Benjamin Greschbach

Exploring decentralization dimensions of social networking services: adversaries and availability

Current online Social Networking Services (SNS) are organized around a single provider and while storage and functionality can be distributed, the control over the service belongs to one central entity. This structure raises privacy concerns over the handling of large-scale and at least logically centralized collections of user data. In an effort to protect user privacy and decrease provider dependence, decentralization has been proposed for SNS. This decentralization has effects on availability, opportunities for traffic analysis, resource requirements, cooperation and incenctives, trust and accountability for different entities, and performance. In this paper, we explore the spectrum of SNS implementations from centralized to fully decentralized and several hybrid constellations in between. Taking a systematic approach of SNS layers, decentralization classes, and replication strategies, we investigate the design space and focus on two issues as concrete examples where the contrast of extreme ends of the decentralization spectrum is illustrative, namely potential adversaries and churn-related profile availability. In general, our research indicates that hybrid approaches deserve more attention as both centralized as well as entirely decentralized systems suffer from severe drawbacks.

Assessing location privacy in mobile communication networks

In this paper we analyze a class of location disclosure in which location information from individuals is generated in an automated way, i.e. is observed by a ubiquitous infrastructure. Since such information is valuable for both scientific research and commercial use, location information might be passed on to third parties. Users are usually aware neither of the extent of the information disclosure (e.g. by carrying a mobile phone), nor how the collected data is used and by whom. In order to assess the expected privacy risk in terms of the possible extent of exposure, we propose an adversary model and a privacy metric that allow an evaluation of the possible privacy loss by using mobile communication infrastructure. Furthermore, a case study on the privacy effects of using GSM infrastructure was conducted with the goal of analyzing the side effects of using a mobile handset. Based on these results requirements for a privacy-aware mobile handheld device were derived.

Passwords in peer-to-peer

One of the differences between typical peer-to-peer (P2P) and client-server systems is the existence of user accounts. While many P2P applications, like public file sharing, are anonymous, more complex services such as decentralized online social networks require user authentication. In these, the common approach to P2P authentication builds on the possession of cryptographic keys. A drawback with that approach is usability when users access the system from multiple devices, an increasingly common scenario. In this work, we present a scheme to support logins based on users knowing a username-password pair. We use passwords, as they are the most common authentication mechanism in services on the Internet today, ensuring strong user familiarity. In addition to password logins, we also present supporting protocols to provide functionality related to password logins, such as resetting a forgotten password via e-mail or security questions. Together, these allow P2P systems to emulate centralized password logins. The results of our performance evaluation indicate that incurred delays are well within acceptable bounds.

Reclaiming Location Privacy in Mobile Telephony Networks—Effects and Consequences for Providers and Subscribers

Mobile telephony (e.g., Global System for Mobile Communications [GSM]) is todays most common communication solution. Due to the specific characteristics of mobile communication infrastructure, it can provide real added value to the user and various other parties. Location information and mobility patterns of subscribers contribute not only to emergency planning, general safety, and security, but are also a driving force for new commercial services. However, there is a lack of transparency in todays mobile telephony networks regarding location disclosure. Location information is generated, collected, and processed without being noticed by subscribers. Hence, by exploiting subscriber location information, an individuals privacy is threatened. We develop a utility-based opponent model to formalize the conflict between the additional utility of mobile telephony infrastructure being able to locate subscribers and the individuals privacy. Based on these results, measures were developed to improve an individuals location privacy through a user-controllable GSM software stack. To analyze and evaluate the effects of specific subscriber provider interaction, a dedicated test environment will be presented, using the example of GSM mobile telephony networks. The resulting testbed is based on real-life hardware and open-source software to create a realistic and defined environment that includes all aspects of the air interface in mobile telephony networks and thus, is capable of controlling subscriber–provider interaction in a defined and fully controlled environment.

Event Invitations in Privacy-Preserving DOSNs

Online Social Networks (OSNs) have an infamous history of privacy and security issues. One approach to avoid the massive collection of sensitive data of all users at a central point is a decentralized architecture.

Location privacy in relation to trusted peers

One common assumption when defining location privacy metrics is that one is dealing with attackers who have the objective of re-identifying an individual out of an anonymized data set. However, in todays communication scenarios, user communication and information exchange with (partially) trusted peers is very common, e.g., in communication via social applications. When disclosing voluntarily a single observation to a (partially) trusted communication peer, the users privacy seems to be unharmed. However, location data is able to transport much more information than the simple fact of a user being at a specific location. Hence, a user-centric privacy metric is required in order to measure the extent of exposure by releasing (a set of) location observations. The goal of such a metric is to enable individuals to estimate the privacy loss caused by disclosing further location information in a specific communication scenario and thus enabling the user to make informed choices, e.g., choose the right protection mechanism.

Design of a Privacy-Preserving Document Submission and Grading System

Document submission and grading systems are commonly used in educational institutions. They facilitate the hand-in of assignments by students, the subsequent grading by the course teachers and the management of the submitted documents and corresponding grades. But they might also undermine the privacy of students, especially when documents and related data are stored long term with the risk of leaking to malicious parties in the future.We propose a protocol for a privacy-preserving, anonymous document submission and grading system based on blind signatures. Our solution guarantees the unlinkability of a document with the authoring student even after her grade has been reported, while the student can prove that she received the grade assigned to the document she submitted. We implemented a prototype of the proposed protocol to show its feasibility and evaluate its privacy and security properties.