Pub Date : 2014-05-11DOI: 10.1109/PRISMS.2014.6970598
Zeeshan Bilal, K. Martin
This paper is concerned with RFID tagged objects in a supply chain management system. Such objects are read by multiple readers both in known locations (secure zone with online readers) as well as unknown locations (insecure zone with offline readers). In the secure zone, the primary requirement is to read a large number of tags with high speed. In the insecure zone, the primary requirement is to preserve the privacy of a tagged object. We present an EPCglobal Class-1 Gen-2 Version 1.2.0 standard compliant scheme which allows RFID tags to be authenticated by readers throughout the supply chain lifecycle while meeting the requirements of both the secure and insecure zones.
本文研究的是供应链管理系统中RFID标签物品。这样的对象可以被位于已知位置(在线阅读器的安全区域)和未知位置(离线阅读器的不安全区域)的多个阅读器读取。在安全区域内,主要要求是高速读取大量标签。在不安全区域,主要的需求是保护被标记对象的隐私。我们提出了一个EPCglobal Class-1 Gen-2 Version 1.2.0标准兼容方案,该方案允许RFID标签在整个供应链生命周期中由读取器进行身份验证,同时满足安全和不安全区域的要求。
{"title":"Adaptive online/offline RFID scheme for supply chain management systems","authors":"Zeeshan Bilal, K. Martin","doi":"10.1109/PRISMS.2014.6970598","DOIUrl":"https://doi.org/10.1109/PRISMS.2014.6970598","url":null,"abstract":"This paper is concerned with RFID tagged objects in a supply chain management system. Such objects are read by multiple readers both in known locations (secure zone with online readers) as well as unknown locations (insecure zone with offline readers). In the secure zone, the primary requirement is to read a large number of tags with high speed. In the insecure zone, the primary requirement is to preserve the privacy of a tagged object. We present an EPCglobal Class-1 Gen-2 Version 1.2.0 standard compliant scheme which allows RFID tags to be authenticated by readers throughout the supply chain lifecycle while meeting the requirements of both the secure and insecure zones.","PeriodicalId":272766,"journal":{"name":"2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130057824","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-05-11DOI: 10.1109/PRISMS.2014.6970592
Faysal Boukayoua, B. Decker, Vincent Naessens
During the recent years, smartphones and tablets have become a fixture of daily life. They are used to run ever more tasks and services. Unfortunately, when it comes to password management, users are confronted with greater security and usability concerns than in the non-mobile world. This work presents a password manager for Android that can accommodate any app. Existing platform mechanisms are leveraged to better protect against malware and device theft, than current solutions. Our approach also provides significant usability improvements. No modifications are required to existing applications or to the mobile platform.
{"title":"A keyboard that manages your passwords in Android","authors":"Faysal Boukayoua, B. Decker, Vincent Naessens","doi":"10.1109/PRISMS.2014.6970592","DOIUrl":"https://doi.org/10.1109/PRISMS.2014.6970592","url":null,"abstract":"During the recent years, smartphones and tablets have become a fixture of daily life. They are used to run ever more tasks and services. Unfortunately, when it comes to password management, users are confronted with greater security and usability concerns than in the non-mobile world. This work presents a password manager for Android that can accommodate any app. Existing platform mechanisms are leveraged to better protect against malware and device theft, than current solutions. Our approach also provides significant usability improvements. No modifications are required to existing applications or to the mobile platform.","PeriodicalId":272766,"journal":{"name":"2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130321013","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-05-11DOI: 10.1109/PRISMS.2014.6970601
Peter Teufl, Thomas Zefferer, Christoph Wörgötter, Alexander Oprisnik, Daniel M. Hein
With 6.1 trillion text messages sent in 2010 alone, short message service (SMS) is still one of the most popular mobile communication services. Due to its continuing popularity, SMS technology is nowadays used in various fields of application. This also includes security-sensitive fields such as e-banking, or e-government. In these fields, SMS technology is for instance employed to authorize financial transactions or the creation of qualified electronic signatures. Modern smartphone platforms such as Google Android provide application developers with the means to include SMS functionality. This can be beneficial in most cases but also facilitates the implementation of malware that is able to send and receive SMS messages unnoticed by the legitimate end user. In this context, SMS sniffers and SMS catchers have recently attracted attention. This kind of malware intercepts incoming SMS messages either to spy on security-sensitive data transmitted via SMS or to receive SMS-based malware control commands. For security-sensitive SMS-based applications, SMS catchers pose a serious threat. A recent attack on SMS-based e-banking systems has employed SMS catchers on smartphones to steal 36.000.000 Euro from corporate and private bank accounts in Europe. Unfortunately, security software for smartphones is still in the fledging stages and current solutions are not able to reliably detect SMS catchers. To overcome this problem, we introduce different methods to detect SMS sniffers and SMS catchers on smartphones. We discuss benefits and limitations of the proposed methods and show how these methods can be assembled to a comprehensive detection workflow for SMS-based malware. By providing means to detect SMS catchers and sniffers on smartphones, our work contributes to the security of current and future SMS-based applications.
