Verifiable Digital Object Identity System

Identification is a two part system comprising of a token or label (an identifier) that can be used to reference an entity and a process that can be used to create label-entity associations and verify that the reference and entity belong together. There are a number of identity systems for digital objects that provide identifiers (such as the Handle system, the DOI and URIs). However none of these systems provide verification services. The primary application for our proposed system is in a DRM system, where it is necessary to correctly match users' use licenses to the digital objects covered by the use licenses. In such a case, incorrect associations are effectively failures of the system, and could have wide ranging legal and economic impact, depending on the nature of the protected data. In this paper we present an identity system for digital objects that support verification and the related details such as the identifier format, the verification process as well as a protocol to create identifiers for digital objects

Quire: Lightweight Provenance for Smart Phone Operating Systems

Smartphone apps often run with full privileges to access the network and sensitive local resources, making it difficult for remote systems to have any trust in the provenance of network connections they receive. Even within the phone, different apps with different privileges can communicate with one another, allowing one app to trick another into improperly exercising its privileges (a Confused Deputy attack). In Quire, we engineered two new security mechanisms into Android to address these issues. First, we track the call chain of IPCs, allowing an app the choice of operating with the diminished privileges of its callers or to act explicitly on its own behalf. Second, a lightweight signature scheme allows any app to create a signed statement that can be verified anywhere inside the phone. Both of these mechanisms are reflected in network RPCs, allowing remote systems visibility into the state of the phone when an RPC is made. We demonstrate the usefulness of Quire with two example applications. We built an advertising service, running distinctly from the app which wants to display ads, which can validate clicks passed to it from its host. We also built a payment service, allowing an app to issue a request which the payment service validates with the user. An app cannot not forge a payment request by directly connecting to the remote server, nor can the local payment service tamper with the request

Link Before You Share: Managing Privacy Policies through Blockchain

With the advent of numerous online content providers, utilities and applications, each with their own specific version of privacy policies and its associated overhead, it is becoming increasingly difficult for concerned users to manage and track the confidential information that they share with the providers. Users consent to providers to gather and share their Personally Identifiable Information (PII). We have developed a novel framework to automatically track details about how a users' PII data is stored, used and shared by the provider. We have integrated our Data Privacy ontology with the properties of blockchain, to develop an automated access control and audit mechanism that enforces users' data privacy policies when sharing their data across third parties. We have also validated this framework by implementing a working system LinkShare. In this paper, we describe our framework on detail along with the LinkShare system. Our approach can be adopted by Big Data users to automatically apply their privacy policy on data operations and track the flow of that data across various stakeholders.Comment: 10 pages, 6 figures, Published in: 4th International Workshop on Privacy and Security of Big Data (PSBD 2017) in conjunction with 2017 IEEE International Conference on Big Data (IEEE BigData 2017) December 14, 2017, Boston, MA, US

The Horcrux Protocol: A Method for Decentralized Biometric-based Self-sovereign Identity

Most user authentication methods and identity proving systems rely on a centralized database. Such information storage presents a single point of compromise from a security perspective. If this system is compromised it poses a direct threat to users' digital identities. This paper proposes a decentralized authentication method, called the Horcrux protocol, in which there is no such single point of compromise. The protocol relies on decentralized identifiers (DIDs) under development by the W3C Verifiable Claims Community Group and the concept of self-sovereign identity. To accomplish this, we propose specification and implementation of a decentralized biometric credential storage option via blockchains using DIDs and DID documents within the IEEE 2410-2017 Biometric Open Protocol Standard (BOPS)

Anonymity in Bitcoin and Bitmessage

This report describes two projects created by the author which are based on ideas which originate from the Bitcoin community. The first, bmd, is a re-implementation of the Bitmessage protocol in go. Bitmessage is an anonymous and secure messaging system invented by Jonathan Warren, who was inspired by the design of Bitcoin's p2p network. [WARR1] The second is Shufflepuff, an implementation of a protocol called CoinShuffle[RUFF1] which allows several people to construct a Bitcoin transaction with an input and an output for each participant without any participant knowing who owns which output. CoinShuffle was invented by Tim Ruffing et al, and it is an upgrade of a protocol called CoinJoin, invented by Gregory Maxwell. This paper discusses the background, properties, applications, and design of bmd and Shufflepuff. There is also a report of a performance analysis on bmd.Electrical and Computer Engineerin