Projects

Jobs

Contact

Secure Distributed Human Compuation

This paper is a preliminary exploration of secure distributed human computation. We consider the general paradigm of using large-scale distributed computation to solve difficult problems, but where humans can act as agents and provide candidate solutions. We are especially motivated by problem classes that appear to be difficult for computers to solve efectively, but are easier for humans; e.g., image analysis, speech recognition, and natural language processing. This paradigm already seems to be employed in several real-world scenarios, but we are unaware of any formal and united at tempt to study it. Nonetheless, this concept spawns interesting research questions in cryptography, algorithm design, human computer interfaces, and programming language / API design, among other fields. There are also interesting implications for Internet commerce and the B24b model. We describe this research area and suggest a basic framework for the design of such systems. We analyze security and reliability against malicious parties using standard probability theory tools. We then derive design principles using standard decision-theory concepts. Finally, we list various extensions and open problems.

• Craig Gentry, Zulfikar Ramzan, and Stuart Stubblebine, Secure Distributed Human Computation, ACM Electronic Commerce 2005, Vancouver, Canada, June, 2005. (paper: pdf).

Countering Identity Theft through Digital Uniqueness, Location Cross-Checking, and Funneling

One of today’s fastest growing crimes is identity theft – the unauthorized use and exploitation of another individual’s identity corroborating information. It is exacerbated by the availability of personal information on the Internet. Published research proposing technical solutions is sparse. In this paper, we identify some underlying problems facilitating identity theft. To address the problem of identity theft and the use of stolen or forged credentials, we propose an authentication architecture and system combining a physical location cross-check, a method for assuring uniqueness of location claims, and a centralized verification process. We suggest that this system merits consideration for practical use, and hope it serves to stimulate within the security research community, further discussion of technical solutions to the problem of identity theft.

• Countering Identity Theft through Digital Uniqueness, Location Cross-Checking, and Funneling, P.C. van Oorschot and Stuart Stubblebine. Financial Cryptography and Data Security 2005, Springer Verlag LNCS series, February 2005. (paper: pdf).

Privacy and Location Based Services

There are a variety of well-known models for access control developed for purposes like formally modeling the access rights on file, databases, and web resources. However, the existing models provide an inadequate representation of a number of concepts that are important when modeling privacy rights in distributed systems. We present an analog of the access control matrix designed to model such concepts. Our formalism, which we call a privacy system, empashizes the management of data and actions that affect the privacy of subjects. We motivate privacy systems, describe them mathematically, and illustrate their value in an architecture based on Personal Digital Rights Management (PDRM), which uses DRM concepts as a foundation for the specification and negotiation of privacy rights. This illustration is carried out throuh a case study of a privacy-respecting system for location based services. Our prototype, which we call AdLoc, manages advertising interupts on PDAs based on their location as determined by WiFi sightings in accordance with contracts written in the DRM language XrML.

• A Formal Privacy System and its Application to Location based Services. In 4th Workshop on Privacy Enhancing Technologies, with Carl A. Gunter, and Michael May, Springer-Verlag LNCS series, May 2004. (paper: pdf).

On Securing Distributed Computing with Payout

The growth of widespread distributed computing with financial incentives for participants is hampered by the absence of a security framework to verify the correctness of the computation. This paper defines such a framework with two security goals: preventing participants motivated by financial gain from claiming credit for work they have not done, and defending the computation against malicious participants who want to disrupt it regardless of the cost. We achieve these two goals by integrating an algorithm to assign tasks to participants, an algorithm to verify their work, and an algorithm to pay participants. Our first scheme is secure against cheating motivated by financial gain. It is also computationally efficient, fair to the participants, and flexible enough to accomodate participants with varying computational resources. A stronger scheme defends against adversaries intent on disrupting the computation at any cost.

• Philippe Golle and Stuart Stubblebine, Distributed computing with payout: task assignment for financial- and strong- security, Financial Cryptography 2001, LNCS Series, Springer-Verlag, February, 2001. (paper: pdf).

Some of our more recent ongoing work includes: removing the degree of trust in the third party, and maintaining privacy of the problem set.

Person-2-Person Ecommerce

Is a central marketplace needed to sell/trade your used CDs/DVDs? What technical issues need to be addressed for a fully distributed person-2-person ecommerce marketplace? An early workshop paper touching on these issues follows.

