privacy-enhancing technologies practical projects … · 06-11-2017 · 2 practical projects -...
TRANSCRIPT
1
WS 2017/2018 – 3CP Prof. Stefan Katzenbeisser / Security Engineering Group
Privacy-Enhancing Technologies Practical Projects
Organization: Nikolay Matyunin, room S4|14 – 4.3.27 [email protected]
2
Practical Projects - Overview
Goal: Hands-on work in research topics on privacy in the SecEng group
Organization: • Form groups of 3–4 people by November 12th
• Inform Nikolay Matyunin via e-mail about
• group members • 5 preferred topics in order
(1st — most preferable, …)
• one e-mail per group, members in CC
• After you received an email about your assignment, get in contact with your topic supervisor to organize a meeting
Hints: • Unfortunately, we cannot guarantee topics by preference
• If you cannot find a group (or enough members), please also register via e-mail. We will
form (fill up) groups with the remaining students
[…] wir haben uns zu folgender Gruppe zusammengefunden: * Max Mustermann, [email protected] * Sabine Musterfrau, [email protected] * Donald Trumpf, [email protected] * Hillarious Klinton, [email protected] Unsere 5 Wunschthemen sind: T5,T1,T3,T7,T9 […]
3
Overview
T1: Why your location service provider knows if you are single (1) (Spyros Boukoros, eng.) T2: Why your location service provider knows if you are single (2) (Spyros Boukoros, eng.) T3: Dust (or radiation or noise) in the wind (1) (Spyros Boukoros, eng.) T4: Dust (or radiation or noise) in the wind (2) (Spyros Boukoros, eng.) T5: Testing Security Drop-Ins of a Protocol (Markus Heinrich) T6: Learning Proximity from Communication Patterns (Markus Heinrich) T7: Deanonymizing Mobility Traces (Markus Heinrich) T8: Controlled PUFs and privacy (Nikolaos Anagnostopoulos, eng.) T9: Entropy of strong PUFs (Nikolaos Anagnostopoulos, eng.) T10: Optical recognition of memory contents (Nikolaos Anagnostopoulos, eng.) T11: Inferring web-browsing activity using sensor data (Nikolay Matyunin, eng.) T12: Web-tracking using cache-based covert channels (Nikolay Matyunin, eng.) T13: Feasibility Analysis of PBC on Low-End Embedded Devices (Florian Kohnhaeuser) T14: Privacy-preserving Remote Attestation with DAA (Florian Kohnhaeuser) T15: Framework for Privacy Preserving Aggregation in the Browser (Niklas Buescher) T16: Framework for Secure Computation in the Browser (Niklas Buescher) T17: Co-editing privately (Nikolaos Karvelas) T18: Split & Conquer: Protecting Genomic Data (Nikolaos Karvelas) T19: IPTV User Behavior Simulation I (Tolga Arul) T20: IPTV User Behavior Simulation II (Tolga Arul)
4
Topic 1 (Spyros Boukoros, eng.): Why your location service provider knows if you are single Profiling users based on their location data
Location data services are one of the most utilized services on smartphones. The trade off is(?) rather simple: exciting new places to visit and interesting people around you, in exchange for your current location. From this kind of data however, we can tell a lot of things about people, their social circles and their everyday activities.
Goals: ● Work with the real dataset (and real users) of OpenStreetMap
● Infer people's point of interests (POIs), trajectories and home/work locations using automated tools
● Evaluate the privacy of users, in this special and under-investigated type of data.
5
Location data services are one of the most utilized services on smartphones. The trade off is(?) rather simple: exciting new places to visit and interesting people around you, in exchange for your current location. From this kind of data however, we can tell a lot of things about people, their social circles and their everyday activities.
Goals: ● Work with the real dataset (and real users) of OpenStreetMap
● Implement defenses based on differential privacy such as GeoInd on this kind of data
● Evaluate the privacy loss even after the noise addition
Topic 2 (Spyros Boukoros, eng.): Why your location service provider knows if you are single Protecting users location data on OpenStreetMaps
6
Safecast is a global volunteer-centered citizen science project, working to empower people with data about their environments. People, as they move into the city can perform a variety of measurements just by having a simple sensor with them. This sensor reports the measured values, along with the GPS coordinates regularly. We know however from privacy research, that there is always a trade off between utility and privacy.
