On the Security and Feasibility of Safebook: A Distributed Privacy-Preserving Online Social Network

International audienceSafebook tackles the security and privacy problems of online social networks. It puts a special emphasis on the privacy of users with respect to the application provider and provides defenses against intruders or malicious users. In order to assure privacy in the face of potential violations by the provider, Safebook is designed in a decentralized architecture. It relies on the cooperation among the independent parties that represent the users of the online social network at the same time. Safebook addresses the problem of building secure and privacypreserving data storage and communication mechanisms in a peer-topeer system by leveraging trust relationships akin to social networks in real life. This paper resumes the contributions of [7, 9, 8], and extends the first performance and security evaluation of Safebook

Security and privacy in RFID systems

Vu que les tags RFID sont actuellement en phase de large déploiement dans le cadre de plusieurs applications (comme les paiements automatiques, le contrôle d'accès à distance, et la gestion des chaînes d approvisionnement), il est important de concevoir des protocoles de sécurité garantissant la protection de la vie privée des détenteurs de tags RFID. Or, la conception de ces protocoles est régie par les limitations en termes de puissance et de calcul de la technologie RFID, et par les modèles de sécurité qui sont à notre avis trop forts pour des systèmes aussi contraints que les tags RFID. De ce fait, on limite dans cette thèse le modèle de sécurité; en particulier, un adversaire ne peut pas observer toutes les interactions entre tags et lecteurs. Cette restriction est réaliste notamment dans le contexte de la gestion des chaînes d approvisionnement qui est l application cible de ce travail. Sous cette hypothèse, on présente quatre protocoles cryptographiques assurant une meilleure collaboration entre les différents partenaires de la chaîne d approvisionnement. D abord, on propose un protocole de transfert de propriété des tags RFID, qui garantit l authentification des tags en temps constant alors que les tags implémentent uniquement des algorithmes symétriques, et qui permet de vérifier l'authenticité de l origine des tags. Ensuite, on aborde le problème d'authenticité des produits en introduisant deux protocoles de sécurité qui permettent à un ensemble de vérificateurs de vérifier que des tags sans capacité de calcul ont emprunté des chemins valides dans la chaîne d approvisionnement. Le dernier résultat présenté dans cette thèse est un protocole d appariement d objets utilisant des tags sans capacité de calcul , qui vise l automatisation des inspections de sécurité dans la chaîne d approvisionnement lors du transport des produits dangereux. Les protocoles introduits dans cette thèse utilisent les courbes elliptiques et les couplages bilinéaires qui permettent la construction des algorithmes de signature et de chiffrement efficaces, et qui minimisent donc le stockage et le calcul dans les systèmes RFID. De plus, la sécurité de ces protocoles est démontrée sous des modèles formels bien définis qui prennent en compte les limitations et les contraintes des tags RFID, et les exigences strictes en termes de sécurité et de la protection de la vie privée des chaines d approvisionnement.While RFID systems are one of the key enablers helping the prototype of pervasive computer applications, the deployment of RFID technologies also comes with new privacy and security concerns ranging from people tracking and industrial espionage to produ ct cloning and denial of service. Cryptographic solutions to tackle these issues were in general challenged by the limited resources of RFID tags, and by the formalizations of RFID privacy that are believed to be too strong for such constrained devices. It follows that most of the existing RFID-based cryptographic schemes failed at ensuring tag privacy without sacrificing RFID scalability or RFID cost effectiveness. In this thesis, we therefore relax the existing definitions of tag privacy to bridge the gap between RFID privacy in theory and RFID privacy in practice, by assuming that an adversary cannot continuously monitor tags. Under this assumption, we are able to design sec ure and privacy preserving multi-party protocols for RFID-enabled supply chains. Namely, we propose a protocol for tag ownership transfer that features constant-time authentication while tags are only required to compute hash functions. Then, we tackle the problem of product genuineness verification by introducing two protocols for product tracking in the supply chain that rely on storage only tags. Finally, we present a solution for item matching that uses storage only tags and aims at the automation of safety inspections in the supply chain.The protocols presented in this manuscript rely on operations performed in subgroups of elliptic curves that allow for the construction of short encryptions and signatures, resulting in minimal storage requirements for RFID tags. Moreover, the privacy and the security of these protocols are proven under well defined formal models that take into account the computational limitations of RFID technology and the stringent privacy and security requirements of each targeted supply chain application.PARIS-Télécom ParisTech (751132302) / SudocSudocFranceF

