Practical Privacy-Preserving Indoor Localization based on Secure Two-Party Computation

We present a privacy-preserving indoor localization scheme based on received signal strength measurements, e.g., from WiFi access points. Our scheme preserves the privacy of both the client's location and the service provider's database by using secure two-party computation instantiated with known cryptographic primitives, namely, Paillier encryption and garbled circuits. We describe a number of optimizations that reduce the computation and communication overheads of the scheme and provide theoretical evaluations of these overheads. We also demonstrate the feasibility of the scheme by developing a proof-of-concept implementation for Android smartphones and commodity servers. This implementation allows us to validate the practical performance of our scheme and to show that it is feasible for practical use in certain types of indoor localization applications.Peer reviewe

Breaking and Fixing Garbled Circuits when a Gate has Duplicate Input Wires

Garbled circuits are a fundamental cryptographic primitive that allows two or more parties to securely evaluate an arbitrary Boolean circuit without revealing any information beyond the output using a constant number of communication rounds. Garbled circuits have been introduced by Yao (FOCS’86) and generalized to the multi-party setting by Beaver, Micali and Rogaway (STOC’90). Since then, several works have improved their efficiency by providing different garbling schemes and several implementations exist. Starting with the seminal Fairplay compiler (USENIX Security’04), several implementation frameworks decoupled the task of compiling the function to be evaluated into a Boolean circuit from the engine that securely evaluates that circuit, e.g., using a secure two-party computation protocol based on garbled circuits. In this paper, we show that this decoupling of circuit generation and evaluation allows a subtle attack on several prominent garbling schemes. It occurs when violating the implicit assumption on the circuit that gates have different input wires which is most often not explicitly specified in the respective papers. The affected garbling schemes use separate calls to a deterministic encryption function for the left and right input wire of a gate to derive pseudo-random encryption pads that are XORed together. When a circuit contains a gate where the left and right input wire are the same, these two per-wire encryption pads cancel out and we demonstrate that this can result in a complete break of privacy. We show how the vulnerable garbling schemes can be fixed easily

FAPRIL: Towards Faster Privacy-Preserving Fingerprint-Based Localization

Fingerprinting is a commonly used technique to provide accurate localization for indoor areas, where global navigation satellite systems, such as GPS and Galileo, cannot function or are not precise enough. Although fingerprint-based indoor localization has gained wide popularity, existing solutions that preserve privacy either rely on non-colluding servers or have high communication which hinder deployment. In this work we present FAPRIL, a privacy-preserving indoor localization scheme, which takes advantage of the latest secure two-party computation protocol improvements. We can split our scheme into two parts: an input independent setup phase and an online phase. We concentrate on optimizing the online phase for mobile clients who run on a mobile data plan and observe that recurring operands allow to optimize the total communication overhead even further. Our observation can be generalized, e.g., to improve multiplication of Arithmetic secret shared matrices. We implement FAPRIL on mobile devices and our benchmarks over a simulated LTE network show that the online phase of a private localization takes under 0.15 seconds with less than 0.20 megabytes of communication even for large buildings. The setup phase, which can be pre-computed, depends heavily on the setting but stays in the range 0.28 - 4.14 seconds and 0.69 - 16.00 megabytes per localization query. The round complexity of FAPRIL is constant for both phases

PrivMail: A Privacy-Preserving Framework for Secure Emails

Emails have improved our workplace efficiency and communication. However, they are often processed unencrypted by mail servers, leaving them open to data breaches on a single service provider. Public-key based solutions for end-to-end secured email, such as Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME), are available but are not widely adopted due to usability obstacles and also hinder processing of encrypted emails. We propose PrivMail, a novel approach to secure emails using secret sharing methods. Our framework utilizes Secure Multi-Party Computation techniques to relay emails through multiple service providers, thereby preventing any of them from accessing the content in plaintext. Additionally, PrivMail supports private server-side email processing similar to IMAP SEARCH, and eliminates the need for cryptographic certificates, resulting in better usability than public-key based solutions. An important aspect of our framework is its capability to enable third-party searches on user emails while maintaining the privacy of both the email and the query used to conduct the search. We integrate PrivMail into the current email infrastructure and provide a Thunderbird plugin to enhance user-friendliness. To evaluate our solution, we benchmarked transfer and search operations using the Enron Email Dataset and demonstrate that PrivMail is an effective solution for enhancing email security

Alue- ja yhdyskuntarakenteen mahdolliset tulevaisuudet : PERUS-SKENE-hankkeen loppuraportti

