Martin Florian

OverDrive: an overlay-based geocast service for smart traffic applications

For smart traffic scenarios, communication between traffic participants is of high importance. Classical approaches (e.g. for information about congestions) employ a server-based architecture, which raises scalability and privacy concerns. In this paper, we propose OverDrive, a decentralized overlay-based geocast service that is applicable in smart traffic scenarios and not prone to the shortcomings of centralized designs. Information requests for points in geographic space are routed directly via traffic participants until they reach a node in the proximity of that point. In contrast to other approaches, our overlay is specifically tailored towards supporting mobile nodes-vehicles connected via cellular networks-and leverages their speed and direction for optimizing peering decisions and minimizing maintenance overhead. Exhaustive simulations in complex smart traffic scenarios show that OverDrive achieves high delivery ratios even in high mobility environments. At the same time, communication overhead is kept low, making OverDrive suitable for the use with cellular networks.

Sybil-Resistant Pseudonymization and Pseudonym Change without Trusted Third Parties

The issuing of pseudonyms is an established approach for protecting the privacy of users while limiting access and preventing sybil attacks. To prevent pseudonym deanonymization through continuous observation and correlation, frequent and unlinkable pseudonym changes must be enabled. Existing approaches for realizing sybil-resistant pseudonymization and pseudonym change (PPC) are either inherently dependent on trusted third parties (TTPs) or involve significant computation overhead at end-user devices. In this paper, we investigate a novel, TTP-independent approach towards sybil-resistant PPC. Our proposal is based on the use of cryptocurrency block chains as general-purpose, append-only bulletin boards. We present a general approach as well as BitNym, a specific design based on the unmodified Bitcoin network. We discuss and propose TTP-independent mechanisms for realizing sybil-free initial access control, pseudonym validation and pseudonym mixing. Evaluation results demonstrate the practical feasibility of our approach and show that anonymity sets encompassing nearly the complete user population are easily achievable.

Privacy in overlay-based smart traffic systems

For smart traffic applications like dynamic route planning, communication between traffic participants is of high importance. Traditional communication architectures for smart traffic are centralized, which leads to major privacy concerns since every service provider gains a global view on the mobility behavior of all participating nodes. Recent publications on decentralized alternatives often claim to remedy privacy issues by getting rid of the centralized entity. In this paper, we test this assumption thoroughly, evaluating the privacy-aspects of overlay-based geocast systems in comparison to centralized approaches. To this means, we define an attacker model and describe two different attacks on privacy. Through simulation we show that without additional protection mechanisms, the difficulty for placing surveillance on individual nodes is low. Based on the results, we discuss possible improvements and alternative communication approaches.

Privacy-Preserving Cooperative Route Planning

Todays street traffic is still largely inefficient. Overburdened roads lead to congestions, accidents, and unnecessary pollution. The increasing interconnection of traffic participants into the Internet of Vehicles (IoV) has tremendous potential for improving this issue. Cooperative route planning, e.g., is a concept for optimizing vehicular routing on a global scale by gathering data about planned routes from interconnected vehicles. As in other IoV applications, the benefits of such a system come at the cost of an increased privacy risk for participating users. Published routes include both the current and the planned future locations of drivers and passengers-all highly sensitive pieces of information. In the scope of this paper, we demonstrate how cooperative route planning can be realized with strong privacy guarantees without significant cuts in utility or cost. According to our knowledge, this is the first work to consider in this issue. We propose a scheme by which vehicles can publish their intent to pass at specific waypoints at approximate times in an anonymous fashion. While providing complete unlinkability of published intentions to individual users, our scheme is protected against abuse, with misbehaving (i.e., lying) users quickly losing their right to participate.

Anonymous CoinJoin Transactions with Arbitrary Values

Bitcoin, the arguably most popular cryptocurrency to date, allows users to perform transactions using freely chosen pseudonymous addresses. Previous research, however, suggests that these pseudonyms can easily be linked, implying a lower level of privacy than originally expected. To obfuscate the links between pseudonyms, different mixing methods have been proposed. One of the first approaches is the CoinJoin concept, where multiple users merge their transactions into one larger transaction. In theory, CoinJoin can be used to mix and transact bitcoins simultaneously, in one step. Yet, it is expected that differing bitcoin amounts would allow an attacker to derive the original single transactions. Solutions based on CoinJoin therefore prescribe the use of fixed bitcoin amounts and cannot be used to perform arbitrary transactions.In this paper, we define a model for CoinJoin transactions and metrics that allow conclusions about the provided anonymity. We generate and analyze CoinJoin transactions and show that with differing, representative amounts they generally do not provide any significant anonymity gains. As a solution to this problem, we present an output splitting approach that introduces sufficient ambiguity to effectively prevent linking in CoinJoin transactions. Furthermore, we discuss how this approach could be used in Bitcoin today.

