1

WS 2017/2018 – 3CP Prof. Stefan Katzenbeisser / Security Engineering Group

Privacy-Enhancing Technologies Practical Projects

Organization: Nikolay Matyunin, room S4|14 – 4.3.27 matyunin@seceng.informatik.tu-darmstadt.de

2

Practical Projects - Overview

Goal: Hands-on work in research topics on privacy in the SecEng group

Organization: • Form groups of 3–4 people by November 12th

• Inform Nikolay Matyunin via e-mail about

• group members • 5 preferred topics in order

(1st — most preferable, …)

• one e-mail per group, members in CC

• After you received an email about your assignment, get in contact with your topic supervisor to organize a meeting

Hints: • Unfortunately, we cannot guarantee topics by preference

• If you cannot find a group (or enough members), please also register via e-mail. We will

form (fill up) groups with the remaining students

[…] wir haben uns zu folgender Gruppe zusammengefunden: * Max Mustermann, mailmenot@example.com * Sabine Musterfrau, sabine@mailmenot.com * Donald Trumpf, mr.trumpf@hotmail.com * Hillarious Klinton, ms.klinton@yahoo.de Unsere 5 Wunschthemen sind: T5,T1,T3,T7,T9 […]

3

Overview

T1: Why your location service provider knows if you are single (1) (Spyros Boukoros, eng.) T2: Why your location service provider knows if you are single (2) (Spyros Boukoros, eng.) T3: Dust (or radiation or noise) in the wind (1) (Spyros Boukoros, eng.) T4: Dust (or radiation or noise) in the wind (2) (Spyros Boukoros, eng.) T5: Testing Security Drop-Ins of a Protocol (Markus Heinrich) T6: Learning Proximity from Communication Patterns (Markus Heinrich) T7: Deanonymizing Mobility Traces (Markus Heinrich) T8: Controlled PUFs and privacy (Nikolaos Anagnostopoulos, eng.) T9: Entropy of strong PUFs (Nikolaos Anagnostopoulos, eng.) T10: Optical recognition of memory contents (Nikolaos Anagnostopoulos, eng.) T11: Inferring web-browsing activity using sensor data (Nikolay Matyunin, eng.) T12: Web-tracking using cache-based covert channels (Nikolay Matyunin, eng.) T13: Feasibility Analysis of PBC on Low-End Embedded Devices (Florian Kohnhaeuser) T14: Privacy-preserving Remote Attestation with DAA (Florian Kohnhaeuser) T15: Framework for Privacy Preserving Aggregation in the Browser (Niklas Buescher) T16: Framework for Secure Computation in the Browser (Niklas Buescher) T17: Co-editing privately (Nikolaos Karvelas) T18: Split & Conquer: Protecting Genomic Data (Nikolaos Karvelas) T19: IPTV User Behavior Simulation I (Tolga Arul) T20: IPTV User Behavior Simulation II (Tolga Arul)

4

Topic 1 (Spyros Boukoros, eng.): Why your location service provider knows if you are single Profiling users based on their location data

Location data services are one of the most utilized services on smartphones. The trade off is(?) rather simple: exciting new places to visit and interesting people around you, in exchange for your current location. From this kind of data however, we can tell a lot of things about people, their social circles and their everyday activities.

Goals: ● Work with the real dataset (and real users) of OpenStreetMap

● Infer people's point of interests (POIs), trajectories and home/work locations using automated tools

● Evaluate the privacy of users, in this special and under-investigated type of data.

5

Location data services are one of the most utilized services on smartphones. The trade off is(?) rather simple: exciting new places to visit and interesting people around you, in exchange for your current location. From this kind of data however, we can tell a lot of things about people, their social circles and their everyday activities.

Goals: ● Work with the real dataset (and real users) of OpenStreetMap

● Implement defenses based on differential privacy such as GeoInd on this kind of data

● Evaluate the privacy loss even after the noise addition

Topic 2 (Spyros Boukoros, eng.): Why your location service provider knows if you are single Protecting users location data on OpenStreetMaps

6

Safecast is a global volunteer-centered citizen science project, working to empower people with data about their environments. People, as they move into the city can perform a variety of measurements just by having a simple sensor with them. This sensor reports the measured values, along with the GPS coordinates regularly. We know however from privacy research, that there is always a trade off between utility and privacy.

