Sergiu Costea

Secure Software Licensing: Models, Constructions, and Proofs

The problem of secure software licensing is to enforce meaningful restrictions on how software is run on machines outside the control of the software author/vendor. The problem has been addressed through a variety of approaches from software obfuscation to hardware-based solutions, but existent solutions offer only heuristic guarantees which are often invalidated by attacks. This paper establishes foundations for secure software licensing in the form of rigorous models. We identify and formalize two key properties. Privacy demands that licensed software does not leak unwanted information, and integrity ensures that the use of licensed software is compliant with a license - the license is a parameter of our models. Our formal definitions and proposed constructions leverage the isolation/attestation capabilities of recently proposed trusted hardware like SGX which proves to be a key enabling technology for provably secure software licensing.

Reduced Relative Errors for Short Sequence Counting with Differential Privacy

Current concerns about data privacy have lead to increased focus on data anonymization methods. Differential privacy is a new mechanism that offers formal guarantees about anonymization strength. The main challenge when using differential privacy consists in the difficulty in designing correct algorithms when operating on complex data types. One such data type is sequential data, which is used to model many actions like location or browsing history. We propose a new differential privacy algorithm for short sequence counting called Recursive Budget Allocation (RBA). We show that RBA leads to lower relative errors than current state of the art techniques. In addition, it can also be used to improve relative errors for generic differential privacy algorithms which operate on data trees.

A Comparative Evaluation of Private Information Retrieval Techniques in Location-Based Services

Private Information Retrieval (PIR) schemes offer privacy to Internet users by protecting the contents of their queries from the servers that they use. As the problem of user data collected by various services is becoming an issue of increasing concern, the functionality offered by such schemes is gaining a lot of attention. There are various PIR methods that ensure privacy, ranging from information-theoretic secure solutions that require multiple non-colluding servers, to hardware implementations based on secure trusted components. In this paper, we focus on computational PIR (cPIR) techniques which ensure privacy while using only one server and no dedicated hardware modules. Privacy is achieved with the help of encryption that relies on mathematical problems that are computationally intractable. We present an overview of the available cPIR techniques, we identify the major challenges of implementing such schemes, and we evaluate their relative performance. We provide an in-depth analysis of the strengths and weaknesses of cPIR solutions, and present scenarios where each technique is best suited.

Security from Disjoint Paths: Is It Possible?

We propose a work-in-progress protocol to detect man-in-the-middle attacks during the communication between two parties, by leveraging the existence of disjoint paths between the communicating parties. Our protocol allows us to detect attackers either at the protocol level (through delay measurements) or at the user level (if the attackers tamper with the data).

Input Validation for the Laplace Differential Privacy Mechanism

Privacy is an increasing concern as the number of databases containing personal information grows. Differential privacy algorithms can be used to provide safe database queries through the insertion of noise. Attackers cannot recover pieces of the initial data with certainty, but this comes at the cost of data utility. Noise insertion leads to errors, and signal to noise ratio can become an issue. In such cases, current differential privacy mechanisms cannot inform the end user that the sanitized data might not be reliable. We propose a new differential privacy algorithm that signals the user when relative errors surpass a predefined threshold. This allows users running complex differential privacy algorithms, such as sequence processing or geographical data analysis, to improve utility through better management of large errors. We prove that our algorithm satisfies differential privacy, and perform a formal analysis of its performance. Finally, we provide guidelines on how to customize behaviour to improve results.