DPS-Discuss: Demonstrating Decentralized, Pseudonymous, Sybil-resistant Communication

A current trend on the Internet is the increasing surveillance of its users. A few big service providers have divided most of the user-facing Internet between them, observing and recording the activities of their users to increase profits. Additionally, government agencies have been found to practice mass surveillance. With regard to this it becomes even more important to provide online services that protect the privacy of their users and avoid censorship by single, powerful entities. To reach these goals, a trusted third party should be avoided. A prototype service which fulfills these goals is DPS-Discuss, a decentralized, pseudonymous online discussion application. It uses the libraries BitNym and Peer-Tor-Peer for pseudonym management and anonymous communication.

DeSyPs: a decentralized, sybil-resistant, pseudonymous online discussion platform

DeSyPs is a decentralized, sybil-resistant, pseudonymous online discussion plattform. It is a prototype application that showcases the individual building blocks Peer-Tor-Peer (PTP) [1] and BitNym [2].

Decentralized and sybil-resistant pseudonym registration using social graphs

A registration of identities is necessary in a wide array of systems, from online forums to smart environments. While pseudonyms are, in most cases, sufficient, mechanisms must be put in place to prevent malicious adversaries from registering great numbers of sybil identities. Preventing such sybil attacks becomes an especially significant challenge when the existence of a trusted party cannot be assumed. Several countermeasures against sybil attacks on decentralized systems have been proposed that are based on leveraging information from the social graph between participating users. While promising, existing solutions typically require knowledge of the complete social graph, which is a privacy issue, or are tailored towards specific applications like distributed hash tables. In this paper, we propose an approach for registering general-purpose pseudonyms in a completely decentralized manner while keeping social relationships private. Joining users collect confirmations from a fraction of already registered users while being aware only of their own neighbors in the social graph. Using the presented SybilHedge algorithm, sybil attackers are limited in the number of confirmations they can collect. We present an evaluation of the algorithm and discuss its practical application.

Establishing location-privacy in decentralized long-distance geocast services

The ability to communicate over long distances is of central importance for smart traffic applications like cooperative route planning or the discovery and reservation of charging stations for electric vehicles. Established approaches are based on centralized architectures with singular service providers. This setup leads to strong privacy concerns, as great amounts of sensitive location data need to be stored at a non-local, centralized entity. Decentralized approaches like the overlay-based geocast service OverDrive propose to solve this issue by eliminating the central data sink and sharing location information with a small subset of other participants. In this paper, we propose techniques for further improving the location privacy offered by decentralized long-distance geocast services. Through obfuscation of location data and mechanisms for detecting location spoofing attempts, we can ensure that precise location data is only shared with participants in the physical vicinity. Simulation results show that our extensions render both the large scale surveillance and the targeted tracking of OverDrive users unfeasible even for strong adversaries controlling hundreds of overlay nodes.

Sozial- und lokalitätsbewusste Overlays für User-Centric Networking

Zusammenfassung: Die aktuelle Beliebtheit von sozialen Netzwerken im Internet deutet auf das allgemeine Interesse an sozial-bewussten, nutzerorientierten Kommunikationsapplikationen hin. Gleichzeitig werden mobile Nutzergeräte sowohl mächtiger als auch weiter verbreitet. User-Centric Networking (UCN) ist eine Implikation dieser Tendenzen – die Realisierung von nutzerorientierten Kommunikationsapplikationen und -diensten direkt durch Nutzergeräte, also unabhängig von einer Server-basierten Infrastruktur. In diesem Beitrag wird ein neuartiges, vollständig dezentrales Overlay vorgestellt, das die Entwicklung von komplexen UCN-Applikationen ermöglicht. Im Gegenzug zu klassischen Overlay-Entwürfen nutzt der vorgestellte Ansatz den sozialen Kontext zwischen Nutzern, um eine bessere Vermaschung zwischen Geräten von befreundeten Nutzern zu erreichen. Das Overlay realisiert eine hohe Lokalität des Datenverkehrs zwischen Nutzern und unterstützt die zeitversetzte Zustellung von Nachrichten an Geräte, die zum Zeitpunkt des Sendens nicht verfügbar waren. Simulationen zeigen, dass der vorgestellte Ansatz nahezu optimale Latenzen erreicht und gut mit wachsenden Netzwerkgrößen skaliert.