Emmanouil Magkos

Receipt-Freeness in Large-Scale Elections without Untappable Channels

For an electronic election to be fully democratic there is a need for security mechanisms that will assure the privacy of the voters. With receipt-free electronic voting, a voter neither obtains nor is able to construct a receipt proving the content of her vote. In this paper we first consider the minimal requirements for receipt-free elections, without untappable communication channels between the voter and the voting authorities. We then propose a solution, which satisfies these requirements. This solution is based on an encryption blackbox, which uses its own randomness. Finally we present an implementation with smartcards, suitable for Internet voting.

Towards Secure and Practical E-Elections in the New Era

We overview the main e-voting schemes currently proposed in the literature and assess their security and practicality. We also analyze the security risks and discuss methods to minimize them.

Strengthening Privacy Protection in VANETs

In the not so far future, vehicles are expected to be able to communicate with each other and with the road infrastructure, to enhance driving experience and support road safety, among others. Vehicular ad-hoc networks (VANETs) introduce a number of security challenges to the research community, mainly concerning the tradeoff between the privacy of the drivers and the accountability of misbehaving vehicles. Another challenge is how to satisfy privacy in the presence of an adversary that has access to all communication (a global observer), and that can perform traffic analysis in order to link messages and identify vehicles. In this paper we attempt to address such issues and propose a set of cryptographic mechanisms that balance the tradeoff between privacy and accountability in a VANET. Furthermore, we examine techniques for location privacy against adversaries that perform a Bayesian traffic analysis, and propose a strategy to strengthen location privacy in VANETs.

Modeling security in cyber–physical systems

Abstract This paper describes a framework for modeling the security of a cyber–physical system in which the behavior of the adversary is controlled by a threat model that captures – in a unified manner – the cyber aspects (with discrete values) and the physical aspects (with continuous values) of the cyber–physical system. In particular, the framework addresses combined (dependent) vector attacks and synchronization/localization issues. The framework identifies the cyber–physical features that must be protected according to the prevailing security policy. Also, the framework can be used for formal proofs of the security of cyber–physical systems.

Hybrid key establishment for multiphase self-organized sensor networks

Recent work on key establishment for sensor networks has shown that it is feasible to employ limited elliptic curve cryptography in sensor networks through hybrid protocols. We propose a hybrid key establishment protocol for uniform self-organized sensor networks. The proposed protocol combines elliptic curve Diffie-Hellmann key establishment with implicit certificates and symmetric-key cryptographic techniques. The protocol can be implemented on uniform networks comprised of restricted functional devices. Furthermore, due to its public-key nature, the protocol is resilient to a wide range of passive and active attacks, such as known-key attacks, as well as attacks against the confidentiality, integrity and authenticity of the communication. The protocol is scalable and efficient for low-capability devices in terms of storage, communication and computational complexity; the cost per node for a key establishment is reduced to one scalar multiplication with a random point, plus one with a fixed point.

A framework for secure and verifiable logging in public communication networks

In this paper we are focusing on secure logging for public network providers. We review existing security threat models against system logging and we extend these to a new threat model especially suited in the environment of telecommunication network providers. We also propose a framework for secure logging in public communication networks as well as realistic implementations designs, which are more resilient to the identified security threats. A key role to the proposed framework is given to an independent Regulatory Authority, which is responsible to verify the integrity of the log files.

Secure and practical key establishment for distributed sensor networks

Key establishment in sensor networks is a challenging task, due to the physical constraints of sensor devices and their exposure to several threats. Existing protocols based on symmetric cryptography are very efficient but they are weak against several node impersonation and insider attacks. On the other hand, asymmetric protocols are resilient to such attacks but unfortunately, they are not feasible for sensor networks, even in their most efficient versions (e.g. the elliptic curve (EC) Diffie-Hellman family of key agreement protocols). In this paper, we present two pairwise key establishment protocols for sensor nodes in unattended distributed sensor networks (DSNs). The first protocol is hybrid and it combines asymmetric (elliptic curve (EC)) cryptography with symmetric key techniques. The second protocol is fully asymmetric. Furthermore, through simulations, we measure the efficiency of the proposed protocols in comparison with existing hybrid protocols. Our results show that under conditions, it is feasible for highly sensitive applications of static sensor networks to employ partial or fully asymmetric key establishment techniques and thus extend their security properties. Copyright

Cryptographic Approaches for Privacy Preservation in Location-Based Services: A Survey

Current research in location-based services LBSs highlights the importance of cryptographic primitives in privacy preservation for LBSs, and presents solutions that attempt to support the apparently mutually exclusive requirements for access control and context privacy i.e., identity and/or location, while at the same time adopting more conservative assumptions in order to reduce or completely remove the need for trust on system entities e.g., the LBS provider, the network operator, or other peer nodes. This paper surveys the current state of knowledge concerning the use of cryptographic primitives for privacy-preservation in LBS applications.

Towards secure online elections: models, primitives and open issues

Electronic voting may be a feasible option for several election environments, from closed-group elections to nationwide elections. Especially with online voting, people will be able to cast their votes through a web browser, from their home or any other location where they can get internet access. This paper reviews the generic cryptographic models that have been proposed in the academic literature for secure electronic voting and provides a comprehensive assessment, in terms of security and functionality, of recent cryptographic schemes that extend the generic models to support online elections. The paper also highlights several critical security and implementation issues that need to be addressed before online voting is adopted for critical elections.

A distributed privacy-preserving scheme for location-based queries

In this paper we deal with security and historical privacy in Location Based Service (LBS) applications where users submit accurate location samples to an LBS provider. Specifically we propose a distributed scheme that establishes access control while protecting the privacy of a user in both sporadic and continuous LBS queries. Our solution employs a hybrid network architecture where LBS users: (a) are able to communicate with an LBS provider through a network (e.g., cellular) operator, and (b) they are also able to create wireless ad-hoc networks with other peers in order to obtain privacy against an adversary that performs traffic analysis. Our threat model considers the network operator, the LBS provider and other peers, as potential privacy adversaries. For historical privacy we adopt the generic approach of using multiple pseudonyms that are changed frequently. In order to establish untraceability against traffic analysis attacks, a message is not sent directly to the cellular operator, but it is distributed among mobile neighbors who act like mixes and re-encrypt a message before sending it to the LBS provider via the cellular operator. As an extension, we also discuss how to aggregate independent data from different mobile peers before sending them to the LBS provider. This approach may be suitable in applications where aggregate location data are useful (e.g., traffic monitoring and control)