Change search
Refine search result
1 - 41 of 41
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Angulo, Julio
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Information Systems and Project Management. Karlstad University, Faculty of Arts and Social Sciences (starting 2013), Centre for HumanIT.
    Berthold, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Elkhiyaoui, Kaoutar
    EURECOM.
    Fernandez Gago, M. Carmen
    University of Málaga.
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    David, Nunez
    University of Málaga.
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. Karlstad University.
    Reuben, Jenni
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. Karlstad University.
    Van Rompay, Cédric
    EURECOM.
    Santana de Oliveira, Anderson
    SAP Labs.
    Önen, Melek
    EURECOM.
    D:D-5.3 User-Centric Transparency Tools V22015Report (Refereed)
  • 2.
    Angulo, Julio
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Information Systems and Project Management.
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Ulrich, König
    HCI for Policy Display and Administration2011In: Privacy and Identity Management for Life / [ed] Jan Camenish, Simone Fischer-Hübner and Kai Rannenberg, Berlin: Springer Berlin/Heidelberg, 2011, 1, p. 261-277Chapter in book (Refereed)
    Abstract [en]

    The PrimeLife Policy Language (PPL) has the objective of helping end users make the data handling practices of data controllers more transparent, allowing them to make well-informed decisions about the release of personal data in exchange for services. In this chapter, we present our work on user interfaces for the PPL policy engine, which aims at displaying the core elements of a data controller's privacy policy in an easily understandable way as well as displaying how far it corresponds with the user's privacy preferences. We also show how privacy preference management can be simplified for end users.

  • 3.
    Angulo, Julio
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Information Systems and Project Management. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Wästlund, Erik
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Psychology.
    Towards Usable Privacy Policy Display & Management2012In: Information Management & Computer Security, ISSN 0968-5227, Vol. 20, p. 4-17Article in journal (Refereed)
    Abstract [en]

    This paper discusses the approach taken within the PrimeLife project for providing user-friendly privacy policy interfaces for the PrimeLife Policy Language (PPL).We present the requirements, design process and usability testing of the “Send Data?” prototype, a browser extension designed and developed to deal with the powerful features provided by PPL. Our interface introduces the novel features of “on the fly” privacy management, predefined levels of privacy settings, and simplified selectionof anonymous credentials. Results from usability tests showed that users understand and appreciate these features and perceive them as being privacy-friendly, and they are therefore suggested as a good approach towards usable privacy policy display and management. Additionally, we present our lessons learnt in the design process of privacy policy interfaces.

  • 4.
    Angulo, Julio
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Information Systems and Project Management. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Fischer-Hübner, Simone
    Karlstad University, Division for Information Technology.
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Wästlund, Erik
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Psychology.
    Usable Transparency with the Data Track: A Tool for Visualizing Data Disclosures2015In: CHI EA '15 Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems / [ed] Bo Begole, Jinwoo Kim, Kori Inkpen, Woontack Woo, Association for Computing Machinery (ACM), 2015, p. 1803-18098Conference paper (Refereed)
    Abstract [en]

    We present a prototype of the user interface of a transparency tool that displays an overview of a user's data disclosures to different online service providers and allows them to access data collected about them stored at the services' sides. We explore one particular type of visualization method consisting of tracing lines that connect a user's disclosed personal attributes to the service to which these attributes have been disclosed. We report on the ongoing iterative process of design of such visualization, the challenges encountered and the possibilities for future improvements.

  • 5.
    Angulo, Julio
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Wästlund, Erik
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Psychology. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT. Karlstad University, Faculty of Economic Sciences, Communication and IT, Service Research Center.
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Towards Usable Privacy Policy Display & Management: The PrimeLife Approach2011In: Proceedings of 5th International Symposium on Human Aspects of Information Security & Assurance / [ed] Steven Furnell, Plymouth: University of Plymouth , 2011, p. 108-118Conference paper (Refereed)
  • 6.
    Berthold, Stefan
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Martucci, Leonardo
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Crime and Punishment in the Cloud: Accountability, Transparency, and Privacy2013Conference paper (Refereed)
    Abstract [en]

    The goal of this work is to reason on the complexity of the relationship between three non-functional requirements in cloud comput-ing; privacy, accountability, and transparency. We provide insights on the complexity of this relationship from the perspectives of end-users, cloud service providers, and third parties, such as auditors. We shed light onthe real and perceived conflicts between privacy, transparency, and accountability, using a formal definition of transparency and an analysis on how well a privacy-preserving transparency-enhancing tool may assist in achieving accountability. Furthermore, we highlight the importance of the privacy impact assessment process for the realisation of both transparency and accountability.

