GNUnet's Selected Papers in Meshnetworking: BibTeX

The GNUnet Bibliography | BibTeX records

By topic | By date | By author


  title = {The GNet Whitepaper}, 
  author = {Krista Bennett and Tiberius Stef and Christian Grothoff and Tzvetan Horozov and
        Ioana Patrascu}, 
  journal = {unknown}, 
  institution = {Purdue University}, 
  year = {2002}, 
  month = {June}, 
  type = {Technical report}, 
  abstract = {This paper describes GNet, a reliable anonymous distributed backup system
        with reasonable defenses against malicious hosts and low overhead in traffic and
        CPU time. The system design is described and compared to other publicly used
        services with similar goals. Additionally, the implementation and the protocols
        of GNet are presented}, 
  www_section = {anonymity, economics, encoding, GNUnet, obsolete database}, 
  keywords = {anonymity, economics, encoding, GNUnet, obsolete database}, 
  www_tags = {selected}, 
  www_pdf_url = {}, 
  title = {Managing and Presenting User Attributes over a Decentralized Secure Name
  author = {Martin Schanzenbach and Christian Banse}, 
  booktitle = {Data Privacy Management and Security Assurance--11th International Workshop,
        {DPM} 2016 and 5th International Workshop, {QASA} 2016, Heraklion, Crete, Greece,
        September 26-27, 2016, Proceedings}, 
  organization = {Springer}, 
  year = {2016}, 
  month = {September}, 
  address = {Crete, Greece}, 
  publisher = {Springer}, 
  abstract = {Today, user attributes are managed at centralized identity providers.
        However, two centralized identity providers dominate digital identity and access
        management on the web. This is increasingly becoming a privacy problem in times
        of mass surveillance and data mining for targeted advertisement. Existing systems
        for attribute sharing or credential presentation either rely on a trusted third
        party service or require the presentation to be online and synchronous. In this
        paper we propose a concept that allows the user to manage and share his
        attributes asynchronously with a requesting party using a secure, decentralized
        name system}, 
  www_section = {Decentralisation, GNUnet, Identity and Access Management, User
  www_tags = {selected}, 
  url = {}, 
  title = {The GNUnet System}, 
  author = {Grothoff, Christian}, 
  school = {Universit{\'e} de Rennes 1}, 
  volume = {HDR}, 
  year = {2017}, 
  month = {December}, 
  address = {Rennes}, 
  pages = {0--181}, 
  type = {Habilitation {\`a} diriger des recherches}, 
  abstract = {GNUnet is an alternative network stack for building secure, decentralized and
        privacy-preserving distributed applications. Our goal is to replace the old
        insecure Internet protocol stack. Starting from an application for secure
        publication of files, it has grown to include all kinds of basic protocol
        components and applications towards the creation of a GNU internet. This
        habilitation provides an overview of the GNUnet architecture, including the
        development process, the network architecture and the software architecture. The
        goal of Part 1 is to provide an overview of how the various parts of the project
        work together today, and to then give ideas for future directions. The text is a
        first attempt to provide this kind of synthesis, and in return does not go into
        extensive technical depth on any particular topic. Part 2 then gives selected
        technical details based on eight publications covering many of the core
        components. This is a harsh selection; on the GNUnet website there are more than
        50 published research papers and theses related to GNUnet, providing extensive
        and in-depth documentation. Finally, Part 3 gives an overview of current plans
        and future work}, 
  keywords = {decentralization, GNUnet, peer-to-peer, privacy, private information
        retrieval, routing, secure multiparty computation, self-organization}, 
  www_section = {decentralization, GNUnet, peer-to-peer, privacy, private information
        retrieval, routing, secure multiparty computation, self-organization}, 
  www_tags = {selected}, 
  doi = {}, 
  url = {}, 
  title = {Toward secure name resolution on the internet}, 
  author = {Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum}, 
  journal = {Computers & Security}, 
  year = {2018}, 
  abstract = {The Domain Name System (DNS) provides crucial name resolution functions for
        most Internet services. As a result, DNS traffic provides an important attack
        vector for mass surveillance, as demonstrated by the QUANTUMDNS and MORECOWBELL
        programs of the NSA. This article reviews how DNS works and describes security
        considerations for next generation name resolution systems. We then describe DNS
        variations and analyze their impact on security and privacy. We also consider
        Namecoin, the GNU Name System and RAINS, which are more radical re-designs of
        name systems in that they both radically change the wire protocol and also
        eliminate the existing global consensus on TLDs provided by ICANN. Finally, we
        assess how the different systems stack up with respect to the goal of improving
        security and privacy of name resolution for the future Internet}, 
  keywords = {Future Internet, GNUnet, Name resolution, network architecture, privacy,
        Technology and society}, 
  www_section = {Future Internet, GNUnet, Name resolution, network architecture, privacy,
        Technology and society}, 
  issn = {0167-4048}, 
  doi = {}, 
  url = {}, 
  www_tags = {selected}, 
  title = {reclaimID: Secure, Self-Sovereign Identities using Name Systems and
        Attribute-Based Encryption}, 
  author = {Schanzenbach, M. and Bramm, G. and Sch{\"u}tte, J.}, 
  booktitle = {Proceedings of 17th IEEE International Conference On Trust, Security And
