Melek Önen

EURECOM · Digital Security Department

Confidence in information and communication technology services and systems is crucial for the digital society which we live in, but this confidence is not possible without privacy-enhancing tools and technologies, nor without risks management frameworks that guarantee privacy, data protection, and secure digital identities. This paper provides inf...

In this paper, we propose to study privacy concerns raised by the analysis of Electro CardioGram (ECG) data for arrhythmia classification. We propose a solution named PAC that combines the use of Neural Networks (NN) with secure two-party computation in order to enable an efficient NN prediction of arrhythmia without discovering the actual ECG data...

With the advent of big data technologies which bring better scalability and performance results, machine learning (ML) algorithms become affordable in several different applications and areas. The use of large volumes of data to obtain accurate predictions unfortunately come with a high cost in terms of privacy exposures. The underlying data are of...

In this work, we propose a study on the use of post-quantum cryptographic primitives for the Tor network in order to make it safe in a quantum world. With this aim, the underlying keying material has first been analysed. We observe that breaking the security of the algorithms/protocols that use long- and medium-term keys (usually RSA keys) have the...

This book contains selected papers presented at the 14th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School on Privacy and Identity Management, held in Windisch, Switzerland, in August 2019. The 22 full papers included in this volume were carefully reviewed and selected from 31 submissions. Also included are reviewed papers summarizi...

The expanding Internet of Things (IoT) technology offers the ease of communication with and access to multiple services for companies and individuals. However, because of the limited trustworthiness set on smart devices, as well as the ever-increasing amount of them, challenges for security and privacy protection have been growing. In this paper, w...

A powerful world connecting digital and physical environments is promised through the Internet of Things (IoT). However, because of the heterogeneous nature of devices and of the diversity of their provenance, security and privacy vulnerabilities threaten IoT-based implementations. Moreover, constrained resources from devices bring technical challe...

A recent paper showed that most Multi-User Searchable Encryption protocols do not provide any privacy without the assumption that all users can be trusted, an assumption too strong to be realistic for a MUSE system. As to the few MUSE protocols that are not affected, they all suffer from some scalability issues. We present the first MUSE protocol t...

Deep Learning has recently become very popular thanks to major advances in cloud computing technology. However, pushing Deep Learning computations to the cloud poses a risk to the privacy of the data involved. Recent solutions propose to encrypt data with Fully Homomorphic Encryption (FHE) enabling the execution of operations over encrypted data. G...

We identify a flaw in the proof of security of Garbled Bloom Filters, a recent hash structure introduced by Dong et al. (ACM CCS 2013) that is used to design Private Set Intersection (PSI) protocols, a important family of protocols for secure cloud computing. We give counter-examples invalidating a claim that is central to the original proof and we...

EVA¹ is describing a new class of emotion-aware autonomous systems delivering intelligent personal assistant functionalities. EVA requires a multi-disciplinary approach, combining a number of critical building blocks into a cybernetics systems/software architecture: emotion aware systems and algorithms, multimodal interaction design, cognitive mode...

We introduce POROS that is a new solution for proof of data reliability. In addition to the integrity of the data outsourced to a cloud storage system, proof of data reliability assures the customers that the cloud storage provider (CSP) has provisioned sufficient amounts of redundant information along with original data segments to be able to guar...

By allowing a large number of users to behave as readers or writers, Multi-User Searchable Encryption (MUSE) raises new security and performance challenges beyond the typical requirements of Symmetric Searchable Encryption (SSE). In this paper we identify two core mandatory requirements of MUSE protocols being privacy in face of users colluding wit...

Internet of Things (IoT) offers new opportunities for business, technology and science but it also raises new challenges in terms of security and privacy, mainly because of the inherent characteristics of this environment: IoT devices come from a variety of manufacturers and operators and these devices suffer from constrained resources in terms of...

