Papers by Emiliano De Cristofaro
Web Services technology provides software developers with a wide range of tools and models to pro... more Web Services technology provides software developers with a wide range of tools and models to produce innovative distributed appli- cations. After the initial diusion of the standard technology the atten- tion of the developers has focused on the ways to secure the information flows between clients and service providers. For this purpose several stan- dards have been proposed and adopted.
In this paper we consider the problem of securely outsourcing computation on private data. We pre... more In this paper we consider the problem of securely outsourcing computation on private data. We present a protocol for securely distributing the computation of the data structures used by current implementations of the Certified Information Access primitive. To this aim, we introduce the concept of a Verifiable Deterministic Envelope that may be of independent interest and of which we provide
The constantly increasing dependence on anytime-anywhere availability of data and the commensurat... more The constantly increasing dependence on anytime-anywhere availability of data and the commensurately increasing fear of losing privacy motivate the need for privacy-preserving techniques. One inter- esting and common problem occurs when two parties need to privately compute an intersection of their respective sets of data. In doing so, one or both parties must obtain the intersection (if one exists), while
Secure genomic testing with size- and position-hiding private substring matching
Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society - WPES '13, 2013
ABSTRACT Recent progress in genomics and bioinformatics is bringing complete and on-demand sequen... more ABSTRACT Recent progress in genomics and bioinformatics is bringing complete and on-demand sequencing of human (and other) genomes closer and closer to reality. Despite exciting new opportunities, affordable and ubiquitous genome sequencing prompts some serious privacy and ethical concerns, owing to extreme sensitivity and uniqueness of genomic information. At the same time, new medical applications, such as personalized medicine, require testing genomes for specific markers that themselves represent sensitive (e.g., proprietary) material. This paper focuses on privacy challenges posed by such genetic tests. It presents a secure and efficient protocol called: Size- and Position-Hiding Private Substring Match- ing (SPH-PSM). This protocol allows two parties -- one with a digitized genome and the other with a set of DNA markers -- to conduct a test, such that the result is only learned by the former, and no other information is learned by either party. In particular, the genome owner does not even learn the size or the position of the markers, which makes SPH-PSM the first of its kind. Finally, we report on a prototype of the proposed technique which attests to its practicality.
Lecture Notes in Computer Science, 2007
Over the last years, research efforts have led the way to embed computation into the environment.... more Over the last years, research efforts have led the way to embed computation into the environment. Much attention is drawn to technologies supporting dynamicity and mobility over small devices which can follow the user anytime, anywhere. The Bluetooth standard particularly fits this idea, by providing a versatile and flexible wireless network technology with low power consumption. In this paper, we describe an implementation of a novel framework named JXBT (JXME over Bluetooth), which allows the JXME infrastructure to use Bluetooth as the communication channel. By exploiting the JXME functionalities we can overcome Bluetooth limitations, such as the maximum number of interconnectable devices (7 according to the Bluetooth standard) and the maximum transmission range (10 or 100 meters depending on the version). To test the lightness of JXBT, we designed and evaluated BlueIRC, an application running on top of JXBT. This application enables the set up of a chat among Bluetooth-enabled mobile devices, without requiring them to be within transmission range.
Lecture Notes in Computer Science, 2010
Private Set Intersection (PSI) protocols allow one party ("client") to compute an intersection of... more Private Set Intersection (PSI) protocols allow one party ("client") to compute an intersection of its input set with that of another party ("server"), such that the client learns nothing other than the set intersection and the server learns nothing beyond client input size. Prior work yielded a range of PSI protocols secure under different cryptographic assumptions. Protocols operating in the semi-honest model offer better (linear) complexity while those in the malicious model are often significantly more costly. In this paper, we construct PSI and Authorized PSI (APSI) protocols secure in the malicious model under standard cryptographic assumptions, with both linear communication and computational complexities. To the best of our knowledge, our APSI is the first solution to do so. Finally, we show that our linear PSI is appreciably more efficient than the state-of-the-art. * An earlier version of this paper appears in the Proceedings of Asiacrypt 2010.
2007 Second International Conference on Systems and Networks Communications (ICSNC 2007), 2007
Over the last years, a call for embedding computation into the environment has been arisen. This ... more Over the last years, a call for embedding computation into the environment has been arisen. This philosophy has been often referred to as pervasive or ubiquitous computing, to remark the aim to a dense and widespread interaction among computing devices. User intervention and awareness are discarded, in opposition to an automatic adaptation of applications to location and context. To this aim, much attention is drawn to technologies supporting dynamicity and mobility over small devices which can follow the user anytime, anywhere.
