Lucjan Hanzlik

Wojciech Wodo, Maksymilian Gorski, Lucjan Hanzlik

Age verification before accessing restricted content is critical to protecting minors from exposure to harmful material such as pornography, gambling, violence, hateful speech, and substance purchases like alcohol and tobacco. Currently, the absence of reliable age-checking mechanisms allows children extensive access to such adult content, posing significant risks to their worldview and mental development. While regulatory efforts like the European Union's Digital Services Act promote using Digital Wallets or Age Verification Apps, relying solely on government-based solutions raises concerns about data sensitivity and privacy risks. Effective age verification must therefore be trustworthy, user-friendly, privacy-preserving, and offer flexible assurance levels. We analyze currently implemented (UK or Australia) and proposed (UE) solutions from different angles, pointing out the weaknesses and threats, and come up with an alternative. Our proposal addresses these challenges by leveraging open standards - such as Privacy Pass and Privacy Access Tokens - and cryptographic techniques to enable secure, privacy-conscious age verification without requiring specialized software installation. This approach empowers users to select trusted providers from multiple options, reducing the risk of data breaches and ensuring a safer digital environment for minors.

Ilkan Esiyok, Lucjan Hanzlik, Robert Kuennemann et al.

Astroturfing, i.e., the fabrication of public discourse by private or state-controlled sponsors via the creation of fake online accounts, has become incredibly widespread in recent years. It gives a disproportionally strong voice to wealthy and technology-savvy actors, permits targeted attacks on public forums and could in the long run harm the trust users have in the internet as a communication platform. Countering these efforts without deanonymising the participants has not yet proven effective; however, we can raise the cost of astroturfing. Following the principle `one person, one voice', we introduce Trollthrottle, a protocol that limits the number of comments a single person can post on participating websites. Using direct anonymous attestation and a public ledger, the user is free to choose any nickname, but the number of comments is aggregated over all posts on all websites, no matter which nickname was used. We demonstrate the deployability of Trollthrottle by retrofitting it to the popular news aggregator website Reddit and by evaluating the cost of deployment for the scenario of a national newspaper (168k comments per day), an international newspaper (268k c/d) and Reddit itself (4.9M c/d).

Dhiman Chakraborty, Lucjan Hanzlik, Sven Bugiel

Trusted Platform Modules are valuable building blocks for security solutions and have also been recognized as beneficial for security on mobile platforms, like smartphones and tablets. However, strict space, cost, and power constraints of mobile devices prohibit an implementation as dedicated on-board chip and the incumbent implementations are software TPMs protected by Trusted Execution Environments. In this paper, we present simTPM, an alternative implementation of a mobile TPM based on the SIM card available in mobile platforms. We solve the technical challenge of implementing a TPM2.0 in the resource-constrained SIM card environment and integrate our simTPM into the secure boot chain of the ARM Trusted Firmware on a HiKey960 reference board. Most notably, we address the challenge of how a removable TPM can be bound to the host device's root of trust for measurement. As such, our solution not only provides a mobile TPM that avoids additional hardware while using a dedicated, strongly protected environment, but also offers promising synergies with co-existing TEE-based TPMs. In particular, simTPM offers a user-centric trusted module. Using performance benchmarks, we show that our simTPM has competitive speed with a reported TEE-based TPM and a hardware-based TPM.

Lucjan Hanzlik, Yang Zhang, Kathrin Grosse et al.

With the widespread use of machine learning (ML) techniques, ML as a service has become increasingly popular. In this setting, an ML model resides on a server and users can query it with their data via an API. However, if the user's input is sensitive, sending it to the server is undesirable and sometimes even legally not possible. Equally, the service provider does not want to share the model by sending it to the client for protecting its intellectual property and pay-per-query business model. In this paper, we propose MLCapsule, a guarded offline deployment of machine learning as a service. MLCapsule executes the model locally on the user's side and therefore the data never leaves the client. Meanwhile, MLCapsule offers the service provider the same level of control and security of its model as the commonly used server-side execution. In addition, MLCapsule is applicable to offline applications that require local execution. Beyond protecting against direct model access, we couple the secure offline deployment with defenses against advanced attacks on machine learning models such as model stealing, reverse engineering, and membership inference.