Searchable Encryption (SE) allows a user to upload data to the cloud and to search it in a remote fashion while preserving the privacy of both the data and the queries. Recent research results describe attacks on SE schemes using the access pattern, denoting the ids of documents matching search queries, which most SE schemes reveal during query pro...

End-to-end security in the cloud has gained even more importance after the outbreak of data breaches and massive surveillance programs around the globe last year. While the community features a number of cloud-based security mechanisms, existing solutions either provide security at the expense of the economy of scale and cost effectiveness of the c...

This paper addresses the problem of data retrievability in cloud computing systems performing deduplication to optimize their space savings: While there exist a number of proof of retrievability (PoR) solutions that guarantee storage correctness with cryptographic means, these solutions unfortunately come at odds with the deduplication technology....

With the advent of cloud computing, individuals and companies alike are looking for opportunities to leverage cloud resources not only for storage but also for computation. Nevertheless, the reliance on the cloud to perform computation raises the unavoidable challenge of how to assure the correctness of the delegated computation. In this regard, we...

With the continuous increase of cloud storage adopters, data deduplication has become a necessity for cloud providers. By storing a unique copy of duplicate data, cloud providers greatly reduce their storage and data transfer costs. Unfortunately, deduplication introduces a number of new security challenges. We propose PerfectDedup, a novel scheme...

The widespread adoption of the cloud model for service delivery triggered several data protection issues. As a matter of fact, the proper delivery of these services typically involves sharing of personal/business data between the different parties involved in the service provisioning. In order to increase cloud consumer’s trust, there must be guara...

While the revolutionary cloud computing paradigm offers substantial benefits to businesses, recent data breaches and the lack of dedicated end-to-end security solutions refrain the rapid adoption of this technology. The TREDISEC project aims at increasing trust in cloud computing by designing new security primitives ensuring data security and user...

Existing work on secure data collection and secure aggregation is mainly focused on confidentiality issues. That is, ensuring that the untrusted Aggregator learns only the aggregation result without divulging individual data inputs. In this paper however we consider a malicious Aggregator which is not only interested in compromising users’ privacy...

While Searchable Encryption (SE) has been widely studied, adapting it to the multi-user setting whereby many users can upload secret files or documents and delegate search operations to multiple other users still remains an interesting problem. In this paper we show that the adversarial models used in existing multi-user searchable encryption solut...

With the continuous increase of the number of users and the size of their data, data deduplication becomes a necessity for cloud storage providers. By storing a unique copy of duplicate data, cloud providers greatly reduce their storage and data transfer costs. The advantages of deduplication unfortunately come with a high cost in terms of new secu...

Cloud Computing raises various security and privacy challenges due to the customers’ inherent lack of control over their outsourced data. One approach to encourage customers to take advantage of the cloud is the design of new accountability solutions which improve the degree of transparency with respect to data processing. In this paper, we focus o...

With the continuous increase of the number of users and the size of their data, data deduplication becomes a necessity for cloud storage providers. By storing a unique copy of duplicate data, cloud providers greatly reduce their storage and data transfer costs. The advantages of deduplication unfortunately come with a high cost in terms of new secu...

This paper presents StealthGuard, an efficient and provably secure proof of retrievabillity (POR) scheme. StealthGuard makes use of a privacy-preserving word search (WS) algorithm to search, as part of a POR query, for randomly-valued blocks called watchdogs that are inserted in the file before outsourcing. Thanks to the privacy-preserving features...

The 2014 Special issue of Computer Communications is dedicated to opportunistic networks (OppNets), which are an instance of the delay tolerant networking (DTN) paradigm. There are three algorithmic papers that propose and evaluate new forwarding schemes for opportunistic networks. GAR, a group-aware forwarding scheme is introduced in a paper for c...

Smart meters are widely deployed to provide fine-grained information pertaining to tenant power consumption. These data are analyzed by suppliers for more accurate statistics, energy consumption predictions and personalized billing. Indirectly this aggregation of data can reveal personal information of tenants such as number of persons in a house,...

