Jan Willemson

Sharemind: A Framework for Fast Privacy-Preserving Computations

Gathering and processing sensitive data is a difficult task. In fact, there is no common recipe for building the necessary information systems. In this paper, we present a provably secure and efficient general-purpose computation system to address this problem. Our solution-- Sharemind --is a virtual machine for privacy-preserving data processing that relies on share computing techniques. This is a standard way for securely evaluating functions in a multi-party computation environment. The novelty of our solution is in the choice of the secret sharing scheme and the design of the protocol suite. We have made many practical decisions to make large-scale share computing feasible in practice. The protocols of Sharemind are information-theoretically secure in the honest-but-curious model with three computing participants. Although the honest-but-curious model does not tolerate malicious participants, it still provides significantly increased privacy preservation when compared to standard centralised databases.

Improving the Availability of Time-Stamping Services

We discuss the availability questions that arise when digital time stamps are used for preserving the evidentiary value of electronic documents. We analyze the time-stamping protocols known to date and point out some weaknesses that have not been addressed so far in scientific literature. Without addressing and solving them, any advantage of the linkage-based protocols over the hash-and-sign time-stamping would be questionable. We present several new techniques and protocols for improving the availability ofb oth the hash-and-sign and the linkage-based time-stamping services. We introduce fault-tolerant linking as a new concept to neutralize fault-sensitivity as the main weakness of linkage-based time-stamping.

Processing multi-parameter attacktrees with estimated parameter values

Authors extend the multi-parameter attacktree model to include inaccurate or estimated parameter values, which are modelled as probabilistic interval estimations. The paper develops mathematical tools to extend the computation rules of the attacktree model to work with interval estimations instead of point estimates. We present a sample computation routine and discuss how to interpret the analysis results and how to choose the optimal or an economically justified security level.

Covering the path space: a casebase analysis for mobile robot path planning

This paper presents a theoretical analysis of a casebase used for mobile robot path planning in dynamic environments. Unlike other case-based path planning approaches, we use a grid map to represent the environment that permits the robot to operate in unstructured environments. The objective of the mobile robot is to learn to choose paths that are less risky to follow. Our experiments with real robots have shown the efficiency of our concept. In this paper, we replace a heuristic path planning algorithm of the mobile robot with a seed casebase and prove the upper and lower bounds for the cardinality of the casebase. The proofs indicate that it is realistic to seed the casebase with some solutions to a path-finding problem so that no possible solution differs too much from some path in the casebase. This guarantees that the robot would theoretically find all paths from start to goal. The proof of the upper bound of the casebase cardinality shows that the casebase would in a long run grow too large and all possible solutions cannot be stored. In order to keep only the most efficient solutions the casebase has to be revised at run-time or some other measure of path difference has to be considered.

Universally composable time-stamping schemes with audit

We present a Universally Composable (UC) time-stamping scheme based on universal one-way hash functions. The model we use contains an ideal auditing functionality, the task of which is to check that the rounds digests are correctly computed. Our scheme uses hash-trees and is just a slight modification of the known schemes of Haber-Stornetta and Benaloh-de Mare, but both the modifications and the audit functionality are crucial for provable security. We prove that our scheme is nearly optimal – in every UC time-stamping scheme, almost all time stamp requests must be communicated to the auditor.

A Secure and Scalable Infrastructure for Inter-Organizational Data Exchange and eGovernment Applications

As more and more information becomes accessible via on-line databases, more public services can be provided and more complex queries involving several registers become feasible as well. However, not all of the digitally stored data is public and thus strict access control mechanisms must be enforced. At the same time, in order to take full advantage of on-line data sources, high availability must be achieved as well. This paper describes an infrastructure developed in Estonia to satisfy these somewhat contradictory requirements. This infrastructure (called X- Road) enables different organizations to access each others data and rely on it when taking legally binding decisions. We discuss technical details ofX-Road together with the issues arising when the infrastructure is to be implemented on national or international level.

Algorithrnic Generation of Path Fragrnent Covers for Mobile Robot Path Planning

This paper describes a framework for mobile robot path planning in dynamic environments where the environments are represented by grid maps. The planning heuristics considered in the paper is to generate the minimal set of paths so that all the possible path fragments of two edges are covered. We show that the number of required paths is linear in the dimensions of the grid (thus making application of the approach realistic and scalable). The main contribution of the paper is the description of all the minimal covers by means of an efficient algorithm. We prove its correctness and conclude that there are 2(m-1)(n-2)+(m-2)(n-1) minimal path fragment covers in an mtimesn grid