Jan Henrik Ziegeldorf

Privacy in the Internet of Things: threats and challenges

The Internet of Things paradigm envisions the pervasive interconnection and cooperation of smart things over the current and future Internet infrastructure. The Internet of Things is, thus, the evolution of the Internet to cover the real world, enabling many new services that will improve peoples everyday lives, spawn new businesses, and make buildings, cities, and transport smarter. Smart things allow indeed for ubiquitous data collection or tracking, but these useful features are also examples of privacy threats that are already now limiting the success of the Internet of Things vision when not implemented correctly. These threats involve new challenges such as the pervasive privacy-aware management of personal data or methods to control or avoid ubiquitous tracking and profiling. This paper analyzes the privacy issues in the Internet of Things in detail. To this end, we first discuss the evolving features and trends in the Internet of Things with the goal of scrutinizing their privacy implications. Second, we classify and examine privacy threats in this new setting, pointing out the challenges that need to be overcome to ensure that the Internet of Things becomes a reality. Copyright

Towards viable certificate-based authentication for the internet of things

The vision of the Internet of Things considers smart objects in the physical world as first-class citizens of the digital world. Especially IP technology and RESTful web services on smart objects promise simple interactions with Internet services in the Web of Things, e.g., for building automation or in e-health scenarios. Peer authentication and secure data transmission are vital aspects in many of these scenarios to prevent leakage of personal information and harmful actuating tasks. While standard security solutions exist for traditional IP networks, the constraints of smart objects demand for more lightweight security mechanisms. Thus, the use of certificates for peer authentication is predominantly considered impracticable. In this paper, we investigate if this assumption is valid. To this end, we present preliminary overhead estimates for the certificate-based DTLS handshake and argue that certificates - with improvements to the handshake - are a viable method of authentication in many network scenarios. We propose three design ideas to reduce the overheads of the DTLS handshake. These ideas are based on (i) pre-validation, (ii) session resumption, and (iii) handshake delegation. We qualitatively analyze the expected overhead reductions and discuss their applicability.

Securing the IP-based internet of things with HIP and DTLS

The IP-based Internet of Things (IoT) refers to the pervasive interaction of smart devices and people enabling new applications by means of new IP protocols such as 6LoWPAN and CoAP. Security is a must, and for that we need a secure architecture in which all device interactions are protected, from joining an IoT network to the secure management of keying materials. However, this is challenging because existing IP security protocols do not offer all required functionalities and typical Internet solutions do not lead to the best performance. We propose and compare two security architectures providing secure network access, key management and secure communication. The first solution relies on a new variant of the Host Identity Protocol (HIP) based on pre-shared keys (PSK), while the second solution is based on the standard Datagram Transport Layer Security (DTLS). Our evaluation shows that although the HIP solution performs better, the currently limited usage of HIP poses severe limitations. The DTLS architecture allows for easier interaction and interoperability with the Internet, but optimizations are needed due to its performance issues.

Tailoring end-to-end IP security protocols to the Internet of Things

Recent standardization efforts focus on a number of lightweight IP security protocol variants for end-to-end security in the Internet of Things (IoT), most notably DTLS, HIP DEX, and minimal IKEv2. These protocol variants commonly consider public-key-based cryptographic primitives in their protocol design for peer authentication and key agreement. In this paper, we identify several performance and security issues that originate from these public-key-based operations on resource-constrained IoT devices. To illustrate their impact, we additionally quantify these protocol limitations for HIP DEX. Most importantly, we find that public-key-based operations significantly hamper a peers availability and response time during the protocol handshake. Hence, IP security protocols in the IoT must be tailored to reduce the need for expensive cryptographic operations, to protect resource-constrained peers against DoS attacks targeting these cryptographic operations, and to account for high message processing times. To this end, we present three complementary, lightweight protocol extensions for HIP DEX: i) a comprehensive session resumption mechanism, ii) a collaborative puzzle-based DoS protection mechanism, and iii) a refined retransmission mechanism. Our focus on common protocol functionality allows to generalize our proposed extensions to the wider scope of DTLS and IKE. Finally, our evaluation confirms the considerable achieved improvements at modest trade-offs.

HIP Security Architecture for the IP-Based Internet of Things

The IP-based Internet of Things refers to the pervasive interactions of smart objects and people enabling new applications by means of IP protocols. An application scenario is a Smart City in which the city infrastructure, cars, and people exchange information to enable new services. IP protocols, such as IPv6, TCP and HTTP will be further complemented by IPv6 over Low power Wireless Personal Area Networks and Constrained Application Protocol currently in development in IETF. Security and privacy are a must for the IP-based IoTs in order to ensure its acceptance. However, mobility, limited bandwidth, and resource-constrained devices pose new challenges and require for a sound and efficient security architecture. In particular, dynamic association of mobile smart objects and the management of keys in large-scale networks remain an open challenge. In this context, we propose a flexible security architecture based on the Host Identity Protocol and Multimedia Internet KEYing protocols allowing for secure network association and key management. HIP - based on asymmetric-key cryptography - ensures unambiguous thing identification, mobility support, as well as a lightweight and secure method for network association. In our solution, HIP is extended with MIKEY capabilities to provide enhanced key management using polynomials, which allow to generate pair wise keys with any node based on its identity. This combination of protocols and crypto-algorithms ensures both strong security and very good performance as shown by our implementation and presents clear advantages compared with other alternatives.

