Yksityisyyden turvaavia protokollia verkkoliikenteen suojaamiseen

Digital technologies have become an essential part of our lives. In many parts of the world, activities such as socializing, providing health care, leisure and education are entirely or partially relying on the internet. Moreover, the COVID-19 world pandemic has also contributed significantly to our dependency on the on-line world. While the advancement of the internet brings many advantages, there are also disadvantages such as potential loss of privacy and security. While the users enjoy surfing on the web, service providers may collect a variety of information about their users, such as the users’ location, gender, and religion. Moreover, the attackers may try to violate the users’ security, for example, by infecting the users’ devices with malware. In this PhD dissertation, to provide means to protect networking we propose several privacy-preserving protocols. Our protocols empower internet users to get a variety of services, while at the same time ensuring users’ privacy and security in the digital world. In other words, we design our protocols such that the users only share the amount of information with the service providers that is absolutely necessary to gain the service. Moreover, our protocols only add minimal additional time and communication costs, while leveraging cryptographic schemes to ensure users’ privacy and security. The dissertation contains two main themes of protocols: privacy-preserving set operations and privacy-preserving graph queries. These protocols can be applied to a variety of application areas. We delve deeper into three application areas: privacy-preserving technologies for malware protection, protection of remote access, and protecting minors.Digitaaliteknologiasta on tullut oleellinen osa ihmisten elämää. Monissa osissa maailmaa sellaiset toiminnot kuten terveydenhuolto, vapaa-ajan vietto ja opetus ovat osittain tai kokonaan riippuvaisia internetistä. Lisäksi COVID-19 -pandemia on lisännyt ihmisten riippuvuutta tietoverkoista. Vaikkakin internetin kehittyminen on tuonut paljon hyvää, se on tuonut mukanaan myös haasteita yksityisyydelle ja tietoturvalle. Käyttäjien selatessa verkkoa palveluntarjoajat voivat kerätä käyttäjästä monenlaista tietoa, kuten esimerkiksi käyttäjän sijainnin, sukupuolen ja uskonnon. Lisäksi hyökkääjät voivat yrittää murtaa käyttäjän tietoturvan esimerkiksi asentamalla hänen koneelleen haittaohjelmia. Tässä väitöskirjassa esitellään useita turvallisuutta suojaavia protokollia tietoverkossa tapahtuvan toiminnan turvaamiseen. Nämä protokollat mahdollistavat internetin käytön monilla tavoilla samalla kun ne turvaavat käyttäjän yksityisyyden ja tietoturvan digitaalisessa maailmassa. Toisin sanoen nämä protokollat on suunniteltu siten, että käyttäjät jakavat palveluntarjoajille vain sen tiedon, joka on ehdottoman välttämätöntä palvelun tuottamiseksi. Protokollat käyttävät kryptografisia menetelmiä käyttäjän yksityisyyden sekä tietoturvan varmistamiseksi, ja ne hidastavat kommunikaatiota mahdollisimman vähän. Tämän väitöskirjan sisältämät protokollat voidaan jakaa kahteen eri teemaan: protokollat yksityisyyden suojaaville joukko-operaatioille ja protokollat yksityisyyden suojaaville graafihauille. Näitä protokollia voidaan soveltaa useilla aloilla. Näistä aloista väitöskirjassa käsitellään tarkemmin haittaohjelmilta suojautumista, etäyhteyksien suojaamista ja alaikäisten suojelemista

