Change search
Refine search result
1 - 40 of 40
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Alpcan, Tansu
    et al.
    Deutsche Telekom Laboratories, TU Berlin.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS. KTH, School of Electrical Engineering (EES), Centres, ACCESS Linnaeus Centre.
    Security Games for Vehicular Networks2011In: IEEE Transactions on Mobile Computing, ISSN 1536-1233, E-ISSN 1558-0660, Vol. 10, no 2, p. 280-290Article in journal (Refereed)
    Abstract [en]

    Vehicular networks (VANETs) can be used to improve transportation security, reliability, and management. This paper investigates security aspects of VANETs within a game-theoretic framework where defensive measures are optimized with respect to threats posed by malicious attackers. The formulations are chosen to be abstract on purpose in order to maximize applicability of the models and solutions to future systems. The security games proposed for vehicular networks take as an input centrality measures computed by mapping the centrality values of the car networks to the underlying road topology. The resulting strategies help locating most valuable or vulnerable points (e.g., against jamming) in vehicular networks. Thus, optimal deployment of traffic control and security infrastructure is investigated both in the static (e.g., fixed roadside units) and dynamic cases (e. g., mobile law enforcement units). Multiple types of security games are studied under varying information availability assumptions for the players, leading to fuzzy game and fictitious play formulations in addition to classical zero-sum games. The effectiveness of the security game solutions is evaluated numerically using realistic simulation data obtained from traffic engineering systems.

  • 2.
    Bodriagov, Oleksandr
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Encryption for Peer-to-Peer Social Networks2012In: Security and Privacy in Social Networks / [ed] Altshuler, Y.; Elovici, Y.; Cremers, A.B.; Aharony, N.; Pentland, A., New York: Springer, 2012, p. 47-65Chapter in book (Refereed)
    Abstract [en]

    To address privacy concerns over online social networking services, several decentralized alternatives have been proposed. These peer-to-peer (P2P) online social networks do not rely on centralized storage of user data. Rather, data can be stored not only on a profile owner’s computer but almost anywhere (friends’ computers, random peers from the social network, third-party external storage, etc.). Because external storage is often untrusted or only semi-trusted, encryption plays a fundamental role in the security of P2P social networks.

    Such a system needs to be efficient for use on a large scale, provide functionality for changing access rights suitable for social networks, and, most importantly, it should preserve the network’s privacy properties. That is, other than user data confidentiality, it has to protect against information leakage regarding users’ access rights and behaviors. In this paper we explore the encryption requirements for P2P social networks and propose a list of evaluation criteria that we use to compare existing approaches. We have found that none of the current P2P architectures for social networks achieve secure, efficient, 24/7 access control enforcement and data storage. They rely on trust, require constantly running servers for each user, use expensive encryption, or fail to protect the privacy of access information. In a search for solutions that better fulfill our criteria, we found that some broadcast encryption (BE) and predicate encryption (PE) schemes exhibit several desirable properties.

  • 3.
    Bodriagov, Oleksandr
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS. KTH, School of Electrical Engineering (EES), Centres, ACCESS Linnaeus Centre.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS. KTH, School of Electrical Engineering (EES), Centres, ACCESS Linnaeus Centre.
    Encryption for Peer-to-Peer Social Networks2011Conference paper (Refereed)
    Abstract [en]

    To address privacy concerns over online social networking services, several distributed alternatives have been proposed. These peer-to-peer (P2P) online social networks do not rely on centralized storage of user data. Instead, data can be stored not only on a computer of a profile owner but almost anywhere (friends’ computers, random peers from the social network, third-party external storage, etc.). Since the external storage is often untrusted or only semi-trusted, encryption plays a fundamental role in security of P2P social networks. Encryption, however, also adds some overhead in both the time and space domains. To be scalable, a system that relies heavily on encryption should use as efficient algorithms as possible. It also needs to provide the functionality of changing access rights at reasonable cost, and, crucially, the system should preserve privacy properties itself. That is, beyond user data confidentiality, it has to protect against information leakage about users’ access rights and traffic analysis. In this paper we explore the requirements of encryption for P2P social networks in detail and propose a list of criteria for evaluation. We then compare a set of approaches from the literature according to these criteria. We find that none of the current P2P architectures for social networks manages to achieve secure, efficient, 24/7 access control enforcement and data storage. They either rely on trust, require constantly running servers for each user, use expensive encryption, or fail to protect privacy of access information. In the search for a solution that better fulfills the criteria, we found that some broadcast encryption (BE) schemes exhibit several desirable properties. We thus propose to use BE schemes with high performance encryption/decryption regardless of the number of identities/groups for an efficient encryption-based access control in the P2P environment. We define relevant properties for the BE schemes to be used in the P2P social network scenario and describe advantages that such schemes have compared to encryption techniques used in existing P2P architectures.

