Privacy issues of ISPs in the modern web

In recent years, privacy issues in the networking field are getting more important. In particular, there is a lively debate about how Internet Service Providers (ISPs) should collect and treat data coming from passive network measurements. This kind of information, such as flow records or HTTP logs, carries considerable knowledge from several points of view: traffic engineering, academic research, and web marketing can take advantage from passive network measurements on ISP customers. Nevertheless, in many cases collected measurements contain personal and confidential information about customers exposed to monitoring, thus raising several ethical issues. Modern web is very different from the one we experienced few years ago: web services converged to few protocols (i.e., HTTP and HTTPS) and a large share of traffic is encrypted. The aim of this work is to provide an insight about which information is still visible to ISPs, with particular attention to novel and emerging protocols, and to what extent it carries personal information. We illustrate that sensible information, such as website history, is still exposed to passive monitoring. We illustrate privacy and ethical issues deriving by the current situation and provide general guidelines and best practices to cope with the collection of network traffic measurements

Raziel: Private and Verifiable Smart Contracts on Blockchains

Raziel combines secure multi-party computation and proof-carrying code to provide privacy, correctness and verifiability guarantees for smart contracts on blockchains. Effectively solving DAO and Gyges attacks, this paper describes an implementation and presents examples to demonstrate its practical viability (e.g., private and verifiable crowdfundings and investment funds). Additionally, we show how to use Zero-Knowledge Proofs of Proofs (i.e., Proof-Carrying Code certificates) to prove the validity of smart contracts to third parties before their execution without revealing anything else. Finally, we show how miners could get rewarded for generating pre-processing data for secure multi-party computation.Comment: Support: cothority/ByzCoin/OmniLedge

Secure and Sustainable Benchmarking in Clouds A Multi-Party Cloud Application with an Untrusted Service Provider

Cloud computing entails a novel securitythreat: The cloud service provideris entrusted with the data of all its customers.Thismay not be sustainable forhighly confidential data. Encryption, ormore generally cryptography,may providea solution by computing on dataencrypted by the customers. While thissolution is theoretically appealing, itraises a number of research questionsin information system design.Using the example of collaborativebenchmarking the author presents andevaluates an exemplary design and implementationof a cloud applicationthat operates only on encrypted data,thus protecting the confidentiality ofthe customer’s data against the cloudservice provider. The cloud applicationcomputes common statistics forbenchmarking without disclosing theindividual key performance indicators.Benchmarking is an important processfor companies to stay competitivein today’s markets. It allows them toevaluate their performance against thestatistics of their peers and implementtargeted improvement measures

FROM INTELLIGENT WEB OF THINGS TO SOCIAL WEB OF THINGS

Numerous challenges, including limited resources, random mobility, and lack of standardized communication protocols, are currently preventing a myriad of heterogeneous devices to interact and provide Web services within the context of the Web of Things (WoT). We argue in this paper that these devices should be augmented with artificial intelligence techniques for an enhanced management of their resources and an easier construction of Web applications integrating Real World Things (RWT). To this end, we present a new classification of the WoT challenges and highlight the opportunities of embedding smartness into RWT. We also present our vision of Intelligent WoT by proposing a multiagent system-based architecture for intelligent Web service composition. In addition, we discuss the shift of the WoT toward a Social WoT (SWoT) and debate our ideas within two important scenarios, namely the Intelligent VANET-WoT and smart logistics