Leonardo A. Martucci

IncogniSense: An anonymity-preserving reputation framework for participatory sensing applications

Reputation systems rate the contributions to participatory sensing campaigns from each user by associating a reputation score. The reputation scores are used to weed out incorrect sensor readings. However, an adversary can deanonmyize the users even when they use pseudonyms by linking the reputation scores associated with multiple contributions. Since the contributed readings are usually annotated with spatiotemporal information, this poses a serious breach of privacy for the users. In this paper, we address this privacy threat by proposing a framework called IncogniSense. Our system utilizes periodic pseudonyms generated using blind signature and relies on reputation transfer between these pseudonyms. The reputation transfer process has an inherent trade-off between anonymity protection and loss in reputation. We investigate by means of extensive simulations several reputation cloaking schemes that address this tradeoff in different ways. Our system is robust against reputation corruption and a prototype implementation demonstrates that the associated overheads are minimal.

Self-certified Sybil-free pseudonyms

Accurate and trusted identifiers are a centerpiece for any security architecture. Protecting against Sybil attacks in a privacy-friendly manner is a non-trivial problem in wireless infrastructureless networks, such as mobile ad hoc networks. In this paper, we introduce self-certified Sybil-free pseudonyms as a means to provide privacy-friendly Sybil-freeness without requiring continuous online availability of a trusted third party. These pseudonyms are self-certified and computed by the users themselves from their cryptographic long term identities. Contrary to identity certificates, we preserve location privacy and improve protection against some notorious attacks on anonymous communication systems.

Privacy, Security and Trust in Cloud Computing: The Perspective of the Telecommunication Industry

The telecommunication industry has been successful in turning the Internet into a mobile service and stimulating the creation of a new set of networked, remote services. In this paper we argue that embracing cloud computing solutions is fundamental for the telecommunication industry to remain competitive. However, there are legal, regulatory, business, market related and technical challenges that must be considered. In this paper we list such challenges and define a set of privacy, security and trust requirements that must be taken into account before cloud computing solutions can be fully integrated and deployed by telecommunication providers.

Revealing the Calling History of SIP VoIP Systems by Timing Attacks

Many emergent security threats which did not exist in the traditional telephony network are introduced in SIP VoIP services. To provide high-level security assurance to SIP VoIP services, an inter-domain authentication mechanism is defined in RFC 4474. However, this mechanism introduces another vulnerability: a timing attack which can be used for effectively revealing the calling history of a group of VoIP users. The idea here is to exploit the certificate cache mechanisms supported by SIP VoIP infrastructures, in which the certificate from a callers domain will be cached by the callees proxy to accelerate subsequent requests. Therefore, SIP processing time varies depending whether the two domains had been into contact beforehand or not. The attacker can thus profile the calling history of a SIP domain by sending probing requests and observing the time required for processing. The result of our experiments demonstrates that this attack can be easily launched. We also discuss countermeasures to prevent such attacks.

Analysis of privacy-enhancing protocols based on anonymity networks

In this paper, we analyze privacy-enhancing protocols for Smart Grids that are based on anonymity networks. The underlying idea behind such protocols is attributing two distinct partial identities for each consumer. One is used to send real-time information about the power consumption, and the other for transmitting the billing information. Such protocols provide sender-anonymity for the real-time information, while consolidated data is sent for billing. In this work, the privacy properties of such protocols are analyzed, and their computational efficiency is evaluated and compared using simulation to other solutions based on homomorphic encryption.

Formal definitions for usable access control rule sets from goals to metrics

Access control policies describe high level requirements for access control systems. Access control rule sets ideally translate these policies into a coherent and manageable collection of Allow/Deny rules. Designing rule sets that reflect desired policies is a difficult and time-consuming task. The result is that rule sets are difficult to understand and manage. The goal of this paper is to provide means for obtaining usable access control rule sets, which we define as rule sets that (i) reflect the access control policy and (ii) are easy to understand and manage. In this paper, we formally define the challenges that users face when generating usable access control rule sets and provide formal tools to handle them more easily. We started our research with a pilot study in which specialists were interviewed. The objective was to list usability challenges regarding the management of access control rule sets and verify how those challenges were handled by specialists. The results of the pilot study were compared and combined with results from related work and refined into six novel, formally defined metrics that are used to measure the security and usability aspects of access control rule sets. We validated our findings with two user studies, which demonstrate that our metrics help users generate statistically significant better rule sets.

Sybil-Free Pseudonyms, Privacy and Trust: Identity Management in the Internet of Services

We propose an identity management system that supports role-based pseudonyms that are bound to a given set of services (service contexts) and support the use of reputation systems. Our proposal offers a solution for the problem of providing privacy protection and reputation mechanisms concurrently. The trust information used to evaluate the reputation of users is dynamic and associated to their pseudonyms. In particular, our solution does not require the support or assistance from central authorities during the operation phase. Moreover, the presented scheme provides inherent detection and mitigation of Sybil attacks. Finally, we present an attacker model and evaluate the security and privacy properties and robustness of our solution.

Privacy and Anonymity in Mobile Ad Hoc Networks

Security is one of the most significant components in wireless systems to ensure the integrity of communications among terminals, networks, and services. As the field of wireless communications expands and inundates personal and professional lives worldwide, up-to-date wireless security research and knowledge becomes increasingly more vital to society. The Handbook of Research on Wireless Security combines research from esteemed experts on security issues in various wireless communications, recent advances in wireless security, the wireless security model, and future directions in wireless security. As an innovative and current reference source for students, educators, faculty members, researchers, engineers in the field of wireless security, this handbook will make an invaluable addition to any library collection.

Privacy for Peer Profiling in Collective Adaptive Systems

In this paper, we introduce a privacy-enhanced Peer Manager, which is a fundamental building block for the implementation of a privacy-preserving collective adaptive systems computing platform. The Peer Manager is a user-centered identity management platform that keeps information owned by a user private and is built upon an attribute-based privacy policy. Furthermore, this paper explores the ethical, privacy and social values aspects of collective adaptive systems and their extensive capacity to transform lives. We discuss the privacy, social and ethical issues around profiles and present their legal privacy requirements from the European legislation perspective.

Conflict Detection and Lifecycle Management for Access Control in Publish/Subscribe Systems

In todays collaborative business environment there is a need to share information across organizational boundaries. Publish/Subscribe systems are ideal for such scenarios as they allow real-time information to be shared in an asynchronous fashion. In this work, we focus on the access control aspect. While access control in general for publish/subscribe systems has been studied before, their usage in a multi-organizational scenario leads to some novel challenges. Here a publisher might wish to enforce restrictions w.r.t. not only subscribers, but also other publishers publishing certain event types due to competitive or regulatory reasons. With different publishers and subscribers having their own preferences and restrictions, conflicts are evident w.r.t. both publishing and subscribing to specific event types. Given this, the first contribution of this work is to provide efficient conflict detection and resolution algorithms The other important (and often ignored) aspect of large scale and evolving systems is that of efficiently handling modifications to existing policies, e.g. a rule may become invalid after a certain period of time. Our approach in handling such modifications is two-fold: (i) to maintain consistency and (ii) to automatically detect and enforce rules which could not have been enforced earlier due to conflicts. The second contribution of our work is thus to provide lifecycle management for access control rules, which is tightly coupled with the conflict detection and resolution algorithms.