  • 4.
    Bodriagov, Oleksandr
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS. KTH, School of Electrical Engineering (EES), Centres, ACCESS Linnaeus Centre.
    P2P social networks with broadcast encryption protected privacy2012In: Privacy and Identity Management for Life, IFIP International Federation , 2012, p. 197-206Conference paper (Refereed)
    Abstract [en]

    Users of centralized online social networks (OSN) do not have full control over their data. The OSN provider can collect and mine user data and intentionally or accidentally leak it to third parties. Peer-to-peer (P2P) social networks address this problem by getting rid of the central provider and giving control to the users. However, existing proposals of P2P social networks have many drawbacks: reliance on trust, expensive anonymization or encryption techniques, etc. We propose to use broadcast encryption for data protection because of its efficiency and ability to not disclose information about who can decrypt what. We present an architecture of a P2P social network that uses a composition of public-key cryptography, broadcast encryption, and symmetric cryptography. The architecture provides confidentiality and limited integrity protection. It defines privacy-preserving profiles that allow users to quickly find data encrypted for them while preventing attackers from learning who can access which data.

  • 5.
    Bodriagov, Oleksandr
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Kreitz, Gunnar
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Access Control in Decentralized Online Social Networks: Applying a Policy-Hiding Cryptographic Scheme and Evaluating Its Performance2014Conference paper (Refereed)
    Abstract [en]

    Privacy concerns in online social networking services have prompted a number of proposals for decentralized online social networks (DOSN) that remove the central provider and aim at giving the users control over their data and who can access it. This is usually done by cryptographic means. Existing DOSNs use cryptographic primitives that hide the data but reveal the access policies. At the same time, there are privacy-preserving variants of these cryptographic primitives that do not reveal access policies. They are, however, not suitable for usage in the DOSN context because of performance or storage constraints. A DOSN needs to achieve both privacy and performance to be useful. We analyze predicate encryption (PE) and adapt it to the DOSN context. We propose a univariate polynomial construction for access policies in PE that drastically increases performance of the scheme but leaks some part of the access policy to users with access rights. We utilize Bloom filters as a means of decreasing decryption time and indicate objects that can be decrypted by a particular user. We evaluate the performance of the adapted scheme in the concrete scenario of a news feed. Our PE scheme is best suited for encrypting for groups or small sets of separate identities.

  • 6.
    Bosk, Daniel
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Privacy-preserving access control in publicly readable storage systems2016In: 10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School on Privacy and Identity Management, 2015, Springer-Verlag New York, 2016, p. 327-342Conference paper (Refereed)
    Abstract [en]

    In this paper, we focus on achieving privacy-preserving access control mechanisms for decentralized storage, primarily intended for an asynchronous message passing setting. We propose two modular constructions, one using a pull strategy and the other a push strategy for sharing data. These models yield different privacy properties and requirements on the underlying system. We achieve hidden policies, hidden credentials and hidden decisions. We additionally achieve what could be called ‘hidden policy-updates’, meaning that previously-authorized subjects cannot determine if they have been excluded from future updates or not.

  • 7.
    Bosk, Daniel
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Kjellqvist, Martin
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Towards Perfectly Secure and Deniable Communication Using an NFC-Based Key-Exchange Scheme2015In: Secure IT Systems: 20th Nordic Conference NordSec 2015 / [ed] Sonja Buchegger; Mads Dam, Springer, 2015, Vol. 9417, p. 72-87Conference paper (Refereed)
    Abstract [en]

    In this paper we first analyse the possibility for deniability under a strong adversary, who has an Internet-wide transcript of the communication. Secondly, we present a scheme which provides the desirable properties of previous messaging schemes, but with stronger deniability under the new adversary model. Our scheme requires physical meetings for exchanges of large amounts of random key-material via near-field communication and later uses this random data to key a one-time pad for text-messaging. We prove the correctness of the protocol and, finally, we evaluate the practical feasibility of the suggested scheme.

  • 8.
    Bosk, Daniel
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Theoretical Computer Science, TCS.
    Rodríguez-Cano, Guillermo
    KTH, School of Electrical Engineering and Computer Science (EECS), Theoretical Computer Science, TCS.
    Greschbach, Benjamin
    KTH.
    Buchegger, Sonja
    KTH, School of Electrical Engineering and Computer Science (EECS), Theoretical Computer Science, TCS.
    Applying privacy-enhancing technologies: One alternative future of protests2018In: Protests in the Information Age: Social Movements, Digital Practices and Surveillance, Taylor & Francis, 2018, p. 73-94Chapter in book (Refereed)
    Abstract [en]

    While current technologies, such as online social networks, can facilitate coordination and communication for protest organization, they can also endanger political activists when the control over their data is ceded to third parties. For technology to be useful for activism, it needs to be trustworthy and protect the users’ privacy; only then can it be viewed as a potential improvement over more traditional, offline methods. Here, we discuss a selection of such privacy-enhancing technologies from a Computer Science perspective in an effort to open a dialogue and elicit input from other perspectives.