        Privacy In Computing And Communications/ 12th IEEE International Conference On
        Big Data Science And Engineering (TrustCom/BigDataSE)}, 
  year = {2018}, 
  abstract = {In this paper we present reclaimID: An architecture that allows users to
        reclaim their digital identities by securely sharing identity attributes without
        the need for a centralised service provider. We propose a design where user
        attributes are stored in and shared over a name system under user-owned
        namespaces. Attributes are encrypted using attribute-based encryption (ABE),
        allowing the user to selectively authorize and revoke access of requesting
        parties to subsets of his attributes. We present an implementation based on the
        decentralised GNU Name System (GNS) in combination with ciphertext-policy ABE
        using type-1 pairings. To show the practicality of our implementation, we carried
        out experimental evaluations of selected implementation aspects including
        attribute resolution performance. Finally, we show that our design can be used as
        a standard OpenID Connect Identity Provider allowing our implementation to be
        integrated into standard-compliant services}, 
  keywords = {Computer Science - Cryptography and Security}, 
  www_section = {Computer Science - Cryptography and Security}, 
  url = {}, 
  www_tags = {selected}, 
  title = {CADET: Confidential Ad-hoc Decentralized End-to-End Transport}, 
  author = {Polot, Bartlomiej and Christian Grothoff}, 
  booktitle = {Med-Hoc-Net 2014}, 
  year = {2014}, 
  month = {January}, 
  abstract = {This paper describes CADET, a new transport protocol for confidential and
        authenticated data transfer in decentralized networks. This transport protocol is
        designed to operate in restricted-route scenarios such as friend-to-friend or
        ad-hoc wireless networks. We have implemented CADET and evaluated its performance
        in various network scenarios, compared it to the well-known TCP/IP stack and
        tested its response to rapidly changing network topologies. While our current
        implementation is still significantly slower in high-speed low-latency networks,
        for typical Internet-usage our system provides much better connectivity and
        security with comparable performance to TCP/IP}, 
  www_section = {CADET, encryption, GNUnet, routing}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System}, 
  author = {Matthias Wachs and Martin Schanzenbach and Christian Grothoff}, 
  booktitle = {International Conference on Cryptology and Network Security (CANS)}, 
  organization = {Springer Verlag}, 
  year = {2014}, 
  publisher = {Springer Verlag}, 
  abstract = {The Domain Name System (DNS) is vital for access to information on the
        Internet. This makes it a target for attackers whose aim is to suppress free
        access to information. This paper introduces the design and implementation of the
        GNU Name System (GNS), a fully decentralized and censorship-resistant name
        system. GNS provides a privacy-enhancing alternative to DNS which preserves the
        desirable property of memorable names. Due to its design, it can also double as a
        partial replacement of public key infrastructures, such as X.509. The design of
        GNS incorporates the capability to integrate and coexist with DNS. GNS is based
        on the principle of a petname system and builds on ideas from the Simple
        Distributed Security Infrastructure (SDSI), addressing a central issue with the
        decentralized mapping of secure identifiers to memorable names: namely the
        impossibility of providing a global, secure and memorable mapping without a
        trusted authority. GNS uses the transitivity in the SDSI design to replace the
        trusted root with secure delegation of authority, thus making petnames useful to
        other users while operating under a very strong adversary model. In addition to
        describing the GNS design, we also discuss some of the mechanisms that are needed
        to smoothly integrate GNS with existing processes and procedures in Web browsers.
        Specifically, we show how GNS is able to transparently support many assumptions
        that the existing HTTP(S) infrastructure makes about globally unique names}, 
  www_section = {DNS, GNU Name System, GNUnet, PKI}, 
  www_pdf_url = {},
  www_tags = {selected}, 
  url = {}, 
  title = {Decentralized Authentication for Self-Sovereign Identities using Name Systems}, 
  author = {Christian Grothoff and Martin Schanzenbach and Annett Laube and Emmanuel
%%%%% ERROR: Missing field
% journal = {?????},
  institution = {Berner Fachhochschule}, 
  number = {847382}, 
  year = {2018}, 
  month = {October}, 
  address = {Bern}, 
  type = {H2020 submission}, 
  abstract = {The GNU Name System (GNS) is a fully decentralized public key infrastructure
        and name system with private information retrieval semantics. It serves a
        holistic approach to interact seamlessly with IoT ecosystems and enables people
        and their smart objects to prove their identity, membership and privileges -
        compatible with existing technologies. In this report we demonstrate how a wide
        range of private authentication and identity management scenarios are addressed
        by GNS in a cost-efficient, usable and secure manner. This simple, secure and
        privacy-friendly authentication method is a significant breakthrough when cyber
        peace, privacy and liability are the priorities for the benefit of a wide range
        of the population. After an introduction to GNS itself, we show how GNS can be
        used to authenticate servers, replacing the Domain Name System (DNS) and X.509
        certificate authorities (CAs) with a more privacy-friendly but equally usable
        protocol which is trustworthy, human-centric and includes group authentication.