{"title":"Android - On-device detection of SMS catchers and sniffers","authors":"Peter Teufl, Thomas Zefferer, Christoph Wörgötter, Alexander Oprisnik, Daniel M. Hein","doi":"10.1109/PRISMS.2014.6970601","DOIUrl":"https://doi.org/10.1109/PRISMS.2014.6970601","url":null,"abstract":"With 6.1 trillion text messages sent in 2010 alone, short message service (SMS) is still one of the most popular mobile communication services. Due to its continuing popularity, SMS technology is nowadays used in various fields of application. This also includes security-sensitive fields such as e-banking, or e-government. In these fields, SMS technology is for instance employed to authorize financial transactions or the creation of qualified electronic signatures. Modern smartphone platforms such as Google Android provide application developers with the means to include SMS functionality. This can be beneficial in most cases but also facilitates the implementation of malware that is able to send and receive SMS messages unnoticed by the legitimate end user. In this context, SMS sniffers and SMS catchers have recently attracted attention. This kind of malware intercepts incoming SMS messages either to spy on security-sensitive data transmitted via SMS or to receive SMS-based malware control commands. For security-sensitive SMS-based applications, SMS catchers pose a serious threat. A recent attack on SMS-based e-banking systems has employed SMS catchers on smartphones to steal 36.000.000 Euro from corporate and private bank accounts in Europe. Unfortunately, security software for smartphones is still in the fledging stages and current solutions are not able to reliably detect SMS catchers. To overcome this problem, we introduce different methods to detect SMS sniffers and SMS catchers on smartphones. We discuss benefits and limitations of the proposed methods and show how these methods can be assembled to a comprehensive detection workflow for SMS-based malware. By providing means to detect SMS catchers and sniffers on smartphones, our work contributes to the security of current and future SMS-based applications.","PeriodicalId":272766,"journal":{"name":"2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)","volume":"87 8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121042659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-05-11DOI: 10.1109/PRISMS.2014.6970600
Dominik Ziegler, Mattias Rauter, Christof Stromberger, Peter Teufl, Daniel M. Hein
Many systems rely on passwords for authentication. Due to numerous accounts for different services, users have to choose and remember a significant number of passwords. Password-Manager applications address this issue by storing the user's passwords. They are especially useful on mobile devices, because of the ubiquitous access to the account passwords. Password-Managers often use key derivation functions to convert a master password into a cryptographic key suitable for encrypting the list of passwords, thus protecting the passwords against unauthorized, off-line access. Therefore, design and implementation flaws in the key derivation function impact password security significantly. Design and implementation problems in the key derivation function can render the encryption on the password list useless, by for example allowing efficient bruteforce attacks, or - even worse - direct decryption of the stored passwords. In this paper, we analyze the key derivation functions of popular Android Password-Managers with often startling results. With this analysis, we want to raise the awareness of developers of security critical apps for security, and provide an overview about the current state of implementation security of security-critical applications.
