Christoph Sorge

Do not snoop my habits: preserving privacy in the smart grid

The recent deployment of smart grids has proven to bring numerous advantages in terms of energy consumption reduction in both homes and businesses. A more accurate measurement of up-to-date electricity necessities through smart meters utilization leads to an enhancement in the ability of monitoring, controlling and predicting energy use. Nevertheless, it has associated drawbacks related to the privacy of customers as well, since such management might reveal their personal habits and behavior, which electrical appliances they are using at each moment, whether they are at home or not, and so on. In this article we present a privacy enhanced architecture for smart metering aimed to tackle this threat by means of a new and novel protocol encrypting individual measurements while allowing the electricity supplier to access the aggregation of the corresponding decrypted values. The technique being used is named additively homomorphic encryption, and enables the direct connection and exchange of data between electricity suppliers and final users, while preserving the privacy of the latter.

Initial observations on economics, pricing, and penetration of the internet of things market

One expectation about the future Internet is the participation of billions of sensor nodes, integrating the physical with the digital world. This Internet of Things can offer new and enhanced services and applications based on knowledge about the environment and the entities within. Millions of micro-providers could come into existence, forming a highly fragmented market place with new business opportunities to offer commercial services. In the related field of Internet and Telecommunication services, the design of markets and pricing schemes has been a vital research area in itself. We discuss how these findings can be transferred to the Internet of Things. Both the appropriate market structure and corresponding pricing schemes need to be well understood to enable a commercial success of sensor-based services. We show some steps that an evolutionary establishment of this market might have to take.

A privacy-friendly architecture for future cloud computing

We present a privacy-friendly architecture for a future cloud computing scenario where software licensing and software payment plays a major role. We show how digital rights management as a technical solution for software licensing can be achieved in a privacy-friendly manner. In our scenario, users who buy software from software providers and execute it at computing centres stay anonymous. At the same time, our approach guarantees that software licences are bound to users and that their validity is checked before execution. Thus, digital rights management constitutes an incentive for software providers to take part in such a future cloud computing scenario. We employ a software re-encryption scheme so that computing centres are not able to build profiles of their users - not even under a pseudonym. We make sure that malicious users are unable to relay software to others.

Privacy-enhanced architecture for smart metering

The recent deployment of smart grids promises to bring numerous advantages in terms of energy consumption reduction in both homes and businesses. A more transparent and instantaneous measurement of electricity consumption through smart meters utilization leads to an enhancement in the ability of monitoring, controlling and predicting energy usage. Nevertheless, it also has associated drawbacks related to the privacy of customers, since such management might reveal their personal habits, which electrical appliances they are using at each moment, whether they are at home or not, etc. In this work, we present a privacy-enhanced architecture for smart metering aimed at tackling this threat by means of encrypting individual measurements while allowing the electricity supplier to access the aggregation of the corresponding decrypted values.

A Provider-Level Reputation System for Assessing the Quality of SPIT Mitigation Algorithms

The prevention of Spam over IP telephony (SPIT) is one of the greatest challenges for future large-scale deployments of VoIP telephony solutions. Some useful information for detecting SPIT calls is only available at the callers VoIP provider. Recent approaches therefore suggest the signalling of such information among providers. However, there is currently no way for a receiving provider to assess the trustwortiness or the semantics of SPIT-related information received. Our approach tackles this problem by applying a provider-level reputation system, based on SPIT tags assigned to outgoing SIP messages by the callers provider. The system provides an incentive to tag outgoing calls correctly, and it translates tags with arbitrary semantics into meaningful SPIT probabilities. We show analytically that our system significantly improves the receiving providers assessment of SPIT tags.