Goals: ● Work with the real datasets from Safecast ● Infer people's point of interests (POIs), trajectories and home/work locations

using automated tools ● Evaluate the privacy of users, in this special and underinvestigated type of

data.

Topic 3 (Spyros Boukoros, eng.): Dust (or radiation or noise) in the wind De-anonymizing users on mobile crowdsourcing applications

7

Topic 4 (Spyros Boukoros, eng.): Dust (or radiation or noise) in the wind Defending users on mobile crowdsourcing applications

Safecast is a global volunteer-centered citizen science project, working to empower people with data about their environments. People, as they move into the city can perform a variety of measurements just by having a simple sensor with them. This sensor reports the measured values, along with the GPS coordinates regularly. We know however from privacy research, that there is always a trade off between utility and privacy.

Goals: ● Work with the real datasets from Safecast ● Implement defenses based on differential privacy such as GeoInd on this kind

of data ● Evaluate the privacy loss even after the noise addition

8

Topic 5 (Markus Heinrich): Testing Security Drop-Ins of a Protocol

• Implement a safe communication protocol(OSI layer 4-6)

• Language: • Show that machines can communicate via the

protocol • Implement drop-in security solutions for the

protocol (will be given) • Do a performance evaluation of the protocol

with and w/o the drop-ins Structure of the communication protocol to implement

9

Topic 6 (Markus Heinrich): Learning Proximity from Communication Patterns

• Investigate a network trace on application layer • Filter the trace for important messages • Build statistics of the trace (histogram, temporal provenance, …) • Infer which entities are physical neighbors from the trace

• Leverage external knowledge of the network structure • Nodes are addressed simultaneously • …

• Build a graph from the inferredinformation

• Generate a graphical representationof the graph

Assumptions about the real world topology can be made

10

Topic 7 (Markus Heinrich): Deanonymizing Mobility Traces

• Anonymous mobility traces (left graph) can be deanomymized with the help of a social network (right graph)

• Implement at least one of the deanonymization schemes presented in:http://dx.doi.org/10.1145/2382196.2382262

• Run your code and compare the results with the paper

Example: Find equivalent nodes of the right graph in the left

11

Introduction to T8–10 (Nikolaos Anagnoustopoulos): PUFs

• Project P3 of the CROSSING Collaborative Research Center of TU Darmstadt works on Physical Unclonable Functions (PUFs).

• PUFs are based on unique characteristics of hardware modules, which can be used in order to construct a key (or in general, a token for cryptographic applications).

• To this end, we use as PUF characteristics the initial values or the decay characteristics of SRAM and/or DRAM cells of commodity off-the-shelf devices. Such hardware is also commonly used in IoT device implementations.

• In other words, we produce cryptographic keys using IoT hardware.

12

Topic 8 (Nikolaos Anagnoustopoulos): Controlled PUFs and privacy

[1] Gassend, Blaise, Marten van Dijk, Dwaine Clarke, and Srinivas Devadas. "Controlled physical random functions." In Security with Noisy Data, pp. 235-253. Springer London, 2007. [2] Guajardo, Jorge, Sandeep S. Kumar, Geert-Jan Schrijen, and Pim Tuyls. "FPGA intrinsic PUFs and their use for IP protection." In International workshop on Cryptographic Hardware and Embedded Systems, pp. 63-80. Springer Berlin Heidelberg, 2007. [3] Tuyls, Pim, and Boris Škorić. "Strong authentication with physical unclonable functions." In Security, Privacy, and Trust in Modern Data Management, pp. 133-148. Springer Berlin Heidelberg, 2007.

Task: Implement a controlled PUF (based on already existing implementations of common PUFs) and suggest potential privacy-related applications for it.

Can controlled PUFs be used for privacy enhancement?

