Frederik Armknecht

Jasmin Zalonis, Frederik Armknecht, Björn Grohmann et al.

Machine Learning on Big Data gets more and more attention in various fields. Even so privacy-preserving techniques become more important, even necessary due to legal regulations such as the General Data Protection Regulation (GDPR). On the other hand data is often distributed among various parties. Especially in the medical context there are several data holders, e.g. hospitals and we need to deal with highly sensitive values. A real world scenario would be data that is held in an electronic patient record that is available in many countries by now. The medical data is encrypted. Users (e.g. physicians, hospitals) can only decrypt the data after patient authorization. One of the main questions concerning this scenario is whether it is possible to process the data for research purposes without violating the privacy of the data owner. We want to evaluate which cryptographic mechanism - homomorphic encryption, multiparty computation or trusted execution environements - can be used for this task.

Christian A. Gorke, Frederik Armknecht

Software connected to the Internet is an attractive target for attackers: as soon as a security flaw is known, services may be taken under attack. In contrast, software developers release updates to add further features and fix flaws in order to increase its security. Consequently, a user of the software wants to have the latest secure version running. However, if the software is provided as a service, e.g., as part of the cloud, the user relies on the service provider (SP) to perform such updates. But when asking for the software version, the user has to trust the output of SP or his software. Latter may be malformed, since updating software costs time and money, i.e., in comparison to changing a (false) version string. Now the question rises how a software service's client can provably determine the real software version of the running service at the SP, also known as Remote Software Identification (RSI). While existing tools provide an answer, they can be tricked by the service to output any forged string because they rely on the information handed directly by the SP. We solve the problem of RSI by introducing Reverse Fingerprinting (RFP), a novel challenge-response scheme which employs the evaluation of inherit functions of software versions depending on certain inputs. That is, RFP does not rely on version number APIs but employs a database consisting of function inputs and according outputs and combines them with a strategy and a randomness source to provably determine the version number. We also provide a theoretical framework for RSI and RFP, and describe how to create databases and strategies. Additionally, RFP can be securely outsourced to a third party, called the auditor, to take away the burden of the user while respecting liability. We also provide an implementation and API to perform RFP in practice, showing that most of the providers have installed the latest versions.

Christian A. Gorke, Frederik Armknecht

We present SMAUG (Secure Mobile Authentication Using Gestures), a novel biometric assisted authentication algorithm for mobile devices that is solely based on data collected from multiple sensors that are usually installed on modern devices -- touch screen, gyroscope and accelerometer. As opposed to existing approaches, our system supports a fully flexible user input such as free-form gestures, multi-touch, and arbitrary amount of strokes. Our experiments confirm that this approach provides a high level of robustness and security. More precisely, in 77% of all our test cases over all gestures considered, a user has been correctly identified during the first authentication attempt and in 99% after the third attempt, while an attacker has been detected in 97% of all test cases. As an example, gestures that have a good balance between complexity and usability, e.g., drawing a two parallel lines using two fingers at the same time, 100% success rate after three login attempts and 97% impostor detection rate were given. We stress that we consider the strongest possible attacker model: an attacker is not only allowed to monitor the legitimate user during the authentication process, but also receives additional information on the biometric properties, for example pressure, speed, rotation, and acceleration. We see this method as a significant step beyond existing authentication methods that can be deployed directly to devices in use without the need of additional hardware.

Frederik Armknecht, Tommaso Gagliardoni, Stefan Katzenbeisser et al.

Group homomorphic encryption represents one of the most important building blocks in modern cryptography. It forms the basis of widely-used, more sophisticated primitives, such as CCA2-secure encryption or secure multiparty computation. Unfortunately, recent advances in quantum computation show that many of the existing schemes completely break down once quantum computers reach maturity (mainly due to Shor's algorithm). This leads to the challenge of constructing quantum-resistant group homomorphic cryptosystems. In this work, we prove the general impossibility of (abelian) group homomorphic encryption in the presence of quantum adversaries, when assuming the IND-CPA security notion as the minimal security requirement. To this end, we prove a new result on the probability of sampling generating sets of finite (sub-)groups if sampling is done with respect to an arbitrary, unknown distribution. Finally, we provide a sufficient condition on homomorphic encryption schemes for our quantum attack to work and discuss its satisfiability in non-group homomorphic cases. The impact of our results on recent fully homomorphic encryption schemes poses itself as an open question.

Frederik Armknecht, Manuel Hauptmann, Stefanie Roos et al.

The design of secure and usable access schemes to personal data represent a major challenge of online social networks (OSNs). State of the art requires prior interaction to grant access. Sharing with users who are not subscribed or previously have not been accepted as contacts in any case is only possible via public posts, which can easily be abused by automatic harvesting for user profiling, targeted spear-phishing, or spamming. Moreover, users are restricted to the access rules defined by the provider, which may be overly restrictive, cumbersome to define, or insufficiently fine-grained. We suggest a complementary approach that can be easily deployed in addition to existing access control schemes, does not require any interaction, and includes even public, unsubscribed users. It exploits the fact that different social circles of a user share different experiences and hence encrypts arbitrary posts. Hence arbitrary posts are encrypted, such that only users with sufficient knowledge about the owner can decrypt. Assembling only well-established cryptographic primitives, we prove that the security of our scheme is determined by the entropy of the required knowledge. We consequently analyze the efficiency of an informed dictionary attack and assess the entropy to be on par with common passwords. A fully functional implementation is used for performance evaluations, and available for download on the Web.