Beyond the Hype: On Using Blockchains in Trust Management for Authentication

Trust Management (TM) systems for authentication are vital to the security of online interactions, which are ubiquitous in our everyday lives. Various systems, like the Web PKI (X.509) and PGP's Web of Trust are used to manage trust in this setting. In recent years, blockchain technology has been introduced as a panacea to our security problems, including that of authentication, without sufficient reasoning, as to its merits.In this work, we investigate the merits of using open distributed ledgers (ODLs), such as the one implemented by blockchain technology, for securing TM systems for authentication. We formally model such systems, and explore how blockchain can help mitigate attacks against them. After formal argumentation, we conclude that in the context of Trust Management for authentication, blockchain technology, and ODLs in general, can offer considerable advantages compared to previous approaches. Our analysis is, to the best of our knowledge, the first to formally model and argue about the security of TM systems for authentication, based on blockchain technology. To achieve this result, we first provide an abstract model for TM systems for authentication. Then, we show how this model can be conceptually encoded in a blockchain, by expressing it as a series of state transitions. As a next step, we examine five prevalent attacks on TM systems, and provide evidence that blockchain-based solutions can be beneficial to the security of such systems, by mitigating, or completely negating such attacks.Comment: A version of this paper was published in IEEE Trustcom. http://ieeexplore.ieee.org/document/8029486

Cloud-based IoT Analytics for the Smart Grid: Experiences from a 3-year Pilot

The transformation of electrical grids into smart-grid is seen as one of the major technological challenges of our times and at the same time as one of the key domains for Internet of Things (IoT). Smart-home technologies and corresponding analytics are an integral part of many use cases in this field. In this paper we present a cloud-based test bed for capturing and analyzing smart-home data and report on experiences from a 3 year pilot with a cloud-based system. We discuss on real-world challenges that we encountered throughout the pilot - e.g. related to big data volumes and data quality - and describe corresponding technical solutions

Anonymous Publish-Subscribe Overlays

Freedom of speech is a core value of our society. While it can be exercised anonymously towards undesired observers in the physical world, the Internet is based on unique and nonanonymous identifiers (IDs) for every participant. Anonymity, however, is a crucial requirement to exercise freedom of speech using the Internet without having to face political persecution. To achieve anonymity, messages must be unlinkable to senders an receivers. That means that messages cannot be linked to IDs and other identifying information of senders and receivers. Anonymization services, such as Tor, re-establish anonymity within the Internet such that, for example, web content can be consumed anonymously. Nevertheless, this type of solution embodies two challenges: First, with the appearance of social media, the Internet usage behavior changed drastically from a one producer with many consumers to a many producers with many consumers of content paradigm. Second, a social media website that is used by many producers and many consumers constitutes a single point of failure (SPoF) regarding both availability and anonymity. Such a website may collect producer and consumer profiles, ultimately breaking anonymity. Publish/subscribe (pub/sub) is a message dissemination paradigm well suited to address the first challenge, the many-to-many exchange of content. peer-to-peer (P2P) Pub/Sub eliminates the need for an SPoF and, thus, partially addresses the second challenge as well. However, research addressing anonymity as a security requirement for Pub/Sub has merely scratched the surface. This thesis improves the state-of-the-art in anonymous Pub/Sub in several areas. In particular, the thesis addresses the following aspects of constructing anonymous Pub/Sub systems: (i.) Building blocks that reduce the complexity of constructing anonymous Pub/Sub systems are proposed; (ii.) methods for anonymously establishing Pub/Sub overlay networks are presented; (iii.) a method for inter-overlay optimization to distribute load is introduced; (iv.) methods for optimizing overlays regarding anonymity are proposed, and (v.) anonymity attacks and countermeasures are presented. Contributions. This thesis contributes to the following research categories: Anonymous overlay establishment: An anonymous Pub/Sub system is presented along six self-containing building blocks with the goal of establishing overlay networks that transport notifications from publishers to subscribers. Each building block is discussed in detail with a focus on leveraging related work to realize the building block. For attribute localization, the building block most relevant for establishing overlays, this thesis proposes multiple contributions: the usage of hash chains as a privacy-preserving transaction pseudonym and distance metric; the adaptation of flooding as well as forest fires; and random walks to distribute attribute knowledge. Anonymous overlay optimization: The thesis proposes two optimizations for anonymity and one optimization for balancing the load. The first anonymity optimization, probabilistic forwarding (PF), applies the concept of mimic traffic to the domain of Pub/Sub. The second anonymity optimization, the shell game (SG), shuffles the overlay. Both optimizations prevent an exposure of information to attackers that can gain knowledge about the overlay topology. The load-balancing optimization uses a ring communication and Bloom filters to distribute load among nodes. Anonymity attacks and countermeasures: Several well-known anonymity attacks are adapted to the domain of anonymous Pub/Sub and evaluated in detail. Novel attacks, such as the request/response-attack and the corner attack, are proposed as well and complemented with countermeasures. Evaluation. The proposed mechanisms and attacks are evaluated using a qualitative approach, quantitatively with an extensive simulation, and empirically with a proof of concept (POC) application. The qualitative approach indicates that the presented mechanisms are well-suited to protect anonymity against a malicious insider threat. The quantitative evaluation is performed with the event-based simulation framework OMNeT++. The results show that the presented anonymous Pub/Sub system can protect anonymity, even in case malicious insiders are combined with a global observer of a very strong anonymity threat. The results also reveal in which situations PF or the SG provides the better anonymity protection. Furthermore, the results indicate which capabilities are favorable for an anonymity attacker. An anonymous micro-blogging application for Twitter shows that the presented system can be implemented for a real-world use case: With the application, users exchange tweets via hashtag-overlays, and cryptographic keys via quick response (QR)-codes and near field communication (NFC)

Anonymous Publish-Subscribe Overlays

Freedom of speech is a core value of our society. While it can be exercised anonymously towards undesired observers in the physical world, the Internet is based on unique and nonanonymous identifiers (IDs) for every participant. Anonymity, however, is a crucial requirement to exercise freedom of speech using the Internet without having to face political persecution. To achieve anonymity, messages must be unlinkable to senders an receivers. That means that messages cannot be linked to IDs and other identifying information of senders and receivers. Anonymization services, such as Tor, re-establish anonymity within the Internet such that, for example, web content can be consumed anonymously. Nevertheless, this type of solution embodies two challenges: First, with the appearance of social media, the Internet usage behavior changed drastically from a one producer with many consumers to a many producers with many consumers of content paradigm. Second, a social media website that is used by many producers and many consumers constitutes a single point of failure (SPoF) regarding both availability and anonymity. Such a website may collect producer and consumer profiles, ultimately breaking anonymity. Publish/subscribe (pub/sub) is a message dissemination paradigm well suited to address the first challenge, the many-to-many exchange of content. peer-to-peer (P2P) Pub/Sub eliminates the need for an SPoF and, thus, partially addresses the second challenge as well. However, research addressing anonymity as a security requirement for Pub/Sub has merely scratched the surface. This thesis improves the state-of-the-art in anonymous Pub/Sub in several areas. In particular, the thesis addresses the following aspects of constructing anonymous Pub/Sub systems: (i.) Building blocks that reduce the complexity of constructing anonymous Pub/Sub systems are proposed; (ii.) methods for anonymously establishing Pub/Sub overlay networks are presented; (iii.) a method for inter-overlay optimization to distribute load is introduced; (iv.) methods for optimizing overlays regarding anonymity are proposed, and (v.) anonymity attacks and countermeasures are presented. Contributions. This thesis contributes to the following research categories: Anonymous overlay establishment: An anonymous Pub/Sub system is presented along six self-containing building blocks with the goal of establishing overlay networks that transport notifications from publishers to subscribers. Each building block is discussed in detail with a focus on leveraging related work to realize the building block. For attribute localization, the building block most relevant for establishing overlays, this thesis proposes multiple contributions: the usage of hash chains as a privacy-preserving transaction pseudonym and distance metric; the adaptation of flooding as well as forest fires; and random walks to distribute attribute knowledge. Anonymous overlay optimization: The thesis proposes two optimizations for anonymity and one optimization for balancing the load. The first anonymity optimization, probabilistic forwarding (PF), applies the concept of mimic traffic to the domain of Pub/Sub. The second anonymity optimization, the shell game (SG), shuffles the overlay. Both optimizations prevent an exposure of information to attackers that can gain knowledge about the overlay topology. The load-balancing optimization uses a ring communication and Bloom filters to distribute load among nodes. Anonymity attacks and countermeasures: Several well-known anonymity attacks are adapted to the domain of anonymous Pub/Sub and evaluated in detail. Novel attacks, such as the request/response-attack and the corner attack, are proposed as well and complemented with countermeasures. Evaluation. The proposed mechanisms and attacks are evaluated using a qualitative approach, quantitatively with an extensive simulation, and empirically with a proof of concept (POC) application. The qualitative approach indicates that the presented mechanisms are well-suited to protect anonymity against a malicious insider threat. The quantitative evaluation is performed with the event-based simulation framework OMNeT++. The results show that the presented anonymous Pub/Sub system can protect anonymity, even in case malicious insiders are combined with a global observer of a very strong anonymity threat. The results also reveal in which situations PF or the SG provides the better anonymity protection. Furthermore, the results indicate which capabilities are favorable for an anonymity attacker. An anonymous micro-blogging application for Twitter shows that the presented system can be implemented for a real-world use case: With the application, users exchange tweets via hashtag-overlays, and cryptographic keys via quick response (QR)-codes and near field communication (NFC)

GRK 2050: D.4 AlterEgo

Hensikten med denne studien er å belyse relasjonen mellom gehørfaget og utøvende virksomhet. Studien tar for seg hvordan gehørlærere på universitets- og høyskolenivå vektlegger denne relasjonen for sine studenter. Studiens hovedproblemstilling er: «Hvordan knytter gehørlærere gehørundervisning til studentenes utøvende praksis, og hvilke læringsstrategier presenteres for studentene?» For å belyse dette, benyttes kvalitativ forskningsmetode, med observasjon og intervju av fem informanter. Sentral teori knyttet til studien er sosial læringsteori, mesterlære, situert læring, dybdelæring og læringsstrategier. Funnene i studien gir grunnlag for å si at informantene ser gehørfaget som et støttefag for hovedinstrument. Informantene bruker hovedinstrument og relevant repertoar for å styrke relasjonen til utøvende virksomhet. Sang er en mye brukt strategi, og instrumentbruk i undervisningen bygger videre på ferdigheter etablert via sang. I tillegg vektlegges øvelser som styrker indre gehør, musikalsk orienteringsevne og oppfattelse av musikalske strukturer. Studentene skal tilegne seg både internaliserte ferdigheter og ulike strategier i gehørfaget. På sikt er det et mål at studentene skal bli sine egne lærere, og slik få en livslang læring. I tillegg er det et mål at gehørfaget er med på å utvikle en yrkesstolthet og musikerkompetanse hos studentene

Constrained PET Composition for Measuring Enforced Privacy

Privacy Enhancing Technologies (PETs) are well-defined, domain-specific means to preserve information privacy in computerized systems, i.e., by protecting Personally Identifiable Information (PII). We believe that increasing privacy awareness and governance will lead to wider adoption of PETs in service infrastructures. To support that, a better understanding of privacy-enhanced services composed out of multiple PETs is necessary. To the best of the authors' knowledge, there is no general domain-independent and formal PET model and research about their composition is missing. The work at hand presents a formal, set-based and domain-independent taxonomy model for PETs, along with an algebra for constrained composition of PETs. The measurement of enforced privacy in service infrastructures with deployed PETs is one of many use cases for such a PET algebra and is demonstrated subsequently in a scenario with two exemplary privacy-enhanced services

A View on Privacy & Trust in IoT

Internet of Things (IoT) technology is rapidly gaining popularity, not only in industrial and commercial environments, but also in our personal life by means of smart devices at home. Such devices often interconnect with cloud services that promise easy usage and global access. However, managing the balance between trust in the service provider and need for privacy of individuals becomes a major challenge considering automatic exchange of manifold personal information. In this paper, we propose a formal model that establishes a relation between information, privacy, as well as trust, and that automatically maps between these terms while maintaining user control

Service-Komposition von Reiseprozessen mittels Graphtransformation

In dieser Arbeit wird ein dezentrales Verfahren zur Planung von Reiseprozessen vorgestellt. Transportdienstleister bieten ihre Dienste über einen Service-Marktplatz an und können mit Hilfe der Unified Service Description Language (USDL) effektiv vorselektiert werden. Der Reiseprozess wird durch schrittweise Verfeinerung und Graphtransformation erstellt. Auf diese Transformationen können Dienste direkt Einfluss nehmen. Das macht unser Verfahren im Gegensatz zu zentralen Planungsansätzen flexibel, offen und erweiterbar

Asymmetric DCnets for Effective and Efficient Sender Anonymity

Emerging connected devices lead to ubiquitous communication in which anonymity and efficiency gain additional importance. In this paper, we show that current measures for sender anonymity are not sufficient and propose a new approach based on DCnets. The novel ADCnet mechanism establishes local DCnet groups that communicate asymmetrically and hide senders with lower communication overhead in comparison to cover traffic-based anonymization and classical DCnets. This paper presents concepts for the initialization and the group formation of ADCnets. The novel mechanism of ADCnets is evaluated w.r.t. anonymity and efficiency. We show that ADCnets provide DCnet-like anonymity while massively improving efficiency