Secure and anonymous decentralized Bitcoin mixing

The decentralized digital currency Bitcoin presents an anonymous alternative to the centralized banking system and indeed enjoys widespread and increasing adoption. Recent works, however, show how users can be reidentified and their payments linked based on Bitcoins most central element, the blockchain, a public ledger of all transactions. Thus, many regard Bitcoins central promise of financial privacy as broken.In this paper, we propose CoinParty, an efficient decentralized mixing service that allows users to reestablish their financial privacy in Bitcoin and related cryptocurrencies. CoinParty, through a novel combination of decryption mixnets with threshold signatures, takes a unique place in the design space of mixing services, combining the advantages of previously proposed centralized and decentralized mixing services in one system. Our prototype implementation of CoinParty scales to large numbers of users and achieves anonymity sets by orders of magnitude higher than related work as we quantify by analyzing transactions in the actual Bitcoin blockchain. CoinParty can easily be deployed by any individual group of users, i.e.,independent of any third parties, or provided as a commercial or voluntary service, e.g.,as a community service by privacy-aware organizations. We present ideal properties for mixing of digital currencies.We propose a novel efficient decentralized mixing service for Bitcoin.A novel oblivious shuffle protocol improves resilience against malicious attackers.Use of threshold cryptography increases anonymity and enables deniability.The system is usable, scalable and compatible with Bitcoin/other digital currencies.

CPPL: Compact Privacy Policy Language

Recent technology shifts such as cloud computing, the Internet of Things, and big data lead to a significant transfer of sensitive data out of trusted edge networks. To counter resulting privacy concerns, we must ensure that this sensitive data is not inadvertently forwarded to third-parties, used for unintended purposes, or handled and stored in violation of legal requirements. Related work proposes to solve this challenge by annotating data with privacy policies before data leaves the control sphere of its owner. However, we find that existing privacy policy languages are either not flexible enough or require excessive processing, storage, or bandwidth resources which prevents their widespread deployment. To fill this gap, we propose CPPL, a Compact Privacy Policy Language which compresses privacy policies by taking advantage of flexibly specifiable domain knowledge. Our evaluation shows that CPPL reduces policy sizes by two orders of magnitude compared to related work and can check several thousand of policies per second. This allows for individual per-data item policies in the context of cloud computing, the Internet of Things, and big data.

BLOOM: BLoom filter based oblivious outsourced matchings

BackgroundWhole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations.MethodsWe propose Fhe-Bloom and Phe-Bloom, two efficient approaches for genetic disease testing using homomorphically encrypted Bloom filters. Both approaches allow the data owner to securely outsource storage and computation to an untrusted cloud. Fhe-Bloom is fully secure in the semi-honest model while Phe-Bloom slightly relaxes security guarantees in a trade-off for highly improved performance.ResultsWe implement and evaluate both approaches on a large dataset of up to 50 patient genomes each with up to 1000000 variations (single nucleotide polymorphisms). For both implementations, overheads scale linearly in the number of patients and variations, while Phe-Bloom is faster by at least three orders of magnitude. For example, testing disease susceptibility of 50 patients with 100000 variations requires only a total of 308.31 s (σ=8.73 s) with our first approach and a mere 0.07 s (σ=0.00 s) with the second. We additionally discuss security guarantees of both approaches and their limitations as well as possible extensions towards more complex query types, e.g., fuzzy or range queries.ConclusionsBoth approaches handle practical problem sizes efficiently and are easily parallelized to scale with the elastic resources available in the cloud. The fully homomorphic scheme, Fhe-Bloom, realizes a comprehensive outsourcing to the cloud, while the partially homomorphic scheme, Phe-Bloom, trades a slight relaxation of security guarantees against performance improvements by at least three orders of magnitude.

TraceMixer: Privacy-preserving crowd-sensing sans trusted third party

Crowd-sensing promises cheap and easy large scale data collection by tapping into the sensing and processing capabilities of smart phone users. However, the vast amount of fine-grained location data collected raises serious privacy concerns among potential contributors. In this paper, we argue that crowd-sensing has unique requirements w.r.t. privacy and data utility which renders existing protection mechanisms infeasible. We hence propose TraceMixer, a novel location privacy protection mechanism tailored to the special requirements in crowd-sensing. TraceMixer builds upon the well-studied concept of mix zones to provide trajectory privacy while achieving high spatial accuracy. First in this line of research, TraceMixer applies secure two-party computation technologies to realize a trustless architecture that does not require participants to share locations with anyone in clear. We evaluate TraceMixer on real-world datasets to show the feasibility of our approach in terms of privacy, utility, and performance. Finally, we demonstrate the applicability of TraceMixer in a real-world crowd-sensing campaign.

Practical Data Compliance for Cloud Storage

Despite their increasing proliferation and technical variety, existing cloud storage technologies by design lack support for enforcing compliance with regulatory, organizational, or contractual data handling requirements. However, with legislation responding to rising privacy concerns, this becomes a crucial technical capability for cloud storage systems. In this paper, we introduce PRADA, a practical approach to enforce data compliance in key-value based cloud storage systems. To this end, PRADA introduces a transparent data handling layer which enables clients to specify data handling requirements and provides operators with the technical means to adhere to them. The evaluation of our prototype shows that the modest overheads for supporting data handling requirements in cloud storage systems are practical for real-world deployments.