promotor: prof.dr. L. Batina (RU)
copromotor: dr. J.H. Hoepman (RU)
Radboud Universiteit Nijmegen
Date: 9 October, 2017, 14.30
This thesis presents technological tools for ensuring privacy of communication on the Internet and in the Internet of Things (IoT). IoT was envisioned decades ago as a ubiquitous network comprising everyday things that can sense, change, and process information about their environment. IoT promises to be highly heterogeneous in terms of devices and networks. Devices in IoT can be powerful or lightweight in terms of computation ability and available power; they can also be stationary or mobile with potentially unstable connections. Networks comprising IoT can vary from networks of devices located in closest proximity to each other to networks of devices located at large distances.
Existing IoT solutions differ from those originally envisioned. One of the important differences is their heavy reliance on a single network, namely the Internet. A typical IoT consumer product nowadays is an appliance or a gadget connected via the Internet to a backend, usually an IoT cloud. Often an IoT device can be remotely controlled though another gadget connected to the same cloud. Without this connection, IoT devices offer either very limited functionality, or none at all. For this reason we also consider the Internet when talking about privacy in the Internet of Things.
In many communication scenarios it is not sufficient to protect only the content of the communication; it is also necessary to protect the identity of the communicating parties. Communication on the Internet requires information that can be used to reveal the identity of users in order to perform almost any function. For example, Internet communication protocols reveal the network addresses of both senders and receivers, making them vulnerable to identification and tracking. Transactions that are performed via the Internet often require identifiers and identifying information about users for a wide range of functions such as authentication, authorization, and information filtering. Transactions linked to the same identifier are traceable, and ultimately also make users traceable; hence their privacy is threatened.
This thesis explores protocols for providing communication privacy both on the Internet and in networks of devices located in close proximity to each other. We consider a range of connected devices, from lightweight in terms of computational power and available power to computationally powerful ones. For different network and device types we select concrete protocols that provide privacy protection by minimizing the information revealed either by communication protocols or by applications.
In Chapter 3 we study users’ transactions in the IoT, in particular requests made from users’ devices to the services to which these users are subscribed. We apply attribute-based (AB) authentication to provide privacy by ensuring unlinkability between these transactions. In addition, we demonstrate that the use of AB authentication provides users with control over their personal data and achieves data minimization and purpose limitation, both important principles in informational privacy.
Chapter 4 considers privacy friendly protocols that detect matching attributes between two RFID tags and a reader. These protocols succeed without revealing attribute values to either RFID reader or another RFID tag. The protocols presented can perform attribute matching to multiple attributes per tag to broaden the range of possible applications of the protocols. They are also very efficient in terms of computation. Specifically, one of the protocols presented in this chapter only needs a lightweight hash function implemented on the tags. Two other protocols additionally need asymmetric encryption, which is feasible with more powerful tags.
Chapter 5 examines anonymous communication protocols. In particular, it proposes a solution to a anonymous scheduling problem of the Dining Cryptographer protocol proposed by Chaum in 1988. This protocol provides strong anonymity guarantees, however they come at the price of limited performance and scalability and multiple issues that make deployment complicated in practice. In this chapter we address one of those issues, namely slot reservation. We propose footprint scheduling as a new technique for participants to negotiate communication slots without losing anonymity and at the same time hiding the number of actively sending users. Footprint scheduling is at the same time simple and efficient and it yields excellent results, in particular in very dynamic networks with a frequently changing set of participants and frequently changing activity rate.
Chapter 6 introduces a tool called Elligator, which deals with censorship prevention. Elligator hides the fact that communicating parties perform key exchange. This prevents differentiating and blocking users based on the type of protocol they use. For example, such blocking can happen to anonymous communication systems, when they are forbidden or used as a censorship-circumvention tool. Elligator makes patterns in the information transmitted during key exchange unrecognizable, in particular elliptic curve points. These points are transmitted during a key exchange in elliptic curve cryptography.
Chapter 7 presents a new version of a well-known approach to providing anonymous communication. This involves the use of mix-nets, which guarantees strong protections. The new protocol makes mixnets suitable for lightweight devices within IoT. The core protocol requires clients to perform public-key operations only once, during registration. Through precomputation, all real-time public-key operations are eliminated—at the senders, recipients, and mixnodes—thus decreasing cryptographic latency and reducing computational costs for clients. The core real-time phase performs only a few fast modular multiplications. These properties make Lightmix suitable for low-latency applications on lightweight devices, while retaining the excellent privacy guarantees of mix-nets, including unlinkability of senders and receivers, and resistance to many traffic-analysis attacks.