The Adversarial Noise Threshold for Distributed Protocols

We consider the problem of implementing distributed protocols, despite adversarial channel errors, on synchronous-messaging networks with arbitrary topology. In our first result we show that any $n$-party $T$-round protocol on an undirected communication network $G$ can be compiled into a robust simulation protocol on a sparse ($\mathcal{O}(n)$ edges) subnetwork so that the simulation tolerates an adversarial error rate of $\Omega\left(\frac{1}{n}\right)$; the simulation has a round complexity of $\mathcal{O}\left(\frac{m \log n}{n} T\right)$, where $m$ is the number of edges in $G$. (So the simulation is work-preserving up to a $\log$ factor.) The adversary's error rate is within a constant factor of optimal. Given the error rate, the round complexity blowup is within a factor of $\mathcal{O}(k \log n)$ of optimal, where $k$ is the edge connectivity of $G$. We also determine that the maximum tolerable error rate on directed communication networks is $\Theta(1/s)$ where $s$ is the number of edges in a minimum equivalent digraph. Next we investigate adversarial per-edge error rates, where the adversary is given an error budget on each edge of the network. We determine the exact limit for tolerable per-edge error rates on an arbitrary directed graph. However, the construction that approaches this limit has exponential round complexity, so we give another compiler, which transforms $T$-round protocols into $\mathcal{O}(mT)$-round simulations, and prove that for polynomial-query black box compilers, the per-edge error rate tolerated by this last compiler is within a constant factor of optimal.Comment: 23 pages, 2 figures. Fixes mistake in theorem 6 and various typo

FinTracer: A privacy-preserving mechanism for tracing electronic money

Information sharing between financial institutions can uncover complex financial crimes such as money laundering and fraud. However, such information sharing is often not possible due to privacy and commercial considerations, and criminals can exploit this intelligence gap in order to hide their activities by distributing them between institutions, a form of the practice known as ``layering\u27\u27. We describe an algorithm that allows financial intelligence analysts to trace the flow of funds in suspicious transactions across financial institutions, without this impinging on the privacy of uninvolved individuals and without breaching the tipping off offence provisions between financial institutions. The algorithm is lightweight, allowing it to work even at nation-scale, as well as for it to be used as a building-block in the construction of more sophisticated algorithms for the detection of complex crime typologies within the financial data. We prove the algorithm\u27s scalability by timing measurements done over a full-sized deployment

Sublinear Computation Paradigm

This open access book gives an overview of cutting-edge work on a new paradigm called the “sublinear computation paradigm,” which was proposed in the large multiyear academic research project “Foundations of Innovative Algorithms for Big Data.” That project ran from October 2014 to March 2020, in Japan. To handle the unprecedented explosion of big data sets in research, industry, and other areas of society, there is an urgent need to develop novel methods and approaches for big data analysis. To meet this need, innovative changes in algorithm theory for big data are being pursued. For example, polynomial-time algorithms have thus far been regarded as “fast,” but if a quadratic-time algorithm is applied to a petabyte-scale or larger big data set, problems are encountered in terms of computational resources or running time. To deal with this critical computational and algorithmic bottleneck, linear, sublinear, and constant time algorithms are required. The sublinear computation paradigm is proposed here in order to support innovation in the big data era. A foundation of innovative algorithms has been created by developing computational procedures, data structures, and modelling techniques for big data. The project is organized into three teams that focus on sublinear algorithms, sublinear data structures, and sublinear modelling. The work has provided high-level academic research results of strong computational and algorithmic interest, which are presented in this book. The book consists of five parts: Part I, which consists of a single chapter on the concept of the sublinear computation paradigm; Parts II, III, and IV review results on sublinear algorithms, sublinear data structures, and sublinear modelling, respectively; Part V presents application results. The information presented here will inspire the researchers who work in the field of modern algorithms

Advanced Location-Based Technologies and Services

Since the publication of the first edition in 2004, advances in mobile devices, positioning sensors, WiFi fingerprinting, and wireless communications, among others, have paved the way for developing new and advanced location-based services (LBSs). This second edition provides up-to-date information on LBSs, including WiFi fingerprinting, mobile computing, geospatial clouds, geospatial data mining, location privacy, and location-based social networking. It also includes new chapters on application areas such as LBSs for public health, indoor navigation, and advertising. In addition, the chapter on remote sensing has been revised to address advancements