Goals: ● Work with the real datasets from Safecast ● Infer people's point of interests (POIs), trajectories and home/work locations
using automated tools ● Evaluate the privacy of users, in this special and underinvestigated type of
data.
Topic 3 (Spyros Boukoros, eng.): Dust (or radiation or noise) in the wind De-anonymizing users on mobile crowdsourcing applications
7
Topic 4 (Spyros Boukoros, eng.): Dust (or radiation or noise) in the wind Defending users on mobile crowdsourcing applications
Safecast is a global volunteer-centered citizen science project, working to empower people with data about their environments. People, as they move into the city can perform a variety of measurements just by having a simple sensor with them. This sensor reports the measured values, along with the GPS coordinates regularly. We know however from privacy research, that there is always a trade off between utility and privacy.
Goals: ● Work with the real datasets from Safecast ● Implement defenses based on differential privacy such as GeoInd on this kind
of data ● Evaluate the privacy loss even after the noise addition
8
Topic 5 (Markus Heinrich): Testing Security Drop-Ins of a Protocol
• Implement a safe communication protocol(OSI layer 4-6)
• Language: • Show that machines can communicate via the
protocol • Implement drop-in security solutions for the
protocol (will be given) • Do a performance evaluation of the protocol
with and w/o the drop-ins Structure of the communication protocol to implement
9
Topic 6 (Markus Heinrich): Learning Proximity from Communication Patterns
• Investigate a network trace on application layer • Filter the trace for important messages • Build statistics of the trace (histogram, temporal provenance, …) • Infer which entities are physical neighbors from the trace
• Leverage external knowledge of the network structure • Nodes are addressed simultaneously • …
• Build a graph from the inferredinformation
• Generate a graphical representationof the graph
Assumptions about the real world topology can be made
10
Topic 7 (Markus Heinrich): Deanonymizing Mobility Traces
• Anonymous mobility traces (left graph) can be deanomymized with the help of a social network (right graph)
• Implement at least one of the deanonymization schemes presented in:http://dx.doi.org/10.1145/2382196.2382262
• Run your code and compare the results with the paper
Example: Find equivalent nodes of the right graph in the left
11
Introduction to T8–10 (Nikolaos Anagnoustopoulos): PUFs
• Project P3 of the CROSSING Collaborative Research Center of TU Darmstadt works on Physical Unclonable Functions (PUFs).
• PUFs are based on unique characteristics of hardware modules, which can be used in order to construct a key (or in general, a token for cryptographic applications).
• To this end, we use as PUF characteristics the initial values or the decay characteristics of SRAM and/or DRAM cells of commodity off-the-shelf devices. Such hardware is also commonly used in IoT device implementations.
• In other words, we produce cryptographic keys using IoT hardware.
12
Topic 8 (Nikolaos Anagnoustopoulos): Controlled PUFs and privacy
[1] Gassend, Blaise, Marten van Dijk, Dwaine Clarke, and Srinivas Devadas. "Controlled physical random functions." In Security with Noisy Data, pp. 235-253. Springer London, 2007. [2] Guajardo, Jorge, Sandeep S. Kumar, Geert-Jan Schrijen, and Pim Tuyls. "FPGA intrinsic PUFs and their use for IP protection." In International workshop on Cryptographic Hardware and Embedded Systems, pp. 63-80. Springer Berlin Heidelberg, 2007. [3] Tuyls, Pim, and Boris Škorić. "Strong authentication with physical unclonable functions." In Security, Privacy, and Trust in Modern Data Management, pp. 133-148. Springer Berlin Heidelberg, 2007.
Task: Implement a controlled PUF (based on already existing implementations of common PUFs) and suggest potential privacy-related applications for it.
Can controlled PUFs be used for privacy enhancement?