  • 9.
    Buchegger, Sonja
    EPFL.
    A Robust Reputation System for Peer-to-Peer and Mobile Ad-hoc Networks2004In: Proceedings of Third Workshop on Economics of Peer-to-Peer Systems (P2PEcon), 2004, 2004Conference paper (Refereed)
  • 10.
    Buchegger, Sonja
    EPFL.
    Coping with Misbehavior in Mobile Ad-hoc Networks2004Doctoral thesis, monograph (Other academic)
    Abstract [en]

    n this work, we address the question of how to enable a system to operate despite the presence of misbehavior. Specifically, in a mobile ad-hoc network, how can we keep the network functional for normal nodes when other nodes do not route and forward correctly? Node misbehavior due to selfish or malicious reasons or faulty nodes can significantly degrade the performance of mobile ad-hoc networks. Existing approaches such as economic incentives or secure routing by cryptographic means alleviate some of the problems, but not all. For instance, nodes can still forward packets on bogus routes. We propose a protocol called CONFIDANT (Cooperation Of Nodes --- Fairness In Dynamic Ad-hoc NeTworks) to cope with misbehavior. It enables nodes to detect misbehavior by first-hand observation and use of second-hand information provided by other nodes. The view a node has about the behavior of another node is captured in a reputation system, which is used to classify nodes as misbehaving or normal. Once a misbehaving node is detected, it is isolated from the network. Reputation systems can, however, be tricked by the spread of false reputation ratings, be it false accusations or false praise. Simple solutions such as exclusively relying on one`s own direct observations have drawbacks, as they do not make use of all the information available. To solve this problem, we propose a fully distributed reputation system that can cope with false information and effectively use second-hand information in a safe way. Our approach is based on a modified Bayesian estimation and classification procedure. In our approach, each node maintains a reputation rating and a trust rating about all other nodes it cares about. Reputation ratings capture the quality of the behavior of a node as an actor in the network performing routing and forwarding tasks. From time to time first-hand reputation information is exchanged with others; using a modified Bayesian approach we designed, second-hand reputation information is only accepted if it is compatible with the current reputation rating. Reputation ratings are only slightly modified by accepted information. Trust ratings capture the quality of a node as an actor in the reputation system and reflect whether the reported first hand information summaries published by node are likely to be true. Trust ratings are updated based on the compatibility of second-hand reputation information with prior reputation ratings. We enable node redemption and prevent the sudden exploitation of good reputation built over time by introducing reputation fading. Data is entirely distributed, the reputation and trust value of a node is the collection of ratings maintained by others. We use simulation to evaluate and demonstrate the performance. We found that CONFIDANT can keep the network performance high even when up to half of the network population misbehaves. We show that our approach of using second-hand information significantly speeds up the detection of misbehaving nodes while keeping the number of false positives and negatives negligibly low.

  • 11.
    Buchegger, Sonja
    Deutsche Telekom Laboratories,TU Berlin.
    Delay-Tolerant Social Networking2009In: Position paper for Extremecom 2009, Sweden, August 14-18, 2009, 2009Conference paper (Refereed)
    Abstract [en]

    To address privacy concerns in current online social networks, we previously proposed to use apeer-to-peer infrastructure and encryption, therebyrecreating the features of online social networks ina distributed, provider-less, community-driven, andprivacy-preserving way. Once the functionality is distributed, social networks are no longer dependent onInternet connectivity for every transaction – in contrast to current web-based services. We therefore havethe opportunity to take into account locality, both interms of connectivity by direct exchange between devices, and in terms of content, such as local communityinterests and events. This way, social networking applications can benefit from local storage, connectivity,and delay-tolerant data transfer via social encounters.The local communities, in turn, can benefit from thesocial networking applications enabled by such a system, e.g., by finding neighbors with similar interests.

  • 12.
    Buchegger, Sonja
    Deutsche Telekom Laboratories, TU Berlin.
    Economics of Self-Organized Networks2009Other (Refereed)
  • 13.
    Buchegger, Sonja
    Deutsche Telekom Laboratories, TU Berlin.
    Ubiquitous Social Networks2009Conference paper (Refereed)
  • 14.
    Buchegger, Sonja
    et al.
    Deutsche Telekom Laboratories, TU Berlin.
    Alpcan, Tansu
    Deutsche Telekom Laboratories, TU Berlin.
    Security Games for Vehicular Networks2008In: 46th Annual Allerton Conference on Communication, Control, and Computing, 2008, p. 244-251Conference paper (Refereed)
    Abstract [en]

    Vehicular ad-hoc networks (VANETs) enabling vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications is an emerging research field aiming to improve transportation security, reliability, and management. To better understand networking and security aspects of VANETs, we have been investigating network connectivity issues and mappings of car networks to the underlying road topology. Using this mapping and various metrics, we locate hot-spots in vehicular networks to determine the most vulnerable points for jamming. We also use these to optimize the placement of roadside units. To this end, we first develop quantitative measures for assessment of the importance of road segments in the context of security and traffic flow. We then use game theoretic analysis to investigate the effects of possible malicious users on the system for increased reliability and better management of resources. For example, we study the optimal deployment of traffic control and security infrastructure both in the static (roadside units) and dynamic case (law enforcement units). We use realistic simulation data, obtained from traffic scientists, as input to our models as well as to evaluate the effectiveness of countermeasures.