  • 7.
    Dahlberg, Rasmus
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Standardized Syslog Processing: Revisiting Secure Reliable Data Transfer and Message Compression2016Report (Other academic)
    Abstract [en]

    Today's computer logs are like smoking guns and treasure maps in case of suspicious system activities: they document intrusions, and log crucial information such as failed system updates and crashed services. An adversary thus has a clear motive to observe, alter, and delete log entries, considering that she could (i) start by using the log's content to identify new security vulnerabilities, and (ii) exploit them without ever being detected. With this in mind we consider syslog standards and open source projects that safeguard events during the storage and transit phases, and examine how data compression effects security. We conclude that there are syslog standards in place that satisfy security on a hop-by-hop basis, that there are no such standards for secure storage, and that message compression is not recommended during transit.

  • 8.
    Dahlberg, Rasmus
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Verifiable Light-Weight Monitoring for Certificate Transparency Logs2018In: Secure IT Systems. NordSec 2018: Lecture Notes in Computer Science, vol. 11252 / [ed] N. Gruschka, Springer, 2018, p. 171-183Conference paper (Refereed)
    Abstract [en]

    Trust in publicly verifiable Certificate Transparency (CT) logs is reduced through cryptography, gossip, auditing, and monitoring. The role of a monitor is to observe each and every log entry, looking for suspicious certificates that interest the entity running the monitor. While anyone can run a monitor, it requires continuous operation and copies of the logs to be inspected. This has lead to the emergence of monitoring as-a-service: a trusted third-party runs the monitor and provides registered subjects with selective certificate notifications. We present a CT/bis extension for verifiable light-weight monitoring that enables subjects to verify the correctness of such certificate notifications, making it easier to distribute and reduce the trust which is otherwise placed in these monitors. Our extension supports verifiable monitoring of wild-card domains and piggybacks on CT’s existing gossip-audit security model. 

  • 9.
    Dahlberg, Rasmus
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Peeters, Roel
    Katholieke Universiteit Leuven, Belgium.
    Efficient Sparse Merkle Trees: Caching Strategies and Secure (Non-)Membership Proofs2016In: Secure IT Systems: 21st Nordic Conference, NordSec 2016, Oulu, Finland, November 2-4, 2016. Proceedings / [ed] Billy Bob Brumley, Juha Röning, Springer, 2016, p. 199-215Conference paper (Refereed)
    Abstract [en]

    A sparse Merkle tree is an authenticated data structure based on a perfect Merkle tree of intractable size. It contains a distinct leaf for every possible output from a cryptographic hash function, and can be simulated efficiently because the tree is sparse (i.e., most leaves are empty). We are the first to provide complete, succinct, and recursive definitions of a sparse Merkle tree and related operations. We show that our definitions enable efficient space-time trade-offs for different caching strategies, and that verifiable audit paths can be generated to prove (non-)membership in practically constant time (<4 ms) when using SHA-512/256. This is despite a limited amount of space for the cache—smaller than the size of the underlying data structure being authenticated—and full (concrete) security in the multi-instance setting.

  • 10.
    Dahlberg, Rasmus
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Vestin, Jonathan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Høiland-Jørgensen, Toke
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Kassler, Andreas
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT. Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Aggregation-Based Gossip for Certificate TransparencyOther (Other academic)
    Abstract [en]

    Certificate Transparency (CT) is a project that mandates public logging of TLS certificates issued by certificate authorities. While a CT log is designed to be trustless, it relies on the assumption that every client sees and cryptographically verifies the same log. The solution to this problem is a gossip mechanism that ensures that clients share the same view of the logs. Despite CT being added to Google Chrome, no gossip mechanism is pending wide deployment. We suggest an aggregation-based gossip mechanism that passively observes cryptographic material that CT logs emit in plaintext, aggregating at packet processors and periodically verifying log consistency off-path. Based on 20 days of RIPE Atlas measurements that represents clients from 3500 autonomous systems and 40% of the IPv4 space, our proposal can be deployed incrementally for a realistic threat model with significant protection against undetected log misbehavior. We also discuss how to instantiate aggregation-based gossip on a variety of packet processors, and show that our P4 and XDP proof-of-concepts implementations run at line-speed.

  • 11. Fernández Gago, M. Carmen
    et al.
    Tountopoulos, Vassilis
    Fischer-Hübner, Simone
    Karlstad University, Division for Information Technology.
    Nuñez, David
    Angulo, Julio
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Information Systems and Project Management. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Koulouris, Theo
    Tools for Cloud Accountability: A4Cloud Tutorial2015In: Privacy and Identity Management for the Future Internet in the Age of Globalisation: 9th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Patras, Greece, September 7-12, 2014, Revised Selected Papers / [ed] Jan Camenisch, Simone Fischer-Hübner, Marit Hansen, Cham: Springer, 2015, p. 219-236Chapter in book (Refereed)
    Abstract [en]

    Cloud computing is becoming a key IT infrastructure technology being adopted progressively by companies and users. Still, there are issues and uncertainties surrounding its adoption, such as security and how users data is dealt with that require attention from developers, researchers, providers and users. The A4Cloud project tries to help solving the problem of accountability in the cloud by providing tools that support the process of achieving accountability. This paper presents the contents of the first A4Cloud tutorial. These contents include basic concepts and tools developed within the project. In particular, we will review how metrics can aid the accountability process and some of the tools that the A4Cloud project will produce such as the Data Track Tool (DTT) and the Cloud Offering Advisory Tool (COAT).

