Tobias Pulls

ScrambleSuit: a polymorphic network protocol to circumvent censorship

Deep packet inspection technology became a cornerstone of Internet censorship by facilitating cheap and effective filtering of what censors consider undesired information. Moreover, filtering is not limited to simple pattern matching but makes use of sophisticated techniques such as active probing and protocol classification to block access to popular circumvention tools such as Tor. In this paper, we propose ScrambleSuit; a thin protocol layer above TCP whose purpose is to obfuscate the transported application data. By using morphing techniques and a secret exchanged out-of-band, we show that ScrambleSuit can defend against active probing and other fingerprinting techniques such as protocol classification and regular expressions. We finally demonstrate that our prototype exhibits little overhead and enables effective and lightweight obfuscation for application layer protocols.

Towards Usable Privacy Policy Display a Management

This paper discusses the approach taken within the PrimeLife project for providing user-friendly privacy policy interfaces for the PrimeLife Policy Language (PPL).We present the requirements, desig ...

How can Cloud Users be Supported in Deciding on, Tracking and Controlling How their Data are Used?

Transparency is a basic privacy principle and factor of social trust. However, the processing of personal data along a cloud chain is often rather intransparent to the data subjects concerned. Transparency Enhancing Tools (TETs) can help users in deciding on, tracking and controlling their data in the cloud. However, TETs for enhancing privacy also have to be designed to be both privacy-preserving and usable. In this paper, we provide requirements for usable TETs for the cloud. The requirements presented in this paper were derived in two ways; at a stakeholder workshop and through a legal analysis. Here we discuss design principles for usable privacy policies and give examples of TETs which enable end users to track their personal data. We are developing them using both privacy and usability as design criteria.

Adding Secure Transparency Logging to the PRIME Core

This paper presents a secure privacy preserving log. These types of logs are useful (if not necessary) when constructing transparency services for privacy enhancement. The solution builds on and extends previous work within the area and tries to address the shortcomings of previous solutions regarding privacy issues.

Balloon: A Forward-Secure Append-Only Persistent Authenticated Data Structure

We present Balloon, a forward-secure append-only persistent authenticated data structure. Balloon is designed for an initially trusted author that generates events to be stored in a data structure (the Balloon) kept by an untrusted server, and clients that query this server for events intended for them based on keys and snapshots. The data structure is persistent such that clients can query keys for the current or past versions of the data structure based upon snapshots, which are generated by the author as new events are inserted. The data structure is authenticated in the sense that the server can verifiably prove all operations with respect to snapshots created by the author. No event inserted into the data structure prior to the compromise of the author can be modified or deleted without detection due to Balloon being publicly verifiable. Balloon supports efficient (non-)membership proofs and verifiable inserts by the author, enabling the author to verify the correctness of inserts without having to store a copy of the Balloon. We formally define and prove that Balloon is a secure authenticated data structure.

Privacy-Friendly cloud storage for the data track: an educational transparency tool

The Data Track is a transparency-enhancing tool that aims to educate users by providing them with an overview of all their data disclosures. In this paper, we describe a cryptographic scheme for storing all data disclosures tracked by the Data Track centrally in the cloud in a privacy-friendly way. Our scheme allows users to store their data anonymously, while keeping the cloud provider accountable with regard to the integrity of the data. Furthermore, we introduce a separation of concerns for the different components of the Data Track, well suited for tracking data disclosures from semi-trusted devices that may become compromised. We provide an informal evaluation of our scheme and briefly describe a proof of concept implementation.

HCI for Policy Display and Administration

The PrimeLife Policy Language (PPL) has the objective of helping end users make the data handling practices of data controllers more transparent, allowing them to make well-informed decisions about the release of personal data in exchange for services. In this chapter, we present our work on user interfaces for the PPL policy engine, which aims at displaying the core elements of a data controller’s privacy policy in an easily understandable way as well as displaying how far it corresponds with the user’s privacy preferences. We also show how privacy preference management can be simplified for end users.

More) Side Channels in Cloud Storage

Public cloud storage services are gaining in popularity and several commercial actors are offering their services for users, however, not always with the security and privacy of their users as the primary design goal. This paper investigates side channels in public cloud storage services that allow the service provider, and in some cases users of the same service, to learn who has stored a given file and to profile users’ usage of the service. These side channels are present in several public cloud storage services that are marketed as secure and privacy-friendly. Our conclusions are that cross-user deduplication should be disabled by default and that public cloud storage services need to be designed to provide unlinkability of users and data, even if the data is encrypted by users before storing it in the cloud.

Transparency, Privacy and Trust – Technology for Tracking and Controlling My Data Disclosures: Does This Work?

Transparency is a basic privacy principle and social trust factor. However, in the age of cloud computing and big data, providing transparency becomes increasingly a challenge.

Hardware Strengthening a Distributed Logging Scheme

In the online world, service providers allow users to upload data to be stored or processed. In some cases, privacy will become an essential feature. Sensitive content can be the data provided to or the services used at the service provider. Logging of the actions of the service providers can therefore also generate privacy-sensitive content. However, to enhance transparency towards users, logging can be a very useful tool. In this paper, we build upon the concept of distributed privacy-preserving log trails. The trust in such a system lies in the storage of a vector in a certain register stored in software. With a piece of malicious software, a hacker or curious user could misuse this register to learn about a certain process or to learn for whom a service is performed, although the scheme ensures forward-unlinkability and forward-integrity. In this paper, we strengthen the conventional software approach by implementing the vector in external hardware. This hardens the scheme further, and reduces the level to which the log server has to be trusted, at the cost of additional but solvable security threats.