Daniel Bosk: Privacy to the People

 One of the pillars of democracy is the ability to voice an opinion. However, it is not hard to find numerous examples where someone with power represses others and people cannot express their opinions without severe consequences.  In this talk we will cover two mechanisms that can be useful in this context: one for deniable text-messaging and another for privacy-preserving access control.

For the first, imagine Alice and Bob having an online (encrypted) conversation where they discuss the ruling regime in a negative way.  The national intelligence agency records everything sent by anyone and when.  An agent, Eve, suspects the topic of Alice and Bob's conversation is political and asks Alice for the key so Eve can decrypt and check. Alice wants to produce a key which decrypts the conversation to a benign topic.  We developed a scheme which allows Alice and Bob to do this. It is based on the One-Time Pad, so Alice and Bob need a lot of key-material.  They can exchange this using the NFC-capability of their smartphones.  We formally prove that this scheme provides deniable yet authenticated encryption, that it is secure against replay and out-of-order attacks, and that Eve cannot distinguish whether Alice is lying or not with more than a negligible advantage.

For the privacy-preserving access control, imagine a distributed storage system which Alice and Bob use to store their social media data.  Eve can read all ciphertexts stored in this system.  Now Alice and Bob want to hide the meta-data: for whom certain data is encrypted, if they access it etc., so that Eve cannot target specific individuals.  Our approach is to use Anonymous Broadcast Encryption.  There are several possibilities for the construction, we explore the limits and trade-offs of these approaches.

After summarizing the work done for the two mechanisms above, I will outline possible future research directions and prioritize them to outline my thesis work.