Florian Volk

Bio: Florian Volk is an academic researcher from Technische Universität Darmstadt. The author has contributed to research in topics: Smart grid & Computational trust. The author has an hindex of 8, co-authored 23 publications receiving 243 citations.

Security of Sanitizable Signatures Revisited

Abstract: Sanitizable signature schemes, as defined by Ateniese et al. (ESORICS 2005), allow a signer to partly delegate signing rights to another party, called the sanitizer. That is, the sanitizer is able to modify a predetermined part of the original message such that the integrity and authenticity of the unchanged part is still verifiable. Ateniese et al. identify five security requirements for such schemes (unforgeability, immutability, privacy, transparency and accountability) but do not provide formal specifications for these properties. They also present a scheme that is supposed to satisfy these requirements. Here we revisit the security requirements for sanitizable signatures and, for the first time, present a comprehensive formal treatment. Besides a full characterization of the requirements we also investigate the relationship of the properties, showing for example that unforgeability follows from accountability. We then provide a full security proof for a modification of the original scheme according to our model.

CA trust management for the Web PKI

Abstract: The steadily growing number of certification authorities (CAs) assigned to the Web Public Key Infrastructure (Web PKI) and trusted by current browsers imposes severe security issues. Apart from being impossible for relying entities to assess whom they actually trust, the current binary trust model implemented with the Web PKI makes each CA a single point of failure and creates an enormous attack surface. In this article, we present CA-TMS, a user-centric CA trust management system based on trust views. CA-TMS can be used by relying entities to individually reduce the attack surface. CA-TMS works by restricting the trust placed in CAs of the Web PKI to trusting in exactly those CAs actually required by a relying entity. This restriction is based on locally collected information and does not require the alteration of the existing Web PKI. CA-TMS is complemented by an optional reputation system that allows to utilize the knowledge of other entities while maintaining the minimal set of trusted CAs. Our evaluation of CA-TMS with real world data shows that an attack surface reduction by more than 95% is achievable.

Efficient, verifiable, secure, and privacy-friendly computations for the smart grid

Abstract: In this paper, we present a privacy-preserving protocol between an energy provider and smart meters. Many details about the life of customers can be inferred from fine-grained information on their energy consumption. Different from other state-of-the-art protocols, the presented protocol addresses this issue as well as the integrity of electricity bills. Therefore, our protocol provides secure aggregation of measured consumption per round of measurement and verifiable billing after any period. Aggregation of measured consumption ensures that energy suppliers know the consolidated consumption of their customers. Verifiable billing ensures fairness for customers and their energy supplier. We adapt a homomorphic encryption scheme based on elliptic curve cryptography to efficiently protect the data series of measurements that are collected by smart meters. Moreover, energy suppliers can detect and locate energy loss or fraud in the power grid while retaining the privacy of all consumers.

Trust Views for the Web PKI

Abstract: The steadily growing number of certification authorities (CAs) assigned to the Web Public Key Infrastructure (Web PKI) and trusted by current browsers imposes severe security issues. Apart from being impossible for relying entities to assess whom they actually trust, the current binary trust model implemented with the Web PKI makes each CA a single point of failure. In this paper, we present the concept of trust views to manage variable trust levels for exactly those CAs actually required by a relying entity. This reduces the set of trusted CAs and minimizes the risk to rely on malicious certificates issued due to CA failures or compromises.

Communicating and visualising multicriterial trustworthiness under uncertainty

Abstract: Visualisations are often used to communicate trust-worthiness to end users. Showing a number of stars, for example, is a well-known practice in e-commerce applications to communicate the quality of a product or service. Many products or services also have their quality - in terms of trustworthiness - described along more than one dimension, so that not only an overall trust score has to be communicated, but multiple scores, one for each dimension. Current visualisations of such a multicriterial trustworthiness are often based on the display of multiple individual star-like interfaces - a practice that offers room for improvement with regard to intuitive understanding of the displayed trust information. In this paper, we present T-Viz, a trust visualisation based on radar plots and pie charts. T-Viz concurrently shows multiple trust scores, one for each dimension, along with an aggregated trust score. Moreover, T-Viz also shows a reliability measure for every trust score graphically, in the form of a certainty score. The evaluation results from a pilot study with eleven participants indicate that T-Viz is an intuitive, comprehensible and clear interface. It succeeds at visualising and communicating multicriterial trust scores under uncertainty in one, easy to understand, graphical representation.

