SURPRISE: Secure and Private Connectivity in Smart Environments

Project Research

WP-D1: Trust management

We have devoted significant efforts on designing, analyzing, and implementing and extensively evaluating security and privacy facilities for large systems [SC3], [C9], [SC5]; notably, for managing identities and credentials with emphasis on systems seeking to both enable strong security, while supporting fine grained policies, and, at the same time, enable privacy protection through unlinkability and conditional pseudonymity/anonymity. What sets this work apart: first, its efficiency and effectiveness handling numbers of credentials orders of magnitude higher than those for contemporary Internet certification authorities. Second, its support of privacy protection in an accountable manner – with resolution of pseudonyms to the long-term identity/credential of the registered entity. While allowing for controlled (un)linkabilty for the sake of the related applications and necessary functionality (e.g., inferences through sequences of linkable messages over short periods of time). Third, its effective misbehavior management through scalable certificate revocation in large scale mobile systems; notably, Certificate Revocation List distribution in multidomain, large-scale vehicular communication systems [Y2J6], [Y2C9], [Y2SC1], [Y3J4]. Last but not least, our system provides increased resilience to infrastructure deviant behavior, on the basis of separation of duty. Notable distinction: an Internet Society/Internet Engineering Task Force 2018 Applied Networking Research Prize.

First results on privacy notification preferences for enhancing usable transparency [C5], [J3]. Cooperation with researchers at Mozilla and United States Naval Research Laboratory on adding support for Certificate Transparency to Tor. The idea is to have all clients in the network on the same view of the Certificate Transparency logs through randomized gossiping, preventing an attacker from performing wide-scale man-in-the-middle attacks on users of the Tor network (ongoing work). Work on Certificate Transparency to Tor, preventing wide-scale man-in-the-middle attacks [Y3C11].

Continuous work on privacy preferences for usable transparency in mHealth/IoT applications [Y2C1]. Usable consent and identity management [Y2J1], [Y2J2]. Intercultural comparison on car driver’s privacy and trade-off preferences in regard to privacy and identity management solutions for VANETs (ongoing work). Privacy-enhancing identity management and usability [Y3J11]. Intercultural comparison on car driver’s privacy and trade-off preferences [Y3C12].

We have done some initial work on the foundations of cryptographic primitives that can serve as building blocks for ACS [C1] , [Y2C12], [Y2J11], [Y3C10] [Y3C11]. The main goal is to investigate how to construct necessary cryptographic primitives in the post-quantum world. An example would be blind signatures based on lattice problems or codes.

WP-D2: Wireless security

We worked on tracking transmitters in spite of encrypted transmissions, using physical layer properties [SC1]: the significance lies in identifying the inherent vulnerability of having otherwise syntactically or semantically unlinkable transmissions linked. On the flip-side, we significantly advanced the state of the art on how to enhance unlinkability against widely deployed eavesdropping adversaries [C8], [SC2]: our approach is to enhance protection against tracking with the introduction of artificial transmissions and cooperation [Y2SC5], [Y2SC3]; a later journal paper is now accepted (after the Y3 report).

Related work includes: (i) a demonstration of radio tomography with battery free platforms [SC6], which received a best demo award in ACM WiSec 2018; and (ii) information theoretic work on confidential communication in interference channels, with focus on scalability [Y3C5]. For work on the capacity of private information retrieval with eavesdroppers, we refer to related results in WP6.

In [Y2J10], we were the first to show that end-to-end learning of communication systems through deep neural network autoencoders can be extremely vulnerable to physical adversarial attacks. Specifically, we elaborated on how an attacker can craft effective physical black-box adversarial attacks. Due to the openness (broadcast nature) of the wireless channel, an adversary transmitter can increase the block-error-rate of a communication system by orders of magnitude by transmitting a well-designed perturbation signal over the channel. We revealed that the adversarial attacks are more destructive than the jamming attacks. We also showed that classical coding schemes are more robust than the autoencoders against both adversarial and jamming attacks.

In [Y3J7], we considered massive MIMO, the core physical layer technology for wireless connectivity in 5G and beyond, and its robustness to intentional distributed jamming attacks. We specifically evaluated the uplink spectral efficiency (SE) of a single-cell massive multiple-input-multiple- output (MIMO) system with distributed jammers. We defined four different attack scenarios and compared their impact on the massive MIMO system as well as on a conventional single-input- multiple-output (SIMO) system. More specifically, the jammers attack the base station (BS) during both the uplink training phase and data phase. The BS uses either least squares (LS) or linear minimum mean square error (LMMSE) estimators for channel estimation and utilizes either maximum-ratio-combining (MRC) or zero-forcing (ZF) decoding vectors. We showed that ZF gives higher SE than MRC but, interestingly, the performance is unaffected by the choice of the estimators. The simulation results showed that the performance loss percentage of massive MIMO is less than that of the SIMO system. Moreover, we considered two types of power control algorithms: jamming-aware and jamming-ignorant. In both cases, we considered the max-min and proportional fairness criteria to increase the uplink SE of massive MIMO systems. We noticed numerically that max-min fairness is not a good option because if one user is strongly affected by the jamming, it will degrade the other users’ SE as well. On the other hand, proportional fairness improves the sum SE of the system compared with the full power transmission scenario.

WP-D3: 5G security

In IoT networks and similar applications, lightweight cryptographic primitives are very important for security and privacy. In collaboration with another SSF project (Hell) we have been part of a submission to the NIST lightweight crypto competition [Y2C12]. The proposal, called Grain-128AEAD, has advanced to the last and final round of the project and is currently one of ten candidates for future world-wide standardization by NIST.

Extensive work on developing algorithms with the intended use in the 5G standard [Y3J1] has been done in collaboration with Ericsson. New requirements for future 5G systems demand higher rate and larger key sizes. We have developed two new algorithms called SNOW-V [Y2J12] and SNOW-Vi [newC1] that are considered by the evaluation group SAGE as part of the 3GPP standardization work. The effort has also included further analysis of the current 4G standard algorithms (jointly with Ericsson), currently used in 5G. We have found academic attacks (hard to do in practice) on the two algorithms SNOW 3G [Y2J15] and ZUC [Y3J2], both involving attacks that use linear approximations over larger alphabets.

To support security and privacy for all use cases in 5G mobile communication systems, we also work on the possible use of post-quantum crypto [Y3J10], [Y3C10], [Y3C11]. In massive machine-type communication scenarios security requirements might demand a post-quantum solution, but it still need to be efficient. We have just initiated work that investigates the security level for different primitives, such as device authentication protocols, based on the LPN problem.

Implementation of networking protocols may suffer from security weaknesses and we work on identifying such software implementation weaknesses. One prominent example of this was when we showed in [Y3C12] that the standard FO transformation can be a source of weakness if not implemented with special protection, as it allows a very efficient side-channel attacks. We demonstrated this by providing a timing attack in real time on a constant-time implementation of FrodoKEM, a finalist in ongoing NIST standardization.

With a wide spectrum of location-aware service and honest but curious service providers, we worked on a decentralized privacy protection and security for location-based services (LBS) [J4]. We designed and evaluated a system that can provide high quality responses to location-based queries, while minimizing the exposure to the service provider and protecting from malicious peers [Y2J7], [Y2SC4]. We significantly advanced this ground-braking idea, from our earlier work, connecting it to the credential management work in WP1. We offer a scheme that is light-weight and fair for the client (thus user) platform, with strong guarantees, and the potential to interoperate and augment any LBS already deployed.

Related, also relying on peer-to-peer assistance: we proposed a cooperative protection of location privacy in vehicular networks [Y3J5]. With a related lemma in collective volume, on mix-zones [Y3SC1], this work connects to WP2. Last but not least, also in the context of vehicular communication systems (VCS): we addressed a fundamental vulnerability to clogging denial of service (DoS) attacks. Instead of simply jamming at physical or medium access control layers, the adversary can exploit the relatively limited resources and processing power of VCS on-board units; without being detectable and evicted from the system. We designed resilient and highly efficient cooperative verification in dense networking environments [J5], [Y2J8], essentially allowing effective V2X communication even in the presence of strong attackers; with countermeasures relevant even if on-board processing power increases in the future.

WP-D4: GNSS security

In a study currently being finalized and in preparation for submission to a journal (joint work of E. G. Larsson and P. Papadimitratos and co-supervised student Z. Gülgün), we considered Global Navigation Satellite Systems (GNSS) spoofing attacks and devise a countermeasure appropriate for mobile GNSS receivers. Our approach is to design detectors that, operating after the signal acquisition, enable the victim receiver to determine with high probability whether it is under a spoofing attack or not. We assume that there exists an unknown number of multiple spoofers in the environment and the attack strategy (which legitimate signals are spoofed by which spoofers) is not known to the receiver. Based on these assumptions, we propose an algorithm that identifies the number of spoofers and clusters the spoofing data by using Bayesian information criterion (BIC) rule. Depending on the estimated and clustered data we propose a detector, called as generalized likelihood ratio (GLRT)-like detector. We compare the performance of the GLRT-like detector with a genie-aided detector in which the attack strategy and the number of spoofers is known by the receiver. In addition to this, we extend the GLRT-like detector for the case where the noise variance is also unknown and present the performance results. Preliminary results were reported in [Y2C11].

We address the challenge of secure positioning and timing information, as obtained by Global Navigation Satellite Systems (GNSS). We work on a gamut of spoofing attacks, investigating sophisticated variants of relay/replay attacks and spoofing attacks [C7] on GNSS signals, and develop countermeasures. We develop mechanisms that leverage redundancy GNSS, notably in terms of signals (within the constellation) and multiple constellations. We achieve fast detection and exclusion of faulty GNSS signals [Y3J6], notably when engaging multiple constellations at standalone receivers. Moreover, we detect GNSS spoofing attacks using statistical testing or external sources of information [Y2C8], [Y2C8], [Y2C11], [Y2SC2], [Y2SC6], [Y2J9], [C6]. We investigate the use of external (to the GNSS system and receiver) sources of information for attack detection, leveraging wireless connectivity of the GNSS-equipped platform and authenticated time services [Y3C6], [Y3C7]. This ensemble of results provides concrete novel defense methods, extensively evaluated, with results relevant to upcoming civilian GNSS deployment and applications. It also paves the way for specific tools for resilient standalone GNSS receivers, and detection and localization of adversaries.

WP-D5: Distributed storage, compression and signal processing

The main activity in this WP has been private information retrieval (PIR). The basic PIR problem involves a user who is to be able to retrieve a message from a distributed set of networked databases without revealing which message/file the user is interested in. The naïve solution to this problem would be to download all files, which will not reveal which particular file was of interest. However, recent progress on this problem has shown that by clever coding techniques much more efficient protocols can be constructed. Major recent breakthroughs also concern the full characterization of the capacity of PIR, in the sense of what download and upload costs are fundamentally achievable. We have also worked on symmetric PIR (SPIR) where the additional constraint that the user cannot learn anything about messages that were not requested is enforced. The main contributions from the project so far are summarized in three journal papers: A full characterization of the capacity of PIR with eavesdroppers (passive adversaries) [Y2J5]; a novel approach and capacity characterization for SPIR with colluding servers [Y2J3]; and novel coding schemes for PIR and SPIR with both passive and active adversaries [Y2J4]. We have also published several complementing conference papers, with results that are not covered by the three journal papers, including [C2] and [Y2C2].

In related work, we also studied the mutual information leakage between Boolean functions, with future applications to private function computation [Y2C3]. In a recently published journal paper [Y3J1] we also explore the problem of sequential compression with security constraints. This problem is motivated by applications where compressed data are distributed under an extended period of time, with side information present about eavesdropping threats, in the form of an “information leakage distribution function.” A conference paper (H. Ghourchian, P. Stavrou, T. Oechtering and M. Skoglund, "Secure source coding with side-information at decoder and shared key at encoder and decoder," in Proc. IEEE ITW 2021) follows up on our initial work and we were also invited to present our work at the London Symposium of Information Theory (M. Skoglund, "Secure block source coding with sequential encoding," London Symposium on Information Theory (invited talk), May 2021).

WP-D6: Data analytics

We have published several papers dealing with “privacy-filtering” for private access to data. Here the fundamental problem is to filter the data in order to “blur” it with the goal to hide certain aspects from a friendly but curious receiver of the filtered data. Early progress in the project on this problem is summarized in our journal paper [Y3J3]. Related work concerns privacy-filtering for preventing statistical inference concerning certain parameters of the distribution that describes the data [C4].

In this WP we have also contributed to statistical/information-theoretic coordination. We recently submitted a full journal version [Y3J2] of the work initially presented in [Y2C6] (see also), and moreover published two new conference papers, [Y3C1] and [Y3C2], on remote statistical coordination, both for “weak” and “strong” coordination. In another conference paper [Y3C3], we analyzed the coordination problem from an information-theoretic security point of view. Related work on coordination has also appeared in [Y2C4,Y2C5].