Video big data: an agile architecture for systematic exploration and analytics

Video is currently at the forefront of most business and natural environments. In surveillance, it is the most important technology as surveillance systems reveal information and patterns for solving many security problems including crime prevention. This research investigates technologies that currently drive video surveillance systems with a view to optimization and automated decision support. The investigation reveals some features and properties that can be optimised to improve performance and derive further benefits from surveillance systems. These aspects include system-wide architecture, meta-data generation, meta-data persistence, object identification, object tagging, object tracking, search and querying sub-systems. The current less-than-optimum performance is attributable to many factors, which include massive volume, variety, and velocity (the speed at which streaming video transmit to storage) of video data in surveillance systems. Research contributions are 2-fold. First, we propose a system-wide architecture for designing and implementing surveillance systems, based on the authors’ system architecture for generating meta-data. Secondly, we design a simulation model of a multi-view surveillance system from which the researchers generate simulated video streams in large volumes. From each video sequence in the model, the authors extract meta-data and apply a novel algorithm for predicting the location of identifiable objects across a well-connected camera cluster. This research provide evidence that independent surveillance systems (for example, security cameras) can be unified across a geographical location such as a smart city, where each network is administratively owned and managed independently. Our investigation involved 2 experiments - first, the implementation of a web-based solution where we developed a directory service for managing, cataloguing, and persisting metadata generated by the surveillance networks. The second experiment focused on the set up, configuration and the architecture of the surveillance system. These experiments involved the investigation and demonstration of 3 loosely coupled service-oriented APIs – these services provided the capability to generate the query-able metadata. The results of our investigations provided answers to our research questions - the main question being “to what degree of accuracy can we predict the location of an object in a connected surveillance network”. Our experiment also provided evidence in support of our hypothesis – “it is feasible to ‘explore’ unified surveillance data generated from independent surveillance networks”

Behavioural biometric identification based on human computer interaction

As we become increasingly dependent on information systems, personal identification and profiling systems have received an increasing interest, either for reasons of personali- sation or security. Biometric profiling is one means of identification which can be achieved by analysing something the user is or does (e.g., a fingerprint, signature, face, voice). This Ph.D. research focuses on behavioural biometrics, a subset of biometrics that is concerned with the patterns of conscious or unconscious behaviour of a person, involving their style, preference, skills, knowledge, motor-skills in any domain. In this work I explore the cre- ation of user profiles to be applied in dynamic user identification based on the biometric pat- terns observed during normal Human-Computer Interaction (HCI) by continuously logging and tracking the corresponding computer events. Unlike most of the biometrics systems that need special hardware devices (e.g. finger print reader), HCI-based identification sys- tems can be implemented using regular input devices (mouse or keyboard) and they do not require the user to perform specific tasks to train the system. Specifically, three components are studied in-depth: mouse dynamics, keystrokes dynamics and GUI based user behaviour. In this work I will describe my research on HCI-based behavioural biometrics, discuss the features and models I proposed for each component along with the result of experiments. In addition, I will describe the methodology and datasets I gathered using my LoggerMan application that has been developed specifically to passively gather behavioural biometric data for evaluation. Results show that normal Human-Computer Interaction reveals behavioural information with discriminative power sufficient to be used for user modelling for identification purposes