METHOD AND APPARATUS FOR PERFORMING DISTRIBUTED PRIVACY-PRESERVING COMPUTATIONS ON USER LOCATIONS
http://www.freepatentsonline.com/y2014/0372753.html
Lecture Notes in Computer Science, 2010
Increasing dependence on anytime-anywhere availability of data and the commensurately increasing ... more Increasing dependence on anytime-anywhere availability of data and the commensurately increasing fear of losing privacy motivate the need for privacy-preserving techniques. One interesting and common problem occurs when two parties need to privately compute an intersection of their respective sets of data. In doing so, one or both parties must obtain the intersection (if one exists), while neither should learn anything about other set. Although prior work has yielded a number of effective and elegant Private Set Intersection (PSI) techniques, the quest for efficiency is still underway. This paper explores some PSI variations and constructs several secure protocols that are appreciably more efficient than the state-of-the-art.
Lecture Notes in Computer Science, 2011
The need for controlled (privacy-preserving) sharing of sensitive information occurs in many diff... more The need for controlled (privacy-preserving) sharing of sensitive information occurs in many different and realistic everyday scenarios, ranging from national security to social networking. A typical setting involves two parties: one seeks information from the other without revealing the interest while the latter is either willing, or compelled, to share only the requested information. This poses two challenges: (1) how to enable this type of sharing such that parties learn no information beyond what they are entitled to, and (2) how to do so efficiently, in real-world practical terms. This paper explores the notion of Privacy-Preserving Sharing of Sensitive Information (PPSSI), and provides two concrete and efficient instantiations, modeled in the context of simple database querying. Proposed techniques function as a privacy shield to protect parties from disclosing more than the required minimum of their respective sensitive information. PPSSI deployment prompts several challenges, that are addressed in this paper. Extensive experimental results attest to the practicality of attained privacy features and show that they incur quite low overhead (e.g., 10% slower than standard MySQL). * A preliminary version of this paper appears in the Proceedings of the 4th International Conference on Trust and Trustworthy Computing (TRUST'11). This is the full version.
Proceedings of the second ACM conference on Wireless network security - WiSec '09, 2009
This work introduces FAIR, a novel framework for Fuzzy-based Aggregation providing In-network Res... more This work introduces FAIR, a novel framework for Fuzzy-based Aggregation providing In-network Resilience for Wireless Sensor Networks. FAIR addresses the possibility of malicious aggregator nodes manipulating data. It provides data-integrity based on a trust level of the WSN response and it tolerates link or node failures. Compared to available solutions, it offers a general aggregation model and makes the trust level visible to the querier. We classify the proposed approach as complementary to protocols ensuring resilience against sensor leaf nodes providing faulty data. Thanks to our flexible resilient framework and due to the use of Fuzzy Inference Schemes, we achieve promising results within a short design cycle. * This paper is an extended version of the paper appeared in the 2nd ACM Conference on Wireless Network Security (WiSec'09).
Proceedings of the ACM international workshop on Performance monitoring, measurement, and evaluation of heterogeneous wireless and wired networks - PM2HW2N '06, 2006
Mobile devices should allow users to exploit services anytime, without any place restriction and ... more Mobile devices should allow users to exploit services anytime, without any place restriction and in a transparent way. The Bluetooth technology achieves this feature, by providing services at a low cost and with a low power consumption. In a few years, most of the devices accessing the web services will be mobile. In this paper, we evaluate performance of a framework allowing a Java application programmer to directly interface Web Services from a mobile device using a Bluetooth connection. Our work focuses on enhancing Web Services' range of action, presenting a proof of concept of how Web Services-based application can use Bluetooth technology as communication channel. Furthermore, our work is also dedicated to allow the framework to use all the different settings and connection modalities provided by Bluetooth technology. This paper evaluates the usability and efficiency of the framework in a real scenario using mobile devices with limited resources.