  • 12.
    Fischer-Hübner, Simone
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Angulo, Julio
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Karegar, Farzaneh
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Transparency, Privacy and Trust: Technology for Tracking and Controlling my Data Disclosures – Does this work?2016In: Proceedings of the 10th IFIPTM Conference 2016: Trust Management X / [ed] Sheikh Mahbub Habib, Julita Vassileva, Sjouke Mauw, Max Mühlhäuser, Heidelberg: Springer Berlin/Heidelberg, 2016Conference paper (Refereed)
  • 13. Fischer-Hübner, Simone
    et al.
    Angulo, Julio
    Pulls, Tobias
    How can Cloud Users be Supported in Deciding on, Tracking and Controlling How their Data are Used?2014In: Privacy and Identity Management for Emerging Services and Technologies: 8th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6 International Summer School, Nijmegen, The Netherlands, June 17-21, 2013, Revised Selected Papers, Springer , 2014, p. 77-92Conference paper (Refereed)
    Abstract [en]

    Transparency is a basic privacy principle and factor of social trust. However, the processing of personal data along a cloud chain is often rather intransparent to the data subjects concerned. Transparency Enhancing Tools (TETs) can help users in deciding on, tracking and controlling their data in the cloud. However, TETs for enhancing privacy also have to be designed to be both privacy-preserving and usable. In this paper, we provide requirements for usable TETs for the cloud. The requirements presented in this paper were derived in two ways; at a stakeholder workshop and through a legal analysis. Here we discuss design principles for usable privacy policies and give examples of TETs which enable end users to track their personal data. We are developing them using both privacy and usability as design criteria.

  • 14.
    Fischer-Hübner, Simone
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Martucci, Leonardo
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Herold, Sebastian
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Iwaya, Leonardo H
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Alfredsson, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Albin, Zuccato
    ATEA Sverige AB, Stockholm, Sweden.
    A MOOC on Privacy by Design and the GDPR2018In: Information Security Education: Towards a Cybersecure Society / [ed] Lynette Drevin, Marianthi Theocharidou, Cham, Switzerland: Springer, 2018, p. 95-107Conference paper (Refereed)
    Abstract [en]

    In this paper we describe how we designed a massive open online course (mooc) on Privacy by Design with a focus on how to achieve compliance with the eu gdpr principles and requirements in it engineering and management. This mooc aims at educating both professionals and undergraduate students, i.e., target groups with distinct educational needs and requirements, within a single course structure. We discuss why developing and publishing such a course is a timely decision and fulfills the current needs of the professional and undergraduate education. The mooc is organized in five modules, each of them with its own learning outcomes and activities. The modules focus on different aspects of the gdpr that data protection officers have to be knowledgeable about, ranging from the legal basics, to data protection impact assessment methods, and privacy-enhancing technologies. The modules were delivered using hypertext, digital content and three video production styles: slides with voice-over, talking heads and interviews. The main contribution of this work is the roadmap on how to design a highly relevant mooc on privacy by design and the gdpr aimed at an heterogeneous audience.

  • 15.
    Greschbach, Benjamin
    et al.
    KTH Royal Institute of Tech. .
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Roberts, Laura M.
    Princeton University.
    Winter, Philipp
    Princeton University.
    Feamster, Nick
    Princeton University.
    The Effect of DNS on Tor´s Anonymity2017In: NDSS Symposium 2017, Internet society , 2017Conference paper (Refereed)
    Abstract [en]