{"title":"Do you think your passwords are secure?","authors":"Dominik Ziegler, Mattias Rauter, Christof Stromberger, Peter Teufl, Daniel M. Hein","doi":"10.1109/PRISMS.2014.6970600","DOIUrl":"https://doi.org/10.1109/PRISMS.2014.6970600","url":null,"abstract":"Many systems rely on passwords for authentication. Due to numerous accounts for different services, users have to choose and remember a significant number of passwords. Password-Manager applications address this issue by storing the user's passwords. They are especially useful on mobile devices, because of the ubiquitous access to the account passwords. Password-Managers often use key derivation functions to convert a master password into a cryptographic key suitable for encrypting the list of passwords, thus protecting the passwords against unauthorized, off-line access. Therefore, design and implementation flaws in the key derivation function impact password security significantly. Design and implementation problems in the key derivation function can render the encryption on the password list useless, by for example allowing efficient bruteforce attacks, or - even worse - direct decryption of the stored passwords. In this paper, we analyze the key derivation functions of popular Android Password-Managers with often startling results. With this analysis, we want to raise the awareness of developers of security critical apps for security, and provide an overview about the current state of implementation security of security-critical applications.","PeriodicalId":272766,"journal":{"name":"2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127318045","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-05-11DOI: 10.1109/PRISMS.2014.6970595
M. R. Mishra, J. Kar, B. Majhi
The article proposes one-pass authenticated key establishment protocol in random oracles for Wireless Sensor Networks. Security of the protocol relies on Computational Diffie-Hellman Problem on Bilinear Pairings. In one-pass key establishment protocol, the initiator computes a session key and a related message. The key token is to be sent to the intended receiver using receiver's public key and sender secret key. From the received key token the receiver compute the session key, which is the same as the one computed by the sender, using sender public key and receiver's secret key. Because of low communication overhead, the scheme is better suited for Wireless Sensor Networks(WSNs) than the traditional key establishment protocol to establish the session key between two adjacent nodes
{"title":"One-pass authenticated key establishment protocol on bilinear pairings for Wireless Sensor Networks","authors":"M. R. Mishra, J. Kar, B. Majhi","doi":"10.1109/PRISMS.2014.6970595","DOIUrl":"https://doi.org/10.1109/PRISMS.2014.6970595","url":null,"abstract":"The article proposes one-pass authenticated key establishment protocol in random oracles for Wireless Sensor Networks. Security of the protocol relies on Computational Diffie-Hellman Problem on Bilinear Pairings. In one-pass key establishment protocol, the initiator computes a session key and a related message. The key token is to be sent to the intended receiver using receiver's public key and sender secret key. From the received key token the receiver compute the session key, which is the same as the one computed by the sender, using sender public key and receiver's secret key. Because of low communication overhead, the scheme is better suited for Wireless Sensor Networks(WSNs) than the traditional key establishment protocol to establish the session key between two adjacent nodes","PeriodicalId":272766,"journal":{"name":"2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)","volume":"39 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120982285","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-05-11DOI: 10.1109/PRISMS.2014.6970594
Mohamed Abomhara, G. M. Køien
The Internet of Things at large will foster billions of devices, people and services to interconnect and exchange information and useful data. As IoT systems will be ubiquitous and pervasive, a number of security and privacy issues will arise. Credible, economical, efficient and effective security and privacy for IoT are required to ensure exact and accurate confidentiality, integrity, authentication, and access control, among others. In this paper, the IoT vision, existing security threats, and open challenges in the domain of IoT are discussed. The current state of research on IoT security requirements is discussed and future research directions with respect to IoT security and privacy are presented.
