Henrich C. Pöhls

RERUM: Building a reliable IoT upon privacy- and security- enabled smart objects

The Internet of Things (IoT) provides a platform for the interconnection of a plethora of smart objects. It has been widely accepted for providing Information and Communication Technologies (ICT) applications in many “smart” environments, such as cities, buildings, metering, and even agriculture. For several reasons though such applications have yet to achieve wide adoption; a major hurdle is the lack of user trust in the IoT and its role in everyday activities. RERUM, a recently started FP7 European Union project. aims to develop a framework which will allow IoT applications to consider security and privacy mechanisms early in their design phase, ensuring a configurable balance between reliability (requiring secure, trustworthy and precise data) and privacy (requiring data minimization for private information, like location). The RERUM framework will comprise an architecture, built upon novel network protocols and interfaces as well as the design of smart objects hardware. To highlight the challenges and evaluate the framework, RERUM will employ several Smart City application scenarios, which will be deployed and evaluated in real-world testbeds in two Smart Cities participating in the project. Here we detail the key technologies RERUM will investigate over the coming three years to reach its vision for IoT security, privacy and trust.

Sanitizable signatures in XML signature: performance, mixing properties, and revisiting the property of transparency

We present the performance measures of our Java Cryptography Architecture (JCA) implementation that integrates sanitizable signature schemes into the XML Signature Specification. Our implementation shows mostly negligible performance impacts when using the Ateniese scheme with four different chameleon hashes and the Miyazaki scheme in XML Signatures. Thus, sanitizable signatures can be added to the XML Security Toolbox. Applying the new tools we show how to combine different hash algorithms over different document parts adding and removing certain properties of the sanitizable signature scheme; this mixing comes very natural in XML Signatures. Finally, we motivate that existing definitions for the property of Transparency are counterintuitive in these combinations. Our conclusion is that the document-level Transparency property is independent of the sub-document properties Weak and Strong Transparency.

Efficient and Perfectly Unlinkable Sanitizable Signatures without Group Signatures

Sanitizable signatures allow for controlled modification of signed data. The essential security requirements are accountability, privacy and unlinkability. Unlinkability is a strong notion of privacy. Namely, it makes it hard to link two sanitized messages that were derived from the same message-signature pair. In this work, we strengthen the standard unlinkability definition by Brzuska et al. at PKC ’10, making it robust against malicious or buggy signers. While state-of-the art schemes deploy costly group signatures to achieve unlinkability, our construction uses standard digital signatures, which makes them compatible with existing infrastructure.

Verifiable and Revocable Expression of Consent to Processing of Aggregated Personal Data

We have identified the following three problems for the processing of aggregated personal information with respect to privacy preferences: Unverifiable proof of consent, unverifiable proof of consent for aggregated personal data, and no verification if the consent is still established. We constructed a solution based on a hash tree structure and digitally signed only the hash trees root value. Thus, a verifiable signature can be retained even if data items are omitted and a valid signature serves as signal of consent. To re-assure that no change of consent has taken place we propose the use of certificate revocation mechanisms. As a side-effect these mechanisms allow to maintain a record of personal data usage and thus creates a win-win situation for both parties involved.

Enabling reliable and secure IoT-based smart city applications

Smart Cities are considered recently as a promising solution for providing efficient services to citizens with the use of Information and Communication Technologies. With the latest advances on the Internet of Things, a new era has emerged in the Smart City domain, opening new opportunities for the development of efficient and low-cost applications that aim to improve the Quality of Life in cities. Although there is much research in this area, which has resulted in the development of many commercial products, significant parameters like reliability, security and privacy have not been considered as very important up until now. The newly launched FP7-SmartCities-2013 project RERUM aims to build upon the advances in the area of Internet of Things in Smart Cities and develop a framework to enhance reliability and security of smart city applications, with the citizen at the center of attention. This work presents four applications that will be developed within RERUM, gives a general description of the open reliability and security issues that have to be taken into account and gives an overall view of the solutions that RERUM will develop to address these issues.

On the Relation between Redactable and Sanitizable Signature Schemes

Malleable signature schemes (

On Updatable Redactable Signatures

\mathcal MSS

A General Framework for Redactable Signatures and New Constructions

) enable a third party to alter signed data in a controlled way, maintaining a valid signature after an authorized change. Most well studied cryptographic constructions are (1) redactable signatures (

Accountable Redactable Signatures

\mathcal RSS

Malleable Signatures for Resource Constrained Platforms

), and (2) sanitizable signatures (