Peter Schartner

Unique user-generated digital pseudonyms

This paper presents a method to generate unique and nevertheless highly random pseudonyms in a distributed environment. More precisely, each user can now generate his pseudonym locally in his personal security environment, e.g. in his smart card or his personal digital assistant. There is no need for any information interchange between issuing parties or global data (especially keys), except unique identifiers for each user and each device of the system. Additionally the holder can prove, that he generated a specific pseudonym without revealing his identity and he can reveal his identity by disclosing the pseudonym. Whereas the verifier of a disclosed pseudonym can be sure, that the presenter of the pseudonym is the holder of the pseudonym (i.e. the person which originally generated it). The identifier of the user and the identifier of the users device will be used to generate unique pseudonyms, but to ensure pseudonymity, both components will be stored in the pseudonym in encrypted form.

A Unified Framework for the Analysis of Availability, Reliability and Security, With Applications to Quantum Networks

Major goals of system security comprise confidentiality, integrity, availability, authenticity, and reliability. All of these have seen comprehensive treatment, yielding a vast collection of solutions. Information-theoretic security regarding confidentiality has seen considerable progress recently with the development of commercial quantum cryptographic devices. Solutions for perfectly secure authentication have been around much longer. Achieving perfect security, high availability and reliability, calls for combinations of various approaches. In this study, we propose a simple and uniform framework for the assessment of security, availability, and reliability that arbitrary compositions of security measures can provide. Our methodology facilitates system modeling in a decision-theoretic manner, which makes the models easily understandable even for specialists from fields other than security. At the same time, the models allow for strong assertions and for simple characterizations of the achievable security and safety in a system. We demonstrate the applicability of our results using quantum networks as an example.

Video surveillance: a distributed approach to protect privacy

The topmost concern of users who are kept under surveillance by a CCTV-System is the loss of their privacy. To gain a high acceptance by the monitored users, we have to assure, that the recorded video-material is only available to a subset of authorized users under exactly previously defined circumstances. In this paper we propose a CCTV video surveillance system providing privacy in a distributed way using threshold multi-party computation. Due to the flexibility of the access structure, we can handle the problem of loosing private-key-shares that are necessary for reconstructing video-material as well as adding new users to the system. If a pre-defined threshold is reached, a shared update of the master secret and the according re-encryption of previously stored ciphertext without revealing the plaintext is provided.

Secure communication for the robot operating system

The boom for robotics technologies in recent years has also empowered a new generation of robotics software. The Robot Operating System (ROS) is one of the most popular frameworks for robotics researchers and makers which is moving towards commercial and industrial use. Security-wise however, ROS is vulnerable to attacks. It is rather easy to inject or eavesdrop data in a ROS application. This opens many different ways to attack a ROS application resulting in data loss, monetary damage or even physical injury. In this paper we present a secure communication channel enabling ROS-nodes to communicate with authenticity and confidentiality. We secure ROS on a peer-to-peer basis in the direct interaction between publishers and subscribers. We describe the implementation changes we have made to the ROS core and assess the overhead introduced by the new security functions.

Application-level security for ROS-based applications

While the topic of security in industrial applications has gained some momentum in recent years, there are still severe security vulnerabilities which are actively exploited for attacks. The robot operating system (ROS) is expected to further grow in usage and to be used in many industrial applications. Analysis, however, shows that it lacks several security enhancements in order to make it suitable for industrial use. In its current state, false data and commands can be injected posing a possible safety risk for the resulting product and humans in the production. In addition, data may be eavesdropped and used by outsiders to gain insight into the production process. In this paper we propose a security architecture intended for use on top of ROS on the application level. We use a dedicated authorization server to ensure that only valid nodes are part of the application. Cryptographic methods ensure data confidentiality and integrity. We show in a demonstration with a collaborative robot how our architecture can be used to secure a ROS-based application.

Secure online exams using students' devices

With the augmented use of Learning Management Systems (LMS) like Moodle, the demand to perform exams online is higher than ever. Providing a dedicated exam room with up to hundreds of computers is a possible but very expensive solution. However, performing exams on student laptops increases the number of simultaneous exams but also the possibility for cheating. This paper describes the “Secure Exam Environment” (SEE) implemented at the AAUK to support exams based on Moodle to be held on student laptops without access to local files or the Internet. Additional programs like Excel or Java applications can be installed and used during the exams.

Game-Theoretic Security Analysis of Quantum Networks

Unconditional security is the key-feature of quantum cryptography, which makes it superior to any classical encryption scheme. Most research in this area focuses on analyzing the theoretical properties and performance of particular quantum key distribution protocols, but a rigorous analysis on the network level seems to be missing. We present a game-theoretic approach which gives simple and tight bounds to the risk of communication that any two peers in a quantum network have to take when communicating, even if quantum cryptography is used. This work is motivated by recent (im)possibility results regarding unconditionally secure message transmission in arbitrary networks, which puts stringent constraints on the network topology. Hence, our model naturally accounts for a given graph topology (existing fibre-optic networks which are natural candidates for a roll-out of a quantum network), as well as measuring risk in terms of probability or the designers subjective understanding. As a by-product, our model gives optimal path selection strategies, and the optimal design of network topologies under given constraints (like geographic or monetary ones).

Quantum Coin-Flipping-Based Authentication

Quantum cryptographic key distribution (QKD) is a promising candidate for achieving unconditional security, making the renowned one-time pad encryption technically feasible for building computer networks. However, although well-developed theoretical foundations perfectly ensure protection against eavesdropping, no natural mechanism is yet able to successfully repel an adversary sitting between Alice and Bob, performing QKD with both and re-encrypting each message after heaving read it in plain text. Authentication is hence of crucial importance, and normally applied to all messages that are related to the public discussion part of the QKD protocol. We present an analysis of a scenario, in which authentication is postponed until the end of the QKD protocol. This yields to reduced computational effort, as well as simple and tight bounds on the amount of preshared key material. Our solution relies on a combination of quantum key distribution and quantum coin-flipping, which ensures noncontrollability of the QKD key. Based on this assumption, we can apply a standard fingerprint comparison for authentication, to guard the protocol against a person-in-the-middle attack.

Security in Quantum Networks as an Optimization Problem

We present a general framework for casting the problem of designing secure quantum networks into a classical optimization problem. We introduce a measure of risk that serves as upper bound on the probability of loosing a message to the adversary. Based on this results, we can transform the problem of secure network design into an optimization procedure, which opens the field for the entire framework of optimization theory to tackle the problem most efficiently. The latter is particularly appealing, since we prove the problem to be NP-hard in general. Our methodology is formulated to yield results that have interpretations in probabilistic terms, but can be generalized to other settings in a straightforward manner. The modeling approach is simple, and naturally accounts for different notions of security, depending on the situation at hand. Furthermore, our results are not limited to security in quantum networks, as we rely on quantum cryptography only to the extent of securing links. Hence, the analysis is equally applicable for any (multipath) transmission setup, where information-theoretic security is demanded.

Crowds Based on Secret-Sharing

Anonymous communication has been a long recognized problem, and various solutions of different performance have been proposed over the last decades. Manifold differently strong security notions, being specific for the sender or receiver, are found in the literature. We consider protection of both, the senders and receivers identity from each other and a coalition of intermediate relay nodes. The Crowds-system is known to provide probabilistic sender anonymity, but receiver anonymity is only given for asymptotically large networks. Assuming that the adversary notices the communication as such, we prove that the strongest form of receiver anonymity (under this assumption) is efficiently achievable for finite-size (even small) networks. Our construction is secure in the sense that a passive threshold adversary cannot disclose the receivers identity with a chance better than guessing this information.