Homomorphic signatures for polynomial functions

Abstract: We construct the first homomorphic signature scheme that is capable of evaluating multivariate polynomials on signed data. Given the public key and a signed data set, there is an efficient algorithm to produce a signature on the mean, standard deviation, and other statistics of the signed data. Previous systems for computing on signed data could only handle linear operations. For polynomials of constant degree, the length of a derived signature only depends logarithmically on the size of the data set. Our system uses ideal lattices in a way that is a "signature analogue" of Gentry's fully homomorphic encryption. Security is based on hard problems on ideal lattices similar to those in Gentry's system.

Linearly homomorphic signatures over binary fields and new tools for lattice-based signatures

Abstract: We propose a linearly homomorphic signature scheme that authenticates vector subspaces of a given ambient space. Our system has several novel properties not found in previous proposals: • It is the first such scheme that authenticates vectors defined over binary fields; previous proposals could only authenticate vectors with large or growing coefficients. • It is the first such scheme based on the problem of finding short vectors in integer lattices, and thus enjoys the worst-case security guarantees common to lattice-based cryptosystems. Our scheme can be used to authenticate linear transformations of signed data, such as those arising when computing mean and Fourier transform or in networks that use network coding. Our construction gives an example of a cryptographic primitive -- homomorphic signatures over F2 -- that can be built using lattice methods, but cannot currently be built using bilinear maps or other traditional algebraic methods based on factoring or discrete log type problems. Security of our scheme (in the random oracle model) is based on a new hard problem on lattices, called k-SIS, that reduces to standard average-case and worst-case lattice problems. Our formulation of the k-SIS problem adds to the "toolbox" of lattice-based cryptography and may be useful in constructing other lattice-based cryptosystems. As a second application of the new k-SIS tool, we construct an ordinary signature scheme and prove it k-time unforgeable in the standard model assuming the hardness of the k-SIS problem. Our construction can be viewed as "removing the random oracle" from the signatures of Gentry, Peikert, and Vaikuntanathan at the expense of only allowing a small number of signatures.

Privacy-preserving blockchain-based electric vehicle charging with dynamic tariff decisions

Abstract: Electric vehicles are gaining widespread adoption and are a key component in the establishment of the smart grid. Beside the increasing number of electric vehicles, a dense and widespread charging infrastructure will be required. This offers the opportunity for a broad range of different energy providers and charging station operators, both of which can offer energy at different prices depending on demand and supply. While customers benefit from a liberalized market and a wide selection of tariff options, such dynamic pricing use cases are subject to privacy issues and allow to detect the customer’s position and to track vehicles for, e.g., targeted advertisements. In this paper we present a reliable, automated and privacy-preserving selection of charging stations based on pricing and the distance to the electric vehicle. The protocol builds on a blockchain where electric vehicles signal their demand and charging stations send bids similar to an auction. The electric vehicle owner then decides on a particular charging station based on the supply-side offers it receives. This paper shows that the use of blockchains increases the reliability and the transparency of this approach while preserving the privacy of the electric vehicle owners.

Improved security for linearly homomorphic signatures: a generic framework

Abstract: We propose a general framework that converts (ordinary) signature schemes having certain properties into linearly homomorphic signature schemes, i.e., schemes that allow authentication of linear functions on signed data. The security of the homomorphic scheme follows from the same computational assumption as is used to prove security of the underlying signature scheme. We show that the following signature schemes have the required properties and thus give rise to secure homomorphic signatures in the standard model: The scheme of Waters (Eurocrypt 2005), secure under the computational Diffie-Hellman asumption in bilinear groups. The scheme of Boneh and Boyen (Eurocrypt 2004, J. Cryptology 2008), secure under the q -strong Diffie-Hellman assumption in bilinear groups. The scheme of Gennaro, Halevi, and Rabin (Eurocrypt 1999), secure under the strong RSA assumption. The scheme of Hohenberger and Waters (Crypto 2009), secure under the RSA assumption. Our systems not only allow weaker security assumptions than were previously available for homomorphic signatures in the standard model, but also are secure in a model that allows a stronger adversary than in other proposed schemes. Our framework also leads to efficient linearly homomorphic signatures that are secure against our stronger adversary under weak assumptions (CDH or RSA) in the random oracle model; all previous proofs of security in the random oracle model break down completely when faced with our stronger adversary.