| Итог: | <p>Communication privacy is the property of a communication system that enables two or more distrusting participants to exchange information without compromising their privacy, with respect to internal and external adversaries. It encompasses aspects of anonymous communication as well as data privacy. A real-world example of the need for communication privacy is the smart energy grid, in which networked smart meters frequently measure energy consumption and communicate with grid operators. Privacy concerns arise from the possible inference of sensitive information from these measurements.</p> <p>Using smart grid communication privacy as a case study, this thesis introduces the concept of the <em>Trustworthy Remote Entity (TRE)</em>. The TRE is an intermediary between distrusting participants that performs privacy-enhancing computations on the exchanged information. Unlike cryptographic secure multiparty computation protocols, this approach does not increase participants' computational or communication complexity. In contrast to a <em>trusted</em> third party, this <em>trustworthy</em> entity uses trusted computing and remote attestation to establish attestation-based trust relationships. As a single-function system, the TRE requires only a minimal software Trusted Computing Base, thus minimizing its attack surface and making it an ideal candidate for security audits. Two research hypotheses are investigated: firstly that the TRE can be realized and used to enhance consumers' privacy in the smart grid, and secondly that the TRE concept can be formalized and used in other application domains.</p> <p>This thesis confirms both hypotheses and, in doing so, presents five main contributions. Firstly, it proposes a new methodology for modelling and analysing communication privacy terms of unlinkability and undetectability, which is implemented in the CSP process algebra and used to enhance the Casper/FDR analysis tool. Secondly, it presents and analyses a new TRE-based smart grid communication architecture. Thirdly, it compares different TRE system architectures and evaluates a fully functional TRE prototype. Fourthly, it defines a new highly-scalable remote attestation protocol for establishing the TRE's trustworthiness. Finally, it formalizes the fundamental characteristics of the TRE concept and demonstrates how the TRE can be used to enhance communication privacy in location-based services and wireless network roaming.</p>
|
|---|