  • 15.
    Buchegger, Sonja
    et al.
    Deutsche Telekom Laboratories, TU Berlin.
    Chuang, John
    UC Berkeley.
    Economics-Informed Network Design2007Conference paper (Refereed)
  • 16.
    Buchegger, Sonja
    et al.
    Deutsche Telekom Laboratories, TU Berlin.
    Chuang, John
    UC Berkeley.
    Encouraging Cooperation Among Network Entities2007In: Cognitive Wireless Networks: Concepts, Methodologies and Visions / [ed] Frank Fitzek, Marcos Katz, Springer, 2007, p. 87-107Chapter in book (Refereed)
  • 17.
    Buchegger, Sonja
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Dam, MadsKTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Secure IT Systems: 20th Nordic Conference, NordSec 2015 Stockholm, Sweden, October 19-21, 2015 Proceedings2015Conference proceedings (editor) (Refereed)
  • 18.
    Buchegger, Sonja
    et al.
    Deutsche Telekom Labs, TU Berlin.
    Datta, Anwitaman
    NTU Singapore.
    A Case for P2P Infrastructure for Social Networks - Opportunities & Challenges2009In: WONS 2009: 6th International Conference on Wireless On-demand Network Systems and Services, 2009, p. 161-168Conference paper (Refereed)
    Abstract [en]

    Online Social Networks like Facebook, MySpace, Xing, etc. have become extremely popular. Yet they have some limitations that we want to overcome for a next generation of social networks: privacy concerns and requirements of Internet connectivity, both of which are due to web-based applications on a central site whose owner has access to all data. To overcome these limitations, we envision a paradigm shift from client-server to a peer-to-peer infrastructure coupled with encryption so that users keep control of their data and can use the social network also locally, without Internet access. This shift gives rise to many research questions intersecting networking, security, distributed systems and social network analysis, leading to a better understanding of how technology can support social interactions. This paper is an attempt to identify the core functionalities necessary to build social networking applications and services, and the research challenges in realizing them in a decentralized setting. In the tradition of research-path defining papers in the peer-to-peer community, we highlight some challenges and opportunities for peer-to-peer in the era of social networks. We also present our own approach at realizing peer-to-peer social networks.

  • 19.
    Buchegger, Sonja
    et al.
    Deutsche Telekom Laboratories, TU Berlin.
    Krishnamurthy, Sudha
    Deutsche Telekom Laboratories, TU Berlin.
    Sensor Network Economics2007In: Handbook on Sensor Networks / [ed] Yang Xiao, Hui Chen, Frank H. Li, World Scientific, 2007, p. 835-852Chapter in book (Refereed)
  • 20.
    Buchegger, Sonja
    et al.
    EPFL.
    Le Boudec, Jean-Yves
    EPFL.
    Self-Policing Mobile Ad-hoc Networks2004In: Handbook on Mobile Computing, CRC Press, 2004, p. 395-413Chapter in book (Refereed)
  • 21.
    Buchegger, Sonja
    et al.
    UC Berkeley.
    Le Boudec, Jean-Yves
    EPFL.
    Self-policing mobile ad-hoc networks by reputation systems2005In: IEEE Communications Magazine, ISSN 0163-6804, E-ISSN 1558-1896, Vol. 43, no 7, p. 101-107Article in journal (Refereed)
    Abstract [en]

    Node misbehavior due to selfish or malicious reasons or faulty nodes can significantly degrade the performance of mobile ad-hoc networks. To cope with misbehavior in such self-organized networks, nodes need to be able to automatically adapt their strategy to changing levels of cooperation. Existing approaches such as economic incentives or secure routing by cryptography alleviate some of the problems, but not all. We describe the use of a self-policing mechanism based on reputation to enable mobile ad-hoc networks to keep functioning despite the presence of misbehaving nodes. The reputation system in all nodes makes them detect misbehavior locally by observation and use of second-hand information. Once a misbehaving node is detected it is automatically isolated from the network. We classify the features of such reputation systems and describe possible implementations of each of them. We explain in particular how it is possible to use second-hand information while mitigating contamination by spurious ratings.

  • 22.
    Buchegger, Sonja
    et al.
    Deutsche Telekom Laboratories, TU Berlin.
    Mundinger, Jochen
    EPFL.
    Le Boudec, Jean-Yves
    EPFL.
    Reputation Systems for Self-Organized Networks2008In: IEEE technology & society magazine, ISSN 0278-0097, E-ISSN 1937-416X, Vol. 27, no 1, p. 41-47Article in journal (Refereed)
    Abstract [en]

    Self-organized networks such as mobile ad-hoc, Internet-based peer-to-peer, wireless mesh and Fourth generation (4G) Wireless networks, have been receiving increase attention, both deployment and research. However, there is one major issue in suchself-organized communication systems which is "cooperation". These networks depend on cooperation of nodes. Addressing this issue, reputation system, proven to be useful and have been studied and applied separately in diverse disciplines such as economics, computer science, and social science, help nodes decide with whom to cooperate and which nodes to avoid. This system is offering a way of collecting information about the entity of interest, of updating it, and of incorporating the information about that entity obtained from others. It provides the basis of decision making itself, allowing nodes to chose other nodes for cooperation.

