1 Trust-based Privacy Preservation for Peer-to-peer Data Sharing Y. Lu, W. Wang, D. Xu, and B. Bhargava yilu, wangwc, dxu, cs.purdue.edu Department.

Slides:

Advertisements

Similar presentations

Aaron Johnson with Joan Feigenbaum Paul Syverson

Advertisements

11/2/2013 2:02:38 AM 5864_ER_FED 1 Importing Certificates into Lotus Notes R6.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

ACHIEVING NETWORK LEVEL PRIVACY IN WIRELESS SENSOR NETWORKS.

© Ravi Sandhu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

Security Issues In Mobile IP

Multihoming and Multi-path Routing

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE e Security IEEE Task Group.

1 Formal Modeling & Verification of Messaging Framework of Simple Object Access Protocol (SOAP) Manzur Ashraf Faculty,BRAC University.

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

1 Data-Oriented Network Architecture (DONA) Scott Shenker (M. Chowla, T. Koponen, K. Lakshminarayanan, A. Ramachandran, A. Tavakoli, I. Stoica)

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Location Based Services and Privacy Issues

Chapter 10 Real world security protocols

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,

1 Internet Protocol: Routing IP Datagrams D. E. Comer, “Internetworking with TCP/IP: Principles, Protocols and Architectures”, Ch. 8, Prentice Hall, 2000.

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.

Opportunistic Multipath Forwarding in Publish/Subscribe Systems Reza Sherafat Kazemzadeh AND Hans-Arno Jacobsen Middleware Systems Research Group University.

Addition 1’s to 20.

1 12/18/ :21 Chapter 12Bridges1 Rivier College CS575: Advanced LANs Chapter 12: Bridges.

Communication and Functional Models

Off-the-Record Communication, or, Why Not To Use PGP

A Dummy-based Anonymization Method Based on User Trajectory with Pauses Ryo Kato, Mayu Iwata, Takahiro Hara, Akiyoshi Suzuki, Shojiro Nishio Osaka University.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Privacy Protection In Grid Computing System Presented by Jiaying Shi.

1 Trust and Privacy in Authorization Bharat Bhargava Yuhui Zhong Leszek Lilien CERIAS Security Center CWSA Wireless Center Department of CS and ECE Purdue.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Distributed DBMS© 2001 M. Tamer Özsu & Patrick Valduriez Page 0.1 Outline Introduction Background Distributed DBMS Architecture Distributed Database Design.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Multicast Security CS239 Advanced Network Security April 16 th, 2003 Yuken Goto.

Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

Anonymity on the Internet Presented by Randy Unger.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

PR SM A Secure Code Deployment Scheme for Active Networks Amdjed Mokhtari Leïla Kloul 22 November 2005.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

SAODV and Distributed Key Management Mark Guzman, Jeff Walter, Dan Bress, Pradhyumna Wani.

KAIS T AO2P: Ad Hoc On-Demand Position- Based Private Routing Protocol IEEE Transactions on Mobile Computing Vol.4, No. 3, May 2005 Xiaoxin Wu

Chapter 40 Network Security (Access Control, Encryption, Firewalls)

A Security Framework with Trust Management for Sensor Networks Zhiying Yao, Daeyoung Kim, Insun Lee Information and Communication University (ICU) Kiyoung.

TrustMe: Anonymous Management of Trust Relationships in Decentralized P2P System Aameek Singh, Ling Liu College of Computing, Georgia Tech International.

Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.

Securing Access to Data Using IPsec Josh Jones Cosc352.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Cryptography CSS 329 Lecture 13:SSL.

1 SFS: Secure File Sharing For Dynamic Groups In Cloud Shruthi Suresh M-tech CSE RCET.

Zueyong Zhu† and J. William Atwood‡

Amar B. Patel , Shushan Zhao

Formalization of Trust, Fraud, and Vulnerability Analysis

Trust-based Privacy Preservation for Peer-to-peer Data Sharing

Presentation transcript:

1 Trust-based Privacy Preservation for Peer-to-peer Data Sharing Y. Lu, W. Wang, D. Xu, and B. Bhargava yilu, wangwc, dxu, cs.purdue.edu Department of Computer Sciences Purdue University The work is supported by NSF ANI and IIS

2 Problem statement Privacy in peer-to-peer systems is different from the anonymity problem Preserve privacy of requester A mechanism is needed to remove the association between the identity of the requester and the data needed

3 Proposed solution A mechanism is proposed that allows the peers to acquire data through trusted proxies to preserve privacy of requester The data request is handled through the peer’s proxies The proxy can become a supplier later and mask the original requester