13
Topic 9 (Nikolaos Anagnoustopoulos): Entropy of strong PUFs
[1] Gruber, Martin. "Development of Benchmarks for Physical Unclonable Functions." Bachelor thesis. Universität Passau. 2016. [2] McKay, K. "User’s Guide to Running the Draft NIST SP 800-90B Entropy Estimation Suite." National Institute of Standards and Technology (NIST). 2016. [3] Rührmair, Ulrich, Jan Sölter, Frank Sehnke, Xiaolin Xu, Ahmed Mahmoud, Vera Stoyanova, Gideon Dror, Jürgen Schmidhuber, Wayne Burleson, and Srinivas Devadas. "PUF modeling attacks on simulated and silicon data." IEEE Transactions on Information Forensics and Security 8, no. 11 (2013): 1876-1891.
Task: Investigate the entropy and randomness of simulated strong PUFs (based on already existing code and the NIST tests) and suggest whether strong PUFs can be always tracked or not, based on your results.
Do strong PUFs have enough entropy and randomness, or can they always be modelled and tracked?
14
Topic 10 (Nikolaos Anagnoustopoulos): Optical recognition of memory contents
[1] Iskander Alexander Tschinibaew. “Segmentierung und Analyse der Messdaten von thermisch laserstimulierten SRAM-Zellen zur Erkennung der Speicherzustände.” Bachelor Thesis. Technische Universität Berlin. 2016. [2] Axel Schonau. “MSP430 - Speicherlayout”. Technische Universität Berlin. 2016
Task: Investigate the potential for an optical recognition algorithm for the light emissions of memory cells (based on already existing code).
Can memories be read through light emissions?
15
Topic 11 (Nikolay Matyunin): Inferring web-browsing activity using sensor data
sensor data
• Studies show that power traces can reveal browsing activity on laptops [1] and smartphones [2]
• Magnetometers in smartphones also react to high CPU/power activity => they can be exploited for same purposes!
• Sensor data can be now accessed from the web pages
Goal: distinguish between different browsing activity based on magnetometer measurements
Tasks: (1) Implement in-browser recording of sensor data using new
Generic Sensor API (2)Evaluate detection of browsing activity using magnetometer
traces (similarly to power-based approaches [1-2]) (3) Investigate ways to access raw magnetometer data from
fusion-based APIs
16
Topic 12 (Nikolay Matyunin): Web-tracking using cache-based covert channels
shared cache
• Modern web browsers aim to protect user privacy(incognito modes, intelligent anti-tracking, Tor Browser, etc.)
• Covert channels can be used to break sandboxing and store tracking IDs somewhere else [1], [2]
• Current solutions rely on JavaScript to control the memory
Goal: exfiltrate tracking IDs from private isolated web sessions without scripting, using only “basic” web components
Tasks: (1) Implement a cache-based covert channel to send tracking
IDs to not isolated app/session (based on existing studies) (2) Investigate ways to indirectly exploit the memory from web
pages (images, videos, etc.) (3)Evaluate the solution in different browser configurations
17
Topic 13 (Florian Kohnhaeuser): Feasibility Analysis of Pairing-based Cryptography on Low-End Embedded Devices
• Pairing-based Cryptography (PBC) is a relatively new field in cryptography [1] • PBC enables many new cryptographic protocols: Identity-based Encryption,
Attribute-based Encryption, Multi-Signatures, Threshold-Signatures, etc. • PBC requires much more computational resources
than traditional cryptographic schemes [2] • Can low-end embedded devices (IoT devices) use PBC?
Tasks: (1) Requirement Analysis: relevant PBC crypto schemes in IoT use case (2) Implementation: port existing PBC library to embedded device and
implement PBC crypto schemes on top of library (3) Evaluation: energy-consumption, storage-consumption, runtime
[1] Menezes: “An introduction to pairing-based cryptography”. Recent trends in cryptography, 2009. [2] Ometov et al.: "Feasibility characterization of cryptographic primitives for constrained (wearable) IoT devices.” Pervasive Computing and Communication Workshops (PerCom Workshops), 2016.