Enhancing trustability in MMOGs environments

Massively Multiplayer Online Games (MMOGs; e.g., World of Warcraft), virtual worlds (VW; e.g., Second Life), social networks (e.g., Facebook) strongly demand for more autonomic, security, and trust mechanisms in a way similar to humans do in the real life world. As known, this is a difficult matter because trusting in humans and organizations depends on the perception and experience of each individual, which is difficult to quantify or measure. In fact, these societal environments lack trust mechanisms similar to those involved in humans-to-human interactions. Besides, interactions mediated by compute devices are constantly evolving, requiring trust mechanisms that keep the pace with the developments and assess risk situations. In VW/MMOGs, it is widely recognized that users develop trust relationships from their in-world interactions with others. However, these trust relationships end up not being represented in the data structures (or databases) of such virtual worlds, though they sometimes appear associated to reputation and recommendation systems. In addition, as far as we know, the user is not provided with a personal trust tool to sustain his/her decision making while he/she interacts with other users in the virtual or game world. In order to solve this problem, as well as those mentioned above, we propose herein a formal representation of these personal trust relationships, which are based on avataravatar interactions. The leading idea is to provide each avatar-impersonated player with a personal trust tool that follows a distributed trust model, i.e., the trust data is distributed over the societal network of a given VW/MMOG. Representing, manipulating, and inferring trust from the user/player point of view certainly is a grand challenge. When someone meets an unknown individual, the question is “Can I trust him/her or not?”. It is clear that this requires the user to have access to a representation of trust about others, but, unless we are using an open source VW/MMOG, it is difficult —not to say unfeasible— to get access to such data. Even, in an open source system, a number of users may refuse to pass information about its friends, acquaintances, or others. Putting together its own data and gathered data obtained from others, the avatar-impersonated player should be able to come across a trust result about its current trustee. For the trust assessment method used in this thesis, we use subjective logic operators and graph search algorithms to undertake such trust inference about the trustee. The proposed trust inference system has been validated using a number of OpenSimulator (opensimulator.org) scenarios, which showed an accuracy increase in evaluating trustability of avatars. Summing up, our proposal aims thus to introduce a trust theory for virtual worlds, its trust assessment metrics (e.g., subjective logic) and trust discovery methods (e.g., graph search methods), on an individual basis, rather than based on usual centralized reputation systems. In particular, and unlike other trust discovery methods, our methods run at interactive rates.MMOGs (Massively Multiplayer Online Games, como por exemplo, World of Warcraft), mundos virtuais (VW, como por exemplo, o Second Life) e redes sociais (como por exemplo, Facebook) necessitam de mecanismos de confiança mais autónomos, capazes de assegurar a segurança e a confiança de uma forma semelhante à que os seres humanos utilizam na vida real. Como se sabe, esta não é uma questão fácil. Porque confiar em seres humanos e ou organizações depende da percepção e da experiência de cada indivíduo, o que é difícil de quantificar ou medir à partida. Na verdade, esses ambientes sociais carecem dos mecanismos de confiança presentes em interacções humanas presenciais. Além disso, as interacções mediadas por dispositivos computacionais estão em constante evolução, necessitando de mecanismos de confiança adequados ao ritmo da evolução para avaliar situações de risco. Em VW/MMOGs, é amplamente reconhecido que os utilizadores desenvolvem relações de confiança a partir das suas interacções no mundo com outros. No entanto, essas relações de confiança acabam por não ser representadas nas estruturas de dados (ou bases de dados) do VW/MMOG específico, embora às vezes apareçam associados à reputação e a sistemas de reputação. Além disso, tanto quanto sabemos, ao utilizador não lhe é facultado nenhum mecanismo que suporte uma ferramenta de confiança individual para sustentar o seu processo de tomada de decisão, enquanto ele interage com outros utilizadores no mundo virtual ou jogo. A fim de resolver este problema, bem como os mencionados acima, propomos nesta tese uma representação formal para essas relações de confiança pessoal, baseada em interacções avatar-avatar. A ideia principal é fornecer a cada jogador representado por um avatar uma ferramenta de confiança pessoal que segue um modelo de confiança distribuída, ou seja, os dados de confiança são distribuídos através da rede social de um determinado VW/MMOG. Representar, manipular e inferir a confiança do ponto de utilizador/jogador, é certamente um grande desafio. Quando alguém encontra um indivíduo desconhecido, a pergunta é “Posso confiar ou não nele?”. É claro que isto requer que o utilizador tenha acesso a uma representação de confiança sobre os outros, mas, a menos que possamos usar uma plataforma VW/MMOG de código aberto, é difícil — para não dizer impossível — obter acesso aos dados gerados pelos utilizadores. Mesmo em sistemas de código aberto, um número de utilizadores pode recusar partilhar informações sobre seus amigos, conhecidos, ou sobre outros. Ao juntar seus próprios dados com os dados obtidos de outros, o utilizador/jogador representado por um avatar deve ser capaz de produzir uma avaliação de confiança sobre o utilizador/jogador com o qual se encontra a interagir. Relativamente ao método de avaliação de confiança empregue nesta tese, utilizamos lógica subjectiva para a representação da confiança, e também operadores lógicos da lógica subjectiva juntamente com algoritmos de procura em grafos para empreender o processo de inferência da confiança relativamente a outro utilizador. O sistema de inferência de confiança proposto foi validado através de um número de cenários Open-Simulator (opensimulator.org), que mostrou um aumento na precisão na avaliação da confiança de avatares. Resumindo, a nossa proposta visa, assim, introduzir uma teoria de confiança para mundos virtuais, conjuntamente com métricas de avaliação de confiança (por exemplo, a lógica subjectiva) e em métodos de procura de caminhos de confiança (com por exemplo, através de métodos de pesquisa em grafos), partindo de uma base individual, em vez de se basear em sistemas habituais de reputação centralizados. Em particular, e ao contrário de outros métodos de determinação do grau de confiança, os nossos métodos são executados em tempo real

A framework for development and implementation of secure hardware-based systems

Orientador : Ricardo Dahab.Tese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo A concepção de sistemas seguros demanda tratamento holístico, global. A razão é que a mera composição de componentes individualmente seguros não garante a segurança do conjunto resultante2. Enquanto isso, a complexidade dos sistemas de informação cresce vigorosamente, dentre outros, no que se diz respeito: i) ao número de componentes constituintes; ii) ao número de interações com outros sistemas; e iii) 'a diversidade de natureza dos componentes. Este crescimento constante da complexidade demanda um domínio de conhecimento ao mesmo tempo multidisciplinar e profundo, cada vez mais difícil de ser coordenado em uma única visão global, seja por um indivíduo, seja por uma equipe de desenvolvimento. Nesta tese propomos um framework para a concepção, desenvolvimento e deployment de sistemas baseados em hardware que é fundamentado em uma visão única e global de segurança. Tal visão cobre um espectro abrangente de requisitos, desde a integridade física dos dispositivos até a verificação, pelo usuário final, de que seu sistema está logicamente íntegro. Para alcançar este objetivo, apresentamos nesta tese o seguinte conjunto de componentes para o nosso framework: i) um conjunto de considerações para a construção de modelos de ataques que capturem a natureza particular dos adversários de sistemas seguros reais, principalmente daqueles baseados em hardware; ii) um arcabouço teórico com conceitos e definições importantes e úteis na construção de sistemas seguros baseados em hardware; iii) um conjunto de padrões (patterns) de componentes e arquiteturas de sistemas seguros baseados em hardware; iv) um modelo teórico, lógico-probabilístico, para avaliação do nível de segurança das arquiteturas e implementações; e v) a aplicação dos elementos do framework na implementação de sistemas de produção, com estudos de casos muito significativos3. Os resultados relacionados a estes componentes estão apresentados nesta tese na forma de coletânea de artigos. 2 Técnicas "greedy" não fornecem necessariamente os resultados ótimos. Mais, a presença de componentes seguros não é nem fundamental. 3 Em termos de impacto social, econômico ou estratégicoAbstract: The conception of secure systems requires a global, holistic, approach. The reason is that the mere composition of individually secure components does not necessarily imply in the security of the resulting system4. Meanwhile, the complexity of information systems has grown vigorously in several dimensions as: i) the number of components, ii) the number of interactions with other components, iii) the diversity in the nature of the components. This continuous growth of complexity requires from designers a deep and broad multidisciplinary knowledge, which is becoming increasingly difficult to be coordinated and attained either by individuals or even teams. In this thesis we propose a framework for the conception, development, and deployment of secure hardware-based systems that is rooted on a unified and global security vision. Such a vision encompasses a broad spectrum of requirements, from device physical integrity to the device logical integrity verification by humans. In order to attain this objective we present in this thesis the following set of components of our framework: i) a set of considerations for the development of threat models that captures the particular nature of adversaries of real secure systems based on hardware; ii) a set of theoretical concepts and definitions useful in the design of secure hardware-based systems; iii) a set of design patterns of components and architectures for secure systems; iv) a logical-probabilistic theoretical model for security evaluation of system architectures and implementations; and v) the application of the elements of our framework in production systems with highly relevant study cases. Our results related to these components are presented in this thesis as a series of papers which have been published or submitted for publication. 4Greedy techniques do not inevitably yield optimal results. More than that, the usage of secure components is not even requiredDoutoradoCiência da ComputaçãoDoutor em Ciência da Computaçã