4 Related work Trust in privacy preservation Authorization based on evidence and trust, [Bhargava and Zhong, DaWaK’02] Developing pervasive trust [Lilien, CGW’03] Hiding the subject in a crowd K-anonymity [Sweeney, UFKS’02] Broadcast and multicast [Scarlata et al, INCP’01]

5 Related work (2) Fixed servers and proxies Publius [Waldman et al, USENIX’00] Building a multi-hop path to hide the real source and destination FreeNet [Clarke et al, IC’02] Crowds [Reiter and Rubin, ACM TISS’98] Onion routing [Goldschlag et al, ACM Commu.’99]

6 Related work (3) [Sherwood et al, IEEE SSP’02] provides sender-receiver anonymity by transmitting packets to a broadcast group Herbivore [Goel et al, Cornell Univ Tech Report’03] Provides provable anonymity in peer-to-peer communication systems by adopting dining cryptographer networks

7 Privacy measurement A tuple is defined to describe a data acquirement. For each element, “0” means that the peer knows nothing, while “1” means that it knows everything. A state in which the requester’s privacy is compromised can be represented as a vector, (y Є [0,1]) from which one can link the ID of the requester to the data that it is interested in.

8 For example, line k represents the states that the requester’s privacy is compromised. Privacy measurement (2)

9 Mitigating collusion An operation “*” is defined as: This operation describes the revealed information after a collusion of two peers when each peer knows a part of the “secret”. The number of collusions required to compromise the secret can be used to evaluate the achieved privacy

10 Trust based privacy preservation scheme The requester asks one proxy to look up the data on its behalf. Once the supplier is located, the proxy will get the data and deliver it to the requester Advantage: other peers, including the supplier, do not know the real requester Disadvantage: The privacy solely depends on the trustworthiness and reliability of the proxy

11 Trust based scheme – Improvement 1 To avoid specifying the data handle in plain text, the requester calculates the hash code and only reveals a part of it to the proxy. The proxy sends it to possible suppliers. Receiving the partial hash code, the supplier compares it to the hash codes of the data handles that it holds. Depending on the revealed part, multiple matches may be found. The suppliers then construct a bloom filter based on the remaining parts of the matched hash codes and send it back. They also send back their public key certificates.

12 Trust based scheme – Improvement 1 Examining the filters, the requester can eliminate some candidate suppliers and finds some who may have the data. It then encrypts the full data handle and a data transfer key with the public key. The supplier sends the data back using through the proxy Advantages: It is difficult to infer the data handle through the partial hash code The proxy alone cannot compromise the privacy Through adjusting the revealed hash code, the allowable error of the bloom filter can be determined

13 Data transfer procedure after improvement 1 R: requester S: supplier Step 1, 2: R sends out the partial hash code of the data handle Step 3, 4: S sends the bloom filter of the handles and the public key certificates Step 5, 6: R sends the data handle and encrypted by the public key Step 7, 8: S sends the required data encrypted by Requester Proxy of Supplier Requester

14 Trust based scheme – Improvement 2 The above scheme does not protect the privacy of the supplier To address this problem, the supplier can respond to a request via its own proxy

15 Trust based scheme – Improvement 2 Requester Proxy of Proxy of Supplier Requester Supplier

16 Trustworthiness of peers The trust value of a proxy is assessed based on its behaviors and other peers’ recommendations Using Kalman filtering, the trust model can be built as a multivariate, time- varying state vector

17 Experimental platform - TERA Trust enhanced role mapping (TERM) server assigns roles to users based on Uncertain & subjective evidences Dynamic trust Reputation server Dynamic trust information repository Evaluate reputation from trust information by using algorithms specified by TERM server

18 Trust enhanced role assignment architecture (TERA)

19 Conclusion A trust based privacy preservation method for peer-to-peer data sharing is proposed It adopts the proxy scheme during the data acquirement Extensions Solid analysis and experiments on large scale networks are required A security analysis of the proposed mechanism is required

20 Related publication B. Bhargava and Y. Zhong, “Authorization based on evidence and trust,” in Proc. of International Conference on Data Warehousing and Knowledge Discovery (DaWaK), 2002 B. Bhargava, “Vulnerabilities and fraud in computing systems,” in Proc. of International Conference on Advances in Internet, Processing, Systems, and Interdisciplinary Research (IPSI), L. Lilien and A. Bhargava, “From vulnerabilities to trust: A road to trusted computing,” in Proc. of International Conference on Advances in Internet, Processing, Systems, and Interdisciplinary Research (IPSI), L. Lilien, “Developing pervasive trust paradigm for authentication and authorization,” in Proc. of Third Cracow Grid Workshop (CGW), 2003.