18
Topic 14 (Florian Kohnhaeuser): Privacy-preserving Remote Attestationwith DAA on Embedded Devices
• Remote attestation is an interactive protocol that allows a third party (verifier) to check the integrity of the software on a remote device (prover)
• Direct anonymous attestation (DAA) enables to preserve the prover‘s privacy [1] • Trusted Platform Module (TPM) implements DAA on PCs, notebooks, etc. • No implementation of DAA on embedded devices (smartphones, IoT, etc.),
although these devices provide ARM TrustZone that hasenough secure hardware capabilities to implement attestation
• Goal: Implementation of DAA on Raspberry Pi 3
Tasks: (1) Theory: get confident with TrustZone concept and find suitable DAA protocol (2) Implementation: implement DAA protocol on Raspberry Pi 3 (3) Evaluation: energy-consumption, storage-consumption, runtime
[1] Chen, Liqun, Dan Page, and Nigel P. Smart. "On the design and implementation of an efficient DAA scheme." International Conference on Smart Card Research and Advanced Applications. 2010.
19
Topic 15 (Niklas Buescher): Framework for Privacy Preserving Aggregation in the Browser
Goal: Implementation of a privacy-friendly version of data aggregation services (e.g., Doodle, online voting, …) that runs in the browser.
Approach: • Study related work • Privacy will be achieved through secret sharing (data is split) • Implementation in JavaScript (frontend), and language of your choice (backend)
Requirements: • Basic crypto knowledge (e.g., intro to trusted systems, intro to crypto)
20
Topic 16 (Niklas Buescher): Framework for Secure Computation in the Browser
Goal: Framework to run Yao’s Garbled Circuits between browser and server
Approach: • Study existing implementations and optimizations of Yao’s Garbled Circuits • Implementation in JavaScript (frontend), and language of your choice (backend) • (if time permits) Improve efficiency with WebGL
Requirements: • You should be interested in applied crypto (or listened to our SECOMP lecture)
21
Topic 17 (Nikolaos Karvelas): Co-editing privately
Setting: ▪ A number of Read- Writable files stored on a remote Server ▪ Many users have R/W access to the files
Goal: Hide which document has been updated by the users
Cryptographic primitive: Oblivious RAM (ORAM) ▪ https://dl.acm.org/citation.cfm?id=233553 ▪ https://dl.acm.org/citation.cfm?id=2516660
Plan: ▪ Examine which of the Open Source Google-Docs alternatives (Etherpad,
Gobby, Firepad, etc) can be easily extended to this setting ▪ Implement an ORAM interface (the fancier the better, however even the most
trivial will suffice at this stage) ▪ Test it...
22
Topic 18 (Nikolaos Karvelas): Split & Conquer: Protecting Genomic Data
Setting: ▪ Whole sequenced genome resides usually in large files, and various formats ▪ Protection and access of such files can be cumbersome and inefficient
Goal: Split genomic data into smaller, indexed files
Plan: ▪ Investigate various formats and output files of genomic sequencing techniques ▪ Find publicly available genomic data (e.g. https://www.ncbi.nlm.nih.gov/guide/
howto/dwn-genome/ ) ▪ Investigate compression techniques (e.g. https://academic.oup.com/
bioinformatics/article/25/14/1731/225235/Data-structures-and-compression-algorithms-for )
▪ Apply the aforementioned techniques to given publicly available data
23
Topic 19 (Tolga Arul): IPTV User Behavior Simulation I
Background: ▪ Simulation of realistic IPTV user behavior is used for
different types of estimations and evaluations of newly developed algorithms
▪ Simulations are based on user models ▪ Many different user models with varying degree of accuracy
exist ▪ The targeted implementation uses a model derived from
empirical data
Task: Implement user behavior model presented in [1] as a plugin in a Java-based simulation framework [1] Modeling user activities in a large IPTV system.Qiu, T., Ge, Z., Lee, S., Wang, J., Xu, J., & Zhao, Q. In Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference (pp. 430-441). ACM.https://dl.acm.org/citation.cfm?id=1644945
24
Topic 20 (Tolga Arul): IPTV User Behavior Simulation II
Background: ▪ Simulation of realistic IPTV user behavior is used for
different types of estimations and evaluations of newly developed algorithms
▪ Simulations are based on user models ▪ Many different user models with varying degree of accuracy
exist ▪ The targeted implementation uses a model derived from
empirical data
Task: Implement user behavior model presented in [2] as a plugin in a Java-based simulation framework [2] Abdollahpouri A., Wolfinger B.E., Lai J., and Vinti C. “Elaboration and Formal Description of IPTV User Models and Their Application to IPTV System Analysis,” MMBnet2011, 15-16 Sep. 2011, Hamburg, Germany.