Refine
Institute
Has Fulltext
- no (18)
Language
- English (18)
Document Type
- Conference Proceeding (16)
- Article (1)
- Doctoral Thesis (1)
Keywords
- cryptographic protocols (3)
- privacy (3)
- Cybersecurity (2)
- secure group computation (2)
- secure multi-party computation (2)
- AI (1)
- Android (1)
- Artificial intelligence (1)
- Asset Discovery (1)
- Asset Inventory (1)
Privacy-preserving multi-party reconciliation secure in the malicious model (Extended version)
(2013)
The problem of fair and privacy-preserving ordered set reconciliation arises in a variety of applications like auctions, e-voting, and appointment reconciliation. While several multi-party protocols have been proposed that solve this problem in the semi-honest model, there are no multi-party protocols that are secure in the malicious model so far. In this paper, we close this gap. Our newly proposed protocols are shown to be secure in the malicious model based on a variety of novel non-interactive zero-knowledge-proofs. We describe the implementation of our protocols and evaluate their performance in comparison to protocols solving the problem in the semi-honest case.
The need for compliance and the growing number of IT security threats force many companies to improve their level of IT security. At the same time, new legal regulations and the trend to interconnect IT with automation environments (operational technology, OT) lead to the situation that IT security and OT security need to be approached at the same time. However, OT differs from IT in several aspects and many well-established IT security procedures cannot simply be copied to OT networks. As in IT the first step to establish an acceptable security level for OT is to perform a proper risk assessment. Available tools that support OT asset management are either expensive or they do not provide the functionality needed. In the context of this paper a new open-source approach to OT asset management is presented. The tool that was developed to collect OT assets considers the specific characteristics of OT devices, the sensitivity of production environments, and the typically rudimentary star ting situation of many real-world machine operators while being free of charge at the same time.
In today’s world, there are more and more IT systems that are interconnected to provide services to a wide variety of business classes. Since their services are usually inevitably linked to financial and political interests, the number of attacks aimed at disrupting or profiting from these and the associated systems in various ways is constantly increasing. In this paper we design and implement a framework for the comprehensive auditing of IT systems in system architectures of different enterprise classes. For our solution, we evaluate formal requirements regarding audit trails, provide concepts for the pseudonymisation of audit data, develop software components for E2E audit trails and finally present a secure system architecture based on Kubernetes and Istio in conjunction with the storage components ArangoDB and HashiCorp Vault to achieve an efficient framework for creating E2E audit trails.
Industrial automation and control systems (IACS) operate in complex and increasingly networked environments of industrial plants. Due to the increasing number of cyber attacks, these systems are also exposed to the growing threat of being attacked. IACS are often found in critical infrastructure such as power supply or water treatment plants, as well as in industry, so their compromise can result in devastating consequences. To prevent this, the IEC-62443 series of standards was developed to address the cybersecurity of IACS. In order to achieve cybersecurity in accordance with the IEC-62443 standard, the human factor plays a major role, as it is humans that need to implement and manage the cybersecurity controls. To help those users to get started and gain a basic understanding of important IEC-62443 concepts such as zones and conduits, defense in depth, and security levels, this paper defines an experience-based practical approach to train users w.r.t. application and implementation of the standard.
In this paper, we introduce the first protocols for multi-party, privacy-preserving, fair reconciliation of ordered sets. Our contributions are twofold. First, we show that it is possible to extend the round-based construction for fair, two-party privacy-preserving reconciliation of ordered sets to multiple parties using a multi-party privacy-preserving set intersection protocol. Second, we propose new constructions for fair, multi-party, privacy-preserving reconciliation of ordered sets based on multiset operations. We prove that all our protocols are privacy-preserving in the semi-honest model. We furthermore provide a detailed performance analysis of our new protocols and show that the constructions based on multisets generally outperform the round-based approach.
In this paper, we introduce the first protocols for multi-party, privacy-preserving, fair reconciliation of ordered sets. Our contributions are twofold. First, we show that it is possible to extend the round-based construction for fair, two-party privacy-preserving reconciliation of ordered sets to multiple parties using a multi-party privacy-preserving set intersection protocol. Second, we propose new constructions for fair, multi-party, privacy-preserving reconciliation of ordered sets based on multiset operations. We prove that all our protocols are privacy-preserving in the semi-honest model. We furthermore provide a detailed performance analysis of our new protocols and show that the constructions based on multisets generally outperform the round-based approach.
Enabling fair and privacy-preserving applications using reconciliation protocols on ordered sets
(2011)
Fair and privacy-preserving reconciliation protocols on ordered sets have been introduced recently. Despite the fact that these protocols promise to have a great impact in a variety of applications, so far their practical use has been explored to a limited extent only. This paper addresses this gap. As main contributions, this paper identifies e-voting, auctions, event scheduling, and policy reconciliation as four far-reaching areas of application and shows how fair and privacy-preserving reconciliation protocols can be used effectively in these contexts.
Secure Multi-Party Computation (SMC) offers a theoretically well-founded means to allow applications that preserve their users' privacy. We introduce SMC-MuSe, a framework for Secure Multi-Party Computation on MultiSets, which enables the privacy-preserving computation of set operations on multisets. SMC-MuSe is targeted to provide for the efficient implementation of specific interesting functions rather than on computing arbitrary ones. It is generic in the sense that it allows to compute any composition of privacy-preserving set intersections, unions, and reductions on multisets. The system model used in SMC-MuSe is kept close to the one assumed in theory and supports asynchronous communications, resilient SMC computations, and fully-automated key management.
Privacy-preserving reconciliation protocols on ordered sets are protocols that solve a particular subproblem of secure multiparty computation. Here, each party holds a private input set of equal size in which the elements are ordered according to the party's preferences. The goal of a reconciliation protocol on these ordered sets is then to find all common elements in the parties' input sets that maximize the joint preferences of the parties. In this paper, we present two main contributions that improve on the current state of the art. First, we propose two new protocols for privacy-preserving reconciliation and prove their correctness and security properties. We implement and evaluate our protocols as well as two previously published multi-party reconciliation protocols. Our implementation is the first practical solution to reconciliation problems in the multi-party setting. Our comparison shows that our new protocols outperform the original protocols. The basic optimization idea is to reduce the highest degree polynomial in the protocol design. Second, we generalize privacy-preserving reconciliation protocols, i. e., relaxing the input constraint from totally ordered input sets of equal size to pre-ordered input sets of arbitrary size.
Fully homomorphic cryptosystems allow the evaluation of arbitrary Boolean circuits on encrypted inputs and therefore have very important applications in the area of secure multi-party computation. Since every computable function can be expressed as a Boolean circuit, it is theoretically clear how to achieve function evaluation on encrypted inputs. However, the transformation to Boolean circuits is not trivial in practice. In this work, we design such a transformation for certain functions, i.e., we propose algorithms and protocols which make use of fully homomorphic encryption in order to achieve privacy-preserving multi-party reconciliation on ordered sets. Assuming a sufficiently efficient encryption scheme, our solution performs much better than existing approaches in terms of communication overhead and number of homomorphic operations.