  • 23.
    Buchegger, Sonja
    et al.
    Deutsche Telekom Laboratories, TU Berlin.
    Schiöberg, Doris
    TU Berlin.
    Vu, Le Hung
    EPFL.
    Datta, Anwitaman
    NTU Singapore.
    PeerSoN: P2P Social Networking: Early Experiences and Insights2009In: Proceedings of the 2nd ACM EuroSys Workshop on Social Network Systems, SNS '09, 2009, p. 46-52Conference paper (Refereed)
    Abstract [en]

    To address privacy concerns over Online Social Networks (OSNs), we propose a distributed, peer-to-peer approach coupled with encryption. Moreover, extending this distributed approach by direct data exchange between user devices removes the strict Internet-connectivity requirements of web-based OSNs. In order to verify the feasibility of this approach, we designed a two-tiered architecture and protocols that recreate the core features of OSNs in a decentralized way. This paper focuses on the description of the prototype built for the P2P infrastructure for social networks, as a first step without the encryption part, and shares early experiences from the prototype and insights gained since first outlining the challenges and possibilities of decentralized alternatives to OSNs.

  • 24.
    Greschbach, Benjamin
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Datenschutz in Dezentralisierten Sozialen Netzwerken2012Conference paper (Refereed)
  • 25.
    Greschbach, Benjamin
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Friendly Surveillance: A New Adversary Model for Privacy in Decentralized Online Social Networks2012In: Current Issues in IT Security 2012, 5th interdisciplinary Conference, Freiburg, Germany, May 08-10, 2012. Proceedings / [ed] Jochen Jähnke and Nicolas von zur Mühlen and Klaus Rechert and Dirk von Suchodoletz, Berlin, Germany: Duncker & Humblot, 2012, p. 195-206Conference paper (Refereed)
    Abstract [en]

    In pace with the ever increasing popularity of Social Network Services (SNS) the critical privacy flaws of these applications got into focus of media as well as research interest in the last decade. The centralized aggregation of personal user data has been identified as a fundamental problem of popular services such as Facebook or Google+.

    To mitigate this shortcoming the concept of a Decentralized OnlineSocial Network (DOSN) has evolved, where users form a peer-to-peer (P2P) network to corporately operate the service. While this architectural shift immediately eliminates the threat of a central provider adversary, new challenges to protect the users’ privacy arise.

    In this paper we focus on the friend adversary model – that is an attacker that exploits the social relationship status established to the target user. We examine the properties of a friend adversary in a decentralized system by analyzing its capabilities, attack impacts as well as incentives and compare the results to the centralized case. We identify several implementation issues of DOSNs that can alleviate illegitimate data collection for a friend adversary. Furthermore, background knowledge abouta user may complement this information to mount relevant and privacy invading attacks. We conclude that friend adversaries can be powerful attackers indeed and propose to consider this hitherto less emphasized threat for DOSN implementations.

  • 26.
    Greschbach, Benjamin
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Kreitz, Gunnar
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS. KTH, School of Electrical Engineering (EES), Centres, ACCESS Linnaeus Centre.
    The devil is in the metadata - New privacy challenges in decentralised online social networks2012In: 2012 IEEE International Conference on Pervasive Computing and Communications Workshops, PERCOM Workshops 2012, IEEE , 2012, p. 333-339Conference paper (Refereed)
    Abstract [en]

    Decentralised Online Social Networks (DOSN) are evolving as a promising approach to mitigate design-inherent privacy flaws of logically centralised services such as Facebook, Google+ or Twitter. A common approach to build a DOSN is to use a peer-to-peer architecture. While the absence of a single point of data aggregation strikes the most powerful attacker from the list of adversaries, the decentralisation also removes some privacy protection afforded by the central party's intermediation of all communication. As content storage, access right management, retrieval and other administrative tasks of the service become the obligation of the users, it is non-trivial to hide the metadata of objects and information flows, even when the content itself is encrypted. Such metadata is, deliberately or as a side effect, hidden by the provider in a centralised system. In this work, we aim to identify the dangers arising or made more severe from decentralisation, and show how inferences from metadata might invade users' privacy. Furthermore, we discuss general techniques to mitigate or solve the identified issues.

  • 27.
    Greschbach, Benjamin
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Kreitz, Gunnar
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    User Search with Knowledge Threshold in Decentralized Online Social Networks2013In: Proceedings of the 8th International IFIP Summer School on Privacy and Identity Management for Emerging Services and Technologies, 2013Conference paper (Refereed)
    Abstract [en]

    User search is one fundamental functionality of an Online Social Network (OSN). When building privacy-preserving Decentralized Online Social Networks (DOSNs), the challenge of protecting user data and making users findable at the same time has to be met. We propose a user-defined knowledge threshold ("find me if you know enough about me") to balance the two requirements. We present and discuss protocols for this purpose that do not make use of any centralized component. An evaluation using real world data suggests that there is a promising compromise with good user performance and high adversary costs.

  • 28.
    Greschbach, Benjamin
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Kreitz, Gunnar
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    User Search with Knowledge Thresholds in Decentralized Online Social Networks2014In: PRIVACY AND IDENTITY MANAGEMENT FOR EMERGING SERVICES AND TECHNOLOGIES, 2014, p. 188-202Conference paper (Refereed)
    Abstract [en]

    User search is one fundamental functionality of an Online Social Network (OSN). When building privacy-preserving Decentralized Online Social Networks (DOSNs), the challenge of protecting user data and making users findable at the same time has to be met. We propose a user-defined knowledge threshold ("find me if you know enough about me") to balance the two requirements. We present and discuss protocols for this purpose that do not make use of any centralized component. An evaluation using real world data suggests that there is a promising compromise with good user performance and high adversary costs.

