Matthias Nagel

Nonlinear information filtering for distributed multisensor data fusion

The information filter has evolved into a key tool for distributed and decentralized multisensor estimation and control. Essentially, it is an algebraical reformulation of the Kalman filter and provides estimates on the information about an uncertain state rather than on a state itself. Whereas many practicable Kalman filtering techniques for nonlinear system and sensor models have been developed, approaches towards nonlinear information filtering are still scarce and limited. In order to deal with nonlinear systems and sensors, this paper derives an approximation technique for arbitrary probability densities that provides the same distributable fusion structure as the linear information filter. The presented approach not only constitutes a nonlinear version of the information filter, but it also points the direction to a Hilbert space structure on probability densities, whose vector space operations correspond to the fusion and weighting of information.

Concurrently Composable Security with Shielded Super-Polynomial Simulators

We propose a new framework for concurrently composable security that relaxes the security notion of UC security. As in previous frameworks, our notion is based on the idea of providing the simulator with super-polynomial resources. However, in our new framework simulators are only given restricted access to the results computed in super-polynomial time. This is done by modeling the super-polynomial resource as a stateful oracle that may directly interact with a functionality without the simulator seeing the communication. We call these oracles “shielded oracles”.

Sicherheit relativ definieren

ZusammenfassungIn der modernen Kryptographie wird „Sicherheit“ mathematisch definiert. Einer der etablierten Ansätze, Sicherheit zu definieren, ist die „Simulationsbasierte Sicherheit“, bei der Sicherheit keine absolute Größe ist, sondern durch Vergleich mit fiktionalen, ideal sicheren kryptographischen Protokollen definiert wird. Dieser Artikel stellt neue Entwicklungen vor.

A survey on design and implementation of protected searchable data in the cloud

While cloud computing has exploded in popularity in recent years thanks to the potential efficiency and cost savings of outsourcing the storage and management of data and applications, a number of vulnerabilities that led to multiple attacks have deterred many potential users. n nAs a result, experts in the field argued that new mechanisms are needed in order to create trusted and secure cloud services. Such mechanisms would eradicate the suspicion of users towards cloud computing by providing the necessary security guarantees. Searchable Encryption is among the most promising solutions—one that has the potential to help offer truly secure and privacy-preserving cloud services. We start this paper by surveying the most important searchable encryption schemes and their relevance to cloud computing. In light of this analysis we demonstrate the inefficiencies of the existing schemes and expand our analysis by discussing certain confidentiality and privacy issues. Further, we examine how to integrate such a scheme with a popular cloud platform. Finally, we have chosen – based on the findings of our analysis – an existing scheme and implemented it to review its practical maturity for deployment in real systems. The survey of the field, together with the analysis and with the extensive experimental results provides a comprehensive review of the theoretical and practical aspects of searchable encryption.

Sicherheit auf festem Fundament

ZusammenfassungMöchte man sichere IT-Systeme konstruieren, so kann man sich nicht auf Software alleine verlassen. Vertrauenswürdige Hardware ist ein unverzichtbarer Vertrauensanker für sichere IT-Lösungen, wie in diesem Beitrag anhand von je zwei Anwendungsbeispielen und Forschungsfragen dargestellt wird.

BBA+: Improving the Security and Applicability of Privacy-Preserving Point Collection

Black-box accumulation (BBA) has recently been introduced as a building-block for a variety of user-centric protocols such as loyalty, refund, and incentive systems. Loosely speaking, this building block may be viewed as a cryptographic piggy bank that allows a user to collect points (aka incentives, coins, etc.) in an anonymous and unlinkable way. A piggy bank may be robbed at some point by a user, letting her spend the collected points, thereby only revealing the total amount inside the piggy bank and its unique serial number. In this paper we present BBA+, a definitional framework extending the BBA model in multiple ways: (1) We support offline systems in the sense that there does not need to be a permanent connection to a serial number database to check whether a presented piggy bank has already been robbed. (2) We enforce the collection of negative points which users may not voluntarily collect, as this is, for example, needed in pre-payment or reputation systems. (3) The security property formalized for bbap schemes is stronger and more natural than for BBA: Essentially, we demand that the amount claimed to be inside a piggy bank must be exactly the amount legitimately collected with this piggy bank. As piggy bank transactions need to be unlinkable at the same time, defining this property is highly non-trivial. (4) We also define a stronger form of privacy, namely forward and backward privacy. Besides the framework, we show how to construct a BBA+ system from cryptographic building blocks and present the promising results of a smartphone-based prototypical implementation. They show that our current instantiation may already be useable in practice, allowing to run transactions within a second---while we have not exhausted the potential for optimizations.