{"title":"Security and privacy in the Internet of Things: Current status and open issues","authors":"Mohamed Abomhara, G. M. Køien","doi":"10.1109/PRISMS.2014.6970594","DOIUrl":"https://doi.org/10.1109/PRISMS.2014.6970594","url":null,"abstract":"The Internet of Things at large will foster billions of devices, people and services to interconnect and exchange information and useful data. As IoT systems will be ubiquitous and pervasive, a number of security and privacy issues will arise. Credible, economical, efficient and effective security and privacy for IoT are required to ensure exact and accurate confidentiality, integrity, authentication, and access control, among others. In this paper, the IoT vision, existing security threats, and open challenges in the domain of IoT are discussed. The current state of research on IoT security requirements is discussed and future research directions with respect to IoT security and privacy are presented.","PeriodicalId":272766,"journal":{"name":"2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125438278","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-05-11DOI: 10.1109/PRISMS.2014.6970599
Peter Teufl, Andreas Fitzek, Daniel M. Hein, Alexander Marsalek, Alexander Oprisnik, Thomas Zefferer
The high usability of smartphones and tablets is embraced by consumers as well as the corporate and public sector. However, especially in the non-consumer area the factor security plays a decisive role for the platform-selection process. All of the current companies within the mobile device sector added a wide range of security features to the initially consumer-oriented devices (Apple, Google, Microsoft), or have dealt with security as a core feature from the beginning (RIM, now Blackerry). One of the key security features for protecting data on the device or in device backups are encryption systems, which are available in the majority of current devices. However, even under the assumption that the systems are implemented correctly, there is a wide range of parameters, specific use cases, and weaknesses that need to be considered when deploying mobile devices in security-critical environments. As the second part in a series of papers (the first part was on iOS), this work analyzes the deployment of the Android platform and the usage of its encryption systems within a security-critical context. For this purpose, Android's different encryption systems are assessed and their susceptibility to different attacks is analyzed in detail. Based on these results a workflow is presented, which supports deployment of the Android platform and usage of its encryption systems within security-critical application scenarios.
{"title":"Android encryption systems","authors":"Peter Teufl, Andreas Fitzek, Daniel M. Hein, Alexander Marsalek, Alexander Oprisnik, Thomas Zefferer","doi":"10.1109/PRISMS.2014.6970599","DOIUrl":"https://doi.org/10.1109/PRISMS.2014.6970599","url":null,"abstract":"The high usability of smartphones and tablets is embraced by consumers as well as the corporate and public sector. However, especially in the non-consumer area the factor security plays a decisive role for the platform-selection process. All of the current companies within the mobile device sector added a wide range of security features to the initially consumer-oriented devices (Apple, Google, Microsoft), or have dealt with security as a core feature from the beginning (RIM, now Blackerry). One of the key security features for protecting data on the device or in device backups are encryption systems, which are available in the majority of current devices. However, even under the assumption that the systems are implemented correctly, there is a wide range of parameters, specific use cases, and weaknesses that need to be considered when deploying mobile devices in security-critical environments. As the second part in a series of papers (the first part was on iOS), this work analyzes the deployment of the Android platform and the usage of its encryption systems within a security-critical context. For this purpose, Android's different encryption systems are assessed and their susceptibility to different attacks is analyzed in detail. Based on these results a workflow is presented, which supports deployment of the Android platform and usage of its encryption systems within security-critical application scenarios.","PeriodicalId":272766,"journal":{"name":"2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130416202","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-05-11DOI: 10.1109/PRISMS.2014.6970596
Huihui Yang, V. Oleshchuk
Batch authentication is the way to authenticate multiple users simultaneously to provide better efficiency. In [1], three batch authentication protocols are proposed based on different primitives, to provide simultaneous authentication of multiple users in online social networks (OSNs). In this paper, we briefly introduce the original protocols, describe their security vulnerabilities and related attacks, and propose modifications to make them secure again.