Suurten muutospaineiden alaisessa maailmassa alue- ja yhdyskuntarakenteen pitkäjänteinen kehittäminen tarvitsee tuekseen jatkuvan toiminnan ennakointijärjestelmän. Valtakunnallista aluerakenteen ennakointityötä on tehty aiemmin hankemaisesti muun muassa ALLI 2050 -hankkeessa. Nopeasti muuttuva toimintaympäristö edellyttää kuitenkin jatkuvaa ennakointityötä, jolla on herkkyyttä tunnistaa muutosilmiöitä sekä näiden epävarmuustekijöitä ja vaihtoehtoisia kehityskulkuja suhteessa alue- ja yhdyskuntarakenteen trendikehitykseen. Hankkeessa PERUS-SKENE on pilotoitu alue- ja yhdyskuntarakenteen kehityksen seurannan ja ennakoinnin toteutusta sekä kehitetty pilotista saatujen kokemusten pohjalta toimintamalli valtakunnalliselle alueidenkäytön kehityskuvatyölle jatkuvana toimintana. Sen elementtejä hallituskauden mittaisessa syklissä ovat muutosilmiökartoitus, trendinomaisen alue- ja yhdyskuntarakenteen kehityksen perusuran ja tämän rinnalla vaihtoehtoisten skenaarioiden laadinta, näiden kestävyysarviointi sekä tavoitteellisen kehityspolun määrittely tämän informaation pohjalta. Tätä työtä luonnehtivat hallintosektoreiden ja -tasojen välinen koordinoituminen, vuorovaikutteisuus ja yhteiskehittely sekä tilannehuonemainen reagointiherkkyys. Julkaisu on läpikäynyt ulkopuolisen tieteellisen arvioinnin.Tämä julkaisu on toteutettu osana valtioneuvoston selvitys- ja tutkimussuunnitelman toimeenpanoa. (tietokayttoon.fi) Julkaisun sisällöstä vastaavat tiedon tuottajat, eikä tekstisisältö välttämättä edusta valtioneuvoston näkemystä.Sivua 116 on päivitetty 6.9.2022 ja aineisto korvaa aikaisemmin, 6.9.2022 julkaistun version

Yksityisyyden takaava sisätilapaikannusjärjestelmä

The research on indoor localization has grown due to the growing interest in indoor location-based services (LBS). Privacy and security analysis of indoor positioning systems (IPS) has drawn less attention, although it has been shown that location information can impact the personal safety of individuals. In this thesis, we present a privacy-preserving localization scheme that takes advantage of the Paillier encryption scheme and Yao’s garbled circuits. The scheme is experimented with an Android mobile device implementation in a genuine environment containing 5G LTE stations and Wi-Fi access points (AP). The scheme is shown to be practical under certain circumstances and the security relies on known cryptographic protocols in the Honest but Curious (HBC) attack model.Sisätilapaikannuksen tutkimus on kasvanut viime vuosina, koska kiinnostus erilaisiin sisätilapaikannukseen perustuviin palveluihin on kasvanut. Yksityisyys- ja turvallisuusasiat eivät ole saaneet suurta huomiota sisätilapaikannuksen yhteydessä, vaikka on pystytty osoittamaan, että paikkatiedoilla voidaan vaikuttaa yksilön turvallisuuteen ja yksityisyyden suojaan. Tässä diplomityössä käsitellään yksityisyyden takaavaa sisätilapaikannusärjestelmää, joka hyödyntää Paillier-salausjärjestelmää ja Yao:n garblausmenetelmää. Järjestelmä toteutetaan Android-mobiililaitteeseen ja sitä testataan todellisessa ympäristössä, mikä sisältää 5G LTE- ja Wi-Fi-tukiasemia. Järajestelmä osoitetaan käytännölliseksi tietyin ehdoin. Järjestelmän turvallisuus perustuu tunnettuihin salakirjoitusprotokolliin “rehellinen-mutta-utelias”-hyökkäysmallissa

Breaking and Fixing Garbled Circuits When a Gate has Duplicate Input Wires

Garbled circuits are a fundamental cryptographic primitive that allows two or more parties to securely evaluate an arbitrary Boolean circuit without revealing any information beyond the output using a constant number of communication rounds. Garbled circuits have been introduced by Yao (FOCS’86) and generalized to the multi-party setting by Beaver, Micali and Rogaway (STOC’90). Since then, several works have improved their efficiency by providing different garbling schemes and several implementations exist. Starting with the seminal Fairplay compiler (USENIX Security’04), several implementation frameworks decoupled the task of compiling the function to be evaluated into a Boolean circuit from the engine that securely evaluates that circuit, e.g., using a secure two-party computation protocol based on garbled circuits. In this paper, we show that this decoupling of circuit generation and evaluation allows a subtle attack on several prominent garbling schemes. It occurs when violating the implicit assumption on the circuit that gates have different input wires which is most often not explicitly specified in the respective papers. The affected garbling schemes use separate calls to a deterministic encryption function for the left and right input wire of a gate to derive pseudo-random encryption pads that are XORed together. When a circuit contains a gate where the left and right input wire are the same, these two per-wire encryption pads cancel out and we demonstrate that this can result in a complete break of privacy. We show how the vulnerable garbling schemes can be fixed easily