        We also built a demonstrator to highlight how GNS can be used in medical
        computing to simplify privacy-sensitive data processing in the Swiss health-care
        system. Combining GNS with attribute-based encryption, we created ReclaimID, a
        robust and reliable OpenID Connect-compatible authorization system. It includes
        simple, secure and privacy-friendly single sign-on to seamlessly share selected
        attributes with Web services, cloud ecosystems. Further, we demonstrate how
        ReclaimID can be used to solve the problem of addressing, authentication and data
        sharing for IoT devices. These applications are just the beginning for GNS; the
        versatility and extensibility of the protocol will lend itself to an even broader
        range of use-cases. GNS is an open standard with a complete free software
        reference implementation created by the GNU project. It can therefore be easily
        audited, adapted, enhanced, tailored, developed and/or integrated, as anyone is
        allowed to use the core protocols and implementations free of charge, and to
        adopt them to their needs under the terms of the GNU Affero General Public
        License, a free software license approved by the Free Software Foundation.}, 
  keywords = {DNS, GNU Name System, GNUnet, privacy, ReclaimID}, 
  www_section = {DNS, GNU Name System, GNUnet, privacy, ReclaimID}, 
  www_tags = {selected}, 
  url = {}, 
  www_pdf_url = {}, 
  title = {R5N : Randomized Recursive Routing for Restricted-Route Networks}, 
  author = {Nathan S Evans and Christian Grothoff}, 
  booktitle = {5th International Conference on Network and System Security (NSS 2011)}, 
  organization = {IEEE}, 
  year = {2011}, 
  month = {September}, 
  address = {Milan, Italy}, 
  publisher = {IEEE}, 
  abstract = {This paper describes a new secure DHT routing algorithm for open,
        decentralized P2P networks operating in a restricted-route environment with
        malicious participants. We have implemented our routing algorithm and have
        evaluated its performance under various topologies and in the presence of
        malicious peers. For small-world topologies, our algorithm provides significantly
        better performance when compared to existing methods. In more densely connected
        topologies, our performance is better than or on par with other designs}, 
  www_section = {distributed hash table, GNUnet, R5N, routing}, 
  www_tags = {selected}, 
  www_pdf_url = {}, 
  url = {}, 
  title = {Experimental comparison of Byzantine fault tolerant distributed hash tables}, 
  author = {Supriti Singh}, 
  school = {Saarland University}, 
  volume = {M.S}, 
  year = {2014}, 
  month = {September}, 
  address = {Saarbruecken}, 
  pages = {0--42}, 
  type = {Masters}, 
  abstract = {Distributed Hash Tables (DHTs) are a key data structure for construction of a
        peer to peer systems. They provide an efficient way to distribute the storage and
        retrieval of key-data pairs among the participating peers. DHTs should be
        scalable, robust against churn and resilient to attacks. X-Vine is a DHT protocol
        which offers security against Sybil attacks. All communication among peers is
        performed over social network links, with the presumption that a friend can be
        trusted. This trust can be extended to a friend of a friend. It uses the tested
        Chord Ring topology as an overlay, which has been proven to be scalable and
        robust. The aim of the thesis is to experimentally compare two DHTs, R5 N and
        X-Vine. GNUnet is a free software secure peer to peer framework, which uses R 5N
        . In this thesis, we have presented the implementation of X-Vine on GNUnet, and
        compared the performance of R5 N and X-Vine}, 
  www_section = {DHT, GNUnet, performance analysis, testbed, X-vine}, 
  www_tags = {selected}, 
  url = {}, 
  www_pdf_url = {},
  title = {Byzantine Set-Union Consensus using Efficient Set Reconciliation}, 
  author = {Florian Dold and Christian Grothoff}, 
  booktitle = {International Conference on Availability, Reliability and Security (ARES)}, 
  year = {2016}, 
  month = {June}, 
  abstract = {Applications of secure multiparty computation such as certain electronic
        voting or auction protocols require Byzantine agreement on large sets of
        elements. Implementations proposed in the literature so far have relied on state
        machine replication, and reach agreement on each individual set element in
        sequence. We introduce set-union consensus, a specialization of Byzantine
        consensus that reaches agreement over whole sets. This primitive admits an
        efficient and simple implementation by the composition of Eppstein's set
        reconciliation protocol with Ben-Or's ByzConsensus protocol. A free software
        implementation of this construction is available in GNUnet. Experimental results
        indicate that our approach results in an efficient protocol for very large sets,
        especially in the absence of Byzantine faults. We show the versatility of
        set-union consensus by using it to implement distributed key generation, ballot
        collection and cooperative decryption for an electronic voting protocol
        implemented in GNUnet}, 
