دانلود کتاب Data Privacy Management, Cryptocurrencies and Blockchain Technology: ESORICS 2020 International Workshops, DPM 2020 and CBT 2020, Guildford, UK, September 17–18, 2020, Selected Papers

فهرست مطالب :

Foreword from the DPM 2020 Program Chairs
DPM 2020 Organization
Foreword from the CBT 2020 Program Chairs
CBT 2020 Organization
Contents
DPM Workshop: Fairness, Differential Privacy and Scalability
Fairness-Aware Privacy-Preserving Record Linkage
1 Introduction
2 Preliminaries
3 Fairness Metrics
4 Reducing Fairness-Bias in PPRL
4.1 Reductions-Based Fairness-Aware Classification Method
4.2 Efficiency Aspects
4.3 Privacy Aspects
5 Experimental Evaluation
6 Conclusion and Future Work
References
Differentially Private Profiling of Anonymized Customer Purchase Records
1 Introduction
2 Preliminary
3 Privacy of Aggregated Purchase Records
3.1 Purchase Records
3.2 Customer Profiling
3.3 Adversary
4 Quantifying Privacy
4.1 Profile Probability
4.2 Differential Privacy of Profiling
4.3 Anonymization Models
5 Theoretical Analysis
5.1 Privacy of Anonymizations
5.2 Utility of Anonymizations
5.3 Summary
6 Conclusions
References
P-Signature-Based Blocking to Improve the Scalability of Privacy-Preserving Record Linkage
1 Introduction
2 Preliminaries
3 Methodology
3.1 Local Blocking Evaluation Framework
3.2 Complexity Analysis
3.3 Privacy Analysis
4 Experimental Evaluation
4.1 Discussion
5 Related Work
6 Conclusion
References
DPM Workshop: Utility, Diversity and Leakage Resistance
Utility Promises of Self-Organising Maps in Privacy Preserving Data Mining
1 Introduction
2 A Review of PPDM
3 Self-Organising Map
4 Adult Dataset
5 Proposed Strategy
6 Methodology
7 Experiments
8 Conclusion
References
Multi-criteria Optimization Using l-diversity and t-closeness for k-anonymization
1 Introduction
2 Related Work
3 k-anonymity Optimization
3.1 The Generalization Technique
3.2 Definition of an Information Loss Metric
3.3 Comparison of Information Loss Metrics
3.4 Expression of NLLM
4 l-diversity and t-closeness as Privacy Quality Measurement
5 Optimization of k-anonymity, l-diversity and t-closeness
6 Experiments
6.1 Evaluation of the Strategies Using real data
6.2 Evaluation of the Strategies Using simulated data
7 Conclusion
References
ArchiveSafe: Mass-Leakage-Resistant Storage from Proof-of-Work
1 Introduction
1.1 Contributions
1.2 Related Work
2 Requirements
2.1 Design Criteria
2.2 Choice of Puzzle
2.3 Threat Model
3 Difficulty-Based Keyless Encryption
3.1 Generic Construction of DBKE
3.2 Hash-Based Construction of Difficulty-Based Keyless Key Wrap
3.3 Puzzle Degradation
3.4 Additional Considerations
4 Evaluation
4.1 Prototype Implementation
4.2 Experimental Setup
4.3 Results
4.4 Discussion
5 Conclusion
References
DPM Workshop: Obfuscation, Contact Tracing and Engineering
Joint Obfuscation for Privacy Protection in Location-Based Social Networks
1 Introduction
2 System Model
3 Implementation of the Attack
3.1 The Dynamic Bayesian Network (DBN) Models
4 Location Privacy Metric
5 Experimental Evaluation
5.1 Evaluation Setup
5.2 Experimental Results
6 Related Work
7 Conclusion
References
Modeling and Analyzing the Corona-Virus Warning App with the Isabelle Infrastructure Framework
1 Introduction
2 Background and Related Work
2.1 DP-3T and PEPP-PT
2.2 Isabelle Infrastructure Framework
3 Modeling and Analyzing CWA
3.1 Infrastructures, Policies, and Actors
3.2 Policies, Privacy, and Behaviour
3.3 Infrastructure State Transition
3.4 Attack Analysis
4 Refinement
4.1 Property Preserving System Refinement
4.2 Refining the Specification
5 Summary and Discussion of Relevance of the Approach
References
Extracting Speech from Motion-Sensitive Sensors
1 Introduction
2 Background
3 Learning Acoustic Information
4 Experimental Study
5 Results and Discussion
6 Conclusions and Future Work
References
PDP-ReqLite: A Lightweight Approach for the Elicitation of Privacy and Data Protection Requirements
1 Introduction
2 Related Work
3 Theoretical Background
3.1 The ProPAn Approach
3.2 Requirements Elicitation Artifacts
4 PDP-ReqLite: A Lightweight Method for Privacy Requirements Engineering
4.1 Method Overview
4.2 Elicitation of Requirement Candidates
4.3 Implemented Method
5 Automated Support for PDP-ReqLite Application
5.1 Application to a Smart Grid Case Study
6 Conclusions and Perspectives
References
Towards Multiple Pattern Type Privacy Protection in Complex Event Processing Through Event Obfuscation Strategies
1 Introduction
2 Related Works
3 System Model and Problem Statement
3.1 System Model
3.2 Problem Statement
4 Event Obfuscation Approaches
4.1 Baseline ILP Approach
4.2 Counter Deterministic Attack Obfuscation (CDA)
4.3 Counter Probabilistic Attack Obfuscation (CPA)
5 Evaluation Results
5.1 Evaluation Setup
5.2 Adversary Model
5.3 QoS Preservation
6 Summary and Future Works
References
GPS-Based Behavioral Authentication Utilizing Distance Coherence
1 Introduction
2 Related Work
2.1 Multimodal Authentication for Smartphone
2.2 Other Multimodal Authentication
3 Proposed Approach
3.1 Data Collection
3.2 Feature Extraction and Selection
3.3 Learning
4 Experiment
4.1 Experimental Setup
4.2 Main Result
4.3 Best Alpha () for Each Algorithm
4.4 Computation Time
5 Threat Model
5.1 Targeted Attack
5.2 Security Scenario Discussion
6 Future Work
7 Conclusion
A Numeric Example (for Distance Coherence Extraction)
References
DPM Workshop: Short Papers
Short Paper: Integrating the Data Protection Impact Assessment into the Software Development Lifecycle
1 Introduction
2 Background
2.1 Software Development Lifecycle
2.2 Software Architecture
2.3 Data Protection Impact Assessment
2.4 Related Work
3 Approach
4 Conclusion
References
Citizens as Data Donors: Maximizing Participation Through Privacy Assurance and Behavioral Change
1 Introduction
2 Research Baseline
2.1 Citizen Science
2.2 Behavioral Change Theories
2.3 Privacy Requirements
3 Illustrative Example: Ambient-Assisted Living (AAL) System
4 Problem Statement and Research Challenges
5 Towards a Method for Deriving Citizens\' Requirements for Donating Their Personal Data
6 Discussion
7 Conclusion and Future Work
References
Tracking the Invisible: Privacy-Preserving Contact Tracing to Control the Spread of a Virus
1 Introduction
2 Related Work
3 Proposed Solution
3.1 System Model
3.2 Threat Model
3.3 Keeping the Contact History at Local Devices
3.4 Keeping the IDs of Diagnosed Patients at a Centralized Database
3.5 Private Set Intersection to Identify the Individuals at Risk
3.6 Further Steps to Track the Spread
4 Evaluation
5 Conclusion
References
Privacy Policy Classification with XLNet (Short Paper)
1 Introduction
2 Related Work
3 XLNet Privacy Policy Classification Model
3.1 Transformer-XL and XLNet
3.2 XLNet vs BERT
4 Evaluation
5 Discussion
6 Conclusion and Future Work
References
Every Query Counts: Analyzing the Privacy Loss of Exploratory Data Analyses
1 Introduction
2 Background
2.1 System and Adversary Model
2.2 Differential Privacy
3 Exploratory Data Analysis
4 Privacy Loss and Accuracy Impact Assessment
4.1 Privacy Loss
4.2 Accuracy
4.3 Discussion
5 Conclusion
References
CBT Workshop: Transactions, Mining, Second Layer and Inter-bank Payments
TxChain: Efficient Cryptocurrency Light Clients via Contingent Transaction Aggregation
1 Introduction
2 Model and Definitions
2.1 System Model
2.2 Protocol Goals
3 Probabilistic Sampling: Cure or Curse?
3.1 Probabilistic Sampling Dilemma
3.2 Analysis
4 TxChain Design
4.1 Contingent Transactions
4.2 TxChain: Contingent Transaction Aggregation
4.3 Hierarchical TxChain
5 Security and Efficiency Analysis
5.1 Security Analysis
5.2 Efficiency Analysis
6 Deploying TxChain in Practice
6.1 Fork Free Deployment
6.2 Deployment via Soft or Hard Forks
6.3 Case-Study: TxChain for Cross-Chain Transactions
References
VRF-Based Mining Simple Non-outsourceable Cryptocurrency Mining
1 Introduction
2 Preliminaries
2.1 PoW-Based Consensus and Mining
2.2 Mining Pools
2.3 Verifiable Random Functions
3 VRF-Based Mining
4 Non-outsourceability Analysis
4.1 Revised Definitions
4.2 Non-outsourceability of VRF-Based Mining
5 Instantiating VRF
5.1 Elliptic Curve
5.2 Hashing a String to an Elliptic Curve Point H1()
5.3 Hashing an Elliptic Curve Point to a String H2()
5.4 Normal Hash Function H3()
5.5 Memory-Hard Mining
6 Practicality of VRF-Based Mining
6.1 Experimental Setting
6.2 VRF v.s. Existing Mining Algorithms
6.3 Runtime Breakdown of VRF
7 Profitability of Partial Outsourcing
7.1 Partial Outsourcing
7.2 First Obstacle: Overhead of Verification
7.3 Second Obstacle: Overhead of I/O
8 Discussions
8.1 Weaker Security Guarantee of PoW-Based Consensus
8.2 Secret Key Leakage in Memory
9 Related Work
9.1 Mining Protocols
9.2 Decentralised Mining Pools
10 Conclusion and Future Work
A The Standardised Elliptic-Curve-Based VRF
References
On the Selection of the LN Client Implementation Parameters
1 Introduction
2 Background
2.1 Parameters that Define Multihop Routes
3 Metrics
3.1 Metrics to Evaluate Performance
3.2 Metrics to Evaluate Security
4 Experiment Setup
4.1 LN Payment Channel Graph and Balances
4.2 and Tmax Values
5 Experiment Results
5.1 Performance
5.2 Security
5.3 Discussion
6 Conclusion
References
Privacy Preserving Netting Protocol for Inter-bank Payments
1 Introduction
2 Related Work
3 Preliminaries
3.1 Notations
3.2 ElGamal Encryption over Elliptic Curve
3.3 zkSNARK
4 The Netting Problem
4.1 Decentralized Netting Protocol
5 Privacy Preserving Netting Protocol Design
5.1 Overview of the Protocol
5.2 Setup
5.3 Initializing Ex-Ante Balance
5.4 Submitting Payment Instructions
5.5 Updating Settlement Indicators
5.6 Updating Ex-Post Balance
6 Performance Evaluation
6.1 Evaluations
6.2 Limitations of Decentralized Netting Protocol
7 Conclusions
References
CBT Workshop: Signature Schemes, Formal Methods and Incentivization
Triptych: Logarithmic-Sized Linkable Ring Signatures with Applications
1 Introduction
1.1 Our Contribution
2 Preliminaries
2.1 Public Parameters
2.2 Pedersen Commitment
2.3 Other Notation
3 Protocol: Linkable One-of-many Commitment
4 Security: Linkable Ring Signature
5 Application: Linkable Ring Signature
6 Protocol: Parallel Linkable One-of-many Commitment
7 Application: Signer-Ambiguous Transaction Protocol
8 Efficiency
References
Moderated Redactable Blockchains: A Definitional Framework with an Efficient Construct
1 Introduction
2 Previous Work
3 Preliminaries
4 Novel Attacks on Previous Constructs
5 Defining Moderated Redactable Blockchain
5.1 Design Goals
5.2 Informal Model
5.3 Definition
6 A Construct Based on Signature Schemes
7 Conclusion and Future Work
A An Incorrect and Insecure Construct
References
Radium: Improving Dynamic PoW Targeting
1 Introduction
2 Background and Related Work
2.1 Difficulty Adjustment
2.2 Conventional PoW Mining
2.3 RTT Mining
3 Future Mining Attack on RTT
3.1 Attacker Expected Block Time
3.2 Compliant Expected Block Time
4 Defacto Future Mining in RTT
4.1 Block Preemption
4.2 Game Theoretical Results
5 Radium Protocol
5.1 Mining
5.2 Rewards
5.3 Difficulty Adjustment
5.4 Block Time Simulation
5.5 Reduction in Block Time Variance
5.6 Orphan Rate
6 Radium Security Analysis
6.1 Reward Function Exploitation
6.2 Doublespend Attack Susceptibility
7 Conclusion
References
Proof of No-Work: How to Incentivize Individuals to Stay at Home
1 Introduction
1.1 Background
1.2 Related Works
1.3 Our Contribution
2 Stakeholders and Goals of Proposed Scheme
3 Design of Smart Contract for Incentives
3.1 System Model
3.2 Primary Processes
3.3 Calculating Rewards - How to Provide Incentive
4 Proposed Scheme
4.1 Design of Privacy Protection
4.2 Security Design
4.3 Protocol Description
5 Implementation
6 Evaluation
6.1 Privacy and Security
6.2 Efficiency
6.3 Consideration of Regulations
6.4 Discussion on Incentive Mechanism
7 Conclusion
References
CBT Workshop: Short Papers
Fundamental Properties of the Layer Below a Payment Channel Network
1 Introduction
2 Related Work
3 RFL Model of First Layer
4 Security Property for a Payment Channel Network Protocol Based on the RFL Model
5 Instances and Options of the RFL model
6 Optimization of HTLCs Using a Blockchain
7 Conclusion
References
Zerojoin: Combining Zerocoin and CoinJoin
1 Introduction
2 Background
2.1 CoinJoin
2.2 Zerocoin
2.3 Quisquis
2.4 Sigma Protocols
3 Zerojoin Protocol
3.1 One Zerojoin Round
3.2 Analysis
3.3 Implementing Zerojoin in ErgoScript
4 ErgoMix: Zerojoin with Fee
4.1 An Altruistic Approach
4.2 Mixing Tokens
4.3 Token Confinement
4.4 Token Entry
References
Who Let the DOGS Out: Anonymous but Auditable Communications Using Group Signature Schemes with Distributed Opening
1 Introduction
2 Preliminaries
2.1 Adversary Model and Desirable Features
2.2 System Model
2.3 Distributed Key Generation for DOGS
3 Protocol Description
3.1 Phase 1: Distributed Generation of the Opening Keys
3.2 Phase 2: Inter Communications and Application-Related Event Logging
3.3 Phase 3: Auditing and De-anonymization
4 Security Analysis
5 Conclusion
References
Tracking Mixed Bitcoins
1 Introduction
2 Related Work
2.1 Taint Analysis
2.2 Address Clustering
3 Methodology
3.1 Address Taint Analysis
3.2 Filtering Criteria
3.3 Sample Cases
4 Results and Discussion
4.1 Address Taint Analysis
4.2 Filtering Criteria
5 Conclusion
References
Author Index