Showing papers by "Hannes Hartenstein published in 2016"

Timing Analysis for Inferring the Topology of the Bitcoin Peer-to-Peer Network

Abstract: Flooding Peer-to-Peer (P2P) networks form the basis of services such as the electronic currency system Bitcoin. The decentralized architecture enables robustness against failure. However, knowledge of the network's topology can allow adversaries to attack specific peers in order to, e.g., isolate certain peers or even partition the network. Knowledge of the topology might be gained by observing the flooding process, which is inherently possible in such networks,, performing a timing analysis on the observations. In this paper we present a timing analysis method that targets flooding P2P networks, show its theoretical, practical feasibility. A validation in the real-world Bitcoin network proves the possibility of inferring network links of actively participating peers with substantial precision, recall (both ~ 40%), potentially enabling attacks on the network. Additionally, we analyze the countermeasure of trickling, quantify the tradeoff between the effectiveness of the countermeasure, the expected performance penalty. The analysis shows that inappropriate parametrization can actually facilitate inference attacks.

Decentralized Secure Data Sharing with Attribute-Based Encryption: A Resource Consumption Analysis

Abstract: Secure Data Sharing (SDS) enables users to share data in the cloud in a confidential and integrity-preserving manner. Many recent SDS approaches are based on Attribute-Based Encryption (ABE), leveraging the advantage that ABE allows to address a multitude of users with only one ciphertext. However, ABE approaches often come with the downside that they require a central fully-trusted entity that is able to decrypt any ciphertext in the system. In this paper, we investigate on whether ABE could be used to efficiently implement Decentralized Secure Data Sharing (D-SDS), which explicitly demands that the authorization and access control enforcement is carried out solely by the owner of the data, without the help of a fully-trusted third party. For this purpose, we did a comprehensive analysis of recent ABE approaches with regard to D-SDS requirements. We found one ABE approach to be suitable, and we show different alternatives to employ this ABE approach in a group-based D-SDS scenario. For a realistic estimation of the resource consumption, we give concrete resource consumption values for workloads taken from real-world system traces and exemplary up-to-date mobile devices. Our results indicate that for the most D-SDS operations, the resulting computation times and outgoing network traffic will be acceptable in many use cases. However, the computation times and outgoing traffic for the management of large groups might prevent using mobile devices.

Access Pattern Confidentiality-Preserving Relational Databases: Deployment Concept and Efficiency Evaluation

Abstract: In this paper, we address the question whether access pattern confidentiality-preserving databases with an underlaying B-tree index structure are feasible in practice by proposing integrative deployment concepts that support important database query functionalities based on ORAM and shuffled B-trees. Furthermore, we provide a rigorous efficiency evaluation to determine the cost of the proposed concepts with regard to storage, network, and query latency as well as to investigate the influence of scenario factors like database size, number of records, and network bandwidth. In particular, we show that ORAM-based concepts only cause an overhead of factor 5.9 for evaluating equality conditions on a database with up to 10 million records.