An asynchronous and secure ascending peer-to-peer auction

In recent years, auctions have become a very popular price discovery mechanism. Among them, second-price auctions are of theoretical importance, as they have the simple dominant strategy of bidding ones true valuation. Sellers, however, are reluctant to do so, as a malicious auctioneer could take advantage of this knowledge. Several distributed auction mechanisms have been suggested that make it possible to determine the auction outcome without revealing the winners valuation of the good; however, they are only suitable for sealed-bid auction.This paper suggests a distributed mechanism for ascending second price auctions. The auction protocol has the ability to preserve the privacy of the winning bidders true valuation or highest bid, respectively, with a high probability. The auction protocol is based on a high number of auctioneers that are distributed to several groups. A bidder generates an encrypted chain of monotonously increasing bidding steps, where each bidding step can be decrypted by a different auctioneer group reducing the possibilities of manipulation for malicious auctioneers. Another fundamental advantage of this secure approach is that bidders need not be online except for submitting their bid chain to the auctioneers.

Privacy-preserving reputation management

Reputation systems provide reputation values of rated parties to users. These reputation values, typically aggregations of individual user ratings, shall be reliable, i.e. should enable a realistic assessment of the probability that the rated party behaves as expected in a transaction. In order for the reputation values to stay reliable and, thus, for the reputation system to provide a benefit, the system needs to be resistant against manipulations by users, the rated parties trying to improve their reputation values, and even against competitors trying to worsen a reputation value. At the same time, a reputation system shall provide privacy protection for users: rated parties shall not be able to learn who provided a certain rating. Otherwise users might not take part in the system as they fear bad feedback in revenge for bad ratings, or users do not want to be connected to certain transactions based on their provided ratings. In this paper we come up with a solution that provides both, reliability of reputation values on the one hand, and privacy protection for users on the other hand. In contrast to related work, our solution only makes use of a single reputation provider that needs to be trusted (to a certain extent) and does not require any bulletin boards to be present in the system. We make use of the Paillier cryptosystem to provide an aggregation of individual user ratings in a way that no party can learn which user provided a certain rating.

Efficient smart metering based on homomorphic encryption

Abstract Smart meters send fine-grained client electricity consumption readings to suppliers. Although this presents advantages for both entities, it results in a serious loss of privacy for customers. We present a monitoring-purpose system that preserves customers’ privacy by homomorphically aggregating the consumptions of all n members of a neighborhood. The proposal has an efficient linear O(n) communication cost and is proven to preserve customers’ privacy even in the presence of a corrupted substation and some malicious smart meters. It requires neither secure communication channels nor a trusted third party (except for issuing public-key certificates). Computation on the smart meters is limited to modular exponentiations. These favorable properties come at the expense of increased computation cost on the electricity suppliers’ side. We show that the computation is easily feasible for realistic parameter choices.

The Legal Ramifications of Call-Filtering Solutions

Spam-over-IP telephony (SPIT) will likely have a significant impact on the usefulness of VoIP telephony solutions, but some solutions to the problem, such as filtering, could raise unanticipated legal issues.This paper contains both an overview and an assessment of the emerging legal issues in this domain and compares the legislation of two countries with very different legal systems: the US and Germany. Although call filtering addresses all kinds of attacks, we focus here on SPIT. Filtered messages that are part of a denial-of-service (DoS) attack or that attempt to exploit device vulnerabilities are much less problematic, and legal scholars agree that service providers have the right to defend against them.

Can internet users protect themselves? Challenges and techniques of automated protection of HTTP communication

HTTPS enables secure access to web content and web-based services. Although supported by many content and service providers, HTTPS is oftentimes not enabled by default, as pointed out in an open letter sent to Google by security experts. In this article, we discuss if and how web users can protect themselves by using HTTPS instead of HTTP. We show that many websites allow for accessing content by HTTPS instead of HTTP. However, HTTPS access must be manually configured or requested by the user, or is impossible at all, e.g., for embedded objects. For this reason, we explore how to protect users transparently by automatically using HTTPS whenever possible. In order to enable this approach, one needs to determine whether using HTTPS yields the same content as using HTTP, even in the presence of dynamic websites incorporating advertisements and news. We show that this decision is possible for entire websites like amazon.com in short time by combining a fast content comparison algorithm, result caching, and observations on the structure of the website. Besides the concrete HTTP use case considered in this article, our results are of independent interest for any setting in which content can be accessed by various means. Finally, we present and discuss different approaches for implementing automated protection of HTTP connections.