  www_section = {byzantine fault tolerance, consensus, GNUnet}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {A Decentralized and Autonomous Anomaly Detection Infrastructure for
        Decentralized Peer-to-Peer Networks}, 
  author = {Omar Tarabai}, 
  volume = {Master}, 
  year = {2014}, 
  month = {October}, 
  pages = {0--63}, 
  type = {Master}, 
  abstract = {In decentralized networks, collecting and analysing information from the
        network is useful for developers and operators to monitor the behaviour and
        detect anomalies such as attacks or failures in both the overlay and underlay
        networks. But realizing such an infrastructure is hard to achieve due to the
        decentralized nature of the network especially if the anomaly occurs on systems
        not operated by developers or participants get separated from the collection
        points. In this thesis a decentralized monitoring infrastructure using a
        decentralized peer-to-peer network is developed to collect information and detect
        anomalies in a collaborative way without coordination by and in absence of a
        centralized infrastructure and report detected incidents to a monitoring
        infrastructure. We start by introducing background information about peer-to-peer
        networks, anomalies and anomaly detection techniques in literature. Then we
        present some of the related work regarding monitoring decentralized networks,
        anomaly detection and data aggregation in decentralized networks. Then we perform
        an analysis of the system objectives, target environment and the desired
        properties of the system. Then we design the system in terms of the overall
        structure and its individual components. We follow with details about the system
        implementation. Lastly, we evaluate the final system implementation against our
        desired objectives}, 
  www_section = {anomaly, censorship, detection, GNUnet}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {Cryptographically Secure, Distributed Electronic Voting}, 
  author = {Florian Dold}, 
  school = {Technische Universit{\"a}t M{\"u}nchen}, 
  volume = {B.S}, 
  year = {2014}, 
  month = {August}, 
  address = {M{\"u}nchen}, 
  pages = {0--49}, 
  type = {Bachelor's}, 
  abstract = {Elections are a vital tool for decision-making in democratic societies. The
        past decade has witnessed a handful of attempts to apply modern technology to the
        election process in order to make it faster and more cost-effective. Most of the
        practical efforts in this area have focused on replacing traditional voting
        booths with electronic terminals, but did not attempt to apply cryptographic
        techniques able to guarantee critical properties of elections such as secrecy of
        ballot and verifiability. While such techniques were extensively researched in
        the past 30 years, practical implementation of cryptographically secure remote
        electronic voting schemes are not readily available. All existing implementation
        we are aware of either exhibit critical security flaws, are proprietary black-box
        systems or require additional physical assumptions such as a preparatory key
        ceremony executed by the election officials. The latter makes such systems
        unusable for purely digital communities. This thesis describes the design and
        implementation of an electronic voting system in GNUnet, a framework for secure
        and decentralized networking. We provide a short survey of voting schemes and
        existing implementations. The voting scheme we implemented makes use of threshold
        cryptography, a technique which requires agreement among a large subset of the
        election officials to execute certain cryptographic operations. Since such
        protocols have applications outside of electronic voting, we describe their
        design and implementation in GNUnet separately}, 
  www_section = {GNUnet, secure multiparty computation, voting}, 
  www_pdf_url = {},
  www_tags = {selected}, 
  url = {}, 
  title = {Byzantine Set-Union Consensus using Efficient Set Reconciliation}, 
  author = {Dold, Florian and Grothoff, Christian}, 
  booktitle = {International Conference on Availability, Reliability and Security (ARES)}, 
  year = {2016}, 
  www_section = {Unsorted}, 
  www_tags = {selected}, 
  url = {}, 
  www_pdf_url = {}, 
  title = {Zur Idee herrschaftsfreier kooperativer Internetdienste}, 
  author = {Christian Ricardo K{\"u}hne}, 
  journal = {FIfF-Kommunikation}, 
  year = {2016}, 
  chapter = {46}, 
  www_section = {Architecture, GNUnet, Internet}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {Publish/Subscribe for Large-Scale Social Interaction: Design, Analysis and
        Ressource Provisioning}, 
  author = {Vinay Jayarama Setty}, 
  school = {University of Oslo}, 
  volume = {Doctor of Philosophy}, 
  year = {2015}, 
  month = {March}, 
  www_section = {publish-subscribe, pubsub, social interaction, messaging, multicast}, 
  www_pdf_url = {},
  www_tags = {selected}, 
  title = {Improving Voice over GNUnet}, 
  author = {Christian Ulrich}, 
  school = {TU Berlin}, 
  volume = {Bachelor}, 
  year = {2017}, 
  month = {July}, 
  address = {Berlin}, 
  pages = {0--48}, 
  type = {B.S}, 