A Lightweight Framework forWeb Services Invocation over Bluetooth
2006 IEEE International Conference on Web Services (ICWS'06), 2006
We present an experiment relative to the use of Bluetooth wireless technology to provide network ... more We present an experiment relative to the use of Bluetooth wireless technology to provide network support for midlet applications accessing Web services. We refer to the most common architecture used to invoke Web services, where a client and a server exchange SOAP messages using HTTP as the transport protocol. To the best of our knowledge, there is no implemented support for executing a HTTP POST operation over a Bluetooth channel. Therefore, to guarantee the independence of the application from the type of communication channel used, in this paper, we deal with the problem of designing a framework allowing a Java application programmer to directly interface Web services from a mobile device using a Bluetooth connection. This paper presents a proof of concept of how Bluetooth technology can be used to design, develop, and deploy Web services-based applications. According to our experiments, programming interfaces like Blue Cove and kSOAP, despite being still under development, are mature enough to be used as the underlying technologies for Web services invocation over Bluetooth in a real world application
2012 IEEE Symposium on Security and Privacy, 2012
In the last several years, micro-blogging Online Social Networks (OSNs), such as Twitter, have ta... more In the last several years, micro-blogging Online Social Networks (OSNs), such as Twitter, have taken the world by storm, now boasting over 100 million subscribers. As an unparalleled stage for an enormous audience, they offer fast and reliable centralized diffusion of pithy tweets to great multitudes of information-hungry and always-connected followers. At the same time, this information gathering and dissemination paradigm prompts some important privacy concerns about relationships between tweeters, followers and interests of the latter.
2009 Proceedings of 18th International Conference on Computer Communications and Networks, 2009
Wireless Sensor Networks (WSNs) provide sensing and monitoring services by means of many tiny aut... more Wireless Sensor Networks (WSNs) provide sensing and monitoring services by means of many tiny autonomous devices equipped with wireless radio transceivers.
Increasing Privacy Threats in the Cyberspace: The Case of Italian E-Passports
Lecture Notes in Computer Science, 2010
The recent introduction of electronic passports (e-Passports) motivates the need of a thorough in... more The recent introduction of electronic passports (e-Passports) motivates the need of a thorough investigation on potential security and privacy issues. In this paper, we focus on the e-Passport implementation adopted in Italy. Leveraging previous attacks to e-Passports adopted in other countries, we analyze (in)security of Italian e-Passports and we investigate additional critical issues. Our work makes several contributions. 1 We
Lecture Notes in Computer Science, 2008
In this paper we consider the problem of securely outsourcing computation on private data. We pre... more In this paper we consider the problem of securely outsourcing computation on private data. We present a protocol for securely distributing the computation of the data structures used by current implementations of the Certified Information Access primitive. To this aim, we introduce the concept of a Verifiable Deterministic Envelope -that may be of independent interest -and we provide practical implementations, based on standard cryptographic assumptions.
2008 Sixth European Conference on Web Services, 2008
In this paper, we present a framework providing integrity and authentication for secure workflow ... more In this paper, we present a framework providing integrity and authentication for secure workflow computation based on BPEL Web Service orchestration. We address a recent cryptographic tool, aggregate signatures, to validate the orchestration by requiring all partners to sign the result of computation. Security operations are performed during the orchestration and require no change in the services implementation.
Proceedings of the 18th ACM conference on Computer and communications security - CCS '11, 2011
Recent advances in DNA sequencing technologies have put ubiquitous availability of fully sequence... more Recent advances in DNA sequencing technologies have put ubiquitous availability of fully sequenced human genomes within reach. It is no longer hard to imagine the day when everyone will have the means to obtain and store one's own DNA sequence. Widespread and affordable availability of fully sequenced genomes immediately opens up important opportunities in a number of health-related fields. In particular, common genomic applications and tests performed in vitro today will soon be conducted computationally, using digitized genomes. New applications will be developed as genome-enabled medicine becomes increasingly preventive and personalized. However, this progress also prompts significant privacy challenges associated with potential loss, theft, or misuse of genomic data. In this paper, we begin to address genomic privacy by focusing on three important applications: Paternity Tests, Personalized Medicine, and Genetic Compatibility Tests. After carefully analyzing these applications and their privacy requirements, we propose a set of efficient techniques based on private set operations. This allows us to implement in in silico some operations that are currently performed via in vitro methods, in a secure fashion. Experimental results demonstrate that proposed techniques are both feasible and practical today.
Lecture Notes in Computer Science, 2011
Modern society is increasingly dependent on, and fearful of, the availability of electronic infor... more Modern society is increasingly dependent on, and fearful of, the availability of electronic information. There are numerous examples of situations where sensitive data must be -sometimes reluctantlyshared between two or more entities without mutual trust. As often happens, the research community has foreseen the need for mechanisms to enable limited (privacy-preserving) sharing of sensitive information and a number of effective solutions have been proposed. Among them, Private Set Intersection (PSI) techniques are particularly appealing for scenarios where two parties wish to compute an intersection of their respective sets of items without revealing to each other any other information. Thus far, "any other information" has been interpreted to mean any information about items not in the intersection.
Uploads
Papers by Emiliano De Cristofaro