Ronald Petrlic

A privacy-friendly architecture for future cloud computing

We present a privacy-friendly architecture for a future cloud computing scenario where software licensing and software payment plays a major role. We show how digital rights management as a technical solution for software licensing can be achieved in a privacy-friendly manner. In our scenario, users who buy software from software providers and execute it at computing centres stay anonymous. At the same time, our approach guarantees that software licences are bound to users and that their validity is checked before execution. Thus, digital rights management constitutes an incentive for software providers to take part in such a future cloud computing scenario. We employ a software re-encryption scheme so that computing centres are not able to build profiles of their users - not even under a pseudonym. We make sure that malicious users are unable to relay software to others.

Privacy-enhanced architecture for smart metering

The recent deployment of smart grids promises to bring numerous advantages in terms of energy consumption reduction in both homes and businesses. A more transparent and instantaneous measurement of electricity consumption through smart meters utilization leads to an enhancement in the ability of monitoring, controlling and predicting energy usage. Nevertheless, it also has associated drawbacks related to the privacy of customers, since such management might reveal their personal habits, which electrical appliances they are using at each moment, whether they are at home or not, etc. In this work, we present a privacy-enhanced architecture for smart metering aimed at tackling this threat by means of encrypting individual measurements while allowing the electricity supplier to access the aggregation of the corresponding decrypted values.

Privacy-preserving reputation management

Reputation systems provide reputation values of rated parties to users. These reputation values, typically aggregations of individual user ratings, shall be reliable, i.e. should enable a realistic assessment of the probability that the rated party behaves as expected in a transaction. In order for the reputation values to stay reliable and, thus, for the reputation system to provide a benefit, the system needs to be resistant against manipulations by users, the rated parties trying to improve their reputation values, and even against competitors trying to worsen a reputation value. At the same time, a reputation system shall provide privacy protection for users: rated parties shall not be able to learn who provided a certain rating. Otherwise users might not take part in the system as they fear bad feedback in revenge for bad ratings, or users do not want to be connected to certain transactions based on their provided ratings. In this paper we come up with a solution that provides both, reliability of reputation values on the one hand, and privacy protection for users on the other hand. In contrast to related work, our solution only makes use of a single reputation provider that needs to be trusted (to a certain extent) and does not require any bulletin boards to be present in the system. We make use of the Paillier cryptosystem to provide an aggregation of individual user ratings in a way that no party can learn which user provided a certain rating.

Efficient smart metering based on homomorphic encryption

Abstract Smart meters send fine-grained client electricity consumption readings to suppliers. Although this presents advantages for both entities, it results in a serious loss of privacy for customers. We present a monitoring-purpose system that preserves customers’ privacy by homomorphically aggregating the consumptions of all n members of a neighborhood. The proposal has an efficient linear O(n) communication cost and is proven to preserve customers’ privacy even in the presence of a corrupted substation and some malicious smart meters. It requires neither secure communication channels nor a trusted third party (except for issuing public-key certificates). Computation on the smart meters is limited to modular exponentiations. These favorable properties come at the expense of increased computation cost on the electricity suppliers’ side. We show that the computation is easily feasible for realistic parameter choices.

Matching of Incomplete Service Specifications Exemplified by Privacy Policy Matching

Service matching approaches determine to what extent a provided service matches a requester’s requirements. This process is based on service specifications describing functional (e.g., signatures) as well as non-functional properties (e.g., privacy policies). However, we cannot expect service specifications to be complete as providers do not want to share all details of their services’ implementation. Moreover, creating complete specifications requires much effort. In this paper, we propose a novel service matching approach taking into account a service’s signatures and privacy policies. In particular, our approach applies fuzzy matching techniques that are able to deal with incomplete service specifications. As a benefit, decision-making based on matching results is improved and service matching becomes better applicable in practice.

Privacy-Preserving Digital Rights Management in a Trusted Cloud Environment

We present a privacy-preserving DRM scheme for a (future) cloud computing software market. In such a market, applications are packed into virtual machines (VMs) by software providers and the VMs can be executed at any computing center within the cloud. We propose the introduction of a software TPM as a container for VM-specific keys within the VM that moves around with the VM within the cloud. The software TPM is coupled to a virtual TPM at a computing center to constitute the root of trust for a local DRM enforcement system within the VM that checks the license before each application execution. This allows flexible price models, e.g. execute at most n times-like models. Users have proof that their personally identifiable information, stored and processed within the VM at a computing center, cannot be obtained by the computing center. A feature of our solution is that neither software provider nor computing center are able to build usage profiles of the software executions.

Privacy-Preserving Digital Rights Management based on Attribute-based Encryption

We present a privacy-preserving multiparty DRM scheme that does not need a trusted third party. Users anonymously buy content from content providers and anonymously execute it at content execution centers. The executions are unlinkable to each other. The license check is performed as part of the used ciphertext-policy attribute-based encryption (CP-ABE) and, thus, access control is cryptographically enforced. The problem of authorization proof towards the key center in an ABE scheme is solved by a combination with anonymous payments.

Unlinkable content playbacks in a multiparty DRM system

We present a solution to the problem of privacy invasion in a multiparty digital rights management scheme. (Roaming) users buy content licenses from a content provider and execute it at any nearby content distributor. Our approach, which does not need any trusted third party--in contrast to most related work on privacy-preserving DRM--is based on a re-encryption scheme that runs on any mobile Android device. Only a minor security-critical part needs to be performed on the devices smartcard which could, for instance, be a SIM card.

Integrity Protection for Automated Teller Machines

In this paper we propose an integrity protection concept based on Trusted Computing. The Trusted Platform Module (TPM) is used to measure the integrity of the ATM. We show that the measurement results can be reported authentically to the bank and the ATM manufacturer. We also discuss how an integrity evaluation based on the report can be performed--allowing the bank to put an ATM out of operation as an integrity violation is detected. Our solution provides protection against offline attacks performed by insiders.

A privacy-preserving reputation system with user rewards

Reputation systems are useful to assess the trustworthiness of potential transaction partners, but also a potential threat to privacy since rating profiles reveal users preferences. Anonymous reputation systems resolve this issue, but make it difficult to assess the trustworthiness of a rating. We introduce a privacy-preserving reputation system that enables anonymous ratings while making sure that only authorized users can issue ratings. In addition, ratings can be endorsed by other users. A user who has received a pre-defined number of endorsements can prove this fact, and be rewarded e.g. by receiving a Premium member status. The system is based on advanced cryptographic primitives such as Chaum-Pedersen blind signatures, verifiable secret sharing and oblivious transfer.