The objective of this course is: The objective of this course is

The Disruptive Malicious Model

• Provide out of range values as their inputs
• Make erroneous computations
• Refuse to participate in the protocol
• Drop messages
• Pre-maturely abort the protocol
• Wiretap and tamper with the communication channels

Technique 1: Additive Homomorphic Cryptosystems

• Technique 1: Additive Homomorphic Cryptosystems

• Product of ciphertexts = Sum of plaintexts
• E(3).E(4) = E(3+4) = E(7)
• Paillier Cryptosystem [Paillier, 1999]

• Used to encrypt the shares and the sum of the shares

Technique2:

• Technique2:

• Non-Interactive Zero Knowledge Proofs (ZKP)

• A Prover convinces a Verifier that a statement is true
• No additional information is revealed

ZKP: Set Membership

• ZKP: Set Membership

• Given a ciphertext Eu(x) and a public set S
• Agent u proves: x  S
• x is not revealed

• ZKP: Plaintext Equality

• Given two ciphertexts Eu(x) and Ev(x)
• Agent u proves: Both Eu(x) and Ev(x) encrypt x
• x is not revealed

• Used to

• Prove that the feedback provided by an agent (i.e., the sum of its shares) is correct (lies in a specified interval)
• Prove that the shares sent to the nodes are the correct ones
• Prove that all agents compute their own sum correctly
• Prove that the received u has the correct value

• Reference

• A Decentralized Privacy Preserving Reputation Protocol for the Malicious Adversarial Model. O. Hasan, L. Brunie, E. Bertino, N. Shang. IEEE Transactions on Information Forensics and Security, vol.8, n°6, p. 949-962, 2013.

(Digital Ecosystems)

• (Digital Ecosystems)

• Security and Privacy

• The Personalization vs Privacy Dilemma

• Enforcing Security and Privacy

• Identity
• Location
• Accountability
• Trust
• Reputation

• Privacy-Preserving Trust and Reputation protocols

• Some Hints for a Research Agenda

Seamless certified and secure integration of multiple heterogeneous ecosystems, e.g., sensor network and cloud infrastructure

• Seamless certified and secure integration of multiple heterogeneous ecosystems, e.g., sensor network and cloud infrastructure

• Holistic trust, reputation and security business-centric value-aware framework (do not forget security…)

• Lifecycle of a piece of information (is a piece of information a new “thing”?)

• The issue of identity and anonymity

• Personalization vs Privacy dilemma / User-centric privacy management proxy

• Enforcing new rights: indifference and oblivion

• A social Web of things

• « [In the] Internet of Things (IoT) […] physical and virtual ‘things’ have identities […] and virtual personalities and […] are expected to become active participants in business, information and social processes […] » (CERP-IoT)
• Identity? Personality? Relationship? Social network of things? Trust? Privacy?