Multilaterally secure pervasive cooperation

Abstract

People tend to interact and communicate with others throughout their life. In the age of pervasive computing, information and communication technology (ICT) that is no longer bound to desktop computers enables digital cooperations in everyday life and work in an unprecedented manner. However, the privacy and IT security issues inherent in pervasive computing are often associated with negative consequences for the users and the (information) society as a whole. Addressing this challenge, this thesis demonstrates that carefully devised protection mechanisms can become enablers for multilaterally acceptable and trustworthy digital interactions and cooperations. It contributes to the design of multilaterally secure cooperative pervasive systems by taking a scenario-oriented approach. Within our reference scenario of ICT-supported emergency response, we derive the following scientific research questions. Firstly, we investigate how to enable real-world auditing in pervasive location tracking systems, while striking a balance between privacy protection and accountability. Secondly, we aim to support communication between a sender and mobile receivers that are unknown by identity, while end-to-end security is enforced. The required concepts and mechanisms define the scope of what we denote as multilaterally secure pervasive cooperation. We take a novel integrated approach and provide the supporting security techniques and mechanisms. The main contributions of this thesis are (i) pseudonyms with implicit attributes, which is an approach to multilevel linkable transaction pseudonyms that is based on a combination of threshold encryption techniques, secure multiparty computation and cryptographically secure pseudo-random number generators, (ii) multilaterally secure location-based auditing, a novel consideration of auditing mechanisms in the context of real-world actions that reconciles privacy protection and accountability while proposing location traces as evidence, (iii) a hybrid encryption technique for expressive policies, which allows encrypting under policies that include a continuous dynamic attribute, leveraging an efficient combination of ciphertext-policy attribute-based encryption, location-based encryption and symmetric encryption concepts, and (iv) end-to-end secure attribute-based messaging, a communication mechanism for end-to-end confidential messaging with receivers unknown by identity that is suitable also for resource constrained mobile devices. Harnessing these buildings blocks, we present an integrated architecture that supports location-aware first response. We therein consider location as the central integrating concept for pervasive cooperations. Both communication during incident handling as well as ex-post auditing are conceived as being location-based. Our research draws from experiences with potential real users (first responders and emergency decision makers) and from an interdisciplinary study. We contribute results derived from simulated court cases, indicating the trustworthiness and practicality of our proposal. Experiments conducted with prototype systems support the claim that our concepts are suitable for resource-constrained devices. In a theoretical analysis, we show that our security requirements are fulfilled. Our proposals have multiple further applications, e.g. to pseudonym-based access control.