    Previous attacks that link the sender and receiver oftraffic in the Tor network (“correlation attacks”) have generallyrelied on analyzing traffic from TCP connections. The TCPconnections of a typical client application, however, are oftenaccompanied by DNS requests and responses. This additionaltraffic presents more opportunities for correlation attacks. Thispaper quantifies how DNS traffic can make Tor users more vulnerableto correlation attacks. We investigate how incorporatingDNS traffic can make existing correlation attacks more powerfuland how DNS lookups can leak information to third partiesabout anonymous communication. We (i) develop a method toidentify the DNS resolvers of Tor exit relays; (ii) develop a newset of correlation attacks (DefecTor attacks) that incorporate DNStraffic to improve precision; (iii) analyze the Internet-scale effectsof these new attacks on Tor users; and (iv) develop improvedmethods to evaluate correlation attacks. First, we find that thereexist adversaries that can mount DefecTor attacks: for example,Google’s DNS resolver observes almost 40% of all DNS requestsexiting the Tor network. We also find that DNS requests oftentraverse ASes that the corresponding TCP connections do nottransit, enabling additional ASes to gain information about Torusers’ traffic. We then show that an adversary that can mount aDefecTor attack can often determine the website that a Tor useris visiting with perfect precision, particularly for less popularwebsites where the set of DNS names associated with that websitemay be unique to the site. We also use the Tor Path Simulator(TorPS) in combination with traceroute data from vantage pointsco-located with Tor exit relays to estimate the power of AS-leveladversaries that might mount DefecTor attacks in practice.

  • 16.
    Hedbom, Hans
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Unlinking Database Entries: Implementation Issues in Privacy Preserving Secure Logging2010Conference paper (Refereed)
    Abstract [en]

    This paper discusses implementation issues related to using relational databases as storage when implementing privacy preserving secure logs. In these types of logs it is important to keep the unlinkability properties of log entries intact when the entries are stored. We briefly describe the concept of privacy preserving secure logging and give the rational for it. The problems of using relational database systems as storage is discussed and we suggest three solutions to the problem. Two of the solutions are analyzed and compared and we show that at least one of the solutions is feasible in a real live setting and that the added overhead of the solution is very small.

  • 17.
    Hedbom, Hans
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science. Karlstad University, Faculty of Economic Sciences, Communication and IT, Centre for HumanIT.
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Hansen, Marit
    Unabhangiges Landeszentrum Datenschutz Schleswig, D-24103 Kiel, Germany..
    Transparency Tools2011In: Privacy and identity management for life / [ed] Jan Camenisch, Simone Fischer-Hübner, Kai Rannenberg, Berlin, Heidelberg: Springer Berlin/Heidelberg, 2011, 1, p. 135-143Chapter in book (Refereed)
    Abstract [en]

    The increasing spread of personal information on the Internet calls for new tools and paradigm to complement the concealment and protection paradigms. One such suggested paradigm is transparency and the associated transparency enhancing tools, making it possible for Data Subjects to track an examine how there data have been used, where it originates and what personal data about them that Data Controllers have stored. One such tool needed in order to track events related to personal data is a log system. Such a log system must be constructed in such a way that it does not introduce new privacy problems. This chapter describes such a log system that we call a privacy preserving secure log. It outlines the requirements for the system and describes and specifies a privacy preserving log system that has been developed and implemented within the Prime Life project.

  • 18.
    Hedbom, Hans
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Hjartquist, Peter
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Lavén, Andreas
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Adding Secure Transparency Logging to the PRIME Core2010In: PRIVACY AND IDENTITY MANAGEMENT FOR LIFE, 2010, p. 299-314Conference paper (Refereed)
    Abstract [en]

    This paper presents a secure privacy preserving log. These types of logs are useful (if not necessary) when constructing transparency services for privacy enhancement. The solution builds on and extends previous work within the area and tries to address the shortcomings of previous solutions regarding privacy issues.

  • 19.
    Karegar, Farzaneh
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fischer-Hübner, Simone
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Visualizing Exports of Personal Data by Exercising the Right of Data Portability in the Data Track - Are People Ready for This?2017In: Privacy and Identity Management. Facing up to Next Steps. Privacy and Identity 2016. IFIP Advances in Information and Communication Technology., Springer, 2017, Vol. 498, p. 164-181Conference paper (Refereed)
    Abstract [en]

    A transparency enhancing tool called Data Track has been developed at Karlstad University. The latest stand-alone version of the tool allows users to visualize their data exports. For analyzing the users’ perceptions of the Data Track in regard to transparency features and the concepts of data export and data portability, we have conducted a qualitative user study. We observed that although users had rather little interest in the visualization of derived data activities revealed in the Google location file, they were interested in other kinds of derived data like usage patterns for different service providers. Also, as earlier user studies revealed, we again confirmed that it is confusing for users to differentiate between locally and remotely stored and controlled data. Finally, in spite of being concerned about the security of the data exported to their machines, for exercising data portability rights pursuant to the General Data Protection Regulation, most participants would prefer to first export and edit the data before uploading it to another service provider and would appreciate using a tool such as the Data Track for helping them in this context.

