Personen
Leitung
Mitarbeitende
- Dr. Henning Kopp
- Dr. David Mödinger
Förderung
Baden-Württemberg Stiftung von 10.2015 bis 9.2018
Links
PriCloud ist ein von der Baden-Württemberg Stiftung gefördertes Forschungsprojekt. Ziel des Projektes ist das Design und die Evaluierung eines verteilten Dateispeichers der die Privacy seiner Kunden schützt und eine Basis für die produktive Nutzung schafft.
Da Geheimdienste normalerweise den Serviceprovider dazu zwingen können Zugang zu allen Daten und Ressourcen zu gewähren, benötigen wir einen Cloud-storage der Serviceanbieter daran hindert zu erfahren wer welche Daten speichert. Im besten Fall weiß der Provider nicht einmal, welche Operationen auf welchen Daten durchgeführt werden und wer diese durchführt. Jedoch erfordern Geschäftsmodelle, dass ein Zahlungsfluss vom Kunden zum Serviceprovider besteht. Mit diesem Projekt wollen wir diesen scheinbar unlösbaren Widerspruch auflösen.
Unser Design beachtet Privacy und Security von Anfang an und basiert auf den neuesten Entwicklungen in Privacy enhancing technologies, während wir eine Security und Privacy by Design Philosophie verfolgen. Da Schutz der Privatsphäre oft mit zusätzlichen Kosten einher geht, der Skalierbarkeit widerspricht, beachten wir nicht nur die Sicherheit unseres Systems, sondern auch die Kompromisse zwischen den Beiden. Wir arbeiten auch an Mechanismen um diese Problem zu lösen.
Inspiriert von Filecoin integrieren wir einen Mechanismus für anonyme Bezahlung in unseren dezentralen Speicher und schaffen dadurch Anreize zur Teilnahme. So schaffen wir ein Fundament, damit kommerzielle Anbieter als Speicheranbieter in unserem System teilnehmen können.
Unter dem Titel PriCom wurde nach Auslaufen der Förderung der Kommunikationsanteil des Projekts weiter untersucht. Das Ziel war hier eine Kommunikationsprotokoll zu etablieren, mit dem PriCloud-Interaktionen die Privatsphäre erhalten, d.h. niemand nachvollziehen kann, wer Transaktionen auf der Blockchain oder im Cloud-Speicher vorgenommen hat.
Zugehörige Publikationen
2021
Mödinger, D., Heß, A. and Hauck, F.J. 2021. Arbitrary Length k-Anonymous Dining-Cryptographers Communication. CoRR. abs/2103.17091, (Mar. 2021).
Dining-cryptographers networks (DCN) can achieve information-theoretical privacy. Unfortunately, they are not well suited for peer-to-peer networks as they are used in blockchain applications to disseminate transactions and blocks among par- ticipants. In previous but preliminary work, we proposed a three- phase approach with an initial phase based on a DCN with a group size of k while later phases take care of the actual broadcast within a peer-to-peer network. This paper describes our DCN protocol in detail and adds a performance evaluation powered by our proof-of-concept implementation. Our contributions are (i) an extension of the DCN protocol by von Ahn for fair delivery of arbitrarily long messages sent by potentially multiple senders, (ii) a privacy and security analysis of this extension, (iii) various performance optimisation especially for best-case operation, and (iv) a performance evaluation. The latter uses a latency of 100 ms and a bandwidth limit of 50 Mbit s−1 between participants. The interquartile range of the largest test of the highly secured version took 35s ± 1.25s for a full run. All tests of the optimized common-case mode show the dissemination of a message within 0.5s ± 0.1s. These results compare favourably to previously established protocols for k-anonymous transmission of fixed size messages, outperforming the original protocol for messages as small as 2 KiB.
Mödinger, D., Dispan, J. and Hauck, F.J. 2021. Shared-Dining: Broadcasting Secret Shares using Dining-Cryptographers Groups. CoRR. abs/2104.03032, (2021).
