Periodic Reporting for period 2 - CASCAde (Confidentiality-preserving Security Assurance)
Reporting period: 2019-05-01 to 2020-10-31
This is important for society because shared hosting and computing platforms are more and more common, while their security assurances can currently not yet be verified in confidence. In fact, we believe that usable confidentiality-preserving security assurance will trigger a paradigm shift in security and dependability.
The project aims at developing cryptographic tools to certify topologies and graph data structures. It seeks to bind topology certifications to the bare metal of the underlying computer systems, such that the guarantees given are assured for the actual computers in question. It aims at developing methods for certifying large-scale dynamically changing systems to keep up with the ever-expanding infrastructures. Furthermore, CASCAde investigates in an evidence-based fashion how human users relate to complex security assurance and privacy systems as proposed by us and what supports users in trusting such systems.
Specifically, CASCAde set out to answer the following hypotheses:
To evaluate the overall hypothesis, we need to answer specific sub-hypotheses:
1. New cryptographic techniques for graph signatures and proof systems can be developed.
2. We can achieve soundness that holds for graph signatures as well as the represented systems
3. Graph signatures and topology certification scale to large-scale systems
4. The topology certification can accommodate rapidly changing and evolving systems.
5. Confidentiality-preserving security assurance is usable by users and will increase human trust in the overall system
6. Confidentiality-preserving security assurance can offer new approaches to architectural design of dependable and secure system.
They translate into multiple objectives:
1. Cryptography -- to develop primitives to certify and proof properties of graphs.
2. Soundness -- to bind graph signatures to underlying system configurations.
3. Scale and Change -- to perform well in large-scale dynamically changing systems.
4. Usability -- to be trustworthy and usable by end users.
5. Architecture -- to establish an architecture for next-generation security assurance.
6. Prototypes -- to pilot the technique in realistic application scenarios.
We investigated how different hardware-based attestation systems operate, so called Trusted Platform Modules, short TPMs. These modules come with a capability to attest their status in a privacy-preserving fashion, so called Direct Anonymous Attestation. Here, we considered how the cryptographic protocols on these tamper-proof hardware modules, present in many computers, could gel with our methods to attest the properties of a certified topology.
We have further laid the foundations for the usable security and perceived trustworthiness in the project. We started this investigation from a consideration of the overall state-of-play of user studies in cyber security, hence considering first how the field fares in offering us strong and unshakable foundations in evidence-based methods. In this endeavor, we found a number of weaknesses from how statistical inferences are supported, over how sound the statistical reporting is, to problems in statistical power and publication bias. Ultimately, these investigations taught us what to rely on and what requirements to impose on our own empirical investigations.
From there, we pursued a multi-pronged approach researching how to best measure privacy concern with high fidelity or how different factors such as emotions impact a user’s intention to protect privacy. Finally, we created a complex statistical model to show how multiple factors interplay when it comes to trustworthiness and technology acceptance of privacy technologies, with the example of attribute-based credential schemes. This last step lays the foundations to investigate trustworthiness of confidentiality preserving security assurance.
We created a new digital signature scheme on graph data structures. Whereas an earlier proposal along similar lines had severe restrictions on elements of a graph needing to come from a fixed dictionary, we now unshackled the scheme from such restrictions. Instead, the vertices and edges of the graph can be freely associated with multiple free-form labels. For this kind of a system, we have developed a extensible and flexible cryptographic library.
As key advances over the state of the art of usable security we offered the first large-scale systematic analysis of the privacy concern scale IUIPC, showing some appreciable weaknesses that could undermine empirical work in privacy. Based on a large user-study with a UK-representatively sampled cohort, we created the first latent variable statistical model on perceived trustworthiness and technology acceptance of attribute-based credential systems.