Privacy-Enhancing Technologies 2014 Introduction, organization of the course Prof. Stefan Katzenbeisser Security Engineering Group Technische Universität Darmstadt [email protected] http://www.seceng.informatik.tu-darmstadt.de 1 Organization Wednesday 9:00 – 10:30, CASED building S414 | 3.1.01 Dates: May 14, June 4, June 18, July 2, July 9 Mixture of lectures and seminar talks Material will be distributed prior to the lecture. Every attendant is expected to read it! Basic introductory lecture ... followed by in-depth presentations of students in the seminar talks Grades will be based on the seminar talks and written short papers More information can be found on our web page: http://www.seceng.de/teaching/ss2014/pets/ 2 How to find us 3 Schedule Lectures May 14: June 4: June 18: July 2: July 9: Anonymous communication Cryptographic protection of sensitive data Database privacy Identity management Location privacy Seminar talks July 3, 8, 11: Seminar talks (starting at 13.00) Submission Deadline Week before talk: Final presentation August 3: Short paper deadline 4 Supervision schedule 1st meeting: June 2-5 Contact your supervisor (e.g., mail, phone) for a meeting in this week Read the assigned papers and related work Prepare a draft of your presentation for the meeting as a basis for discussion 2nd meeting: One week before your talk Contact your supervisor for a meeting in the week preceding your talk Bring your final presentation to the meeting in order to discuss it 5 Grading Grades for attendees will be based on the seminar talk and the short paper Seminar talk Good quality of the talk is essential: students should be able to learn from them! Maximum duration of the talk is 25 min; followed by 5 min. of discussion The slides and the talk can be in either English or German Short paper Summarizes the talk, will be published on our homepage 5 pages, excluding figures and references, language: English or German IEEE journal style http://www.ieee.org/publications_standards/publications/authors/author_templates.html#sect1 Talks will be peer-reviewed (by a short questionnaire) 6 Topic 1: Anonymous communication Background material: Edman, Yener: On Anonymity in an Electronic Society: A Survey of Anonymous Communication Systems; ACM Computing Surveys 42(1), 2009 http://dl.acm.org/citation.cfm?id=1592451.1592456 Advanced topics: 1.1 Security of TOR 1.2 Network steganography 7 Advanced Topics 1: Anonym. Communication 1.1 Security of TOR Levine et al: Timing Attacks in Low-Latency Mix Systems, Proc. Financial Cryptography (FC 2004), Springer Verlag, pp. 251-265 http://www.springerlink.com/content/n4khdtwk7dqvj0u0/ Wright et al: The Predecessor Attack: An Analysis of a Threat to Anonymous Communication Systems, ACM Transactions on Information and System Security 7(4), 2004, pp. 489-522 http://portal.acm.org/citation.cfm?id=1042031.1042032 1.2 Network steganography Eidenbenz, Locher, Wattenhofer: Hidden communication in P2P networks Steganographic handshake and broadcast, in Proceedings of the International Conference on Computer and Communications (INFOCOM 2011), IEEE, pp. 954-962 http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5935323 Moghaddam et al: SkypeMorph: Protocol Obfuscation for Tor Bridges, in Proceedings of the Conference on Computer and Communications Security (CCS 2012), ACM, pp. 97-108 http://dl.acm.org/citation.cfm?id=2382210 8 Topic 2: Cryptographic protection of sensitive data Background material: Erkin et al: Protection and Retrieval of Encrypted Multimedia Content: When Cryptography Meets Signal Processing, EURASIP Journal on Information Security, Volume 2007 (2007), Article ID 78943 http://jis.eurasipjournals.com/content/pdf/1687-417X-2007-078943.pdf Advanced topics: 2.1 Multiparty computation constructions 2.2 Protocols for private set intersection 9 Advanced Topics 2: Cryptographic protection of sensitive data 2.1 Practical Multiparty computation constructions Malkhi et al: Fairplay-A Secure Two-Party Computation System, 13th USENIX Security Symposium, pp. 287–302 http://www.usenix.org/publications/library/proceedings/sec04/tech/malkhi.html Andreas Holzer, Martin Franz, Stefan Katzenbeisser, Helmut Veith: Secure two-party computations in ANSI C. ACM Conference on Computer and Communications Security 2012: 772-783 http://dl.acm.org/citation.cfm?doid=2382196.2382278 2.2 Protocols for private set intersection Huang, Evans, Katz: Private Set Intersection: Are Garbled Circuits Better than Custom Protocols? Network and Distributed Security Symposium (NDSS 2012) http://www.cs.virginia.edu/~evans/pubs/ndss2012/psi.pdf Huang, Chapman, Evans: Privacy-Preserving Applications on