  • 29.
    Greschbach, Benjamin
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Rodríguez-Cano, Guillermo
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Ericsson, Tomas
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Design of a Privacy-Preserving Document Submission and Grading System2015In: Secure IT Systems: 20th Nordic Conference, NordSec 2015, Stockholm, Sweden, October 19–21, 2015, Proceedings / [ed] Sonja Buchegger and Mads Dam, Springer Berlin/Heidelberg, 2015, p. 64-71Conference paper (Refereed)
    Abstract [en]

    Documentsubmissionandgradingsystemsarecommonlyused in educational institutions. They facilitate the hand-in of assignments by students, the subsequent grading by the course teachers and the management of the submitted documents and corresponding grades. But they might also undermine the privacy of students, especially when documents and related data are stored long term with the risk of leaking to malicious parties in the future. We propose a protocol for a privacy- preserving, anonymous document submission and grading system based on blind signatures. Our solution guarantees the unlinkability of a document with the authoring student even after her grade has been reported, while the student can prove that she received the grade assigned to the document she submitted. We implemented a prototype of the proposed protocol to show its feasibility and evaluate its privacy and security properties. 

  • 30.
    Hui, Pan
    et al.
    Deutsche Telekom Laboratories, TU Berlin.
    Buchegger, Sonja
    Deutsche Telekom Laboratories, TU Berlin.
    Groupthink and Peer Pressure: Social Influence in Online Social Network Groups2009Conference paper (Refereed)
    Abstract [en]

    In this paper, we present a horizontal view of social influence, more specifically a quantitative study of the influence of neighbours on the probability of a particular node to join a group, on four popular Online Social Networks (OSNs), namely Orkut, YouTube, LiveJournal, and Flickr. Neighbours in OSNs have a mutually acknowledged relation, most often defined as friendship, and they are directly connected on a graph of a social network. Users in OSNs can also join groups of users. These groups represent common areas of interest.We present a simple social influence model to describe and explain the group joining process of users on OSNs. To this end, we extract the social influence from data sets of OSNs of a million sample nodes. One of our findings is that a set of neighbours in the OSN is about 100 times more powerful in influencing a user to join a group than the same number of strangers

  • 31.
    Kreitz, Gunnar
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Bodriagov, Oleksandr
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Greschbach, Benjamin
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Rodríguez-Cano, Guillermo
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Passwords in Peer-to-Peer2012In: Peer-to-Peer Computing (P2P), 2012 IEEE 12th International Conference on, IEEE , 2012, p. 167-178Conference paper (Refereed)
    Abstract [en]

    One of the differences between typical peer-to-peer (P2P) and client-server systems is the existence of user accounts. While many P2P applications, like public file sharing, are anonymous, more complex services such as decentralized online social networks require user authentication. In these, the common approach to P2P authentication builds on the possession of cryptographic keys. A drawback with that approach is usability when users access the system from multiple devices, an increasingly common scenario. In this work, we present a scheme to support logins based on users knowing a username-password pair. We use passwords, as they are the most common authentication mechanism in services on the Internet today, ensuring strong user familiarity. In addition to password logins, we also present supporting protocols to provide functionality related to password logins, such as resetting a forgotten password via e-mail or security questions. Together, these allow P2P systems to emulate centralized password logins. The results of our performance evaluation indicate that incurred delays are well within acceptable bounds.

  • 32.
    Mundinger, Jochen
    et al.
    Statistical Laboratory, University of Cambridge, UK.
    Buchegger, Sonja
    UC Berkeley.
    Le Boudec, Jean-Yves
    EPFL.
    Distributed Reputation Systems for Internet-based Peer-to-Peer Systems and Mobile Ad-Hoc Networks2005In: ERCIM News, ISSN 0926-4981, E-ISSN 1564-0094, Vol. 63, p. 19-20Article in journal (Refereed)
    Abstract [en]

    Reputation systems are widely and successfully used in centralized scenarios. Will they work equally well, however, in decentralized scenarios such as Internetbased peer-to-peer systems and mobile ad hoc networks?

  • 33. Nasim, Robayet
    et al.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    XACML-based access control for decentralized online social networks2014In: Proceedings - 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing, UCC 2014, 2014, p. 671-676Conference paper (Refereed)
    Abstract [en]

    With the increasing popularity of Online Social Networks (OSNs), one type of Big Data, namely personal, sensitive, and behavioral information, is being collected, analyzed, and spread on the Internet. As the collection and mining of user data improves, both qualitatively and quantitatively, users' privacy is more and more at risk. Current OSNs and other web services are, at least logically, centralized and thus more vulnerable to accidental or deliberate privacy leaks as well as inference. Decentralization, taking away the control of a single service provider, can be a step toward preserving the users' privacy and giving them control over their own data. Even after removing the threats from centralized big data, the users' personal data needs to be protected from unauthorized access. In contrast to other proposals for decentralized OSNs, we aim to provide the basis for a privacy-preserving system built from light-weight and readily available components, namely the Extensible Access Control Mark up Language (XACML) and the Security Assertion Mark up Language (SAML) with secret key authentication, including simple ways of formulating access policies for users. We find that this combination provides a straightforward way of keeping and deliberately sharing personal information with other users that is robust against a range of attacks including unauthorized access at least in the case of every user's profile being stored on machines under their control. One can consider replicas on trusted servers, storage on untrusted servers, however, is left for future work.

  • 34.
    Paul, Thomas
    et al.
    TU Darmstadt.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS. KTH, School of Electrical Engineering (EES), Centres, ACCESS Linnaeus Centre.
    Strufe, Thorsten
    TU Darmstadt.
    Decentralizing Social Networking Services2010Conference paper (Other academic)
    Abstract [en]

    Online Social Networks (OSN) of today represent centralized repositoriesof personally idenfiable information (PII) of their users. Considering theirimpressive growth they arguably are the most popular service on the Internet, bothby technology savvy but even more by comparibly inexpert audiences, today. Beingvoluntarily maintained and automatically exploitable, they are a promising andchallenging target for commercial exploitation and abuse by miscreants. Severalapproaches have been proposed to mitigate this threat by design. Removing the centralizedstorage, they distribute the service and data storage, to protect their usersfrom a provider that has access to all the information users put into the system.This paper gives an overview of currently proposed approaches, and classifies themaccording to their core design decisions.

  • 35.
    Paul, Thomas
    et al.
    TU Darmstadt & CASED.
    Greschbach, Benjamin
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Strufe, Thorsten
    TU Darmstadt & CASED.
    Exploring Decentralization Dimensions of Social Networking Services: Adversaries and Availability2012In: Proceedings of the 1st ACM International Workshop on Hot Topics on Interdisciplinary Social Networks Researc, 2012, p. 49-56Conference paper (Refereed)
    Abstract [en]

    Current online Social Networking Services (SNS) are orga-nized around a single provider and while storage and func-tionality can be distributed, the control over the service be-longs to one central entity. This structure raises privacy con-cerns over the handling of large-scale and at least logicallycentralized collections of user data. In an effort to protectuser privacy and decrease provider dependence, decentral-ization has been proposed for SNS. This decentralization haseffects on availability, opportunities for traffic analysis, re-source requirements, cooperation and incenctives, trust andaccountability for different entities, and performance.In this paper, we explore the spectrum of SNS implemen-tations from centralized to fully decentralized and severalhybrid constellations in between. Taking a systematic ap-proach of SNS layers, decentralization classes, and replica-tion strategies, we investigate the design space and focus ontwo issues as concrete examples where the contrast of ex-treme ends of the decentralization spectrum is illustrative,namely potential adversaries and churn-related profile avail-ability. In general, our research indicates that hybrid ap-proaches deserve more attention as both centralized as wellas entirely decentralized systems suffer from severe draw-backs.

  • 36.
    Rodríguez-Cano, Guillermo
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Grescbach, Benjamin
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Event Invitations in Privacy-Preserving DOSNs: Formalization and Protocol Design2014In: Secure IT Systems: 19th Nordic Conference, NordSec 2014, Tromsø, Norway, October 15-17, 2014, Proceedings / [ed] Karin Bernsmed,Simone Fischer-Hübner, Springer Publishing Company, 2014, , p. 2p. 291-292Conference paper (Refereed)
    Abstract [en]

    Online Social Networks (OSNs) have an infamous history of privacy and security issues. One approach to avoid the collection of massive amounts of sensitive user data at a central point is a decentralized architecture.

    An event invitation feature - allowing a user to create an event and invite other users who then can confirm their attendance - is part of the standard functionality of OSNs. Implementing this feature in a Privacy-Preserving Decentralized Online Social Network (DOSN) is non-trivial because there is no fully trusted broker to guarantee fairness to all parties involved.

    In this work we look into decentralized protocols for implementing event invitation features. We formalize possible security and privacy properties of such a feature and propose a secure implementation allowing different types of information related to the event (e.g., how many people are invited/attending, who is invited/attending) to be shared with different groups of users (e.g., only invited/attending users).

    The results can be applied in the context of Privacy-Preserving DOSNs, but might also be useful in other domains such as Collaborative-Working Environment (CWE) and their corresponding collaborative-specific tools (i.e., groupware).

  • 37.
    Rodríguez-Cano, Guillermo
    et al.
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Greschbach, Benjamin
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Event Invitations in Privacy-Preserving DOSNs: Formalization and Protocol Design2015In: Privacy and Identity Management for the Future Internet in the Age of Globalisation: 9th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Patras, Greece, September 7-12, 2014, Revised Selected Papers / [ed] Camenisch, Jan; Fischer-Hübner, Simone; Hansen, Marit, Springer Publishing Company, 2015, Vol. 457, p. 185-200Chapter in book (Refereed)
    Abstract [en]

    Online Social Networks (OSNs) have an infamous history of privacy and security issues. One approach to avoid the massive collection of sensitive data of all users at a central point is a decentralized architecture.

    An event invitation feature - allowing a user to create an event and invite other users who then can confirm their attendance - is part of the standard functionality of OSNs. We formalize security and privacy properties of such a feature like allowing different types of information related to the event (e.g., how many people are invited/attending, who is invited/attending) to be shared with different groups of users (e.g., only invited/attending users).

