Change search
ReferencesLink to record
Permanent link

Direct link
Aspects of Secure and Efficient Streaming and Collaboration
KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
2011 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Research within the area of cryptography constitutes the core of this the- sis. In addition to cryptography, we also present results in peer-assisted streaming and web security. We present results on two specific cryptographic problems: broadcast encryption and secure multi-party computation. Broad- cast encryption is the problem of efficiently and securely distributing content to a large and changing group of receivers. Secure multi-party computation is the subject of how a number of parties can collaborate securely. All in all, this thesis spans from systems work discussing the Spotify streaming system with millions of users, to more theoretic, foundational results. Streaming is among the largest applications of the Internet today. On- demand streaming services allow users to consume the media content they want, at their convenience. With the large catalogs offered by many services, users can access a wide selection of content. Live streaming provides the means for corporations as well as individuals to broadcast to the world. The power of such broadcasts was shown in the recent (early 2011) revolts in Tunisia and Egypt, where protesters streamed live from demonstrations. To stream media to a large global audience requires significant resources, in particular in terms of the bandwidth needed. One approach to reduce the requirements is to use peer-to-peer techniques, where clients assist in distributing the media. Spotify is a commercial music-on-demand streaming system, using peer-to-peer streaming. In this thesis, we discuss the Spotify protocol and measurements on its performance. In many streaming systems, it is important to restrict access to content. One approach is to use cryptographic solutions from the area of broadcast encryption. Within this area, we present two results. The first is a protocol which improves the efficiency of previous systems at the cost of lowered secu- rity guarantees. The second contains lower-bound proofs, showing that early protocols in the subset cover framework are essentially optimal. Many streaming systems are web-based, where the user accesses content in a web browser. Apart from this usage of the web, subscriptions for streaming services are bought using a web browser. This means that to provide a secure streaming service, we must understand web security. This thesis contains a result on a new type of attack, using an old history detection vulnerability to time the execution of a redirect of a victim’s browser. Within the area of secure multi-party computation, this thesis has three contributions. Firstly, we give efficient protocols for the basic functions of summation and disjunction which adapt to the network they run on. Secondly, we provide efficient protocols for sorting and aggregation, by using techniques from the area of sorting networks. Finally, we prove a dichotomy theorem, showing that all functions with three distinct outputs are either maximally easy or maximally difficult with regards to the security provided.

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology , 2011. , xi, 74 p.
Series
Trita-CSC-A, ISSN 1653-5723 ; 2011:05
National Category
Computer Science
Identifiers
URN: urn:nbn:se:kth:diva-32424ISBN: 978-91-7415-942-4OAI: oai:DiVA.org:kth-32424DiVA: diva2:410606
Public defence
2011-05-13, D2, Lindstedtsvägen 5, KTH, Stockholm, 13:15 (English)
Opponent
Supervisors
Funder
ICT - The Next Generation
Note
QC 20110420Available from: 2011-04-20 Created: 2011-04-14 Last updated: 2012-06-14Bibliographically approved
List of papers
1. Spotify – Large Scale, Low Latency, P2P Music-on-Demand Streaming
Open this publication in new window or tab >>Spotify – Large Scale, Low Latency, P2P Music-on-Demand Streaming
2010 (English)In: Peer-to-Peer Computing, 2010, 1-10 p.Conference paper (Refereed)
Abstract [en]

Spotify is a music streaming service offering low-latency access to a library of over 8 million music tracks. Streaming is performed by a combination of client-server access and a peer-to-peer protocol. In this paper, we give an overview of the protocol and peer-to-peer architecture used and provide measurements of service performance and user behavior. The service currently has a user base of over 7 million and has been available in six European countries since October 2008. Data collected indicates that the combination of the client-server and peer-to-peer paradigms can be applied to music streaming with good results. In particular, 8.8% of music data played comes from Spotify's servers while the median playback latency is only 265 ms (including cached tracks). We also discuss the user access patterns observed and how the peer-to-peer network affects the access patterns as they reach the server.

Keyword
Markov processes, Music, Peer to peer computing, Prefetching, Protocols, Servers, Throughput
National Category
Computer Science
Identifiers
urn:nbn:se:kth:diva-31977 (URN)10.1109/P2P.2010.5569963 (DOI)2-s2.0-78349291168 (ScopusID)
Note
QC 20110420Available from: 2011-04-01 Created: 2011-04-01 Last updated: 2011-04-20Bibliographically approved
2. A Zero-One Law for Secure Multi-party Computation with Ternary Outputs
Open this publication in new window or tab >>A Zero-One Law for Secure Multi-party Computation with Ternary Outputs
2011 (English)In: Theory Of Cryptography / [ed] Yuval Ishai, Springer Berlin/Heidelberg, 2011, Vol. 6597, 382-399 p.Conference paper (Refereed)
Abstract [en]

There are protocols to privately evaluate any function in the passive (honest-but-curious) setting assuming that the honest nodes are in majority. For some specific functions, protocols are known which remain secure even without an honest majority. The seminal work by Chor and Kushilevitz [7] gave a complete characterization of Boolean functions, showing that each Boolean function either requires an honest majority, or is such that it can be privately evaluated regardless of the number of colluding nodes. The problem of discovering the threshold for secure evaluation of more general functions remains an open problem. Towards a resolution, we provide a complete characterization of the security threshold for functions with three different outputs. Surprisingly, the zero-one law for Boolean functions extends to Z3, meaning that each function with range Z3 either requires honest majority or tolerates up to n colluding nodes.

Place, publisher, year, edition, pages
Springer Berlin/Heidelberg, 2011
Series
, Lecture Notes in Computer Science, ISSN 0302-9743 ; 6597
National Category
Computer Science
Identifiers
urn:nbn:se:kth:diva-31980 (URN)10.1007/978-3-642-19571-6_23 (DOI)000297038500023 ()2-s2.0-79953210030 (ScopusID)978-364219570-9 (ISBN)
Conference
8th Theory of Cryptography Conference, TCC 2011; Providence, RI; 28 March 2011 through 30 March 2011
Funder
ICT - The Next Generation
Note
QC 20110420Available from: 2011-04-01 Created: 2011-04-01 Last updated: 2012-06-13Bibliographically approved
3. Secure Multi-Party Sorting and Applications
Open this publication in new window or tab >>Secure Multi-Party Sorting and Applications
2011 (English)Conference paper (Refereed)
National Category
Computer Science
Identifiers
urn:nbn:se:kth:diva-32421 (URN)
Conference
ACNS 2011. Applied Cryptography and Network Security. Nerja (Malaga), Spain. June 7-10 2011
Funder
ICT - The Next Generation
Note

QC 20110420. Industrial Track

Available from: 2011-04-14 Created: 2011-04-14 Last updated: 2013-11-25Bibliographically approved
4. Practical Private Information Aggregation in Large Networks
Open this publication in new window or tab >>Practical Private Information Aggregation in Large Networks
2012 (English)In: Information Security Technology For Applications, Springer Berlin/Heidelberg, 2012, 89-103 p.Conference paper (Refereed)
Abstract [en]

Emerging approaches to network monitoring involve large numbers of agents collaborating to produce performance or security related statistics on huge, partial mesh networks. The aggregation process often involves security or business-critical information which network providers are generally unwilling to share without strong privacy protection. We present efficient and scalable protocols for privately computing a large range of aggregation functions based on addition, disjunction, and max/min. For addition, we give a protocol that is information-theoretically secure against a passive adversary, and which requires only one additional round compared to non-private protocols for computing sums. For disjunctions, we present both a computationally secure, and an information-theoretically secure solution. The latter uses a general composition approach which executes the sum protocol together with a standard multi-party protocol for a complete subgraph of ``trusted servers''. This can be used, for instance, when a large network can be partitioned into a smaller number of provider domains.

Place, publisher, year, edition, pages
Springer Berlin/Heidelberg, 2012
Series
, Lecture Notes in Computer Science, ISSN 0302-9743 ; 7127
Keyword
Multi-party computation, Private aggregation, Partial mesh
National Category
Computer Science
Identifiers
urn:nbn:se:kth:diva-32420 (URN)10.1007/978-3-642-27937-9_7 (DOI)2-s2.0-84861636306 (ScopusID)978-364227936-2 (ISBN)
Conference
15th Nordic Conference on Secure IT Systems, NordSec 2010;Espoo;27 October 2010 through 29 October 2010
Funder
ICT - The Next Generation
Note

QC 20110420

Available from: 2011-04-14 Created: 2011-04-14 Last updated: 2013-04-15Bibliographically approved
5. Timing is Everything: the Importance of History Detection
Open this publication in new window or tab >>Timing is Everything: the Importance of History Detection
2011 (English)In: Computer Security – ESORICS 2011: 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14,2011. Proceedings / [ed] Vijay Atluri, Claudia Díaz, Springer, 2011, 117-132 p.Conference paper (Refereed)
Abstract [en]

In this work, we present a Flow Stealing attack, where a victim's browser is redirected during a legitimate flow. One scenario is redirecting the victim's browser as it moves from a store to a payment provider. We discuss two attack vectors.

Firstly, browsers have long admitted an attack allowing a malicious web page to detect whether the browser has visited a target web site by using CSS to style visited links and read out the style applied to a link. For a long time, this CSS history detection attack was perceived as having small impact. Lately, highly efficient implementations of the attack have enabled malicious web sites to extract large amounts of information. Following this, browser developers have deployed measures to protect against the attack. Flow stealing demonstrates that the impact of history detection is greater than previously known.

Secondly, an attacker who can mount a man-in-the-middle attack against the victim's network traffic can also perform a flow stealing attack.

Noting that different browsers place different restrictions on cross-frame navigation through JavaScript window handles, we suggest a stricter policy based on pop-up blockers to prevent Flow Stealing attacks.

Place, publisher, year, edition, pages
Springer: , 2011
Series
, Lecture Notes in Computer Science, ISSN 0302-9743 ; 6879
Keyword
CSS History Detection, Flow Stealing, Web Security
National Category
Computer Science
Identifiers
urn:nbn:se:kth:diva-32423 (URN)10.1007/978-3-642-23822-2_7 (DOI)000307366400007 ()2-s2.0-80053026930 (ScopusID)978-3-642-23821-5 (ISBN)
Conference
16th European Symposium on Research in Computer Security, ESORICS 2011; Leuven; 12 September 2011 through 14 September 2011
Note

QC 20110420

Available from: 2011-04-14 Created: 2011-04-14 Last updated: 2013-04-19Bibliographically approved
6. Lower bounds for Subset Cover based Broadcast Encryption
Open this publication in new window or tab >>Lower bounds for Subset Cover based Broadcast Encryption
2008 (English)In: PROGRESS IN CRYPTOLOGY - AFRICACRYPT 2008  , 2008, Vol. 5023, 343-356 p.Conference paper (Refereed)
Abstract [en]

In this paper, we prove lower bounds for a large class of Subset Cover schemes (including all existing schemes based on pseudo-random sequence generators). In particular, we show that For small r, bandwidth is Omega(r) For some r, bandwidth is Omega(n/log(s)) For large r, bandwidth is n - r where n is the number of users, r is the number of revoked users, and s is the space required per user. These bounds are all tight in the sense that they match known constructions up to small constants.

Series
, Lecture Notes in Computer Science, ISSN 0302-9743 ; 5023
Keyword
Broadcast Encryption, Subset Cover, key revocation, lower bounds
National Category
Computer Science
Identifiers
urn:nbn:se:kth:diva-31974 (URN)000256541200023 ()2-s2.0-45449109996 (ScopusID)
Conference
1st International Conference on Cryptology in Africa
Note
QC 20110420Available from: 2011-04-01 Created: 2011-04-01 Last updated: 2011-10-12Bibliographically approved
7. Stateful subset cover
Open this publication in new window or tab >>Stateful subset cover
2006 (English)In: APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, PROCEEDINGS, 2006, Vol. 3989, 178-193 p.Conference paper (Refereed)
Abstract [en]

This paper describes a method to convert stateless key revocation schemes based on the subset cover principle into stateful schemes. The main motivation is to reduce the bandwidth overhead to make broadcast encryption schemes more practical in network environments with limited bandwidth resources, such as cellular networks. This modification is not fully collusion-resistant. A concrete new scheme based on the Subset Difference scheme [1] is presented, accomplishing a bandwidth overhead of Delta m + 2 Delta r + 1 compared to e.g. Logical Key Hierarchy's 2(Delta m + Delta r) log m, where Delta m and Delta r is the number of members added and removed since the last stateful update and m is the number of current members.

Series
, Lecture Notes in Computer Science, ISSN 0302-9743 ; 3989
Keyword
broadcast encryption, key revocation, subset cover, Subset Difference, Logical Key Hierarchy, stateful, stateless
National Category
Control Engineering
Identifiers
urn:nbn:se:kth:diva-26572 (URN)10.1007/11767480_12 (DOI)000238570400012 ()2-s2.0-33746619537 (ScopusID)3-540-34703-8 (ISBN)
Conference
4th International Conference on Applied Cryptography and Network Security Singapore, SINGAPORE, JUN 06-09, 2006
Note
QC 20101221Available from: 2010-12-21 Created: 2010-11-25 Last updated: 2011-04-20Bibliographically approved

Open Access in DiVA

fulltext(5641 kB)1089 downloads
File information
File name FULLTEXT03.pdfFile size 5641 kBChecksum SHA-512
f45377510f1814757786ec6aaf1d76dc58fb374866d115774378516a08f9e9fc05ebf17c14dc72893d7e93077513d4148624254e025db31d3ff944f75aa335a2
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Kreitz, Gunnar
By organisation
Theoretical Computer Science, TCS
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 1154 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 557 hits
ReferencesLink to record
Permanent link

Direct link