This book constitutes the revised selected post conference proceedings of the 15th International Workshop on Data Privacy Management, DPM 2020, and the 4th International Workshop on Cryptocurrencies and Blockchain Technology, CBT 2020, held in conjunction with the 25th European Symposium on Research in Computer Security, ESORICS 2020, held in Guildford, UK in September 2020.For the CBT Workshop 8 full and 4 short papers were accepted out of 24 submissions. The selected papers are organized in the following topical headings: Transactions, Mining, Second Layer
and Inter-bank Payments. The DPM Workshop received 38 submissions from which 12 full and 5 short papers were selected for presentation. The papers focus on Second Layer, Signature Schemes, Formal Methods, Privacy, SNARKs and Anonymity.
Author(s): Joaquin Garcia-Alfaro (editor), Guillermo Navarro-Arribas (editor), Jordi Herrera-Joancomarti (editor)
Series: Lecture Notes in Computer Science; 12484
Publisher: Springer
Year: 2020
Language: English
Pages: 476
Foreword from the DPM 2020 Program Chairs
DPM 2020 Organization
Foreword from the CBT 2020 Program Chairs
CBT 2020 Organization
Contents
DPM Workshop: Fairness, Differential Privacy and Scalability
Fairness-Aware Privacy-Preserving Record Linkage
1 Introduction
2 Preliminaries
3 Fairness Metrics
4 Reducing Fairness-Bias in PPRL
4.1 Reductions-Based Fairness-Aware Classification Method
4.2 Efficiency Aspects
4.3 Privacy Aspects
5 Experimental Evaluation
6 Conclusion and Future Work
References
Differentially Private Profiling of Anonymized Customer Purchase Records
1 Introduction
2 Preliminary
3 Privacy of Aggregated Purchase Records
3.1 Purchase Records
3.2 Customer Profiling
3.3 Adversary
4 Quantifying Privacy
4.1 Profile Probability
4.2 Differential Privacy of Profiling
4.3 Anonymization Models
5 Theoretical Analysis
5.1 Privacy of Anonymizations
5.2 Utility of Anonymizations
5.3 Summary
6 Conclusions
References
P-Signature-Based Blocking to Improve the Scalability of Privacy-Preserving Record Linkage
1 Introduction
2 Preliminaries
3 Methodology
3.1 Local Blocking Evaluation Framework
3.2 Complexity Analysis
3.3 Privacy Analysis
4 Experimental Evaluation
4.1 Discussion
5 Related Work
6 Conclusion
References
DPM Workshop: Utility, Diversity and Leakage Resistance
Utility Promises of Self-Organising Maps in Privacy Preserving Data Mining
1 Introduction
2 A Review of PPDM
3 Self-Organising Map
4 Adult Dataset
5 Proposed Strategy
6 Methodology
7 Experiments
8 Conclusion
References
Multi-criteria Optimization Using l-diversity and t-closeness for k-anonymization
1 Introduction
2 Related Work
3 k-anonymity Optimization
3.1 The Generalization Technique
3.2 Definition of an Information Loss Metric
3.3 Comparison of Information Loss Metrics
3.4 Expression of NLLM
4 l-diversity and t-closeness as Privacy Quality Measurement
5 Optimization of k-anonymity, l-diversity and t-closeness
6 Experiments
6.1 Evaluation of the Strategies Using real data
6.2 Evaluation of the Strategies Using simulated data
7 Conclusion
References
ArchiveSafe: Mass-Leakage-Resistant Storage from Proof-of-Work
1 Introduction
1.1 Contributions
1.2 Related Work
2 Requirements
2.1 Design Criteria
2.2 Choice of Puzzle
2.3 Threat Model
3 Difficulty-Based Keyless Encryption
3.1 Generic Construction of DBKE
3.2 Hash-Based Construction of Difficulty-Based Keyless Key Wrap
3.3 Puzzle Degradation
3.4 Additional Considerations
4 Evaluation
4.1 Prototype Implementation
4.2 Experimental Setup
4.3 Results
4.4 Discussion
5 Conclusion
References
DPM Workshop: Obfuscation, Contact Tracing and Engineering
Joint Obfuscation for Privacy Protection in Location-Based Social Networks
1 Introduction
2 System Model
3 Implementation of the Attack
3.1 The Dynamic Bayesian Network (DBN) Models
4 Location Privacy Metric
5 Experimental Evaluation
5.1 Evaluation Setup
5.2 Experimental Results
6 Related Work
7 Conclusion
References
Modeling and Analyzing the Corona-Virus Warning App with the Isabelle Infrastructure Framework
1 Introduction
2 Background and Related Work
2.1 DP-3T and PEPP-PT
2.2 Isabelle Infrastructure Framework
3 Modeling and Analyzing CWA
3.1 Infrastructures, Policies, and Actors
3.2 Policies, Privacy, and Behaviour
3.3 Infrastructure State Transition
3.4 Attack Analysis
4 Refinement
4.1 Property Preserving System Refinement
4.2 Refining the Specification
5 Summary and Discussion of Relevance of the Approach
References
Extracting Speech from Motion-Sensitive Sensors
1 Introduction
2 Background
3 Learning Acoustic Information
4 Experimental Study
5 Results and Discussion
6 Conclusions and Future Work
References
PDP-ReqLite: A Lightweight Approach for the Elicitation of Privacy and Data Protection Requirements
1 Introduction
2 Related Work
3 Theoretical Background
3.1 The ProPAn Approach
3.2 Requirements Elicitation Artifacts
4 PDP-ReqLite: A Lightweight Method for Privacy Requirements Engineering
4.1 Method Overview
4.2 Elicitation of Requirement Candidates
4.3 Implemented Method
5 Automated Support for PDP-ReqLite Application
5.1 Application to a Smart Grid Case Study
6 Conclusions and Perspectives
References
Towards Multiple Pattern Type Privacy Protection in Complex Event Processing Through Event Obfuscation Strategies
1 Introduction
2 Related Works
3 System Model and Problem Statement
3.1 System Model
3.2 Problem Statement
4 Event Obfuscation Approaches
4.1 Baseline ILP Approach
4.2 Counter Deterministic Attack Obfuscation (CDA)
4.3 Counter Probabilistic Attack Obfuscation (CPA)
5 Evaluation Results
5.1 Evaluation Setup
5.2 Adversary Model
5.3 QoS Preservation
6 Summary and Future Works
References
GPS-Based Behavioral Authentication Utilizing Distance Coherence
1 Introduction
2 Related Work
2.1 Multimodal Authentication for Smartphone
2.2 Other Multimodal Authentication
3 Proposed Approach
3.1 Data Collection
3.2 Feature Extraction and Selection
3.3 Learning
4 Experiment
4.1 Experimental Setup
4.2 Main Result
4.3 Best Alpha () for Each Algorithm
4.4 Computation Time
5 Threat Model
5.1 Targeted Attack
5.2 Security Scenario Discussion
6 Future Work
7 Conclusion
A Numeric Example (for Distance Coherence Extraction)
References
DPM Workshop: Short Papers
Short Paper: Integrating the Data Protection Impact Assessment into the Software Development Lifecycle
1 Introduction
2 Background
2.1 Software Development Lifecycle
2.2 Software Architecture
2.3 Data Protection Impact Assessment
2.4 Related Work
3 Approach
4 Conclusion
References
Citizens as Data Donors: Maximizing Participation Through Privacy Assurance and Behavioral Change
1 Introduction
2 Research Baseline
2.1 Citizen Science
2.2 Behavioral Change Theories
2.3 Privacy Requirements
3 Illustrative Example: Ambient-Assisted Living (AAL) System
4 Problem Statement and Research Challenges
5 Towards a Method for Deriving Citizens' Requirements for Donating Their Personal Data
6 Discussion
7 Conclusion and Future Work
References
Tracking the Invisible: Privacy-Preserving Contact Tracing to Control the Spread of a Virus
1 Introduction
2 Related Work
3 Proposed Solution
3.1 System Model
3.2 Threat Model
3.3 Keeping the Contact History at Local Devices
3.4 Keeping the IDs of Diagnosed Patients at a Centralized Database
3.5 Private Set Intersection to Identify the Individuals at Risk
3.6 Further Steps to Track the Spread
4 Evaluation
5 Conclusion
References
Privacy Policy Classification with XLNet (Short Paper)
1 Introduction
2 Related Work
3 XLNet Privacy Policy Classification Model
3.1 Transformer-XL and XLNet
3.2 XLNet vs BERT
4 Evaluation
5 Discussion
6 Conclusion and Future Work
References
Every Query Counts: Analyzing the Privacy Loss of Exploratory Data Analyses
1 Introduction
2 Background
2.1 System and Adversary Model
2.2 Differential Privacy
3 Exploratory Data Analysis
4 Privacy Loss and Accuracy Impact Assessment
4.1 Privacy Loss
4.2 Accuracy
4.3 Discussion
5 Conclusion
References
CBT Workshop: Transactions, Mining, Second Layer and Inter-bank Payments
TxChain: Efficient Cryptocurrency Light Clients via Contingent Transaction Aggregation