    Implementing this feature in a Privacy-Preserving Decentralized Online Decentralized Online is non-trivial because there is no fully trusted broker to guarantee fairness to all parties involved. We propose a secure decentralized protocol for implementing this feature, using tools such as storage location indirection, ciphertext inferences and a disclose-secret-if-committed mechanism, derived from standard cryptographic primitives.

    The results can be applied in the context of Privacy-Preserving DOSNs, but might also be useful in other domains that need mechanisms for cooperation and coordination, e.g., Collaborative Working Environment and the corresponding collaborative-specific tools, i.e., groupware, or Computer-Supported Collaborative Learning.

  • 38. Rzadca, K.
    et al.
    Datta, A.
    Kreitz, Gunnar
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
    Game-theoretic mechanisms to increase data availability in decentralized storage systems2015In: ACM Transactions on Autonomous and Adaptive Systems, ISSN 1556-4665, E-ISSN 1556-4703, Vol. 10, no 3Article in journal (Refereed)
    Abstract [en]

    In a decentralized storage system, agents replicate each other’s data to increase availability. Compared to organizationally centralized solutions, such as cloud storage, a decentralized storage system requires less trust in the provider and may result in smaller monetary costs. Our system is based on reciprocal storage contracts that allow the agents to adopt to changes in their replication partners’ availability (by dropping inefficient contracts and forming new contracts with other partners). The data availability provided by the system is a function of the participating agents’ availability. However, a straightforward system in which agents’ matching is decentralized uses the given agent availability inefficiently. As agents are autonomous, the highly available agents form cliques replicating data between each other, which makes the system too hostile for the weakly available newcomers. In contrast, a centralized, equitable matching is not incentive compatible: it does not reward users for keeping their software running. We solve this dilemma by a mixed solution: an "adoption" mechanism in which highly available agents donate some replication space, which in turn is used to help the worst-off agents. We show that the adoption motivates agents to increase their availability (is incentive-compatible), but also that it is sufficient for acceptable data availability for weakly-available agents.

  • 39.
    Rzadca, Krzysztof
    et al.
    NTU Singapore.
    Datta, Anwitaman
    NTU Singapore.
    Buchegger, Sonja
    KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS. KTH, School of Electrical Engineering (EES), Centres, ACCESS Linnaeus Centre.
    Replica Placement in P2P Storage:: Complexity and Game Theoretic Analyses2010In: Proceedings - International Conference on Distributed Computing Systems, 2010, p. 599-609Conference paper (Refereed)
    Abstract [en]

    In peer-to-peer storage systems, peers replicate each others' data in order to increase availability. If the matching is done centrally, the algorithm can optimize data availability in an equitable manner for all participants. However, if matching is decentralized, the peers' selfishness can greatly alter the results, leading to performance inequities that can render the system unreliable and thus ultimately unusable. We analyze the problem using both theoretical approaches (complexity analysis for the centralized system, game theory for the decentralized one) and simulation. We prove that the problem of optimizing availability in a centralized system is NP-hard. In decentralized settings, we show that the rational behavior of selfish peers will be to replicate only with similarly-available peers. Compared to the socially-optimal solution, highly available peers have their data availability increased at the expense of decreased data availability for less available peers. The price of anarchy is high: unbounded in one model, and linear with the number of time slots in the second model. We also propose centralized and decentralized heuristics that, according to our experiments, converge fast in the average case. The high price of anarchy means that a completely decentralized system could be too emph{hostile} for peers with low availability, who could never achieve satisfying replication parameters. Moreover, we experimentally show that even explicit consideration and exploitation of diurnal patterns of peer availability has a small effect on the data availability—except when the system has truly global scope. Yet a fully centralized system is infeasible, not only because of problems in information gathering, but also the complexity of optimizing availability. The solution to this dilemma is to create system-wide cooperation rules that allow a decentralized algorithm, but also limit the selfishness of the participants

  • 40.
    Vu, Le Hung
    et al.
    EPFL.
    Aberer, Karl
    EPFL.
    Buchegger, Sonja
    Deutsche Telekom Laboratories, TU Berlin, Germany.
    Datta, Anwitaman
    NTU Singapore.
    Enabling Secure Secret Sharing in Distributed Online Social Networks2009In: 25TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, 2009, p. 419-428Conference paper (Refereed)
    Abstract [en]

    We study a new application of threshold-based secret sharing in a distributed online social network (DOSN), where users need a means to back up and recover their private keys in a network of untrusted servers. Using a simple threshold-based secret sharing in such an environment is insufficiently secured since delegates keeping the secret shares may collude to steal the user's private keys. To mitigate this problem, we propose using different techniques to improve the system security: by selecting only the most reliable delegates for keeping these shares and further by encrypting the shares with passwords. We develop a mechanism to select the most reliable delegates based on an effective trust measure. Specifically, relationships among the secret owner, delegate candidates and their related friends are used to estimate the trustworthiness of a delegate. This trust measure minimizes the likelihood of the secret being stolen by an adversary and is shown to be effective against various collusive attacks. Extensive simulations show that the proposed trust-based delegate selection performs very well in highly vulnerable environments where the adversary controls many nodes with different distributions and even with spreading of infections in the network. In fact, the number of keys lost is very low under extremely pessimistic assumptions of the adversary model

1 - 40 of 40
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf