skip to main content


Search for: All records

Award ID contains: 1800088

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. Edge Computing is a new computing paradigm where applications operate at the network edge, providing low-latency services with augmented user and data privacy. A desirable goal for edge computing is pervasiveness, that is, enabling any capable and authorized entity at the edge to provide desired edge services--pervasive edge computing (PEC). However, efficient access control of users receiving services and edge servers handling user data, without sacrificing performance is a challenge. Current solutions, based on "always-on" authentication servers in the cloud, negate the latency benefits of services at the edge and also do not preserve user and data privacy. In this paper, we present APECS, an advanced access control framework for PEC, which allows legitimate users to utilize any available edge services without need for communication beyond the network edge. The APECS framework leverages multi-authority attribute-based encryption to create a federated authority, which delegates the authentication and authorization tasks to semi-trusted edge servers, thus eliminating the need for an "always-on" authentication server in the cloud. Additionally, APECS prevents access to encrypted content by unauthorized edge servers. We analyze and prove the security of APECS in the Universal Composability framework and provide experimental results on the GENI testbed to demonstrate the scalability and effectiveness of APECS. 
    more » « less
  2. null (Ed.)
    Money laundering using cryptocurrencies has become increasingly prevalent, and global and national regulatory authorities have announced plans to implement stringent anti-money laundering regulations. In this paper, we examine current anti-money laundering (AML) mechanisms in cryptocurrencies and payment networks from a technical and policy perspective, and point out practical challenges in implementing and enforcing them. We first discuss blacklisting, a recently proposed technique to combat money laundering, which seems appealing, but leaves several unanswered questions and challenges with regard to its enforcement. We then discuss payment networks and find that there are unique problems in the payment network domain that might require custom-designed AML solutions, as opposed to general cryptocurrency AML techniques. Finally, we examine the regulatory guidelines and recommendations as laid out by the global Financial Action Task Force (FATF), and the U.S. based Financial Crimes Enforcement Network (FinCEN), and find that there are several ambiguities in their interpretation and implementation. To quantify the effects of money laundering, we conduct experiments on real-world transaction datasets. Our goal in this paper is to survey the landscape of existing AML mechanisms, and focus the attention of the research community on this issue. Our findings indicate the community must endeavor to treat AML regulations and technical methods as an integral part of the systems they build and must strive to design solutions from the ground up that respect AML regulatory frameworks. We hope that this paper will serve as a point of reference for researchers that wish to build systems with AML mechanisms, and will help them understand the challenges that lie ahead. 
    more » « less
  3. null (Ed.)
    In this paper, we study efficient and authorized rewriting of transactions already written to a blockchain. Mutable transactions will make a fraction of all blockchain transactions, but will be a necessity to meet the needs of privacy regulations, such as the General Data Protection Regulation (GDPR). The state-of-the-art rewriting approaches have several shortcomings, such as being coarse-grained, inability to expunge data, absence of revocation mechanisms, lack of user anonymity, and inefficiency. We present ReTRACe, an efficient framework for transaction-level blockchain rewrites, that is fine-grained and supports revocation. ReTRACe is designed by composing a novel revocable chameleon hash with ephemeral trapdoor scheme, a novel revocable fast attribute based encryption scheme, and a dynamic group signature scheme. We discuss ReTRACe, and its constituent primitives in detail, along with their security analyses, and present experimental results to demonstrate scalability. 
    more » « less
  4. null (Ed.)
    We propose a novel framework for off-chain execution and verification of computationally-intensive smart contracts. Our framework is the first solution that avoids duplication of computing effort across multiple contractors, does not require trusted execution environments, supports computations that do not have deterministic results, and supports general-purpose computations written in a high-level language. Our experiments reveal that some intensive applications may require as much as 141 million gas, approximately 71x more than the current block gas limit for computation in Ethereum today, and can be avoided by utilizing the proposed framework. 
    more » « less
  5. null (Ed.)
    In this paper, we propose a technique for rebalancing link weights in decentralized credit networks. Credit networks are peer-to-peer trust-based networks that enable fast and inexpensive cross-currency transactions compared to traditional bank wire transfers. Although researchers have studied security of transactions and privacy of users of such networks, and have invested significant efforts into designing efficient routing algorithms for credit networks, comparatively little work has been done in the area of replenishing credit links of users in the network. This is achieved by a process called rebalancing that enables a poorly funded user to create incoming as well as outgoing credit links. We propose a system where a user with zero or no link weights can create incoming links with existing, trusted users in the network, in a procedure we call balance transfer, followed by creating outgoing links to existing or new users that would like to join the network, a process we call bailout. Both these processes together constitute our proposed rebalancing mechanism. 
    more » « less
  6. null (Ed.)
  7. Distributed credit networks, such as Ripple [18] and Stellar [21], are becoming popular as an alternative means for financial transactions. However, the current designs do not preserve user privacy or are not truly decentralized. In this paper, we explore the creation of a distributed credit network that preserves user and transaction privacy and unlinkability. We propose BlAnC, a novel, fully decentralized blockchain-based credit network where credit transfer between a sender-receiver pair happens on demand. In BlAnC, multiple concurrent transactions can occur seamlessly, and malicious network actors that do not follow the protocols and/or disrupt operations can be identified efficiently. We perform security analysis of our proposed protocols in the universal composability framework to demonstrate its strength, and discuss how our network handles operational dynamics. We also present preliminary experiments and scalability analyses. 
    more » « less
  8. Organized surveillance, especially by governments poses a major challenge to individual privacy, due to the resources governments have at their disposal, and the possibility of overreach. Given the impact of invasive monitoring, in most democratic countries, government surveillance is, in theory, monitored and subject to public oversight to guard against violations. In practice, there is a difficult fine balance between safeguarding individual’s privacy rights and not diluting the efficacy of national security investigations, as exemplified by reports on government surveillance programs that have caused public controversy, and have been challenged by civil and privacy rights organizations. Surveillance is generally conducted through a mechanism where federal agencies obtain a warrant from a federal or state judge (e.g., the US FISA court, Supreme Court in Canada) to subpoena a company or service-provider (e.g., Google, Microsoft) for their customers’ data. The courts provide annual statistics on the requests (accepted, rejected), while the companies provide annual transparency reports for public auditing. However, in practice, the statistical information provided by the courts and companies is at a very high level, generic, is released after-the-fact, and is inadequate for auditing the operations. Often this is attributed to the lack of scalable mechanisms for reporting and transparent auditing. In this paper, we present SAMPL, a novel auditing framework which leverages cryptographic mechanisms, such as zero knowledge proofs, Pedersen commitments, Merkle trees, and public ledgers to create a scalable mechanism for auditing electronic surveillance processes involving multiple actors. SAMPL is the first framework that can identify the actors (e.g., agencies and companies) that violate the purview of the court orders. We experimentally demonstrate the scalability for SAMPL for handling concurrent monitoring processes without undermining their secrecy and auditability. 
    more » « less