  abstract = {In contrast to ubiquitous cloud-based solutions the telephony application
        GNUnet conversation provides fully-decentralized, secure voice communication and
        thus impedes mass surveillance. The aim of this thesis is to investigate why
        GNUnet conversation currently provides poor Quality of Experience under typical
        wide area network conditions and to propose optimization measures. After network
        shaping and the initialization of two isolated GNUnet peers had been automated,
        delay measurements were done. With emulated network characteristics network
        delay, cryptography delays and audio codec delays were measured and transmitted
        speech was recorded. An analysis of the measurement results and a subjective
        assessment of the speech recordings revealed that extreme outliers occur in most
        scenarios and impair QoE. Moreover it was shown that GNUnet conversation
        introduces a large delay that confines the environment in which good QoE is
        possible. In the measurement environment at least 23 ms always ocurred of which
        large parts are were caused by cryptography. It was shown that optimization in
        the cryptography part and other components are possible. Finally the conditions
        for currently reaching good QoE were determined and ideas for further
        investigations were presented}, 
  www_section = {CADET, GNUnet, measurement, performance}, 
  www_tags = {selected}, 
  url = {}, 
  www_pdf_url = {}, 
  title = {Byzantine Fault Tolerant Set Consensus with Efficient Set Reconciliation}, 
  author = {Florian Dold}, 
  school = {Technische Universit{\"a}t M{\"u}nchen}, 
  volume = {M.S}, 
  year = {2015}, 
  month = {December}, 
  address = {M{\"u}nchen}, 
  pages = {0--69}, 
  type = {Master}, 
  abstract = {Byzantine consensus is a fundamental and well-studied problem in the area of
        distributed system. It requires a group of peers to reach agreement on some
        value, even if a fraction of the peers is controlled by an adversary. This thesis
        proposes set union consensus, an efficient generalization of Byzantine consensus
        from single elements to sets. This is practically motivated by Secure Multiparty
        Computation protocols such as electronic voting, where a large set of elements
        must be collected and agreed upon. Existing practical implementations of
        Byzantine consensus are typically based on state machine replication and not
        well-suited for agreement on sets, since they must process individual agreements
        on all set elements in sequence. We describe and evaluate our implementation of
        set union consensus in GNUnet, which is based on a composition of Eppstein set
        reconciliation protocol with the simple gradecast consensus prococol described by
  www_section = {byzantine consensus, GNUnet, secure multiparty computation, set
        reconciliation, voting}, 
  www_pdf_url = {},
  www_tags = {selected}, 
  url = {}, 
  title = {NSA's MORECOWBELL: Knell for DNS}, 
  author = {Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum}, 
  journal = {unknown}, 
  institution = {GNUnet e.V}, 
  year = {2015}, 
  month = {January}, 
  address = {M{\"u}nchen}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {El programa MORECOWBELL de la NSA: Doblan las campanas para el DNS}, 
  author = {Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum}, 
  journal = {unknown}, 
  institution = {GNUnet e.V}, 
  year = {2015}, 
  month = {January}, 
  address = {M{\"u}nchen}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {Le programme MORECOWBELL de la NSA Sonne le glas du NSA}, 
  author = {Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum and
        Ludovic Court{\`e}s}, 
  journal = {unknown}, 
  institution = {GNUnet e.V}, 
  year = {2015}, 
  month = {January}, 
  address = {M{\"u}nchen}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {Il programma MORECOWBELL della NSA: Campane a morto per il DNS}, 
  author = {Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum and
        Luca Saiu}, 
  journal = {unknown}, 
  institution = {GNUnet e.V}, 
  year = {2015}, 
  month = {January}, 
  address = {M{\"u}nchen}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {Cryogenic: Enabling Power-Aware Applications on Linux}, 
  author = {Alejandra Morales}, 
  school = {Technische Universit{\"a}t M{\"u}nchen}, 
  volume = {M. Sc}, 
  year = {2014}, 
  month = {February}, 
  address = {Garching bei M{\"u}nchen}, 
  pages = {0--106}, 
  type = {Masters}, 
  abstract = {As a means of reducing power consumption, hardware devices are capable to
        enter into sleep-states that have low power consumption. Waking up from those
        states in order to return to work is typically a rather energy-intensive
        activity. Some existing applications have non-urgent tasks that currently force
        hardware to wake up needlessly or prevent it from going to sleep. It would be
        better if such non-urgent activities could be scheduled to execute when the
        respective devices are active to maximize the duration of sleep-states. This
        requires cooperation between applications and the kernel in order to determine
        when the execution of a task will not be expensive in terms of power consumption.