批量身份验证是同时对多个用户进行身份验证,以提供更高的效率。文献[1]基于不同的原语,提出了三种批量认证协议,以实现在线社交网络(online social network, osn)中多个用户的同时认证。本文简要介绍了原始协议,描述了其安全漏洞和相关攻击,并提出了修改建议,使其再次安全。
{"title":"An improvement of the batch-authentication and key agreement framework for P2P-based online social networks","authors":"Huihui Yang, V. Oleshchuk","doi":"10.1109/PRISMS.2014.6970596","DOIUrl":"https://doi.org/10.1109/PRISMS.2014.6970596","url":null,"abstract":"Batch authentication is the way to authenticate multiple users simultaneously to provide better efficiency. In [1], three batch authentication protocols are proposed based on different primitives, to provide simultaneous authentication of multiple users in online social networks (OSNs). In this paper, we briefly introduce the original protocols, describe their security vulnerabilities and related attacks, and propose modifications to make them secure again.","PeriodicalId":272766,"journal":{"name":"2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)","volume":"142 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116380127","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-05-11DOI: 10.1109/PRISMS.2014.6970593
Jani Suomalainen, Antti Evesti, A. Kotelba
New security solutions in the physical communication layer - secret key extraction from the radio channel and information-theoretic secrecy - protect confidentiality of communication without cryptographic establishment of secret keys. Unfortunately, they currently lack authentication. Cryptographic mechanisms are still needed to secure the first contact between previously unknown devices - to guarantee that security pairings are made as the user intends. In this paper, we contribute by analyzing how five different security pairing approaches can be realized or complemented with physical layer solutions. We propose new solutions for replacing the use of expensive crypto algorithms with secret key extraction. We note that information-theoretic secrecy solutions are less capable of surviving without cryptographic authentication. However, in some information-theoretic secrecy approaches, secure out-of-band delivery of channel state information can authenticate receivers.
{"title":"Security pairings using physical layer properties of wireless communications","authors":"Jani Suomalainen, Antti Evesti, A. Kotelba","doi":"10.1109/PRISMS.2014.6970593","DOIUrl":"https://doi.org/10.1109/PRISMS.2014.6970593","url":null,"abstract":"New security solutions in the physical communication layer - secret key extraction from the radio channel and information-theoretic secrecy - protect confidentiality of communication without cryptographic establishment of secret keys. Unfortunately, they currently lack authentication. Cryptographic mechanisms are still needed to secure the first contact between previously unknown devices - to guarantee that security pairings are made as the user intends. In this paper, we contribute by analyzing how five different security pairing approaches can be realized or complemented with physical layer solutions. We propose new solutions for replacing the use of expensive crypto algorithms with secret key extraction. We note that information-theoretic secrecy solutions are less capable of surviving without cryptographic authentication. However, in some information-theoretic secrecy approaches, secure out-of-band delivery of channel state information can authenticate receivers.","PeriodicalId":272766,"journal":{"name":"2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)","volume":"92 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124271898","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2014-05-11DOI: 10.1109/PRISMS.2014.6970597
Mirco Schönfeld, M. Werner
Due to the rise of mobile computing and smartphones, a lot of information about groups has become accessible. This information shall often be kept secret. Hence distributed algorithms for privacy-preserving distribution estimation are needed. Most research currently focuses on privacy in a database, where a single entity has collected the secret information and privacy is ensured between query results and the database. In fully distributed systems such as sensor networks it is often infeasible to move the data towards a central entity for processing. Instead, distributed algorithms are needed. With this paper we propose a fully distributed, privacy-friendly, consensus-based approach. In our approach all nodes cooperate to generate a sufficiently random obfuscation of their secret values until the estimated and obfuscated values of the individual nodes can be safely published. Then the calculations can be done on this replacement containing only non-secret values but recovering some aspects (mean, standard deviation) of the original distribution.
{"title":"Distributed privacy-preserving mean estimation","authors":"Mirco Schönfeld, M. Werner","doi":"10.1109/PRISMS.2014.6970597","DOIUrl":"https://doi.org/10.1109/PRISMS.2014.6970597","url":null,"abstract":"Due to the rise of mobile computing and smartphones, a lot of information about groups has become accessible. This information shall often be kept secret. Hence distributed algorithms for privacy-preserving distribution estimation are needed. Most research currently focuses on privacy in a database, where a single entity has collected the secret information and privacy is ensured between query results and the database. In fully distributed systems such as sensor networks it is often infeasible to move the data towards a central entity for processing. Instead, distributed algorithms are needed. With this paper we propose a fully distributed, privacy-friendly, consensus-based approach. In our approach all nodes cooperate to generate a sufficiently random obfuscation of their secret values until the estimated and obfuscated values of the individual nodes can be safely published. Then the calculations can be done on this replacement containing only non-secret values but recovering some aspects (mean, standard deviation) of the original distribution.","PeriodicalId":272766,"journal":{"name":"2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)","volume":"2014 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125997398","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: