Till innehåll på sidan

Toward Privacy-Preserving Decentralised Systems

Tid: On 2017-05-31 kl 10.00

Plats: Room 4523, Lindstedtsvägen 5, 5th floor

Ämnesområde: Computer Science

Licentiand: Guillermo Rodríguez Cano , TCS

Granskare: Matteo Magnani

Huvudhandledare: Sonja Buchegger

Exportera till kalender

Abstract

Privacy enhancing technologies have proven to be a beneficial area of research lessening the threats users' privacy in centralised systems such as online social networks. Decentralised solutions have been proposed to extend the control that users have over their data as opposed to the centralised massive collection of personal and sensitive data.

The power that the service provider has in centralised systems has been shown to diminish the user’s privacy. Moreover, the disclosures in 2013 of a global surveillance program in collaboration with some of the service providers of such centralised systems have accelerated the debate on how to take action to counteract the threats to privacy.

Privacy-preserving decentralised systems are plausible solutions to such threats. However, the removal of the central authority comes with two main trade-offs, mimicking the features and taking over the supervision of the security and privacy threats that were a responsibility of the central authority.

In our thesis, we propose the use of privacy-preserving decentralised systems and develop three solutions in terms of decentralisation, functionality, and achievable security and privacy. For decentralised systems we show a mechanism for user authentication via standard credentials. Within the realm of decentralised online social networks we implement a coordination and cooperation mechanism to organise events without the need of a trusted third party. Finally, we improve one of the aspects of the user’s privacy: anonymity, by showing an implementation of a privacy-preserving system to submit and grade documents anonymously in systems where the central authority is still required.

Our solutions are some concrete examples of how privacy as data control can be achieved to varying degrees. Nonetheless, we hope that the protocols we propose and the evaluation of the security and privacy properties can be useful in other scenarios to mitigate the diverse dangers to personal privacy.

The thesis in Diva