        This work presents the design and implementation of Cryogenic, a POSIX-compatible
        API that enables clustering tasks based on the hardware activity state.
        Specifically, Cryogenic's API allows applications to defer their execution until
        other tasks use the device they want to use. As a result, two actions that
        contribute to reduce the device energy consumption are achieved: reduce the
        number of hardware wake-ups and maximize the idle periods. The energy
        measurements enacted at the end of this thesis demonstrate that, for the specific
        setup and conditions present during our experimentation, Cryogenic is capable to
        achieve savings between 1\% and 10\% for a USB WiFi device. Although we ideally
        target mobile platforms, Cryogenic has been developed by means a new Linux module
        that integrates with the existing POSIX event loop system calls. This allows to
        use Cryogenic on many different platforms as long as they use a GNU/Linux
        distribution as the main operating system. An evidence of this can be found in
        this thesis, where we demonstrate the power savings on a single-board computer}, 
  www_section = {cooperative, cryogenic, GNUnet, Linux, POSIX, power}, 
  www_pdf_url = {},
  www_tags = {selected}, 
  url = {}, 
  title = {Implementing Privacy Preserving Auction Protocols}, 
  author = {Markus Teich}, 
  school = {TUM}, 
  volume = {Master of Science}, 
  year = {2017}, 
  month = {February}, 
  address = {Munich}, 
  pages = {0--100}, 
  editor = {Totakura, Sree Harsha and Grothoff, Christian and Felix Brandt}, 
  abstract = {In this thesis we translate Brandt's privacy preserving sealed-bid online
        auction protocol from RSA to elliptic curve arithmetic and analyze the
        theoretical and practical benefits. With Brandt's protocol, the auction outcome
        is completely resolved by the bidders and the seller without the need for a
        trusted third party. Loosing bids are not revealed to anyone. We present
        libbrandt, our implementation of four algorithms with different outcome and
        pricing properties, and describe how they can be incorporated in a real-world
        online auction system. Our performance measurements show a reduction of
        computation time and prospective bandwidth cost of over 90\% compared to an
        implementation of the RSA version of the same algorithms. We also evaluate how
        libbrandt scales in different dimensions and conclude that the system we have
        presented is promising with respect to an adoption in the real world}, 
  www_section = {auctions, GNUnet, secure multi-party computation}, 
  www_tags = {selected}, 
  www_pdf_url = {}, 
  url = {}, 
  title = {A Secure and Resilient Communication Infrastructure for Decentralized Networking
  author = {Matthias Wachs}, 
  school = {Technische Universit{\"a}t M{\"u}nchen}, 
  volume = {PhD}, 
  year = {2015}, 
  month = {February}, 
  address = {M{\"u}nchen}, 
  pages = {0--250}, 
  type = {PhD}, 
  abstract = {This thesis provides the design and implementation of a secure and resilient
        communication infrastructure for decentralized peer-to-peer networks. The
        proposed communication infrastructure tries to overcome limitations to
        unrestricted communication on today's Internet and has the goal of
        re-establishing unhindered communication between users. With the GNU name system,
        we present a fully decentralized, resilient, and privacy-preserving alternative
        to DNS and existing security infrastructures}, 
  www_section = {Communication, GNU Name System, GNUnet, P2P, resilience}, 
  www_tags = {selected}, 
  isbn = {3-937201-45-9}, 
  doi = {10.2313/NET-2015-02-1}, 
  url = {}, 
  www_pdf_url = {}, 
  title = {Privacy-Preserving Abuse Detection in Future Decentralised Online Social
  author = {{\'A}lvaro Garc{\'\i}a-Recuero and Jeffrey Burdges and Christian Grothoff}, 
  booktitle = {Data Privacy Management (DPM)}, 
  organization = {Springer}, 
  year = {2016}, 
  month = {September}, 
  address = {Heraklion, Greece}, 
  publisher = {Springer}, 
  abstract = {Future online social networks need to not only protect sensitive data of
        their users, but also protect them from abusive behavior coming from malicious
        participants in the network. We investigate the use of supervised learning
        techniques to detect abusive behavior and describe privacy-preserving protocols
        to compute the feature set required by abuse classification algorithms in a
        secure and privacy-preserving way. While our method is not yet fully resilient
        against a strong adaptive adversary, our evaluation suggests that it will be
        useful to detect abusive behavior with a minimal impact on privacy}, 
  www_section = {abuse, GNUnet, Privacy preserving, reputation, Social networking}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {An Approach for Home Routers to Securely Erase Sensitive Data}, 
  author = {Nicolas Bene{\v s}}, 
  school = {Technische Universit{\"a}t M{\"u}nchen}, 
  volume = {Bachelor}, 
  year = {2014}, 
  month = {October}, 
  address = {Munich}, 
  pages = {0--64}, 
  type = {Bachelor Thesis}, 
  abstract = {Home routers are always-on low power embedded systems and part of the
        Internet infrastructure. In addition to the basic router functionality, they can
        be used to operate sensitive personal services, such as for private web and email
        servers, secure peer-to-peer networking services like GNUnet and Tor, and
        encrypted network file system services. These services naturally involve
