pseudonym changing approach as a solution to protect the location privacy of VANETs'users. However, due to the pseudonyms linking attack, a simple changing of pseudonym shown to be inefficient to provide the required protection. For this reason, many pseudonym changing strategies have been suggested to provide an effective pseudonym changing. Unfortunately, the development of an effective pseudonym changing strategy for VANETs is still an open issue. In this paper, we present a comprehensive survey and classification of pseudonym changing strategies. We then discuss and compare them with respect to some relevant criteria. Finally, we highlight some current researches, and open issues and give some future directions

Anonymous reputation based reservations in e-commerce (AMNESIC)

Online reservation systems have grown over the last recent years to facilitate the purchase of goods and services. Generally, reservation systems require that customers provide some personal data to make a reservation effective. With this data, service providers can check the consumer history and decide if the user is trustable enough to get the reserve. Although the reputation of a user is a good metric to implement the access control of the system, providing personal and sensitive data to the system presents high privacy risks, since the interests of a user are totally known and tracked by an external entity. In this paper we design an anonymous reservation protocol that uses reputations to profile the users and control their access to the offered services, but at the same time it preserves their privacy not only from the seller but the service provider

Emerging privacy challenges and approaches in CAV systems

The growth of Internet-connected devices, Internet-enabled services and Internet of Things systems continues at a rapid pace, and their application to transport systems is heralded as game-changing. Numerous developing CAV (Connected and Autonomous Vehicle) functions, such as traffic planning, optimisation, management, safety-critical and cooperative autonomous driving applications, rely on data from various sources. The efficacy of these functions is highly dependent on the dimensionality, amount and accuracy of the data being shared. It holds, in general, that the greater the amount of data available, the greater the efficacy of the function. However, much of this data is privacy-sensitive, including personal, commercial and research data. Location data and its correlation with identity and temporal data can help infer other personal information, such as home/work locations, age, job, behavioural features, habits, social relationships. This work categorises the emerging privacy challenges and solutions for CAV systems and identifies the knowledge gap for future research, which will minimise and mitigate privacy concerns without hampering the efficacy of the functions

Internet Utopianism and the Practical Inevitability of Law

Writing at the dawn of the digital era, John Perry Barlow proclaimed cyberspace to be a new domain of pure freedom. Addressing the nations of the world, he cautioned that their laws, which were “based on matter,” simply did not speak to conduct in the new virtual realm. As both Barlow and the cyberlaw scholars who took up his call recognized, that was not so much a statement of fact as it was an exercise in deliberate utopianism. But it has proved prescient in a way that they certainly did not intend. The “laws” that increasingly have no meaning in online environments include not only the mandates of market regulators but also the guarantees that supposedly protect the fundamental rights of internet users, including the expressive and associational freedoms whose supremacy Barlow asserted. More generally, in the networked information era, protections for fundamental human rights — both on- and offline — have begun to fail comprehensively. Cyberlaw scholarship in the Barlowian mold isn’t to blame for the worldwide erosion of protections for fundamental rights, but it also hasn’t helped as much as it might have. In this essay, adapted from a forthcoming book on the evolution of legal institutions in the information era, I identify and briefly examine three intersecting flavors of internet utopianism in cyberlegal thought that are worth reexamining. It has become increasingly apparent that functioning legal institutions have indispensable roles to play in protecting and advancing human freedom. It has also become increasingly apparent, however, that the legal institutions we need are different than the ones we have

Management system requirements for wireless systems beyond 3G

This paper presents a comprehensive description of various management system requirements for systems beyond 3G, which have been identified as a result of the Software Based Systems activities within the Mobile VCE Core 2 program. Specific requirements for systems beyond 3G are discussed and potential technologies to address them proposed. The analysis has been carried out from network, service and security viewpoints