RERUM provided some comments to the early version the ISO standard for the “Internet of Things Reference Architecture“ (ISO/IEC 30141), as noted in an earlier news post. To follow this up, Henrich C. Pöhls from University of Passau on behalf of RERUM went to the “inauguration” and information meeting of the German mirror-committee for the „Internet of Things“ ISO JTC 1/WG 10.
The meeting took place in Berlin on 19. Februar 2016.
Henrich C. Pöhls met Thiago Ribeiro the co-ordinator of POA#digital on his trip through Brazil. POA#digital is the coordinating and technical expert group behind Porto Alegre’s SmartCity initiative.
Mr. Thiago Ribeiro is the coordenador do POA Digital na Prefeitura Municipal de Porto Alegre and thus he is involved in all SmartCity projects of Porto Alegre. Among the technology they mentioned are roadside cameras, participatory sensing apps. For example Mr. Ribeiro mentioned a service called waze for road congestion detection also used in Porto Alegre.
Porto Alegre is the capital of the large southern Brazilian state Grande do Azul. Mr. Thiago said that Porto Alegre supports to release information again as open data. It is actively making themselves heard and it is one of the few south american cities that are part of connectedsmartcities.eu. Porto Alegre is actively taking concepts and ideas from leading SmartCities, Mr. Ribeiro mentioned San Francisco, and adept them to suit the southern environment. He explicitly mentioned the climate as a distinguishing factor, e.g. heat and moisture levels are higher than in European Cities.
“Smartcities are not the owners of the citizen-supplied data but the data guardians”
For the city wide deployed cameras Mr. Ribeiro also mentioned that Porto Alegre has a very large fiberoptical network backbone. When we discussed the topic of privacy, Thiago Ribeiro said that “POA#digital sees themselves not as owners of the citizen-supplied data but as data guardians.” Porto Alegre is taking the protection of data at their servers very seriously and the protection of data when it is on their servers is on their agenda.
“SmartCities have a clear need for protection of the integrity of the data sensed and at the same time privacy”
As example of the privacy mechanisms he explained that if security cameras are able (because of viewing angle or because of pan/tilt/zoom functionality) to monitor private spaces, e.g. the windows of a house, than the system is configured and deployed such that those areas are digitally masked from the image feed that is visible to the operator. So the camera operator cannot see into citizens’ private areas. He further explained that openly shared data, the example was health related data the city has, i.e. data that is released as open data, shall not allow identifying individual citizen’s health status. The discussion evolved further and finally centered around the mutual agreement that SmartCities have a clear need for protection of the integrity of the data sensed and at the same time privacy.
Henrich C. Pöhls from UNI PASSAU will continue to stay in contact with POA#digital.
RERUMs deliverables on privacy —soon to be released— will help to highlight RERUM’s strength. RERUM will investigate if in the future the discussion can be intensified.
We would like to thank Mr. Ribeiro and the team from POA#digital for the time and the insights into Porto Alegre — a Brazilian SmartCity.
This is a video showing the prototype implementation of the On-Device-Signatures signing JSON formatted temperature data (JSON Sensor Signatures) on a constrained device (Zolertia Z1). This way RERUM ensures seamless integrity protection for measurements from constrained sensors towards the higher levels of the IoT (gateways, middleware, databases, message queues, and applications), and vice versa.
RERUM’s 4th meeting took place at FORTH in Heraklion at the end of June and beginning of July, with a very strong attendance from all partners. The three days of the meeting were packed with very fruitful and interesting discussions!
At the end of day three the partners of RERUM connected with 2 other EU projects related with Smart Cities (MESH-WISE / SOrBet) in a joint session. The goal was to identify common areas between the three projects and possibilities for cooperation.
RERUM identified itself as able to provide the other projects with guidelines on how to build more secure and privacy preserving architectures. MESH-WISE presented itself as a promising solution for providing optimized performance in wireless mesh networking within urban areas that could possibly help RERUM in the lower layers networking solutions. SOrBet proposed to assist RERUM in the area of building automation systems and in the trials, since the SOrBet partners have an existing automation system that can be used.
In general, the three projects have identified common areas and will continue the close cooperation in the future.
He will present the paper ‘On Updatable Redactable Signatures’ authored by H. C. Pöhls and K. Samelin in a presentation on Friday 13th of June.
Henrich C. Pöhls @ ACNS 2014 in Lausanne
The paper is about so called redactable signatures, which allow removing parts from signed documents. In RERUM we gathered the state-of-the-art of malleable signature schemes and our analysis of security models revealed that the existing models do not capture the possibility that the signer can “update” signatures, i.e., add new elements. Neglecting this in the model, the models would tolerate that third parties can generate forgeries if they are given access to an update oracle. Moreover, the analysis showed that there are constructions which permit creating a signature by merging two redacted messages, if they stem from the same original. Again the short coming of previous models is that this is not explicitly described. The paper presents an adjusted definition that captures both possibilities. Moreover, the paper presents a provably secure construction in the standard model, which makes use of a novel trapdoor-accumulator.
For an up-to-date list of RERUM’s academic publications including DOI links, please visit the papers page.
Prof. Joachim Posegga from UNI PASSAU will attend the 2nd edition of the Annual Privacy Forum, jointly organized by the European Union Agency for Network and Information Security (ENISA), EC DG CONNECT and as local organizer the Systems Security Laboratory (SSL) of the University of Piraeus. The event will take place on 20thand 21st of May 2014 in Athens.
He will participate in the panel discussion on “Data Protection in the EU — risks and vulnerabilities, market and policy solution” taking place on the second day, 21st of May 2014, at 12:00. The panel discussion will discuss these risks and vulnerabilities. Furthermore, it explores market and policy solutions to the perceived lack of privacy and security of networks and devices. What is the role of research? What should companies do? standards? mandatory requirements?
RERUM sees security and in particular privacy as crucial for Europe and that it can be a competitive advantage. Hence, the technology should follow the principle of privacy by design, e.g. collecting data only if absolutely necessary. RERUM will exemplify this technical approach for the IoT.
He will give a keynote on ‘Integrity — A short tour around technical and legal definitions and the impact of integrity’ and present the joint paper of RERUM’s challenges and the overview of intended building blocks.
He will also present the paper ‘RERUM: Building a Reliable IoT upon Privacy- and Security-enabled Smart Objects’ that was written by Henrich Pöhls (University of Passau, Germany), Vangelis Angelakis (Linköping University, Sweden), Santiago Suppan, Kai Fischer (Siemens AG, Germany), George Oikonomou (University of Bristol, UK), Elias Tragos (Institute of Computer Science, FORTH, Greece), Rodrigo Diaz Rodriguez (Atos, Spain), Theodoros Mouroutis (Cyta Hellas, Greece).
Henrich C. Pöhls will present the results of his joint work with Markus Karwe from University of Freiburg on Redactable Signatures to Control the Maximum Noise for Differential Privacy in the Smart Grid.
The Smart Grid is currently developed and fundamental security requirements like integrity and origin authentication need to be addressed while minimising arising privacy issues. This paper balances the opposing goals: On one hand, we mitigate privacy issues raised by overly precise energy consumption values via data perturbation mechanisms, e.g., add noise. On the other hand the paper describes how to limit the noise’s range and keep a verifiable level of integrity of consumption values from the Smart Metering Gateway by facilitating a redactable signature.
ESSOS 2014 takes place in Munich from 26th till 28th of February 2014
These are first results that we obtained during the work in RERUM. We rigorously prove that RSSs are less expressive than SSSs: no unforgeable RSS can be transformed into an SSS. For the opposite direction we give a black-box transformation of a single SSS, with tightened security, into an RSS.
Redactable signatures (RSS) and sanitizable signatures (SSS) are among the most well studied cryptographic constructions of so called Malleable signature schemes (MSS).
Malleable signature schemes (MSS) enable a third party to alter signed data in a controlled way, maintaining a valid signature after an authorised change.
RSSs allow the removal of blocks from a signed document, while SSSs allow changing blocks to arbitrary strings.
This paper presents a method to transform a single instantiation of an SSS into an RSS. In detail, if we use one SSS instantiation, an emulation of an RSS can only be achieved, if the SSS’s security is strengthened, raising it above the existing standard. The resulting emulated RSS offers only weaker privacy guarantees. Moreover, we have argued rigorously that the opposite implication is not possible. Thus, no RSS can be transformed into an unforgeable SSS. Hence, RSSs and SSSs are indeed two different cryptographic building blocks, even if they achieve to define and delegate authorised modifications of signed messages. Currently, the number of SSSs achieving the new security requirements needed to securely emulate an RSS is still low.
For the future, we suggest to focus on implementing and standardising an SSS secure enough to emulate RSSs, to have one universal building block. In the meantime we advice to use dedicated RSS algorithms if only redactions are needed and a SSS algorithm. Of course, you are advised to check current work to ensure the cryptographic strength of the constructions.
For an up-to-date list of RERUM’s academic publications including DOI links, please visit the papers page.