% IMPORTANT: The following is UTF-8 encoded. This means that in the presence
% of non-ASCII characters, it will not work with BibTeX 0.99 or older.
% Instead, you should use an up-to-date BibTeX implementation like “bibtex8” or
% “biber”.
@PHDTHESIS{Ziegeldorf:722141,
author = {Ziegeldorf, Jan Henrik},
othercontributors = {Wehrle, Klaus and Scheuermann, Björn},
title = {{D}esigning digital services with cryptographic guarantees
for data security and privacy},
volume = {16},
school = {RWTH Aachen University},
type = {Dissertation},
address = {Aachen},
publisher = {Shaker},
reportid = {RWTH-2018-223431},
isbn = {978-3-8440-5837-6},
series = {Reports on Communications and Distributed Systems},
pages = {1 Online-Ressource (276 Seiten) : Illustrationen},
year = {2017},
note = {Veröffentlicht auf dem Publikationsserver der RWTH Aachen
University 2018; Dissertation, RWTH Aachen University, 2017},
abstract = {In the past two decades, tremendously successful digital
services have been built that collect, process, and monetize
massive amounts of personal user data, up to the point where
data is proclaimed the oil of the 21st century. Along come
serious threats to data security and privacy that
significantly increase the demand for effective protection,
e.g., as manifested in the growth of encrypted Internet
traffic. Communication security protocols, however, protect
data against external attackers and do not address the root
cause of almost all privacy threats, the need to share
sensitive data with third parties. These third parties may
illicitly process data beyond its original purpose of
collection or be hacked and forced to provide data access.
Countering these threats requires the development of Privacy
Enhancing Technologies that complement or replace
traditional communication security protocols. We identify
Secure Multiparty Computation (SMC) as a rigorous approach
not only to provide data security and privacy protection,
but even to reconcile privacy interests with seemingly
adverse public and business interests. However, the
potential of SMC is foremost on the theoretical level - it
is often dismissed for being too inefficient and
impedimentary for real-world applications. This thesis
bridges the gap between the theoretical strength of SMC and
the feeble realization of its potential in practice. To this
end, we conduct a qualitative and quantitative analysis of
SMC frameworks and abstract three research challenges: i)
Extending the functionality and ii) increasing the
efficiency of SMC as well as iii) customizing it to
challenged environments. We choose a use case-driven
research methodology to address these questions, which
allows us to motivate and validate all our contributions in
practice. First, we motivate the problem of financial
privacy in cryptocurrencies and propose decentralized mixing
as a solution. We recognize the advantages of securing
mixing operations with SMC and contribute secure protocols
to technically realize our novel approach. As a result, our
mixing system achieves stronger security and privacy
guarantees than prior works while remaining highly scalable
and fully compatible with the prevalent designs of
decentralized cryptocurrencies such as Bitcoin. Second, we
propose efficient SMC designs for different classification
algorithms to address data security and privacy issues in
pattern recognition and machine learning. The evaluation of
our classifiers shows that they are secure, accurate, and
outperform the state of the art. We demonstrate three
real-world use cases that prove applicability of our
classifiers but also motivate their deployment in challenged
environments. Thus, we present two additional approaches,
bandwidth optimizations and secure outsourcing, to bring our
secure classifiers to these scenarios. Finally, we
investigate secure outsourcing as a general strategy to
customize SMC to challenged deployment and operation
scenarios by the example of computing set intersections, a
universal building block in many real-world applications and
a well studied SMC problem. We present efficient schemes
with negligible overheads for the outsourcers and
demonstrate their applicability in two comprehensive case
studies, privacy-preserving crowd-sensing and genetic
disease testing in the cloud. In summary, the contributions
made in this thesis widen the technical solution space for
practical data security and privacy protection in
data-driven digital services.},
cin = {121710 / 120000},
ddc = {004},
cid = {$I:(DE-82)121710_20140620$ / $I:(DE-82)120000_20140620$},
typ = {PUB:(DE-HGF)11 / PUB:(DE-HGF)3},
doi = {10.18154/RWTH-2018-223431},
url = {https://publications.rwth-aachen.de/record/722141},
}
Gast ::