A k-anonymous broadcast can be implemented using a small group of dining cryptographers to first share the message, followed by a flooding phase started by group members. Members have little incentive to forward the message in a timely manner, as forwarding incurs costs, or they may even profit from keeping the message. In worst case, this leaves the true originator as the only sender, rendering the dining-cryptographers phase useless and compromising their privacy. We present a novel approach using a modified dining-cryptographers protocol to distributed shares of an (n,k)-Shamir's secret sharing scheme. Finally, all group members broadcast their received share through the network, allowing any recipient of k shares to reconstruct the message, enforcing anonymity. If less than k group members broadcast their shares, the message cannot be decoded thus preventing privacy breaches for the originator. Our system provides (n-|attackers|)-anonymity for up to k-1 attackers and has little performance impact on dissemination. We show these results in a security analysis and performance evaluation based on a proof-of-concept prototype. Throughput rates between 10 and 100 kB/s are enough for many real applications with high privacy requirements, e.g., financial blockchain system.
Mödinger, D., Dispan, J. and Hauck, F.J. 2021. Shared-Dining: Broadcasting Secret Shares Using Dining-Cryptographers Groups. Distributed Applications and Interoperable Systems – DAIS (2021), 83–98.
We introduce a combination of Shamir's secret sharing and dining-cryptographers networks, which provides (n-|attackers|))-anonymity for up to k-1 attackers and has manageable performance impact on dissemination. A k-anonymous broadcast can be implemented using a small group of dining cryptographers to first share the message, followed by a flooding phase started by group members. Members have little incentive to forward the message in a timely manner, as forwarding incurs costs, or they may even profit from keeping the message. In worst case, this leaves the true originator as the only sender, rendering the dining-cryptographers phase useless and compromising their privacy. We present a novel approach using a modified dining-cryptographers protocol to distributed shares of an (n, k)-Shamir's secret sharing scheme. All group members broadcast their received share through the network, allowing any recipient of k shares to reconstruct the message, enforcing anonymity. If less than k group members broadcast their shares, the message cannot be decoded thus preventing privacy breaches for the originator. We demonstrate the privacy and performance results in a security analysis and performance evaluation based on a proof-of-concept prototype. Throughput rates between 10 and 100 kB/s are enough for many real applications with high privacy requirements, e.g., financial blockchain system.
Mödinger, D.J. 2021. Broadcast privacy for blockchains. Faculty of Engineering, Computer Science and Psychology, Ulm University. Dissertation.
2020
Mödinger, D., Lorenz, J.-H., van der Heijden, R.W. and Hauck, F.J. 2020. Unobtrusive monitoring: Statistical dissemination latency estimation in Bitcoin’s peer-to-peer network. PLOS ONE. 15, 12 (Dec. 2020), 1–21.
The cryptocurrency system Bitcoin uses a peer-to-peer network to distribute new transactions to all participants. For risk estimation and usability aspects of Bitcoin applications, it is necessary to know the time required to disseminate a transaction within the network. Unfortunately, this time is not immediately obvious and hard to acquire. Measuring the dissemination latency requires many connections into the Bitcoin network, wasting network resources. Some third parties operate that way and publish large scale measurements. Relying on these measurements introduces a dependency and requires additional trust. This work describes how to unobtrusively acquire reliable estimates of the dissemination latencies for transactions without involving a third party. The dissemination latency is modelled with a lognormal distribution, and we estimate their parameters using a Bayesian model that can be updated dynamically. Our approach provides reliable estimates even when using only eight connections, the minimum connection number used by the default Bitcoin client. We provide an implementation of our approach as well as datasets for modelling and evaluation. Our approach, while slightly underestimating the latency distribution, is largely congruent with observed dissemination latencies.
Mödinger, D., Fröhlich, N. and Hauck, F.J. 2020. Pixy: A Privacy-Increasing Group Creation Scheme. 9th Int. Conf. on Netw., Comm. & Comp. – ICNCC (Tokyo, Japan, 2020), 118–124.
Modern peer-to-peer networks provide a lot of value. However, as the networks handle more and more sensitive data, e.g. in cryptocurrencies, privacy becomes an issue. Several approaches to provide efficient privacy to network participants rely on group formation with little or no regard to the privacy impact of how groups are created. Group creation is often based on random selection, which can easily be highjacked by attackers. We propose Pixy, an extensible, component-based scheme to increase privacy during group formation stages beyond current approaches. Our scheme provides a two-stage setup for group formation. First, a selection based on personal and network-wide collaboration lists reduces the attack surface for group initiators. Second, a testing phase based on cryptographic puzzles and, for suitable contexts, CAPTCHAs sort out Sybil attackers. We show that this scheme improves the current state of privacy in group-creation processes.