  • 20.
    Momen, Nurul
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fritsch, Lothar
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Lindskog, Stefan
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    How much Privilege does an App Need? Investigating Resource Usage of Android Apps2017In: Proceedings of the Fifteenth International Conference on Privacy, Security and Trust – PST 2017 (IEEE proceedings pendings), IEEE, 2017Conference paper (Refereed)
    Abstract [en]

    Arguably, one of the default solutions to many of today’s everyday errands is to install an app. In order to deliver a variety of convenient and user-centric services, apps need to access different types of information stored in mobile devices, much of which is personal information. In principle, access to such privacy sensitive data should be kept to a minimum. In this study, we focus on privilege utilization patterns by apps installed on Android devices. Though explicit consent is required prior to first time access to the resource, the unavailability of usage information makes it unclear when trying to reassess the users initial decision. On the other hand, if granted privilege with little or no usage, it would suggest the likely violation of the principle of least privilege. Our findings illustrate a plausible requirement for visualising resource usage to aid the user in their decision- making and finer access control mechanisms. 

  • 21.
    Pais, Rui
    et al.
    University of Stavanger.
    Wiktor Wlodarczyk, Tomasz
    University of Stavanger.
    Rübsamen, Thomas
    Hochschule Furtwangen University.
    Reich, Christoph
    Hochschule Furtwangen University.
    Azraoui, Monir
    EURECOM.
    Royer, Jean-Claude
    ARMINES-EMN.
    Reuben, Jenni
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Bernsmed, Karin
    SINTEF.
    Felici, Massimo
    HP.
    Pais, Rui (Editor)
    University of Stavanger.
    D:C-8.2 Framework of Evidence2015Report (Refereed)
  • 22.
    Peeters, Roel
    et al.
    Katholieke Universiteit Leuven, Leuven, Belgium.
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Insynd: Improved Privacy-Preserving Transparency Logging2016In: Computer Security - ESORICS 2016: 21st European Symposium on Research in Computer Security, Heraklion, Greece, September 26-30, 2016, Proceedings, Part II / [ed] Ioannis Askoxylakis, Sotiris Ioannidis, Sokratis Katsikas,Catherine Meadows, Cham: Springer, 2016, Vol. 9879, p. 121-139Conference paper (Refereed)
    Abstract [en]

    Service providers collect and process more user data then ever, while users of these services remain oblivious to the actual processing and utility of the processed data to the service providers. This leads users to put less trust in service providers and be more reluctant to share data. Transparency logging is about service providers continuously logging descriptions of the data processing on their users' data, where each description is intended for a particular user.

    We propose Insynd, a new cryptographic scheme for privacy-preserving transparency logging. Insynd improves on prior work by (1) increasing the utility of all data sent through the scheme thanks to our publicly verifiable proofs: one can disclose selected events without having to disclose any long term secrets; and (2) enabling a stronger adversarial model: Inysnd can deal with an untrusted server (such as commodity cloud services) through the use of an authenticated data structure named Balloon. Finally, our publicly available prototype implementation shows greatly improved performance with respect to related work and competitive performance for more data-intensive settings like secure logging.

  • 23.
    Peeters, Roel
    et al.
    KU Leuven.
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Wouters, Karel
    KU Leuven.
    Enhancing Transparency with Distributed Privacy-Preserving Logging2013In: ISSE 2013 Securing Electronic Business Processes: Highlights of the Information Security Solutions Europe / [ed] Reimer, H., Pohlman, N. & Schneider, W., Springer, 2013, p. 61-71Conference paper (Refereed)
  • 24.
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    (More) Side Channels in Cloud Storage: Linking Data to Users2012In: Privacy and Identity Management for Life: 7th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6/PrimeLife International Summer School, Trento, Italy, September 5-9, 2011, Revised Selected Papers, Berlin, Heidelberg: Springer Berlin/Heidelberg, 2012, p. 102-115Conference paper (Refereed)
    Abstract [en]

    Public cloud storage services are gaining in popularity and several commercial actors are offering their services for users, however, not always with the security and privacy of their users as the primary design goal. This paper investigates side channels in public cloud storage services that allow the service provider, and in some cases users of the same service, to learn who has stored a given file and to profile users’ usage of the service. These side channels are present in several public cloud storage services that are marketed as secure and privacy-friendly. Our conclusions are that cross-user deduplication should be disabled by default and that public cloud storage services need to be designed to provide unlinkability of users and data, even if the data is encrypted by users before storing it in the cloud.

  • 25.
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Preserving Privacy in Transparency Logging2015Doctoral thesis, monograph (Other academic)
    Abstract [en]

    The subject of this dissertation is the construction of privacy-enhancing technologies (PETs) for transparency logging, a technology at the intersection of privacy, transparency, and accountability. Transparency logging facilitates the transportation of data from service providers to users of services and is therefore a key enabler for ex-post transparency-enhancing tools (TETs). Ex-post transparency provides information to users about how their personal data have been processed by service providers, and is a prerequisite for accountability: you cannot hold a controller accountable for what is unknown.

