Abdelrahaman Aly

Practically Efficient Secure Single-Commodity Multi-market Auctions

We study the problem of securely building single-commodity multi-markets auction mechanisms. We introduce a novel greedy algorithm and its corresponding privacy preserving implementation using secure multi-party computation. More specifically, we determine the quantity of supply and demand bids maximizing welfare. Each bid is attached to a specific market, but exchanges between different markets are allowed up to some upper limit. The general goal is for the players to bid their intended valuations without concerns about what the other players can learn. This problem is inspired by day-ahead electricity markets where there are substantial transmission capacity between the different markets, but applies to other commodity markets like gas. Furthermore, we provide computational results with a specific C++ implementation of our algorithm and the necessary MPC primitives. We can solve problems of 1945 bids and 4 markets in 1280 s when online/offline phases are considered. Finally, we report on possible set-ups, workload distributions and possible trade-offs for real-life applications of our results based on this experimentation and prototyping.

An MPC-Based Privacy-Preserving Protocol for a Local Electricity Trading Market

This paper proposes a decentralised and privacy-preserving local electricity trading market. The market employs a bidding protocol based on secure multiparty computation and allows users to trade their excess electricity among themselves. The bid selection and trading price calculation are performed in a decentralised and privacy-preserving manner. We implemented the market in C++ and tested its performance with realistic data sets. Our simulation results show that the market tasks can be performed for 2500 bids in less than four minutes in the “online” phase, showing its feasibility for a typical electricity trading period.

SePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision

We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently without sacrifising their security and privacy. It provides generation, update, revocation, and distribution mechanisms for access tokens to shared cars, as well as procedures to solve disputes and to deal with law enforcement requests, for instance in the case of car incidents. We prove that SePCAR meets its appropriate security and privacy requirements and that it is efficient: our practical efficiency analysis through a proof-of-concept implementation shows that SePCAR takes only 1.55 s for a car access provision.

Efficient Verifiable Computation of XOR for Biometric Authentication

This work addresses the security and privacy issues in remote biometric authentication by proposing an efficient mechanism to verify the correctness of the outsourced computation in such protocols. In particular, we propose an efficient verifiable computation of XORing encrypted messages using an XOR linear message authentication code (MAC) and we employ the proposed scheme to build a biometric authentication protocol. The proposed authentication protocol is both secure and privacy-preserving against malicious (as opposed to honest-but-curious) adversaries. Specifically, the use of the verifiable computation scheme together with an homomorphic encryption protects the privacy of biometric templates against malicious adversaries. Furthermore, in order to achieve unlinkability of authentication attempts, while keeping a low communication overhead, we show how to apply Oblivious RAM and biohashing to our protocol. We also provide a proof of security for the proposed solution. Our simulation results show that the proposed authentication protocol is efficient.

A Privacy-Preserving Model for Biometric Fusion

Biometric designs have attracted attention in practical technological schemes with high requirements in terms of accuracy, security and privacy. Nevertheless, multimodalities have been approached with skepticism, as fusion deployments are affected by performance metrics. In this paper, we introduce a basic fusion model blueprint for a privacy-preserving cloud-based user verification/authentication. We consider the case of three modalities, permanently “located” in different databases of semi-honest providers, being combined according to their strength performance parameters, in a user-specific weighted score level fusion. Secure multiparty computation techniques are utilized for protecting confidentiality and privacy among the parties.