Auditable Anonymous Delegation

The contribution of this paper is an alternative mechanism for delegation, whereby users can share their credentials in such a way that it is difficult for the delegatee to re-use credentials of the delegator.

Auditable Anonymous Delegation, In S. Jajodia and C. Mazumder editors, The 1st International Conference on Information Systems Security. Proceedings, volume 3803 of Lecture Notes in Computer Science, pages 66-76. Springer-Verlag, Berlin, 2005.
Know More

Beyond Trust

Risk as studied conventionally and as manifested in actuality differ widely both in semantics and content. In this paper we explore the possibility of risk management without resorting to transitive and compulsive relationships termed as 'trust'

Beyond Trust, In B. Christianson, B. Crispo, J. A. Malcolm, V. Matyas, P. Svenda, F. Stajano and J. Anderson, editors, The 22nd International Security Protocols Workshop, Cambridge, UK, March 19–21, 2014. Proceedings, volume 8809 of Lecture Notes in Computer Science, pages 340-344. Springer-Verlag, Berlin, 2014.
Know More

Self Attestation of Things

Various devices including our mobile phones are increasingly used as the intermediary (gateway) between IoT peripherals (like the smart lock at our homes) and the larger cloud infrastructure. In this paper we introduce the novel notion of Caveat instances on the cloud together with a novel application of MQTT (the communication protocol designed for peripherals) to stamp our will on how data about us can be used when it travels and resides outside our immediate boundary.

Self Attestation of Things, In Stajano F., Anderson J., Christianson B., Matyáš V., editors, The 25th International Security Protocols Workshop, Cambridge, UK, March 20-22, 2017. Proceedings, volume 10476 Lecture Notes in Computer Science, pages 76-84, Springer-Verlag, Berlin, 2017
Know More

Uncorrectable Electronic Transactions using Ring Signatures

The Internet is conducive to large scale privacy invasion, identity theft[7], and target marketing[4]. We have seen instances in the past where people have suffered serious damage to the ready availability of digital dossiers[5]. Any centrally stored information can be abused. The use of fixed credentials (credit cards, key certificates) enables an adversary to correlate all the transactions conducted with the fixed credential. The threats of identity theft, correlatability can be countered using anonymous transaction protocols. Here we present a protocol for uncorrelatable electronic transaction based on ring signatures which also guards against identity theft as well as protects the privacy of the communicating partners.

Uncorrelatable Electronic Transactions using Ring Signatures, In Proceedings of the WHOLES Workshop of Multiple Views of Privacy 2004, Sigtuna, Sweden
Know More

More Security or Less Security

We depart from the conventional quest for 'Completely Secure Systems' and ask 'How can we be more Secure'. We draw heavily from the evolution of the Theory of Justice and the arguments against the institutional approach to Justice.

More Security or Less Insecurity, In B. Christianson and J. A. Malcolm editors, The 18th International Security Protocols Workshop, Cambridge, UK, March 24–26, 2010. Proceedings, volume 7061 of Lecture Notes in Computer Science, pages 115-119. Springer-Verlag, Berlin, 2010
Know More