    We present three generations of PETs for transparency logging to which we contributed. We start with early work that defined the setting as a foundation and build upon it to increase both the privacy protections and the utility of the data sent through transparency logging. Our contributions include the first provably secure privacy-preserving transparency logging scheme and a forward-secure append-only persistent authenticated data structure tailored to the transparency logging setting. Applications of our work range from notifications and deriving data disclosures for the Data Track tool (an ex-post TET) to secure evidence storage.

  • 26.
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Privacy-Friendly Cloud Storage for the Data Track: An Educational Transparency Tool2012In: Secure IT Systems: 17th Nordic Conference, NordSec 2012, Karlskrona, Sweden, October/November 2012, Proceedings / [ed] Audun Jøsang, Bengt Carlsson, Berlin/Heidelberg: Springer Berlin/Heidelberg, 2012, p. 231-246Conference paper (Refereed)
    Abstract [en]

    The Data Track is a transparency-enhancing tool that aims to educate users by providing them with an overview of all their data disclosures. In this paper, we describe a cryptographic scheme for storing all data disclosures tracked by the Data Track centrally in the cloud in a privacy-friendly way. Our scheme allows users to store their data anonymously, while keeping the cloud provider accountable with regard to the integrity of the data. Furthermore, we introduce a separation of concerns for the different components of the Data Track, well suited for tracking data disclosures from semi-trusted devices that may become compromised. We provide an informal evaluation of our scheme and briefly describe a proof of concept implementation.

  • 27.
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Privacy-Preserving Transparency-Enhancing Tools2012Licentiate thesis, comprehensive summary (Other academic)
    Abstract [en]

    Transparency is a key principle in democratic societies. For example, the public sector is in part kept honest and fair with the help of transparency through different freedom of information (FOI) legislations. In the last decades, while FOI legislations have been adopted by more and more countries worldwide, we have entered the information age enabled by the rapid development of information technology. This has led to the need for technological solutions that enhance transparency, for example to ensure that FOI legislation can be adhered to in the digital world. These solutions are called transparency-enhancing tools (TETs), and consist of both technological and legal tools. TETs, and transparency in general, can be in conflict with the privacy principle of data minimisation.

    The goal of transparency is to make information available, while the goal of data minimisation is to minimise the amount of available information. This thesis presents two privacy-preserving TETs: one cryptographic system forenabling transparency logging, and one cryptographic scheme for storing the data for the so called Data Track tool at a cloud provider. The goal of the transparency logging TET is to make data processing by data controllers transparent to the user whose data is being processed. Our work ensures that the process in which the data processing is logged does not leak sensitive information about the user, and thatthe user can anonymously read the information logged on their behalf. The goal of the Data Track is to make it transparent to users which data controllers they have disclosed data to under which conditions. Furthermore, the Data Track intends to empower users to exercise their rights, online and potentially anonymously, with regard to their disclosed data at the recipient data controllers. Our work ensures that the data kept by the Data Track can be stored at acloud storage provider, enabling easy synchronisation across multiple devices, while preserving the privacy of users by making their storage anonymous toward the provider and by enabling users to hold the provider accountable for the data it stores.

  • 28.
    Pulls, Tobias
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Dahlberg, Rasmus
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Cryptology ePrint Archive: Report 2018/7372018Report (Other academic)
    Abstract [en]

    We present Steady: an end-to-end secure logging system engineered to be simple in terms of design, implementation, and assumptions for real-world use. Steady gets its name from being based on a steady (heart)beat of events from a forward-secure device sent over an untrusted network through untrusted relays to a trusted collector. Properties include optional encryption and compression (with loss of confidentiality but significant gain in goodput), detection of tampering, relays that can function in unidirectional networks (e.g., as part of a data diode), cost-effective use of cloud services for relays, and publicly verifiable proofs of event authenticity. The design is formalized and security proven in the standard model. Our prototype implementation (about 2,200 loc) shows reliable goodput of over 1M events/s (about 160 MiB/s) for a realistic dataset with commodity hardware for a device on a GigE network using 16 MiB of memory connected to a relay running at Amazon EC2.

  • 29.
    Pulls, Tobias
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Dahlberg, Rasmus
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Steady: A Simple End-to-End Secure Logging System2018In: Secure IT Systems. NordSec 2018: Lecture Notes in Computer Science, vol 11252 / [ed] N. Gruschka, Springer, 2018, p. 88-103Conference paper (Refereed)
    Abstract [en]

    We present Steady: an end-to-end secure logging system engineered to be simple in terms of design, implementation, and assumptions for real-world use. Steady gets its name from being based on a steady (heart)beat of events from a forward-secure device sent over an untrusted network through untrusted relays to a trusted collector. Properties include optional encryption and compression (with loss of confidentiality but significant gain in goodput), detection of tampering, relays that can function in unidirectional networks (e.g., as part of a data diode), cost-effective use of cloud services for relays, and publicly verifiable proofs of event authenticity. The design is formalized and security proven in the standard model. Our prototype implementation (2,200 loc) shows reliable goodput of over 1M events/s (160 MiB/s) for a realistic dataset with commodity hardware for a device on a GigE network using 16 MiB of memory connected to a relay running at Amazon EC2. 

