The GNUnet Bibliography | BibTeX records
By topic | By date | By author
@article{2002_2_GNet,
title = {The GNet Whitepaper},
author = {Krista Bennett and Tiberius Stef and Christian Grothoff and Tzvetan Horozov and
Ioana Patrascu},
journal = {unknown},
institution = {Purdue University},
year = {2002},
month = {June},
type = {Technical report},
abstract = {This paper describes GNet, a reliable anonymous distributed backup system
with reasonable defenses against malicious hosts and low overhead in traffic and
CPU time. The system design is described and compared to other publicly used
services with similar goals. Additionally, the implementation and the protocols
of GNet are presented},
www_section = {anonymity, economics, encoding, GNUnet, obsolete database},
keywords = {anonymity, economics, encoding, GNUnet, obsolete database},
www_tags = {selected},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/main.pdf},
}
@conference{2016,
title = {Managing and Presenting User Attributes over a Decentralized Secure Name
System},
author = {Martin Schanzenbach and Christian Banse},
booktitle = {Data Privacy Management and Security Assurance--11th International Workshop,
{DPM} 2016 and 5th International Workshop, {QASA} 2016, Heraklion, Crete, Greece,
September 26-27, 2016, Proceedings},
organization = {Springer},
year = {2016},
month = {September},
address = {Crete, Greece},
publisher = {Springer},
abstract = {Today, user attributes are managed at centralized identity providers.
However, two centralized identity providers dominate digital identity and access
management on the web. This is increasingly becoming a privacy problem in times
of mass surveillance and data mining for targeted advertisement. Existing systems
for attribute sharing or credential presentation either rely on a trusted third
party service or require the presentation to be online and synchronous. In this
paper we propose a concept that allows the user to manage and share his
attributes asynchronously with a requesting party using a secure, decentralized
name system},
www_section = {Decentralisation, GNUnet, Identity and Access Management, User
Attributes},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@mastersthesis{2017_0,
title = {The GNUnet System},
author = {Grothoff, Christian},
school = {Universit{\'e} de Rennes 1},
volume = {HDR},
year = {2017},
month = {December},
address = {Rennes},
pages = {0--181},
type = {Habilitation {\`a} diriger des recherches},
abstract = {GNUnet is an alternative network stack for building secure, decentralized and
privacy-preserving distributed applications. Our goal is to replace the old
insecure Internet protocol stack. Starting from an application for secure
publication of files, it has grown to include all kinds of basic protocol
components and applications towards the creation of a GNU internet. This
habilitation provides an overview of the GNUnet architecture, including the
development process, the network architecture and the software architecture. The
goal of Part 1 is to provide an overview of how the various parts of the project
work together today, and to then give ideas for future directions. The text is a
first attempt to provide this kind of synthesis, and in return does not go into
extensive technical depth on any particular topic. Part 2 then gives selected
technical details based on eight publications covering many of the core
components. This is a harsh selection; on the GNUnet website there are more than
50 published research papers and theses related to GNUnet, providing extensive
and in-depth documentation. Finally, Part 3 gives an overview of current plans
and future work},
keywords = {decentralization, GNUnet, peer-to-peer, privacy, private information
retrieval, routing, secure multiparty computation, self-organization},
www_section = {decentralization, GNUnet, peer-to-peer, privacy, private information
retrieval, routing, secure multiparty computation, self-organization},
www_tags = {selected},
doi = {https://hal.inria.fr/tel-01654244},
url = {https://grothoff.org/christian/habil.pdf},
}
@article{2018_0,
title = {Toward secure name resolution on the internet},
author = {Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum},
journal = {Computers & Security},
year = {2018},
abstract = {The Domain Name System (DNS) provides crucial name resolution functions for
most Internet services. As a result, DNS traffic provides an important attack
vector for mass surveillance, as demonstrated by the QUANTUMDNS and MORECOWBELL
programs of the NSA. This article reviews how DNS works and describes security
considerations for next generation name resolution systems. We then describe DNS
variations and analyze their impact on security and privacy. We also consider
Namecoin, the GNU Name System and RAINS, which are more radical re-designs of
name systems in that they both radically change the wire protocol and also
eliminate the existing global consensus on TLDs provided by ICANN. Finally, we
assess how the different systems stack up with respect to the goal of improving
security and privacy of name resolution for the future Internet},
keywords = {Future Internet, GNUnet, Name resolution, network architecture, privacy,
Technology and society},
www_section = {Future Internet, GNUnet, Name resolution, network architecture, privacy,
Technology and society},
issn = {0167-4048},
doi = {https://doi.org/10.1016/j.cose.2018.01.018},
url = {http://www.sciencedirect.com/science/article/pii/S0167404818300403},
www_tags = {selected},
}
@inproceedings{2018_1,
title = {reclaimID: Secure, Self-Sovereign Identities using Name Systems and
Attribute-Based Encryption},
author = {Schanzenbach, M. and Bramm, G. and Sch{\"u}tte, J.},
booktitle = {Proceedings of 17th IEEE International Conference On Trust, Security And