Nowadays we are witnessing the democratization of cloud services. As a result, more and more end- users (individuals and businesses) are using these services for achieving their electronic transactions (shopping, administrative procedures, B2B transactions, etc.). In such scenarios, personal data is generally flowed between several entities and end...

Deduplication is a storage saving technique which has been adopted by many cloud storage providers such as Dropbox. The simple principle of deduplication is that duplicate data uploaded by different users are stored only once. Unfortunately, deduplication is not compatible with encryption. As a scheme that allows deduplication of encrypted data seg...

With the continuous and exponential increase of the number of users and the size of their data, data deduplication becomes more and more a necessity for cloud storage providers. By storing a unique copy of duplicate data, cloud providers greatly reduce their storage and data transfer costs. The advantages of deduplication unfortunately come with a...

Current applications tend to use personal sensitive information to achieve better quality with respect to their services. Since the third parties are not trusted the data must be protected such that individual data privacy is not compromised but at the same time operations on it would be compatible. A wide range of data analysis operations entails...

Existing privacy controls based on access control techniques do not prevent massive dissemination of private data by unauthorized users. We suggest a usage control enforcement scheme that allows users to gain control over their data during its entire lifetime. The scheme is based on a peer-to-peer architecture whereby a different set of peers is ra...

Opportunistic networks are a new and specific type of mobile peer-to-peer networks where end-to-end connectivity cannot be assumed. These networks present compelling challenges, especially from a security perspective, as interactive protocols are infeasible in such environments. In this article, we focus on the problem of key management in the fram...

Many incentive mechanisms have been proposed to foster cooperation among nodes in Peer-to-Peer (P2P) networks. Unfortunately, most of existing solutions rely on the existence of an online centralized authority that is in charge of a fair distribution and transaction of credits (incentives) between peers. Such centralized mechanisms mainly suffer fr...

The problem of usage control, which refers to the control of the data after its publication, is becoming a very challenging problem due to the exponential growth of the number of users involved in content sharing. While the best solution and unfortunately the most expensive one to cope with this particular issue would be to provide a trusted hardwa...

One of the most striking properties of the Internet is its flexibility to accommodate features it was not conceived for. Among the most significant examples, in this survey we consider the transition of the Internet from a reliable fault-tolerant network ...

The extremely widespread adoption of Online Social Networks (OSNs) raises many questions on privacy and access control. Regardless of the particular centralized or de-centralized nature of the OSN, the achievable security and privacy degree strongly depends on the graph-theoretical properties of the social graph representing the real friendship rel...

Jamming attacks can severely affect the performance of wireless networks due to the broadcast nature. The most reliable solution to reduce the impact of such attacks is to detect and localize the jammer. In this paper, we propose our research into participatory sensing based scheme, named as CrowdLoc, for the collection of measurements to collabora...

Jamming attacks can severely affect the performance of Wireless Sensor Networks (WSNs) due to their broadcast nature. The most reliable solution to reduce the impact of such attacks is to detect and localize the source of the attack. In this paper, we investigate the feasibility of localizing an omni-antenna jammer. We propose Catch the Jammer (CJ)...

Private matching solutions allow two parties to find common data elements over their own datasets without revealing any additional private information. We propose a new concept involving an intermediate entity in the private matching process: we consider the problem of broker-based private matching where end-entities do not interact with each other...

Online Social Network (OSN) applications and services such as picture sharing, wall posting, and the like, nowadays have a strong impact on the way users interact with each other. Catering for a broad range of users of all ages, and a vast difference in social, educational, and national background, these applications and services allow even users w...

We present PRISM, a privacy-preserving scheme for word search in cloud computing. In the face of a curious cloud provider, the main challenge is to design a scheme that achieves privacy while preserving the efficiency of cloud computing. Solutions from related research, like encrypted keyword search or Private Information Retrieval (PIR), fall shor...