13

Topic 9 (Nikolaos Anagnoustopoulos): Entropy of strong PUFs

[1] Gruber, Martin. "Development of Benchmarks for Physical Unclonable Functions." Bachelor thesis. Universität Passau. 2016. [2] McKay, K. "User’s Guide to Running the Draft NIST SP 800-90B Entropy Estimation Suite." National Institute of Standards and Technology (NIST). 2016. [3] Rührmair, Ulrich, Jan Sölter, Frank Sehnke, Xiaolin Xu, Ahmed Mahmoud, Vera Stoyanova, Gideon Dror, Jürgen Schmidhuber, Wayne Burleson, and Srinivas Devadas. "PUF modeling attacks on simulated and silicon data." IEEE Transactions on Information Forensics and Security 8, no. 11 (2013): 1876-1891.

Task: Investigate the entropy and randomness of simulated strong PUFs (based on already existing code and the NIST tests) and suggest whether strong PUFs can be always tracked or not, based on your results.

Do strong PUFs have enough entropy and randomness, or can they always be modelled and tracked?

14

Topic 10 (Nikolaos Anagnoustopoulos): Optical recognition of memory contents

[1] Iskander Alexander Tschinibaew. “Segmentierung und Analyse der Messdaten von thermisch laserstimulierten SRAM-Zellen zur Erkennung der Speicherzustände.” Bachelor Thesis. Technische Universität Berlin. 2016. [2] Axel Schonau. “MSP430 - Speicherlayout”. Technische Universität Berlin. 2016

Task: Investigate the potential for an optical recognition algorithm for the light emissions of memory cells (based on already existing code).

Can memories be read through light emissions?

15

Topic 11 (Nikolay Matyunin): Inferring web-browsing activity using sensor data

sensor data

• Studies show that power traces can reveal browsing activity on laptops [1] and smartphones [2]

• Magnetometers in smartphones also react to high CPU/power activity => they can be exploited for same purposes!

• Sensor data can be now accessed from the web pages

Goal: distinguish between different browsing activity based on magnetometer measurements

Tasks: (1) Implement in-browser recording of sensor data using new

Generic Sensor API (2)Evaluate detection of browsing activity using magnetometer

traces (similarly to power-based approaches [1-2]) (3) Investigate ways to access raw magnetometer data from

fusion-based APIs

16

Topic 12 (Nikolay Matyunin): Web-tracking using cache-based covert channels

shared cache

• Modern web browsers aim to protect user privacy(incognito modes, intelligent anti-tracking, Tor Browser, etc.)

• Covert channels can be used to break sandboxing and store tracking IDs somewhere else [1], [2]

• Current solutions rely on JavaScript to control the memory

Goal: exfiltrate tracking IDs from private isolated web sessions without scripting, using only “basic” web components

Tasks: (1) Implement a cache-based covert channel to send tracking

IDs to not isolated app/session (based on existing studies) (2) Investigate ways to indirectly exploit the memory from web

pages (images, videos, etc.) (3)Evaluate the solution in different browser configurations

17

Topic 13 (Florian Kohnhaeuser): Feasibility Analysis of Pairing-based Cryptography on Low-End Embedded Devices

• Pairing-based Cryptography (PBC) is a relatively new field in cryptography [1] • PBC enables many new cryptographic protocols: Identity-based Encryption,

Attribute-based Encryption, Multi-Signatures, Threshold-Signatures, etc. • PBC requires much more computational resources

than traditional cryptographic schemes [2] • Can low-end embedded devices (IoT devices) use PBC?

Tasks: (1) Requirement Analysis: relevant PBC crypto schemes in IoT use case (2) Implementation: port existing PBC library to embedded device and

implement PBC crypto schemes on top of library (3) Evaluation: energy-consumption, storage-consumption, runtime

[1] Menezes: “An introduction to pairing-based cryptography”. Recent trends in cryptography, 2009. [2] Ometov et al.: "Feasibility characterization of cryptographic primitives for constrained (wearable) IoT devices.” Pervasive Computing and Communication Workshops (PerCom Workshops), 2016.