Privacy In Computing And Communications/ 12th IEEE International Conference On
Big Data Science And Engineering (TrustCom/BigDataSE)},
year = {2018},
abstract = {In this paper we present reclaimID: An architecture that allows users to
reclaim their digital identities by securely sharing identity attributes without
the need for a centralised service provider. We propose a design where user
attributes are stored in and shared over a name system under user-owned
namespaces. Attributes are encrypted using attribute-based encryption (ABE),
allowing the user to selectively authorize and revoke access of requesting
parties to subsets of his attributes. We present an implementation based on the
decentralised GNU Name System (GNS) in combination with ciphertext-policy ABE
using type-1 pairings. To show the practicality of our implementation, we carried
out experimental evaluations of selected implementation aspects including
attribute resolution performance. Finally, we show that our design can be used as
a standard OpenID Connect Identity Provider allowing our implementation to be
integrated into standard-compliant services},
keywords = {Computer Science - Cryptography and Security},
www_section = {Computer Science - Cryptography and Security},
url = {https://arxiv.org/abs/1805.06253v1},
www_tags = {selected},
}
@conference{CADET,
title = {CADET: Confidential Ad-hoc Decentralized End-to-End Transport},
author = {Polot, Bartlomiej and Christian Grothoff},
booktitle = {Med-Hoc-Net 2014},
year = {2014},
month = {January},
abstract = {This paper describes CADET, a new transport protocol for confidential and
authenticated data transfer in decentralized networks. This transport protocol is
designed to operate in restricted-route scenarios such as friend-to-friend or
ad-hoc wireless networks. We have implemented CADET and evaluated its performance
in various network scenarios, compared it to the well-known TCP/IP stack and
tested its response to rapidly changing network topologies. While our current
implementation is still significantly slower in high-speed low-latency networks,
for typical Internet-usage our system provides much better connectivity and
security with comparable performance to TCP/IP},
www_section = {CADET, encryption, GNUnet, routing},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/cadet.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@conference{CANS2014camera-ready,
title = {A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name System},
author = {Matthias Wachs and Martin Schanzenbach and Christian Grothoff},
booktitle = {International Conference on Cryptology and Network Security (CANS)},
organization = {Springer Verlag},
year = {2014},
publisher = {Springer Verlag},
abstract = {The Domain Name System (DNS) is vital for access to information on the
Internet. This makes it a target for attackers whose aim is to suppress free
access to information. This paper introduces the design and implementation of the
GNU Name System (GNS), a fully decentralized and censorship-resistant name
system. GNS provides a privacy-enhancing alternative to DNS which preserves the
desirable property of memorable names. Due to its design, it can also double as a
partial replacement of public key infrastructures, such as X.509. The design of
GNS incorporates the capability to integrate and coexist with DNS. GNS is based
on the principle of a petname system and builds on ideas from the Simple
Distributed Security Infrastructure (SDSI), addressing a central issue with the
decentralized mapping of secure identifiers to memorable names: namely the
impossibility of providing a global, secure and memorable mapping without a
trusted authority. GNS uses the transitivity in the SDSI design to replace the
trusted root with secure delegation of authority, thus making petnames useful to
other users while operating under a very strong adversary model. In addition to
describing the GNS design, we also discuss some of the mechanisms that are needed
to smoothly integrate GNS with existing processes and procedures in Web browsers.
Specifically, we show how GNS is able to transparently support many assumptions
that the existing HTTP(S) infrastructure makes about globally unique names},
www_section = {DNS, GNU Name System, GNUnet, PKI},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/paper_cans2014_camera_ready.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@article{DASEIN,
title = {Decentralized Authentication for Self-Sovereign Identities using Name Systems},
author = {Christian Grothoff and Martin Schanzenbach and Annett Laube and Emmanuel
Benoist},
%%%%% ERROR: Missing field
% journal = {?????},
institution = {Berner Fachhochschule},
number = {847382},
year = {2018},
month = {October},
address = {Bern},
type = {H2020 submission},
abstract = {The GNU Name System (GNS) is a fully decentralized public key infrastructure
and name system with private information retrieval semantics. It serves a
holistic approach to interact seamlessly with IoT ecosystems and enables people
and their smart objects to prove their identity, membership and privileges -
compatible with existing technologies. In this report we demonstrate how a wide
range of private authentication and identity management scenarios are addressed
by GNS in a cost-efficient, usable and secure manner. This simple, secure and
privacy-friendly authentication method is a significant breakthrough when cyber
peace, privacy and liability are the priorities for the benefit of a wide range
of the population. After an introduction to GNS itself, we show how GNS can be
used to authenticate servers, replacing the Domain Name System (DNS) and X.509
certificate authorities (CAs) with a more privacy-friendly but equally usable
protocol which is trustworthy, human-centric and includes group authentication.