• Prem Devanbu, Stuart Stubblebine, and Michael Uschold. The Next Revolution: Free, Full, Open Person-2-Person (P2P) E-commerce, TWIST 2000 Conference, July 2000. (paper: pdf).

Authentic Attributes with Fine-Grained Anonymity Protection

Collecting accurate profile information and protecting an individual's privacy are ordinarily viewed as being at odds. This paper presents mechanisms that protect individual privacy while presenting accurate---indeed authenticated---profile information to servers and merchants. In particular, we give a pseudonym registration scheme and system that enforces unique user registration while separating trust required of registrars, issuers, and validators. This scheme enables the issuance of global unique pseudonyms (GUPs) and attributes enabling practical applications such as authentication of accurate attributes and enforcement of ``one-to-a-customer'' properties. We also present a scheme resilient to even pseudonymous profiling yet preserving the ability of merchants to authenticate the accuracy of information. It is the first mechanism of which the authors are aware to guarantee recent validity for group signatures, and more generally multi-group signatures, thus effectively enabling revocation of all or some of the multi-group certificates held by a principal.

• S. Stubblebine, and P. Syverson. Authentic Attributes with Fine-Grained Anonymity Protection, Financial Cryptography 2000, LNCS Series, Springer-Verlag, 2000. (paper in pdf).

Fair On-line Auctions Without Special Trusted Parties

Traditional face-to-face (English) auctions rely on the auctioneer to fairly interact with bidders to accept the highest bid on behalf of the seller. On-line auctions also require fair negotiation. However, unlike face-to-face auctions, on-line auctions are inherently subject to attacks because the bidders and auctioneer are not copresent. These attacks include selectively blocking bids based on the bidder and amount and selectively closing the auction after a particular bid is received. This paper, we present an on-line English auction in which bids are processed fairly and the auction closes fairly without specialized trusted parties. In particular, there is no need to trust the auctioneer to obtain a fair outcome to the auction.

• S. Stubblebine, and P. Syverson. Fair On-line Auctions Without Special Trusted Parties, Financial Cryptography 1999, LNCS Vol. 1648, Springer-Verlag, 1999. (paper: pdf).

Publicly Verifiable Lotteries: Applications of Delaying Functions

This paper uses delaying functions, functions that require significant calculation time, in the development of a one-pass lottery scheme in which winners are chosen fairly using only internal information. Since all this information may be published (even before the lottery closes), anyone can do the calculation and therefore verify that the winner was chosen correctly. Since the calculation uses a delaying function, ticket purchasers cannot take advantage of this information. Fraud on the part of the lottery agent is detectable and no single ticket purchaser needs to be trusted. A coalition of purchasers attempting to control the winning ticket calculation are either unsuccessful or are detected. The scheme can be made resistant to coalitions of arbitrary size. Since we assume that coalitions of larger size are harder to assemble, the probability that the lottery is fair can be made arbitrarily high. The paper defines delaying functions, contrasts them with pricing functions, and describes how they may be also used for the secure pre-publication of press releases.

• D. Goldschlag and S. Stubblebine. Publicly Verifiable Lotteries: Applications of Delaying Functions, Financial Cryptography 1998, LNCS Vol. 1465, Springer-Verlag, 1998. (paper in pdf).

Serial Unlinkable Transactions

This work describes a protocol for unlinkable serial transactions suitable for a variety of network-based subscription services. The protocol prevents the service from tracking the behavior of its customers while protecting the service vendor from abuse due to simultaneous or cloned usage from a single subscription. We present variants of the protocol supporting pay-per-use transactions within a subscription. We describe other applications including third-party subscription management, multivendor package sales, proof of group membership, and voter registration.

• S. Stubblebine, P. Syverson, and D. Goldschlag. Unlinkable Serial Transactions: Protocols and Applications, In ACM Transactions on Information and System Security, Vol. 2, No. 4, Nov.1999. (paper in pdf)

• P. Syverson, S. Stubblebine, and D. Goldschlag. Unlinkable Serial Transactions, Financial Cryptography 1997, LNCS Vol. 1318, Springer-Verlag, 1997. (paper in pdf).