2019
Kopp, H., Mödinger, D., Hauck, F.J. and Kargl, F. 2019. Cryptographic design of PriCloud, a privacy-preserving decentralized storage with remuneration. IEEE Trans. on Dep. and Sec. Comp. 18, 4 (2019), 1908–1919.
Over the last years, demand for file hosting has sky-rocketed due to cost reductions and availability of services. However, centralized providers have a negative impact on the privacy of their users, since they are able to read and collect various data about their users and even link it to their identity via their payments. On the other hand, decentralized storage solutions like GNUnet suffer from a lack of participation by providers, since there is no feasible business model. We propose PriCloud, a decentralized storage system which allows users to pay their storage providers without sacrificing their privacy by employing anonymous storage smart contracts and private payments on a blockchain. We are able to provide privacy to the users and storage providers, and unlinkability between users and files. Our system offers decentralized file storage including strong privacy guarantees and built-in remuneration for storage providers.
2018
Mödinger, D., Kopp, H., Kargl, F. and Hauck, F.J. 2018. A Flexible Network Approach to Privacy of Blockchain Transactions. 38th IEEE Int. Conf. on Distrib. Comp. Sys. (Vienna, Jul. 2018), 1486–1491.
For preserving privacy, blockchains can be equipped with dedicated mechanisms to anonymize participants. How- ever, these mechanism often take only the abstraction layer of blockchains into account whereas observations of the underlying network traffic can reveal the originator of a transaction request. Previous solutions either provide topological privacy that can be broken by attackers controlling a large number of nodes, or offer strong and cryptographic privacy but are inefficient up to practical unusability. Further, there is no flexible way to trade privacy against efficiency to adjust to practical needs. We propose a novel approach that combines existing mechanisms to have quantifiable and adjustable cryptographic privacy which is further improved by augmented statistical measures that prevent frequent attacks with lower resources. This approach achieves flexibility for privacy and efficency requirements of different blockchain use cases.
Mödinger, D., Kopp, H., Kargl, F. and Hauck, F.J. 2018. Towards Enhanced Network Privacy for Blockchains. Short research statement for the DSN Workshop on Byzantine Consensus and Resilient Blockchains (BCRB) (Luxemburg, Jun. 2018).
Privacy aspects of blockchains have gained attention as the log of transactions can be view by any interested party. Privacy mechanisms applied to the ledger can be undermined by attackers on the network level, resulting in deanonymization of the transaction senders. We discuss current approaches to this problem, e.g. Dandelion, sketch our own approach to provide even stronger privacy mechanisms and discuss the challenges and open questions for further research in this area.
Kopp, H.J.G. 2018. A privacy-preserving decentralized storage with payments based on a blockchain. Faculty of Engineering, Computer Science and Psychology, Ulm University. Dissertation.
2017
Kopp, H., Mödinger, D., Hauck, F.J., Kargl, F. and Bösch, C. 2017. Design of a Privacy-Preserving Decentralized File Storage with Financial Incentives. IEEE Sec. & Priv. on the Blockch. (aff. w/ EUROCRYPT) (Paris, 2017).
Surveys indicate that users are often afraid to entrust data to cloud storage providers, because these do not offer sufficient privacy. On the other hand, peer-2-peer–based privacy-preserving storage systems like Freenet suffer from a lack of contribution and storage capacity, since there is basically no incentive to contribute own storage capacity to other participants in the network. We address these contradicting requirements by a design which combines a distributed storage with a privacy-preserving blockchain-based payment system to create incentives for participation while maintaining user privacy. By following a Privacy-by-Design strategy integrating privacy throughout the whole system life cycle, we show that it is possible to achieve levels of privacy comparable to state-of-the-art distributed storage technologies, despite integrating a payment mechanism. Our results show that it is possible to combine storage contracts and payments in a privacy-preserving way. Further, our system design may serve as an inspiration for future similar architectures.