Jörg Daubert

On the Security and Privacy of Internet of Things Architectures and Systems

The Internet of Things (IoT) brings together a multitude of technologies, with a vision of creating an interconnected world. This will benefit both corporations as well as the end-users. However, a plethora of security and privacy challenges need to be addressed for the IoT to be fully realized. In this paper, we identify and discuss the properties that constitute the uniqueness of the IoT in terms of the upcoming security and privacy challenges. Furthermore, we construct requirements induced by the aforementioned properties. We survey the four most dominant IoT architectures and analyze their security and privacy components with respect to the requirements. Our analysis shows a mediocre coverage of security and privacy requirements. Finally, through our survey we identify a number of research gaps that constitute the steps ahead for future research.

A view on privacy & trust in IoT

Internet of Things (IoT) technology is rapidly gaining popularity, not only in industrial and commercial environments, but also in our personal life by means of smart devices at home. Such devices often interconnect with cloud services that promise easy usage and global access. However, managing the balance between trust in the service provider and need for privacy of individuals becomes a major challenge considering automatic exchange of manifold personal information. In this paper, we propose a formal model that establishes a relation between information, privacy, as well as trust, and that automatically maps between these terms while maintaining user control.

Distributed and Anonymous Publish-Subscribe

Publish-subscribe is a scheme for distributing information based on interests. While security mechanisms have been added to publish-subscribe, privacy, in particular anonymous communication is hardly considered. We summarize security and privacy requirements for such systems, including an adversary model for privacy. We introduce a construction for publish-subscribe overlays that fulfills the requirements. Contrary to previous approaches, it does neither presume an online trusted third party, nor expensive cryptographic operations performed by brokers. Further, we informally discuss how our requirements are met.

AnonPubSub: Anonymous publish-subscribe overlays

Publish-subscribe is an increasingly popular messaging pattern for distributed systems, supporting scalable and extensible programming, and optimal spatial, temporal, and control-flow decoupling of distributed components. Publish-subscribe middleware and methods were extended towards supporting security, in particular confidentiality, and increased availability, yet a few prior works addressed anonymity of participants. Anonymity of senders and receivers may however be crucial, e.g., for supporting freedom of expression in regimes where political repression and censorship prevail. In this article, we review basic security and privacy requirements and introduce a new attacker model based on statistical disclosure, used to challenge anonymity. We elaborate on design options for privacy-preserving publish-subscribe systems and present a novel system that leverages peer-to-peer networking concepts; this novel approach protects subscriber anonymity by means of Probabilistic Forwarding (PF) and through a novel so-called Shell Game (SG) algorithm. We verify our solution against the requirements and provide a simulation-based analysis of the effectiveness of our approaches in light of our attacker model. The results show that the SG algorithm efficiently protects subscriber anonymity, and that anonymity sets can be adjusted via PF.

Internal attacks in anonymous publish-subscribe P2P overlays

Privacy, in particular anonymity, is desirable in Online Social Networks (OSNs) like Twitter, especially when considering the threat of political repression and censorship. P2P-based publish-subscribe is a well suited paradigm for OSN scenarios as users can publish and follow topics of interest. However, anonymity in P2P-based publish-subscribe (pub-sub) has been hardly analyzed so far. Research on add-on anonymization systems such as Tor mostly focuses on large scale traffic analysis rather than malicious insiders. Therefore, we analyze colluding insider attackers in more detail that operate on the basis of timing information. For that, we model a generic anonymous pub-sub system, present an attacker model, and discuss timing attacks. We analyze these attacks by a realistic simulation model and discuss potential countermeasures. Our findings indicate that even few malicious insiders are capable to disclose a large number of participants, while an attacker using large amounts of colluding nodes achieves only minor additional improvements.

Beyond the Hype: On Using Blockchains in Trust Management for Authentication

Trust Management (TM) systems for authentication are vital to the security of online interactions, which are ubiquitous in our everyday lives. Various systems, like the Web PKI (X.509) and PGPs Web of Trust are used to manage trust in this setting. In recent years, blockchain technology has been introduced as a panacea to our security problems, including that of authentication, without sufficient reasoning, as to its merits.In this work, we investigate the merits of using open distributed ledgers (ODLs), such as the one implemented by blockchain technology, for securing TM systems for authentication. We formally model such systems, and explore how blockchain can help mitigate attacks against them. After formal argumentation, we conclude that in the context of Trust Management for authentication, blockchain technology, and ODLs in general, can offer considerable advantages compared to previous approaches. Our analysis is, to the best of our knowledge, the first to formally model and argue about the security of TM systems for authentication, based on blockchain technology. To achieve this result, we first provide an abstract model for TM systems for authentication. Then, we show how this model can be conceptually encoded in a blockchain, by expressing it as a series of state transitions. As a next step, we examine five prevalent attacks on TM systems, and provide evidence that blockchain-based solutions can be beneficial to the security of such systems, by mitigating, or completely negating such attacks.

End-2-End privacy architecture for IoT

We present an IoT privacy architecture covering End-2-End data handling at devices, connections and in the cloud. The system is driven by privacy policies negotiated between service providers and consumers.

CHALLENGES AND AVAILABLE SOLUTIONS AGAINST ORGANIZED CYBER-CRIME AND TERRORIST NETWORKS

Organized Crime (OC) and Terrorist Networks (TN) have risen to major and persistent threats for the European Union and its population. The IT growth of the past decade caused a migration of OC/TN to the cyber domain as well as the introduction of cybercrime. As a consequence, the technological dimensions of criminal activities are becoming more relevant and challenges ranging from the identification of criminal activities up to the understanding of engagement processes, are even more complicated. In this context, this paper aims to provide a discussion on OC and TN by pointing out organizational models, similarities, distinguishing features and differences in terms of their objectives. Furthermore, the main issues and available categories of solutions, in terms of models, methods and software tools are described. Finally, the importance of innovative digital and non-digital solutions is discussed as well as the current research directions are highlighted.

Cover Traffic: A Trade of Anonymity and Efficiency

Communication is ubiquitous in today’s societies; more and more devices participate in communication processes, as in for example the Internet of Things. With this omnipresent communication, the process of communication is sensitive itself as it already can disclose information about the content. Anonymous communication is desirable in many scenarios, e.g., the IoT, allowing to communicate without someone being able to attribute the communication to its senders and recipients. Sender anonymity is a hard goal; the only viable option to achieve it is cover traffic which blends communication into noise. In turn, this noise degrades the system’s efficiency rendering it unrealizable eventually. Moreover, cover traffic as a technique is hardly understood and analyzed. We perform a parameter study to analyze the influence of varying participation, utilization, and timing properties on anonymity and efficiency. Our results indicate that cover traffic can be generated more efficiently while anonymity is still on a reasonable level. Nonetheless, randomization of cover traffic allows performing intersection attacks to diminish anonymity in the long run.

Ant colony optimisation — A solution to efficient anonymous group communication?

Online Social Networks (OSNs) are the core of most communications nowadays, leading to possibly sensitive information exchange. Privacy is an important building block of free societies, and thus, for OSNs. OSNs function as group communication systems and can be build in centralised and distributed styles. Privacy can be achieved in distributed systems as all participants contribute to privacy. Peer-to-peer-based group communication systems achieve this privacy improvement partially, at the cost of additional messaging overhead. In this paper, we introduce ant colony optimisation to reduce the messaging overhead of anonymous communication systems, bridging the gap between privacy and efficiency. We apply our adapted privacy sensitive ant colony optimization to improve routing paths by encouraging re-usage and aggregation. Our first results indicate a 9–13% lower messaging overhead compared to the state of the art, while maintaining privacy.