        cryptographic operations with the cleartext keys being stored in RAM. This makes
        router devices possible targets to physical attacks by home intruders. Attacks
        include interception of unprotected data on bus wires, alteration of firmware
        through exposed JTAG headers, or recovery of cryptographic keys through the cold
        boot attack. This thesis presents Panic!, a combination of open hardware design
        and free software to detect physical integrity attacks and to react by securely
        erasing cryptographic keys and other sensitive data from memory. To improve
        auditability and to allow cheap reproduction, the components of Panic! are kept
        simple in terms of conceptual design and lines of code. First, the motivation to
        use home routers for services besides routing and the need to protect their
        physical integrity is discussed. Second, the idea and functionality of the Panic!
        system is introduced and the high-level interactions between its components
        explained. Third, the software components to be run on the router are described.
        Fourth, the requirements of the measurement circuit are declared and a prototype
        is presented. Fifth, some characteristics of pressurized environments are
        discussed and the difficulties for finding adequate containments are explained.
        Finally, an outlook to tasks left for the future is given}, 
  www_section = {GNUnet, home router, intrusion detection, memory erasure, Panic, physical
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {Automatic Transport Selection and Resource Allocation for Resilient
        Communication in Decentralised Networks}, 
  author = {Matthias Wachs and Fabian Oehlmann and Christian Grothoff}, 
  booktitle = {14-th IEEE International Conference on Peer-to-Peer Computing}, 
  year = {2014}, 
  month = {October}, 
  address = {London. England}, 
  abstract = {Making communication more resilient is a main focus for modern decentralised
        networks. A current development to increase connectivity between participants and
        to be resilient against service degradation attempts is to support different
        communication protocols, and to switch between these protocols in case
        degradation or censorship are detected. Supporting multiple protocols with
        different properties and having to share resources for communication with
        multiple partners creates new challenges with respect to protocol selection and
        resource allocation to optimally satisfy the applications' requirements for
        communication. This paper presents a novel approach for automatic transport
        selection and resource allocation with a focus on decentralised networks. Our
        goal is to evaluate the communication mechanisms available for each communication
        partner and then allocate resources in line with the requirements of the
        applications. We begin by detailing the overall requirements for an algorithm for
        transport selection and resource allocation, and then compare three different
        solutions using (1) a heuristic, (2) linear optimisation, and (3) machine
        learning. To show the suitability and the specific benefits of each approach, we
        evaluate their performance with respect to usability, scalability and quality of
        the solution found in relation to application requirements}, 
  www_section = {GNUnet, resource allocation}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {Towards Self-sovereign, decentralized personal data sharing and identity
  author = {Schanzenbach, Martin}, 
  school = {Technische Universit{\"a}t M{\"u}nchen}, 
  year = {2020}, 
  address = {Munich}, 
  type = {Dissertation}, 
  keywords = {DNS, GNU Name System, GNUnet, privacy, ReclaimID}, 
  www_section = {Self-sovereign identity, GNUnet, GNU Name System}, 
  www_tags = {selected}, 
  www_pdf_url = {}, 
  url = {}, 
  abstract = {Today, identity management is a key element for commercial and private
        services on the Internet. Over the past decade, digital identities evolved away
        from decentralized, pseudonymous, user-controlled personas towards centralized,
        unabiguous identities managed at and provided through service providers. This
        development was sparked by the requirement of real identities in the context of
        electronic commerce. However, it was particularly fuelled later by the emergence
        of social media and the possibilities it provides to people in order to establish
        social connections. The following centralization of identities at a handful of
        service providers significantly improved usability and reliability of identity
        services. Those benefits come at the expense of other, arguably equally important
        areas. For users, it is privacy and the permanent threat of being tracked and
        analyzed. For service providers, it is liability and the risk of facing
        significant punishment caused by strict privacy regulations which try to
        counteract the former. In this thesis, we investigate state-of-the-art approaches
        to modern identity management. We take a look at existing standards and recent
        research in order to understand the status quo and how it can be improved. As a
        result from our research, we present the following contributions: In order to
        allow users to reclaim control over their identities and personal data, we
        propose a design for a decentralized, self-sovereign directory service. This
        service allows users to share personal data with services without the need of a
