Systematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instant messaging

Modern email and instant messaging applications often offer private communications. In doing so, they share common concerns about how security and privacy can be compromised, how they should face similar threats, and how to comply with comparable system requirements. Assuming a scenario where servers may not be trusted, we review and analyze a list of threats specifically against message delivering, archiving, and contact synchronization. We also describe a list of requirements intended for whom undertakes the task of implementing secure and private messaging. The cryptographic solutions available to mitigate the threats and to comply with the requirements may differ, as the two applications are built on different assumptions and technologies

Analysis and Design of Privacy-Enhancing Information Sharing Systems

Recent technological advancements have enabled the collection of large amounts of personal data of individuals at an ever-increasing rate. Service providers, organisations and governments can collect or otherwise acquire rich information about individuals’ everyday lives and habits from big data-silos, enabling profiling and micro-targeting such as in political elections. Therefore, it is important to analyse systems that allow the collection and information sharing between users and to design secure and privacy enhancing solutions. This thesis contains two parts. The aim of the first part is to investigate in detail the effects of the collateral information collection of third-party applications on Facebook. The aim of the second part is to analyse in detail the security and privacy issues of car sharing systems and to design a secure and privacy-preserving solution. In the first part, we present a detailed multi-faceted study on the collateral information collection privacy issues of Facebook applications; providers of third-party applications on Facebook exploit the interdependency between users and their friends. The goal is to (i) study the existence of the problem, (ii) investigate whether Facebook users are concerned about the issue, quantify its (iii) likelihood and (iv) impact of collateral information collection affecting users, (v) identify whether collateral information collection is an issue for the protection of the personal data of Facebook users under the legal framework, and (vi) we propose solutions that aim to solve the problem of collateral information collection. In order to investigate the views of the users, we designed a questionnaire and collected the responses of participants. Employing real data from the Facebook third-party applications ecosystem, we compute the likelihood of collateral information collection affecting users and quantify its significance evaluating the amount of attributes collected by such applications. To investigate whether collateral information collection is an issue in terms of users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency towards collateral information collection

Security Analysis of the Drone Communication Protocol: Fuzzing the MAVLink protocol

The MAVLink protocol, used for bidirectional communication between a drone and a ground control station, will soon become a worldwide standard. The protocol has been the subject of research many times before. Through this paper, we introduce the method of fuzzing as a complementing technique to the other research, to find vulnerabilities that have not been found before by different techniques. The goal is to identify possible vulnerabilities in the protocol implementation in order to make it more secure

HERMES: Scalable, Secure, and Privacy-Enhancing Vehicle Access System

We propose HERMES, a scalable, secure, and privacy-enhancing system for users to share and access vehicles. HERMES securely outsources operations of vehicle access token generation to a set of untrusted servers. It builds on an earlier proposal, namely SePCAR [1], and extends the system design for improved efficiency and scalability. To cater to system and user needs for secure and private computations, HERMES utilizes and combines several cryptographic primitives with secure multiparty computation efficiently. It conceals secret keys of vehicles and transaction details from the servers, including vehicle booking details, access token information, and user and vehicle identities. It also provides user accountability in case of disputes. Besides, we provide semantic security analysis and prove that HERMES meets its security and privacy requirements. Last but not least, we demonstrate that HERMES is efficient and, in contrast to SePCAR, scales to a large number of users and vehicles, making it practical for real-world deployments. We build our evaluations with two different multiparty computation protocols: HtMAC-MiMC and CBC-MAC-AES. Our results demonstrate that HERMES with HtMAC-MiMC requires only approx 1,83 ms for generating an access token for a single-vehicle owner and approx 11,9 ms for a large branch of rental companies with over a thousand vehicles. It handles 546 and 84 access token generations per second, respectively. This results in HERMES being 696 (with HtMAC-MiMC) and 42 (with CBC-MAC-AES) times faster compared to in SePCAR for a single-vehicle owner access token generation. Furthermore, we show that HERMES is practical on the vehicle side, too, as access token operations performed on a prototype vehicle on-board unit take only approx 62,087 ms

Towards Systematic Specification of Non-Functional Requirements for Sharing Economy Services

Sharing Economy (SE) systems use technologies to enable sharing of physical assets and services among individuals. This allows optimisation of resources, thus contributing to the re-use principle of Circular Economy. In this paper, we assess existing SE services and identify their challenges in areas that are not technically connected to their core functionality but are essential in creating trust: information security and privacy, personal data protection and fair economic incentives. Existing frameworks for elicitation of non-functional requirements are heterogeneous in their focus and domain specific. Hence, we propose to develop a holistic methodology for non-functional requirements specification for SE systems following a top-down-top approach. A holistic methodology considering non-functional requirements is essential and can assist in the analysis and design of SE systems in a systematic and unified way applied from the early stages of the system development

SePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision (Full Version)

We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently in such a way that the security and privacy of the users is not sacrificed. It provides generation, update, revocation, and distribution mechanisms for access tokens to shared cars, as well as procedures to solve disputes and to deal with law enforcement requests, for instance in the case of car incidents. We prove that SePCAR meets its appropriate security and privacy requirements and that it is efficient: our practical efficiency analysis through a proof-of-concept implementation shows that SePCAR takes only 1.55 seconds for a car access provision

Collateral damage of Facebook third-party applications: a comprehensive study

Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook and they have not given consent. This paper presents a detailed multi-faceted study on the collateral information collection of the applications on Facebook. To investigate the views of the users, we designed a questionnaire and collected the responses of 114 participants. The results show that participants are concerned about the collateral information collection and in particular about the lack of notification and of mechanisms to control the data collection. Based on real data, we compute the likelihood of collateral information collection affecting users: we show that the probability is significant and greater than 80% for popular applications such as TripAdvisor. We also demonstrate that a substantial amount of profile data can be collected by applications, which enables application providers to profile users. To investigate whether collateral information collection is an issue to users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. We provide a detailed analysis of the entities involved and investigate which entity is accountable for the collateral information collection. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency toward collateral information collection. Furthermore, we discuss alternative solutions highlighting other countermeasures such as notification and access control mechanisms, cryptographic solutions and application auditing. To the best of our knowledge this is the first work that provides a detailed multi-faceted study of this problem and that analyses the threat of user profiling by application providers

SePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision

We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently without sacrifising their security and privacy. It provides generation, update, revocation, and distribution mechanisms for access tokens to shared cars, as well as procedures to solve disputes and to deal with law enforcement requests, for instance in the case of car incidents. We prove that SePCAR meets its appropriate security and privacy requirements and that it is efficient: our practical efficiency analysis through a proof-of-concept implementation shows that SePCAR takes only 1.55 s for a car access provision

SARL: A revocation mechanism for long lived assertions on Shibboleth

status: publishe

Collateral Damage of Online Social Network Applications

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user’s friends can collect and potentially misuse her personal data inflicting collateral damage on the user while leaving her without proper means of control. In this paper, we present a multi-faceted study on the collateral information collection of apps in social networks. We conduct a user survey and show that Facebook users are concerned about this issue and the lack of mechanisms to control it. Based on real data, we compute the likelihood of collateral information collection affecting users; we show that the probability is significant and depends on both the friendship network and the popularity of the app. We also show its significance by computing the proportion of exposed user attributes including the case of profiling, when several apps are offered by the same provider. Finally, we propose a privacy dashboard concept enabling users to control the collateral damage