1 Introduction
2 Model and Definitions
2.1 System Model
2.2 Protocol Goals
3 Probabilistic Sampling: Cure or Curse?
3.1 Probabilistic Sampling Dilemma
3.2 Analysis
4 TxChain Design
4.1 Contingent Transactions
4.2 TxChain: Contingent Transaction Aggregation
4.3 Hierarchical TxChain
5 Security and Efficiency Analysis
5.1 Security Analysis
5.2 Efficiency Analysis
6 Deploying TxChain in Practice
6.1 Fork Free Deployment
6.2 Deployment via Soft or Hard Forks
6.3 Case-Study: TxChain for Cross-Chain Transactions
References
VRF-Based Mining Simple Non-outsourceable Cryptocurrency Mining
1 Introduction
2 Preliminaries
2.1 PoW-Based Consensus and Mining
2.2 Mining Pools
2.3 Verifiable Random Functions
3 VRF-Based Mining
4 Non-outsourceability Analysis
4.1 Revised Definitions
4.2 Non-outsourceability of VRF-Based Mining
5 Instantiating VRF
5.1 Elliptic Curve
5.2 Hashing a String to an Elliptic Curve Point H1()
5.3 Hashing an Elliptic Curve Point to a String H2()
5.4 Normal Hash Function H3()
5.5 Memory-Hard Mining
6 Practicality of VRF-Based Mining
6.1 Experimental Setting
6.2 VRF v.s. Existing Mining Algorithms
6.3 Runtime Breakdown of VRF
7 Profitability of Partial Outsourcing
7.1 Partial Outsourcing
7.2 First Obstacle: Overhead of Verification
7.3 Second Obstacle: Overhead of I/O
8 Discussions
8.1 Weaker Security Guarantee of PoW-Based Consensus
8.2 Secret Key Leakage in Memory
9 Related Work
9.1 Mining Protocols
9.2 Decentralised Mining Pools
10 Conclusion and Future Work
A The Standardised Elliptic-Curve-Based VRF
References
On the Selection of the LN Client Implementation Parameters
1 Introduction
2 Background
2.1 Parameters that Define Multihop Routes
3 Metrics
3.1 Metrics to Evaluate Performance
3.2 Metrics to Evaluate Security
4 Experiment Setup
4.1 LN Payment Channel Graph and Balances
4.2 and Tmax Values
5 Experiment Results
5.1 Performance
5.2 Security
5.3 Discussion
6 Conclusion
References
Privacy Preserving Netting Protocol for Inter-bank Payments
1 Introduction
2 Related Work
3 Preliminaries
3.1 Notations
3.2 ElGamal Encryption over Elliptic Curve
3.3 zkSNARK
4 The Netting Problem
4.1 Decentralized Netting Protocol
5 Privacy Preserving Netting Protocol Design
5.1 Overview of the Protocol
5.2 Setup
5.3 Initializing Ex-Ante Balance
5.4 Submitting Payment Instructions
5.5 Updating Settlement Indicators
5.6 Updating Ex-Post Balance
6 Performance Evaluation
6.1 Evaluations
6.2 Limitations of Decentralized Netting Protocol
7 Conclusions
References
CBT Workshop: Signature Schemes, Formal Methods and Incentivization
Triptych: Logarithmic-Sized Linkable Ring Signatures with Applications
1 Introduction
1.1 Our Contribution
2 Preliminaries
2.1 Public Parameters
2.2 Pedersen Commitment
2.3 Other Notation
3 Protocol: Linkable One-of-many Commitment
4 Security: Linkable Ring Signature
5 Application: Linkable Ring Signature
6 Protocol: Parallel Linkable One-of-many Commitment
7 Application: Signer-Ambiguous Transaction Protocol
8 Efficiency
References