  • 30.
    Pulls, Tobias
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Peeters, Roel
    Katholieke Univ Leuven, ESAT COSIC, Leuven, Belgium, Katholieke Univ Leuven, iMinds, Leuven, Belgium .
    Balloon: A Forward-Secure Append-Only Persistent Authenticated Data Structure2015In: Computer Security -- ESORICS 2015: 20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part II, Cham: Springer, 2015, Vol. 9327, p. 622-641Conference paper (Refereed)
  • 31.
    Pulls, Tobias
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Peeters, Roel
    KU Leuven.
    Insynd: Privacy-Preserving Transparency Logging Using Balloons2015Report (Other academic)
  • 32.
    Pulls, Tobias
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Peeters, Roel
    KU Leuven.
    Wouters, Karel
    KU Leuven.
    Distributed privacy-preserving transparency logging2013In: WPES '13 Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society, Association for Computing Machinery (ACM), 2013, p. 83-94Conference paper (Refereed)
  • 33.
    Pulls, Tobias
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Slamanig, Daniel
    Graz Univ Technol, Inst Appl Informat Proc & Commun IAIK, Austria.
    On the Feasibility of (Practical) Commercial Anonymous Cloud Storage2015In: Transactions on Data Privacy, ISSN 1888-5063, E-ISSN 2013-1631, Vol. 8, no 2, p. 89-111Article in journal (Refereed)
  • 34.
    Pulls, Tobias
    et al.
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Wouters, Karel
    KU Leuven, Department of Electrical Engineering - ESAT .
    Vliegen, Jo
    KU Leuven, Department of Electrical Engineering - ESAT and KHLim, FI².
    Grahn, Christian
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Distributed Privacy-Preserving Log Trails2012Report (Other academic)
    Abstract [en]

    In the online world, increasing amounts of personal data of users are processed by service providers and other third party data processors. The privacy principle of transparency means that users should be informed about what data about them are processed by whom and how. This report describes a log service that enables users to reconstruct a log trail of these actions, by retrieving log entries from log servers. The information that links log entries into a trail is logged — together with the encrypted action data — to dedicated log servers by the data processors. In the proposed service, log entries of one trail can be spread over different log servers, possibly generated by different data processors. The fact that certain information is logged about a user can already leak information, and adding linking information only elevates this privacy risk. Encrypting the logged information does not suffice to protect against this. In our system, linking information across log databases is cryptographically protected and is only meaningful to the user to whom the log entries relate. In the report, we also consider the fact that log servers and data processors can become compromised. The scheme is therefore auditable, meaning that a third party can validate that log servers cannot make any changes to log entries without being detected, even when they collude with other log servers or data processors.

  • 35.
    Ruebsamen, Thomas
    et al.
    Furtwangen Univ, Cloud Res Lab, Furtwangen, Germany..
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Reich, Christoph
    Furtwangen Univ, Cloud Res Lab, Furtwangen, Germany..
    Security and Privacy Preservation of Evidence in Cloud Accountability Audits2016In: CLOUD COMPUTING AND SERVICES SCIENCE, CLOSER 2015, 2016, p. 95-114Conference paper (Refereed)
    Abstract [en]

    Cloud accountability audits are promising to strengthen trust in cloud computing by providing reassurance about the processing data in the cloud according to data handling and privacy policies. To effectively automate cloud accountability audits, various distributed evidence sources need to be considered during evaluation. The types of information range from authentication and data access logging to location information, information on security controls and incident detection. Securing that information quickly becomes a challenge in the system design, when the evidence that is needed for the audit is deemed sensitive or confidential information. This means that securing the evidence at-rest as well as in-transit is of utmost importance. In this paper, we present a system that is based on distributed software agents which enables secure evidence collection with the purpose of automated evaluation during cloud accountability audits. We thereby present the integration of Insynd as a suitable cryptographic mechanism for securing evidence. We present our reasoning for choosing Insynd by showing a comparison of Insynd properties with requirements imposed by accountability evidence collection as well as an analysis how security threats are being mitigated by Insynd. We put special emphasis on security and privacy protection in our system analysis.