Autonomic and opportunistic communications require specific routing algorithms, like replication-based algorithms or context-based forwarding. In addition to confidentiality, privacy is a major concern for protocols which disseminate the context of their destination. In this paper, we focus on the confidentiality and privacy issue inherent to conte...

Key management in opportunistic networks is a challenging problem that cannot be solved with existing solutions. In this paper, we analyze the requirements of key management in the framework of opportunistic networks and content-based forwarding. We then present a specific key management scheme that enables the bootstrapping of local, topology-depe...

P2P data storage requires strong reliability and security assurances. Existing data storage solutions have been designed for centralized as well as distributed settings; yet they do not address the security and cooperation issues raised by self-organization. P2P systems also introduce new needs regarding data availability due to the dynamicity of t...

It is our distinct pleasure to present the proceedings of the 2nd International Workshop on Security and Social Networking (SESOC'10).

Autonomic and opportunistic communications require specific routing algorithms, like replication-based algorithms or context-based forwarding. Privacy is a major concern for protocols which disseminate the context of their destination. In this paper, we focus on the privacy issue inherent to context-based protocols, in the framework of an original...

In this paper, we present security primitives required to achieve privacy in content-based opportunistic networks. We define three privacy models adapted to content-based networking and detail what are the requirements that the security primitives have to achieve in order to fit in each of these models. We also propose an original approach based on...

Privacy and confidentiality are crucial issues in content-based publish/subscribe (CBPS) networks. We tackle the problem of end-user privacy in CBPS. This problem raises a challenging requirement for handling encrypted data for the purpose of routing based on protected content and encrypted subscription information. We suggest a solution based on a...

Several cooperation enforcement schemes based on rewarding mechanisms such as electronic cash or online credits have lately been proposed to prevent selfish behavior in ad-hoc networks. However, these schemes suffer from the lack of fairness guarantees or the reliance on costly mechanisms such as tamper- proof hardware or the requirement for truste...

Data aggregation has been put forward as an essential technique to achieve power efficiency in sensor networks. Data aggregation consists of processing data collected by source nodes at each intermediate node enroute to the sink in order to reduce redundancy and minimize bandwidth usage. The deployment of sensor networks in hostile environments cal...

Most of the actual group rekeying solutions only deal with security and scalability issues and are severely lacking with respect to reliability and customer satisfaction. We suggested a reliable group rekeying protocol whereby the key server first partitions members with respect to their membership duration and offers a strongly reliable delivery f...

Les communications multipoints permettent à une source de distribuer des données à un groupe de récepteurs de façon optimale. Les réseaux satellitaires offrent des avantages considérables pour ces communications. Cependant, les applications multicast présentent des besoins forts en terme de sécurité, notamment pour la confidentialité, l'authentific...

Les communications multipoints permettent à une source de distribuer des données à un groupe de récepteurs de façon optimale. Les réseaux satellitaires offrent des avantages considérables pour ces communications. Cependant, les applications multicast présentent des besoins forts en terme de sécurité, notamment pour la confidentialité, l'authentific...

In secure multiparty communications, several solutions have been proposed to deal with group rekeying. However, most of existing solutions including the most efficient ones still are severely lacking with respect to reliability and real customer expectations. Since in these solutions, each rekeying operation requires the update of the keying materi...

Networks integrating satellite shared access, such as DVB-S/RCS, are particularly exposed to denial of service (DoS) attacks through which a satellite terminal can maliciously use the Network Control Center (NCC) resources by submitting a high number of bogus requests. Anti-clogging techniques used in terrestrial mesh networks to thwart DoS attacks...

Even though group rekeying is one of the most visited areas in network security, solutions still are severely lacking with respect to reliability and real customer expectations. We first classify secure multicast applications with regard to these expectations and suggest a new approach that defines different recipient categories based on their "loy...