Smartphones, Workshop on Hot Topics in Security (HotSec 2011) http://www.cs.virginia.edu/~evans/pubs/hotsec2011/smartphones.pdf 10 Topic 3: Database privacy Background material: Fung et al: Privacy-Preserving Data Publishing: A Survey of Recent Developments, ACM Computing Surveys, vol. 42, no. 4, 2010 http://www.cs.sfu.ca/~wangk/pub/FWCY10csur.pdf Advanced topics: 3.1 Differential privacy & Airavat 3.2 Privacy in publish subscribe systems 11 Advanced topics 3: Database privacy 3.1 Differential privacy & Airavat Cynthia Dwork: Differential Privacy. International Colloquium on Automata, Languages and Programming (ICALP 2006), Springer Verlag, pp. 1-12 http://www.springerlink.com/content/383p21xk13841688/ Indrajit Roy et al: Airavat: Security and Privacy for MapReduce, Proceedings of the 7th USENIX Symposium on Networked Systems Design and Implementation 2010, pp. 297312 http://www.usenix.org/events/nsdi10/tech/full_papers/roy.pdf 3.2 Privacy in publish subscribe systems De Cristofaro et al: Hummingbird: Privacy at the time of Twitter, in Proc. of the International Symposium on Security and Privacy (S&P 2012), IEEE, pp. 285-299 http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6234419 Nabeel, Shang, Bertino: Efficient privacy preserving content based publish subscribe systems, Proceedings of the symposium on Access Control Models and Technologies (SACMAT 2012), ACM, pp. 133-144 http://doi.acm.org/10.1145/2295136.2295164 12 Topic 4: Identity management Background material: Hansen, Schwartz, Cooper: Privacy and Identity Management, IEEE Security & Privacy Magazine, vol. 6, no. 2, 2008, pp. 38-45 http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4489848 Advanced topics: 4.1 Smart card based identity management 4.2 Financial transactions and identity management 13 Advanced topics 4: Identity management 4.1 Smart card based identity management Poller et al: Electronic Identity Cards for User Authentication - Promise and Practice, IEEE Security & Privacy Magazine, vol. 10, no. 1, 2012, pp. 54-68 http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6035661 Leicher, Schmidt, Shah: Smart OpenID: A Smart Card Based OpenID Protocol, in IFIP Advances in Information and Communication Technology, Vol. 376, 2012, pp. 75-86 http://dx.doi.org/10.1007/978-3-642-30436-1_7 4.2 Financial transactions and identity management Satoshi Nakamoto: Bitcoin: A Peer-to-Peer Electronic Cash System, 2005 http://bitcoin.org/bitcoin.pdf Roscoe et al.: Reverse authentication in financial transactions, in Proceedings of the International Workshop on Security and Privacy in Spontaneous Interaction and Mobile Device Use (IWSSI/SPMU 2010), Springer http://link.springer.com/content/pdf/10.1007%2Fs11036-012-0366-2 14 Topic 5: Location privacy Background material: Krumm: A survey of computational location privacy, Personal and Ubiquitous Computing, Springer Verlag, 13(6), 2009 http://www.springerlink.com/content/626k855566482547/ Advanced topics: 5.1 Privacy in VANETs and mobile applications 5.2 Protecting and deanonymizing location privacy 15 Advanced topics 5: Location privacy 5.1 Privacy in VANETs and mobile applications Rivas et al: Security on VANETs: Privacy, misbehaving nodes, false information and secure data aggregation, Journal of Network and Computer Applications, 34(6), 2011, pp. 1942-1955 http://www.sciencedirect.com/science/article/pii/S1084804511001317 Christin: A survey on privacy in mobile participatory sensing applications, Journal of Systems and Software, 84(11), 2011, pp. 1928-1946 http://www.sciencedirect.com/science/article/pii/S0164121211001701 5.2 Protecting and deanonymizing location privacy Shokri et al.: Protecting location privacy: optimal strategy against localization attacks, in Proceedings of the Conference on Computer and Communications Security(CCS 2012), ACM, pp. 617-627 http://doi.acm.org/10.1145/2382196.2382261 Srivatsa, Hicks: Deanonymizing mobility traces: using social network as a sidechannel, in Proceedings of the Conference on Computer and Communications Security (CCS 2012), ACM, pp. 628-637 http://doi.acm.org/10.1145/2382196.2382262 16 Overview: Advanced topics Adv. Topic Title 1.1 Security of TOR SK 1.2 Network steganography CS 2.1 Multiparty computation constructions SK 2.2 Protocols for private set intersection SK 3.1 Differential privacy & Airavat SK 3.2 Privacy in publish subscribe systems CS 4.1 Smart card based identity management CS 4.2 Financial transactions and identity management CS 5.1 Privacy in VANETs and mobile applications CS 5.2 Protecting and deanonymizing location privacy CS SK = Stefan Katzenbeisser, CS = Christian Schlehuber 17 Supervisor
© Copyright 2024 ExpyDoc