        trusted third party. Unlike existing research in this area, we propose mechanisms
        which allow users to efficiently enforce access control on their data. Further,
        we investigate how trust can be established in user-managed, self-sovereign
        identities. We propose a trust establishment mechanism through the use of secure
        name systems. It allows users and organizations to establish trust relationships
        and identity assertions without the need of centralized public key
        infrastructures (PKIs). Additionally, we show how recent advancements in the area
        of non-interactive zero-knowledge (NIZK) protocols can be leveraged in order to
        create privacy-preserving attribute-based credentials (PP-ABCs) suitable for use
        in self-sovereign identity systems including our proposed directory service. We
        provide proof of concept implementations of our designs and evaluate them to show
        that they are suitable for practical applications.}, 
  title = {Control Flow Analysis for Event-Driven Programs}, 
  author = {Florian Scheibner}, 
  school = {Technical University of Munich}, 
  volume = {B.Sc}, 
  year = {2014}, 
  month = {July}, 
  address = {Munich}, 
  pages = {0--71}, 
  type = {Bachelors}, 
  abstract = {Static analysis is often used to automatically check for common bugs in
        programs. Compilers already check for some common programming errors and issue
        warnings; however, they do not do a very deep analysis because this would slow
        the compilation of the program down. Specialized tools like Coverity or Clang
        Static Analyzer look at possible runs of a program and track the state of
        variables in respect to function calls. This information helps to identify
        possible bugs. In event driven programs like GNUnet callbacks are registered for
        later execution. Normal static analysis cannot track these function calls. This
        thesis is an attempt to extend different static analysis tools so that they can
        handle this case as well. Different solutions were thought of and executed with
        Coverity and Clang. This thesis describes the theoretical background of model
        checking and static analysis, the practical usage of wide spread static analysis
        tools, and how these tools can be extended in order to improve their usefulness}, 
  www_section = {event-driven, flow control, GNUnet, static analysis}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {Enabling Secure Web Payments with GNU Taler}, 
  author = {Jeffrey Burdges and Florian Dold and Christian Grothoff and Marcello Stanisci}, 
  booktitle = {6th International Conference on Security, Privacy and Applied Cryptographic
  organization = {Springer}, 
  year = {2016}, 
  month = {December}, 
  address = {Hyderabad}, 
  publisher = {Springer}, 
  abstract = {GNU Taler is a new electronic online payment system which provides privacy
        for customers and accountability for merchants. It uses an exchange service to
        issue digital coins using blind signatures, and is thus not subject to the
        performance issues that plague Byzantine fault-tolerant consensus-based
        solutions. The focus of this paper is addressing the challenges payment systems
        face in the context of the Web. We discuss how to address Web-specific
        challenges, such as handling bookmarks and sharing of links, as well as
        supporting users that have disabled JavaScript. Web payment systems must also
        navigate various constraints imposed by modern Web browser security architecture,
        such as same-origin policies and the separation between browser extensions and
        Web pages. While our analysis focuses on how Taler operates within the security
        infrastructure provided by the modern Web, the results partially generalize to
        other payment systems. We also include the perspective of merchants, as existing
        systems have often struggled with securing payment information at the merchant's
        side. Here, challenges include avoiding database transactions for customers that
        do not actually go through with the purchase, as well as cleanly separating
        security-critical functions of the payment system from the rest of the Web
  www_section = {blind signatures, GNUnet, incentives, payments, Taler, web}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 
  title = {GNUnet und Informationsmacht: Analyse einer P2P-Technologie und ihrer sozialen
  author = {Christian Ricardo K{\"u}hne}, 
  school = {Humboldt-Universit{\"a}t zu Berlin}, 
  volume = {Diplominformatiker}, 
  year = {2016}, 
  month = {April}, 
  address = {Berlin}, 
  pages = {0--103}, 
  type = {Diplomarbeit}, 
  abstract = {This thesis studies the GNUnet project comprising its history, ideas and the
        P2P network technology. It specifically investigates the question of emancipatory
        potentials with regard to forms of information power due to a widely deployed new
        Internet technology and tries to identify essential suspensions of power within
        the scope of an impact assessment. Moreover, we will see by contrasting the
        GNUnet project with the critical data protection project, founded on social
        theory, that both are heavily concerned about the problem of illegitimate and
        unrestrained information power, giving us additional insights for the assessment.
        Last but least I'll try to present a scheme of how both approaches may interact
        to realize their goals}, 
  www_section = {GNUnet, peer-to-peer}, 
  www_pdf_url = {}, 
  www_tags = {selected}, 
  url = {}, 

Go to top