Moderated Redactable Blockchains: A Definitional Framework with an Efficient Construct
1 Introduction
2 Previous Work
3 Preliminaries
4 Novel Attacks on Previous Constructs
5 Defining Moderated Redactable Blockchain
5.1 Design Goals
5.2 Informal Model
5.3 Definition
6 A Construct Based on Signature Schemes
7 Conclusion and Future Work
A An Incorrect and Insecure Construct
References
Radium: Improving Dynamic PoW Targeting
1 Introduction
2 Background and Related Work
2.1 Difficulty Adjustment
2.2 Conventional PoW Mining
2.3 RTT Mining
3 Future Mining Attack on RTT
3.1 Attacker Expected Block Time
3.2 Compliant Expected Block Time
4 Defacto Future Mining in RTT
4.1 Block Preemption
4.2 Game Theoretical Results
5 Radium Protocol
5.1 Mining
5.2 Rewards
5.3 Difficulty Adjustment
5.4 Block Time Simulation
5.5 Reduction in Block Time Variance
5.6 Orphan Rate
6 Radium Security Analysis
6.1 Reward Function Exploitation
6.2 Doublespend Attack Susceptibility
7 Conclusion
References
Proof of No-Work: How to Incentivize Individuals to Stay at Home
1 Introduction
1.1 Background
1.2 Related Works
1.3 Our Contribution
2 Stakeholders and Goals of Proposed Scheme
3 Design of Smart Contract for Incentives
3.1 System Model
3.2 Primary Processes
3.3 Calculating Rewards - How to Provide Incentive
4 Proposed Scheme
4.1 Design of Privacy Protection
4.2 Security Design
4.3 Protocol Description
5 Implementation
6 Evaluation
6.1 Privacy and Security
6.2 Efficiency
6.3 Consideration of Regulations
6.4 Discussion on Incentive Mechanism
7 Conclusion
References
CBT Workshop: Short Papers
Fundamental Properties of the Layer Below a Payment Channel Network
1 Introduction
2 Related Work
3 RFL Model of First Layer
4 Security Property for a Payment Channel Network Protocol Based on the RFL Model
5 Instances and Options of the RFL model
6 Optimization of HTLCs Using a Blockchain
7 Conclusion
References
Zerojoin: Combining Zerocoin and CoinJoin
1 Introduction
2 Background
2.1 CoinJoin
2.2 Zerocoin
2.3 Quisquis
2.4 Sigma Protocols
3 Zerojoin Protocol
3.1 One Zerojoin Round
3.2 Analysis
3.3 Implementing Zerojoin in ErgoScript
4 ErgoMix: Zerojoin with Fee
4.1 An Altruistic Approach
4.2 Mixing Tokens
4.3 Token Confinement
4.4 Token Entry
References
Who Let the DOGS Out: Anonymous but Auditable Communications Using Group Signature Schemes with Distributed Opening
1 Introduction
2 Preliminaries
2.1 Adversary Model and Desirable Features
2.2 System Model
2.3 Distributed Key Generation for DOGS
3 Protocol Description
3.1 Phase 1: Distributed Generation of the Opening Keys
3.2 Phase 2: Inter Communications and Application-Related Event Logging
3.3 Phase 3: Auditing and De-anonymization
4 Security Analysis
5 Conclusion
References
Tracking Mixed Bitcoins
1 Introduction
2 Related Work
2.1 Taint Analysis
2.2 Address Clustering
3 Methodology
3.1 Address Taint Analysis
3.2 Filtering Criteria
3.3 Sample Cases
4 Results and Discussion
4.1 Address Taint Analysis
4.2 Filtering Criteria
5 Conclusion
References
Author Index
