Tomas Sander

Protecting Mobile Agents Against Malicious Hosts

A key element of any mobile code based distributed system are the security mechanisms available to protect (a) the host against potentially hostile actions of a code fragment under execution and (b) the mobile code against tampering attempts by the executing host. Many techniques for the first problem (a) have been developed. The second problem (b) seems to be much harder: It is the general belief that computation privacy for mobile code cannot be provided without tamper resistant hardware. Furthermore it is doubted that an agent can keep a secret (e.g., a secret key to generate digital signatures). There is an error in reasoning in the arguments supporting these beliefs which we are going to point out. In this paper we describe software-only approaches for providing computation privacy for mobile code in the important case that the mobile code fragment computes an algebraic circuit (a polynomial). We further describe an approach how a mobile agent can digitally sign his output securely.

Securing passwords against dictionary attacks

The use of passwords is a major point of vulnerability in computer security, as passwords are often easy to guess by automated programs running dictionary attacks. Passwords remain the most widely used authentication method despite their well-known security weaknesses. User authentication is clearly a practical problem. From the perspective of a service provider this problem needs to be solved within real-world constraints such as the available hardware and software infrastructures. From a users perspective user-friendliness is a key requirement.In this paper we suggest a novel authentication scheme that preserves the advantages of conventional password authentication, while simultaneously raising the costs of online dictionary attacks by orders of magnitude. The proposed scheme is easy to implement and overcomes some of the difficulties of previously suggested methods of improving the security of user authentication schemes.Our key idea is to efficiently combine traditional password authentication with a challenge that is very easy to answer by human users, but is (almost) infeasible for automated programs attempting to run dictionary attacks. This is done without affecting the usability of the system. The proposed scheme also provides better protection against denial of service attacks against user accounts.

On software protection via function hiding

Software piracy is a major economic problem: it leads to revenue losses, it favors big software houses that are less hurt by these losses and it prevents new software economy models where small enterprises can sell software on a per-usage basis. Proprietary algorithms are currently hard to protect, both at the technical as well as the legal level. In this paper we show how encrypted programs can be used to achieve protection of algorithms against disclosure. Moreover, using this approach we describe a protocol that ensures - under reasonable conditions - that only licensed users are able to obtain the cleartext output of the program. This protocol also allows to charge clients on a per-usage basis.

Privacy Engineering for Digital Rights Management Systems

Internet-based distribution of mass-market content provides great opportunities for producers, distributors, and consumers, but it may seriously threaten users’ privacy. Some of the paths to loss of privacy are quite familiar (e.g., mining of credit-card data), but some are new or much more serious than they were in earlier distribution regimes. We examine the contributions that digital-rights-management (DRM) technology can make to both compromising and protecting users’ privacy. We argue that the privacy-enhancing technology (e.g., encryption, anonymity, and pseudonymity) that absorbs most of the attention of the security R&D community cannot by itself solve the privacy problems raised by DRM, although it can play a role in various solutions. Finally, we provide a list of “privacy engineering” principles for DRM systems, some of which are easy to implement and potentially quite effective.

Efficient signature schemes supporting redaction, pseudonymization, and data deidentification

In this paper we give a new signature algorithm that allows for controlled changes to the signed data. The change operations we study are removal of subdocuments (redaction), pseudonymization, and gradual deidentification of hierarchically structured data. These operations are applicable in a number of practically relevant application scenarios, including the release of previously classified government documents, privacy-aware management of audit-log data, and the release of tables of health records. When applied directly to redaction, our algorithm improves on [18] by reducing significantly the overhead of cryptographic information that has to be stored with the original data.

Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases

Outsourced databases provide a solution for data owners who want to delegate the task of answering database queries to third-party service providers. However, distrustful users may desire a means of verifying the integrity of responses to their database queries. Simultaneously, for privacy or security reasons, the data owner may want to keep the database hidden from service providers. This security property is particularly relevant for aggregate databases, where data is sensitive, and results should only be revealed for queries that are aggregate in nature. In such a scenario, using simple signature schemes for verification does not suffice. We present a solution in which service providers can collaboratively compute aggregate queries without gaining knowledge of intermediate results, and users can verify the results of their queries, relying only on their trust of the data owner. Our protocols are secure under reasonable cryptographic assumptions, and are robust to collusion among k dishonest service providers.

Efficient Accumulators without Trapdoor Extended Abstracts

In 1994 Benaloh and de Mare introduced the notion of one way accumulators that allow to construct efficient protocols for proving membership in a list and related problems like time stamping and authentication. As required by Benaloh et al. unlike in signature based protocols no central trusted authority is (should be) needed. Accumulator based protocols do further improve on hash tree based protocols for proving membership in a list as verification and storage requirements are independent of the number of items in the list. Benaloh’s et al. accumulator construction was based on exponentiation modulo a RSA modulus N=PQ.

Scalable, accountable privacy management for large organizations

Accountability is emerging as an important theme within the regulatory privacy community. For global corporations, demonstrating accountability is no easy task due to the potentially large number of projects that have privacy sensitive aspects, privacy oversight being a mostly manual process and privacy staff typically being small. So how can a company present proof points that its projects comply with its privacy promises and obligations? In this paper we address this problem by introducing a technology-based solution for scalable, accountable privacy management across an organization. We present an Accountability Model Tool (AMT) that addresses the problem of capturing data about business processes in order to determine their privacy compliance. AMT utilizes an intelligent questionnaire with good completeness properties and is based on an augmented rule engine.

If Piracy is the Problem, Is DRM the Answer?

Piracy of digital content is considered a serious problem by content companies. Digital Rights Management is considered a potential solution to this problem. In this paper we study to what degree DRM can live up to this expectation. We conclude that given the current and foreseeable state of technology the content protection features of DRM are not effective at combating piracy.

A mechanism for policy-driven selection of service providers in SOA and cloud environments

We describe a mechanism in which context is gathered relating to service providers (SPs), this is inputted to a rule-based system, and decisions are output about the suitability of each SP, including recommended stipulations regarding their usage. It can be used tor Service-Oriented Architectures (SOAs) to determine appropriate actions that should be allowed, or in a cloud context, to help assess risk before personal information is passed on through the cloud. It is semi-automated to significantly lower the transaction costs for the selection of SPs.