  • 36. Rübsamen, Thomas
    et al.
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Reich, Christoph
    Secure Evidence Collection and Storage for Cloud Accountability Audits2015In: Proceedings of the 5th International Conference on Cloud Computing and Services Science / [ed] Markus Helfert, Donald Ferguson & Víctor Méndez Muñoz, SciTePress , 2015Conference paper (Refereed)
  • 37.
    Veseli, Fatbardh
    et al.
    Capgemini Germany, Frankfurt am Main, Germany.
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Olvera, J. S.
    Goethe University Frankfurt, Frankfurt am Main, Germany.
    Rannenberg, Kai
    Goethe University Frankfurt, Frankfurt am Main, Germany.
    Engineering privacy by design: Lessons from the design and implementation of an identity wallet platform2019In: Proceedings of the ACM Symposium on Applied Computing, Association for Computing Machinery , 2019, p. 1475-1483Conference paper (Refereed)
    Abstract [en]

    Applying PbD principles to the design of a system is challenging. We provided our experience and lessons learnt from applying the LINDDUN as a privacy assessment framework in the design of the architecture for a cloud-based identity wallet platform. In this effort, we identified a need to improve LINDDUN in a number of cases, for which we proposed and documented concrete enhancements. We transform LINDDUN from a linear to an iterative process that requires adaptation, introduce the concept of “Constraints” and add a new step in the mitigation of threats. Further, we consider the mitigation strategies of LINDDUN too narrow, and propose other, more practicable ones. Finally, we not only identify further PETs for mitigating privacy threats, but also acknowledge the fact that some threats cannot be effectively mitigated with PETs alone. Thus, we introduce additional mitigation mechanisms besides PETs, introducing especially development guidelines and organizational measures. We demonstrate our enhancements with concrete examples, which could serve also other engineering projects following the PbD paradigm.

  • 38.
    Vliegen, Jo
    et al.
    ESAT, SCD/COSIC, Katholieke Universiteit Leuven, 3001 Leuven, Belgium.
    Wouters, Karel
    ESAT, SCD/COSIC, Katholieke Universiteit Leuven, 3001 Leuven, Belgium.
    Grahn, Christian
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Hardware strengthening a Distributed Logging Scheme2012In: In Proceedings ofthe 15th Euromicro Conference on Digital System Design, Cesme, Izmir,Turkey, September 5–8, IEEE, 2012, 2012Conference paper (Refereed)
  • 39.
    Wiktor Wlodarczyk, Tomasz
    et al.
    University of Stavanger.
    Pais, Rui
    University of Stavanger.
    Azraoui, Monir
    EURECOM.
    Önen, Melek
    EURECOM.
    Reuben, Jenni
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. Karlstad University.
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science.
    Sellami, Mohamed
    ARMINES EMN.
    Royer, Jean-Claude
    ARMINES EMN.
    Felici, Massimo
    HP Labs.
    Bernsmed, Karin
    SINTEF.
    Rübsamen, Thomas (Editor)
    Hochschule Furtwangen University.
    D:C-8.3 Automation Service for the Framework of Evidence2015Report (Refereed)
  • 40.
    Winter, Philipp
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Pulls, Tobias
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Fuss, Juergen
    Upper Austria University of Applied Sciences.
    ScrambleSuit: A Polymorphic Network Protocol to Circumvent Censorship2013Conference paper (Refereed)
    Abstract [en]

    Deep packet inspection technology became a cornerstone of Internet censorship by facilitating cheap and effective filtering of what censors consider undesired information. Moreover, filtering is not limited to simple pattern matching but makes use of sophisticated techniques such as active probing and protocol classification to block access to popular circumvention tools such as Tor. In this paper, we propose ScrambleSuit; a thin protocol layer above TCP whose purpose is to obfuscate the transported application data. By using morphing techniques and a secret exchanged out-of-band, we show that ScrambleSuit can defend against active probing and other fingerprinting techniques such as protocol classification and regular expressions. We finally demonstrate that our prototype exhibits little overhead and enables effective and lightweight obfuscation for application layer protocols.

  • 41.
    Winter, Philipp
    et al.
    Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).
    Pulls, Tobias
    Karlstad University, Faculty of Economic Sciences, Communication and IT, Department of Computer Science.
    Fuss, Juergen
    Upper Austria University of Applied Sciences.
    ScrambleSuit: A Polymorphic Network Protocol to Circumvent Censorship2013Report (Other academic)
    Abstract [en]

    Deep packet inspection technology became a cornerstone of Internet censorship by facilitating cheap and effective filtering of what censors consider undesired information. Moreover, filtering is not limited to simple pattern matching but makes use of sophisticated techniques such as active probing and protocol classification to block access to popular circumvention tools such as Tor.

    In this paper, we propose ScrambleSuit; a thin protocol layer above TCP whose purpose is to obfuscate the transported application data. By using morphing techniques and a secret exchanged out-of-band, we show that ScrambleSuit can defend against active probing and other fingerprinting techniques such as protocol classification and regular expressions.

    We finally demonstrate that our prototype exhibits little overhead and enables effective and lightweight obfuscation for application layer protocols.

1 - 41 of 41
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf