Matrix powers algorithms for trust evaluation in PKI architectures

This paper deals with the evaluation of trust in public-key infrastructures. Different trust models have been proposed to interconnect the various PKI components in order to propagate the trust between them. In this paper we provide a new polynomial algorithm using linear algebra to assess trust relationships in a network using different trust evaluation schemes. The advantages are twofold: first the use of matrix computations instead of graph algorithms provides an optimized computational solution; second, our algorithm can be used for generic graphs, even in the presence of cycles. Our algorithm is designed to evaluate the trust using all existing (finite) trust paths between entities as a preliminary to any exchanges between PKIs. This can give a precise evaluation of trust, and accelerate for instance cross-certificate validation

Private Multi-party Matrix Multiplication and Trust Computations

This paper deals with distributed matrix multiplication. Each player owns only one row of both matrices and wishes to learn about one distinct row of the product matrix, without revealing its input to the other players. We first improve on a weighted average protocol, in order to securely compute a dot-product with a quadratic volume of communications and linear number of rounds. We also propose a protocol with five communication rounds, using a Paillier-like underlying homomorphic public key cryptosystem, which is secure in the semi-honest model or secure with high probability in the malicious adversary model. Using ProVerif, a cryptographic protocol verification tool, we are able to check the security of the protocol and provide a countermeasure for each attack found by the tool. We also give a randomization method to avoid collusion attacks. As an application, we show that this protocol enables a distributed and secure evaluation of trust relationships in a network, for a large class of trust evaluation schemes.Comment: Pierangela Samarati. SECRYPT 2016 : 13th International Conference on Security and Cryptography, Lisbonne, Portugal, 26--28 Juillet 2016. 201

Contextual Social Networking

The thesis centers around the multi-faceted research question of how contexts may be detected and derived that can be used for new context aware Social Networking services and for improving the usefulness of existing Social Networking services, giving rise to the notion of Contextual Social Networking. In a first foundational part, we characterize the closely related fields of Contextual-, Mobile-, and Decentralized Social Networking using different methods and focusing on different detailed aspects. A second part focuses on the question of how short-term and long-term social contexts as especially interesting forms of context for Social Networking may be derived. We focus on NLP based methods for the characterization of social relations as a typical form of long-term social contexts and on Mobile Social Signal Processing methods for deriving short-term social contexts on the basis of geometry of interaction and audio. We furthermore investigate, how personal social agents may combine such social context elements on various levels of abstraction. The third part discusses new and improved context aware Social Networking service concepts. We investigate special forms of awareness services, new forms of social information retrieval, social recommender systems, context aware privacy concepts and services and platforms supporting Open Innovation and creative processes. This version of the thesis does not contain the included publications because of copyrights of the journals etc. Contact in terms of the version with all included publications: Georg Groh, [email protected] zentrale Gegenstand der vorliegenden Arbeit ist die vielschichtige Frage, wie Kontexte detektiert und abgeleitet werden können, die dazu dienen können, neuartige kontextbewusste Social Networking Dienste zu schaffen und bestehende Dienste in ihrem Nutzwert zu verbessern. Die (noch nicht abgeschlossene) erfolgreiche Umsetzung dieses Programmes führt auf ein Konzept, das man als Contextual Social Networking bezeichnen kann. In einem grundlegenden ersten Teil werden die eng zusammenhängenden Gebiete Contextual Social Networking, Mobile Social Networking und Decentralized Social Networking mit verschiedenen Methoden und unter Fokussierung auf verschiedene Detail-Aspekte näher beleuchtet und in Zusammenhang gesetzt. Ein zweiter Teil behandelt die Frage, wie soziale Kurzzeit- und Langzeit-Kontexte als für das Social Networking besonders interessante Formen von Kontext gemessen und abgeleitet werden können. Ein Fokus liegt hierbei auf NLP Methoden zur Charakterisierung sozialer Beziehungen als einer typischen Form von sozialem Langzeit-Kontext. Ein weiterer Schwerpunkt liegt auf Methoden aus dem Mobile Social Signal Processing zur Ableitung sinnvoller sozialer Kurzzeit-Kontexte auf der Basis von Interaktionsgeometrien und Audio-Daten. Es wird ferner untersucht, wie persönliche soziale Agenten Kontext-Elemente verschiedener Abstraktionsgrade miteinander kombinieren können. Der dritte Teil behandelt neuartige und verbesserte Konzepte für kontextbewusste Social Networking Dienste. Es werden spezielle Formen von Awareness Diensten, neue Formen von sozialem Information Retrieval, Konzepte für kontextbewusstes Privacy Management und Dienste und Plattformen zur Unterstützung von Open Innovation und Kreativität untersucht und vorgestellt. Diese Version der Habilitationsschrift enthält die inkludierten Publikationen zurVermeidung von Copyright-Verletzungen auf Seiten der Journals u.a. nicht. Kontakt in Bezug auf die Version mit allen inkludierten Publikationen: Georg Groh, [email protected]

Trust Establishment Mechanisms for Distributed Service Environments

The aim and motivation of this dissertation can be best described in one of the most important application fields, the cloud computing. It has changed entire business model of service-oriented computing environments in the last decade. Cloud computing enables information technology related services in a more dynamic and scalable way than before – more cost-effective than before due to the economy of scale and of sharing resources. These opportunities are too attractive for consumers to ignore in today’s highly competitive service environments. The way to realise these opportunities, however, is not free of obstacles. Services offered in cloud computing environments are often composed of multiple service components, which are hosted in distributed systems across the globe and managed by multiple parties. Potential consumers often feel that they lose the control over their data, due to the lack of transparent service specification and unclear security assurances in such environments. These issues encountered by the consumers boiled down to an unwillingness to depend on the service providers regarding the services they offer in the marketplaces. Therefore, consumers have to be put in a position where they can reliably assess the dependability of a service provider. At the same time, service providers have to be able to truthfully present the service-specific security capabilities. If both of these objectives can be achieved, consumers have a basis to make well-founded decisions about whether or not to depend on a particular service provider out of many alternatives. In this thesis, computational trust mechanisms are leveraged to assess the capabilities and evaluate the dependability of service providers. These mechanisms, in the end, potentially support consumers to establish trust on service providers in distributed service environments, e.g., cloud computing. In such environments, acceptable quality of the services can be maintained if the providers possess required capabilities regarding different service-specific attributes, e.g., security, performance, compliance. As services in these environments are often composed of multiple services, subsystems and components, evaluating trustworthiness of the service providers based on the service-specific attributes is non-trivial. In this vein, novel mechanisms are proposed for assessing and evaluating the trustworthiness of service providers considering the trustworthiness of composite services. The scientific contributions towards those novel mechanisms are summarised as follows: • Firstly, we introduce a list of service-specific attributes, QoS+ [HRM10, HHRM12], based on a systematic and comprehensive analysis of existing literatures in the field of cloud computing security and trust. • Secondly, a formal framework [SVRH11, RHMV11a, RHMV11b] is proposed to analyse the composite services along with their required service-specific attributes considering consumer requirements and represent them in simplified meaningful terms, i.e., Propositional Logic Terms (PLTs). • Thirdly, a novel trust evaluation framework CertainLogic [RHMV11a, RHMV11b, HRHM12a, HRHM12b] is proposed to evaluate the PLTs, i.e., capabilities of service providers. The framework provides computational operators to evaluate the PLTs, considering that uncertain and conflicting information are associated with each of the PLTs and those information can be derived from multiple sources. • Finally, harnessing these technical building blocks we present a novel trust management architecture [HRM11] for cloud computing marketplaces. The architecture is designed to support consumers in assessing and evaluating the trustworthiness of service providers based on the published information about their services. The novel contributions of this thesis are evaluated using proof-of-concept-system, prototype implementations and formal proofs. The proof-of-concept-system [HRMV13, HVM13a, HVM13b] is a realisation of the proposed architecture for trust management in cloud marketplaces. The realisation of the system is implemented based on a self-assessment framework, proposed by the Cloud Security Alliance, where the formal framework and computational operators of CertainLogic are applied. The realisation of the system enables consumers to evaluate the trustworthiness of service providers based on their published datasets in the CSA STAR. A number of experiments are conducted in different cloud computing scenarios leveraging the datasets in order to demonstrate the technical feasibility of the contributions made in this thesis. Additionally, the prototype implementations of CertainLogic framework provide means to demonstrate the characteristics of the computational operators by means of various examples. The formal framework as well as computational operators of CertainLogic are validated against desirable mathematical properties, which are supported by formal algebraic proofs