18

Topic 14 (Florian Kohnhaeuser): Privacy-preserving Remote Attestationwith DAA on Embedded Devices

• Remote attestation is an interactive protocol that allows a third party (verifier) to check the integrity of the software on a remote device (prover)

• Direct anonymous attestation (DAA) enables to preserve the prover‘s privacy [1] • Trusted Platform Module (TPM) implements DAA on PCs, notebooks, etc. • No implementation of DAA on embedded devices (smartphones, IoT, etc.),

although these devices provide ARM TrustZone that hasenough secure hardware capabilities to implement attestation

• Goal: Implementation of DAA on Raspberry Pi 3

Tasks: (1) Theory: get confident with TrustZone concept and find suitable DAA protocol (2) Implementation: implement DAA protocol on Raspberry Pi 3 (3) Evaluation: energy-consumption, storage-consumption, runtime

[1] Chen, Liqun, Dan Page, and Nigel P. Smart. "On the design and implementation of an efficient DAA scheme." International Conference on Smart Card Research and Advanced Applications. 2010.

19

Topic 15 (Niklas Buescher): Framework for Privacy Preserving Aggregation in the Browser

Goal: Implementation of a privacy-friendly version of data aggregation services (e.g., Doodle, online voting, …) that runs in the browser.

Approach: • Study related work • Privacy will be achieved through secret sharing (data is split) • Implementation in JavaScript (frontend), and language of your choice (backend)

Requirements: • Basic crypto knowledge (e.g., intro to trusted systems, intro to crypto)

20

Topic 16 (Niklas Buescher): Framework for Secure Computation in the Browser

Goal: Framework to run Yao’s Garbled Circuits between browser and server

Approach: • Study existing implementations and optimizations of Yao’s Garbled Circuits • Implementation in JavaScript (frontend), and language of your choice (backend) • (if time permits) Improve efficiency with WebGL

Requirements: • You should be interested in applied crypto (or listened to our SECOMP lecture)

21

Topic 17 (Nikolaos Karvelas): Co-editing privately

Setting: ▪ A number of Read- Writable files stored on a remote Server ▪ Many users have R/W access to the files

Goal: Hide which document has been updated by the users

Cryptographic primitive: Oblivious RAM (ORAM) ▪ https://dl.acm.org/citation.cfm?id=233553 ▪ https://dl.acm.org/citation.cfm?id=2516660

Plan: ▪ Examine which of the Open Source Google-Docs alternatives (Etherpad,

Gobby, Firepad, etc) can be easily extended to this setting ▪ Implement an ORAM interface (the fancier the better, however even the most

trivial will suffice at this stage) ▪ Test it...

22

Topic 18 (Nikolaos Karvelas): Split & Conquer: Protecting Genomic Data

Setting: ▪ Whole sequenced genome resides usually in large files, and various formats ▪ Protection and access of such files can be cumbersome and inefficient

Goal: Split genomic data into smaller, indexed files

Plan: ▪ Investigate various formats and output files of genomic sequencing techniques ▪ Find publicly available genomic data (e.g. https://www.ncbi.nlm.nih.gov/guide/

howto/dwn-genome/ ) ▪ Investigate compression techniques (e.g. https://academic.oup.com/

bioinformatics/article/25/14/1731/225235/Data-structures-and-compression-algorithms-for )

▪ Apply the aforementioned techniques to given publicly available data

23

Topic 19 (Tolga Arul): IPTV User Behavior Simulation I

Background: ▪ Simulation of realistic IPTV user behavior is used for

different types of estimations and evaluations of newly developed algorithms

▪ Simulations are based on user models ▪ Many different user models with varying degree of accuracy

exist ▪ The targeted implementation uses a model derived from

empirical data

Task: Implement user behavior model presented in [1] as a plugin in a Java-based simulation framework [1] Modeling user activities in a large IPTV system.Qiu, T., Ge, Z., Lee, S., Wang, J., Xu, J., & Zhao, Q. In Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference (pp. 430-441). ACM.https://dl.acm.org/citation.cfm?id=1644945

24

Topic 20 (Tolga Arul): IPTV User Behavior Simulation II

Background: ▪ Simulation of realistic IPTV user behavior is used for

different types of estimations and evaluations of newly developed algorithms

▪ Simulations are based on user models ▪ Many different user models with varying degree of accuracy

exist ▪ The targeted implementation uses a model derived from

empirical data

Task: Implement user behavior model presented in [2] as a plugin in a Java-based simulation framework [2] Abdollahpouri A., Wolfinger B.E., Lai J., and Vinti C. “Elaboration and Formal Description of IPTV User Models and Their Application to IPTV System Analysis,” MMBnet2011, 15-16 Sep. 2011, Hamburg, Germany.