PPS: Privacy-preserving statistics using RFID tags

As RFID applications are entering our daily life, many new security and privacy challenges arise. However, current research in RFID security focuses mainly on simple authentication and privacy-preserving identication. In this paper, we discuss the possibility of widening the scope of RFID security and privacy by introducing a new application scenario. The suggested application consists of computing statistics on private properties of individuals stored in RFID tags. The main requirement is to compute global statistics while preserving the privacy of individual readings. PPS assures the privacy of properties stored in each tag through the combination of homomorphic encryption and aggregation at the readers. Re-encryption is used to prevent tracking of users. The readers scan tags and forward the aggregate of their encrypted readings to the back-end server. The back-end server then decrypts the aggregates it receives and updates the global statistics accordingly. PPS is provably privacypreserving. Moreover, tags can be very simple since they are not required to perform any kind of computation, but only to store data

Block-level De-duplication with Encrypted Data

Deduplication is a storage saving technique which has been adopted by many cloud storage providers such as Dropbox. The simple principle of deduplication is that duplicate data uploaded by different users are stored only once. Unfortunately, deduplication is not compatible with encryption. As a scheme that allows deduplication of encrypted data segments, we propose ClouDedup, a secure and efficient storage service which guarantees blocklevel deduplication and data confidentiality at the same time. ClouDedup strengthens convergent encryption by employing a component that implements an additional encryption operation and an access control mechanism. We also propose to introduce an additional component which is in charge of providing a key management system for data blocks together with the actual deduplication operation. We show that the overhead introduced by these new components is minimal and does not impact the overall storage and computational costs

Embedded Proofs for Verifiable Neural Networks

The increasing use of machine learning algorithms to deal with large amount of data and the expertise required by these algorithms lead users to outsource machine learning services. This raises a trust issue about their result when executed in an untrusted environment. Verifiable computing (VC) tackles this issue and provides computational integrity for an outsourced computation, although the bottleneck of state of the art VC protocols is the prover time. In this paper, we design a VC protocol tailored to verify a sequence of operations for which existing VC schemes do not perform well on \emph{all} the operations. We thus suggest a technique to compose several specialized and efficient VC schemes with Parno et al.\u27s general purpose VC protocol Pinocchio, by integrating the verification of the proofs generated by these specialized schemes as a function that is part of the sequence of operations verified using Pinocchio. The resulting scheme keeps Pinocchio\u27s property while being more efficient for the prover. Our scheme relies on the underlying cryptographic assumptions of the composed protocols for correctness and soundness

Online-Offline Homomorphic Signatures for Polynomial Functions

The advent of cloud computing has given rise to a plethora of work on verifiable delegation of computation. Homomorphic signatures are powerful tools that can be tailored for verifiable computation, as long as they are efficiently verifiable. The main advantages of homomorphic signatures for verifiable computation are twofold: \begin{inparaenum}[(i)] \item Any third party can verify the correctness of the delegated computation, \item and this third party is not required to have access to the dataset on which the computation was performed. \end{inparaenum} In this paper, we design a homomorphic signature suitable for multivariate polynomials of bounded degree, which draws upon the algebraic properties of \emph{eigenvectors} and \emph{leveled multilinear maps}. The proposed signature yields an efficient verification process (in an amortized sense) and supports online-offline signing. Furthermore, our signature is provably secure and its size grows only linearly with the degree of the evaluated polynomial

CHARIOT: Cloud-Assisted Access Control for the Internet of Things

The Internet of Things (IoT) technology has expanded widely across the world, promising new data management opportunities for industries, companies and individuals in different sectors, such as health services or transport logistics. This trend relies on connecting devices/things to collect, exchange and store data. The exponentially increasing number of IoT devices, their origin diversity, their limited capabilities in terms of resources, as well as the ever-increasing amount of data, raise new challenges for security and privacy protection, precluding traditional access control solutions to be integrated to this new environment. In this paper, we propose a reliable server-aided policy-based access control mechanism, named CHARIOT, that enables an IoT platform to verify credentials of different devices requesting access (read/write) to the data stored within it. CHARIOT permits IoT devices to authenticate themselves to the platform without compromising their privacy by using attribute-based signatures. Our solution also allows secure delegation of costly computational operations to a cloud server, hence relieving the workload at IoT devices\u27 side

A Leakage-Abuse Attack Against Multi-User Searchable Encryption

Searchable Encryption (SE) allows a user to upload data to the cloud and to search it in a remote fashion while preserving the privacy of both the data and the queries. Recent research results describe attacks on SE schemes using the access pattern, denoting the ids of documents matching search queries, which most SE schemes reveal during query processing. However SE schemes usually leak more than just the access pattern, and this extra leakage can lead to attacks (much) more harmful than the ones using basic access pattern leakage only. We remark that in the special case of Multi-User Searchable Encryption (MUSE), where many users upload and search data in a cloud-based infrastructure, a large number of existing solutions have a common leakage in addition to the well-studied access pattern leakage. We show that this seemingly small extra leakage allows a very simple yet powerful attack, and that the privacy degree of the affected schemes have been overestimated. We also show that this new vulnerability affects existing software. Finally we formalize the newly identified leakage profile and show how it relates to previously defined ones

Leveraging Social Links for Trust and Privacy in Networks

International audienc