We also built a demonstrator to highlight how GNS can be used in medical
computing to simplify privacy-sensitive data processing in the Swiss health-care
system. Combining GNS with attribute-based encryption, we created ReclaimID, a
robust and reliable OpenID Connect-compatible authorization system. It includes
simple, secure and privacy-friendly single sign-on to seamlessly share selected
attributes with Web services, cloud ecosystems. Further, we demonstrate how
ReclaimID can be used to solve the problem of addressing, authentication and data
sharing for IoT devices. These applications are just the beginning for GNS; the
versatility and extensibility of the protocol will lend itself to an even broader
range of use-cases. GNS is an open standard with a complete free software
reference implementation created by the GNU project. It can therefore be easily
audited, adapted, enhanced, tailored, developed and/or integrated, as anyone is
allowed to use the core protocols and implementations free of charge, and to
adopt them to their needs under the terms of the GNU Affero General Public
License, a free software license approved by the Free Software Foundation.},
keywords = {DNS, GNU Name System, GNUnet, privacy, ReclaimID},
www_section = {DNS, GNU Name System, GNUnet, privacy, ReclaimID},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/dasein10.pdf},
}
@conference{R5N,
title = {R5N : Randomized Recursive Routing for Restricted-Route Networks},
author = {Nathan S Evans and Christian Grothoff},
booktitle = {5th International Conference on Network and System Security (NSS 2011)},
organization = {IEEE},
year = {2011},
month = {September},
address = {Milan, Italy},
publisher = {IEEE},
abstract = {This paper describes a new secure DHT routing algorithm for open,
decentralized P2P networks operating in a restricted-route environment with
malicious participants. We have implemented our routing algorithm and have
evaluated its performance under various topologies and in the presence of
malicious peers. For small-world topologies, our algorithm provides significantly
better performance when compared to existing methods. In more densely connected
topologies, our performance is better than or on par with other designs},
www_section = {distributed hash table, GNUnet, R5N, routing},
www_tags = {selected},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/nss2011.pdf},
url = {https://bibliography.gnunet.org},
}
@mastersthesis{SupritiSinghMasterThesis2014,
title = {Experimental comparison of Byzantine fault tolerant distributed hash tables},
author = {Supriti Singh},
school = {Saarland University},
volume = {M.S},
year = {2014},
month = {September},
address = {Saarbruecken},
pages = {0--42},
type = {Masters},
abstract = {Distributed Hash Tables (DHTs) are a key data structure for construction of a
peer to peer systems. They provide an efficient way to distribute the storage and
retrieval of key-data pairs among the participating peers. DHTs should be
scalable, robust against churn and resilient to attacks. X-Vine is a DHT protocol
which offers security against Sybil attacks. All communication among peers is
performed over social network links, with the presumption that a friend can be
trusted. This trust can be extended to a friend of a friend. It uses the tested
Chord Ring topology as an overlay, which has been proven to be scalable and
robust. The aim of the thesis is to experimentally compare two DHTs, R5 N and
X-Vine. GNUnet is a free software secure peer to peer framework, which uses R 5N
. In this thesis, we have presented the implementation of X-Vine on GNUnet, and
compared the performance of R5 N and X-Vine},
www_section = {DHT, GNUnet, performance analysis, testbed, X-vine},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/SupritiSinghMasterThesis.pdf},
}
@conference{consensus2016,
title = {Byzantine Set-Union Consensus using Efficient Set Reconciliation},
author = {Florian Dold and Christian Grothoff},
booktitle = {International Conference on Availability, Reliability and Security (ARES)},
year = {2016},
month = {June},
abstract = {Applications of secure multiparty computation such as certain electronic
voting or auction protocols require Byzantine agreement on large sets of
elements. Implementations proposed in the literature so far have relied on state
machine replication, and reach agreement on each individual set element in
sequence. We introduce set-union consensus, a specialization of Byzantine
consensus that reaches agreement over whole sets. This primitive admits an
efficient and simple implementation by the composition of Eppstein's set
reconciliation protocol with Ben-Or's ByzConsensus protocol. A free software
implementation of this construction is available in GNUnet. Experimental results
indicate that our approach results in an efficient protocol for very large sets,
especially in the absence of Byzantine faults. We show the versatility of
set-union consensus by using it to implement distributed key generation, ballot
collection and cooperative decryption for an electronic voting protocol
implemented in GNUnet},
www_section = {byzantine fault tolerance, consensus, GNUnet},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/consensus2016.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@mastersthesis{decmon2014,
title = {A Decentralized and Autonomous Anomaly Detection Infrastructure for
Decentralized Peer-to-Peer Networks},
author = {Omar Tarabai},
volume = {Master},
year = {2014},
month = {October},
pages = {0--63},
type = {Master},
abstract = {In decentralized networks, collecting and analysing information from the
network is useful for developers and operators to monitor the behaviour and
detect anomalies such as attacks or failures in both the overlay and underlay
networks. But realizing such an infrastructure is hard to achieve due to the
decentralized nature of the network especially if the anomaly occurs on systems
not operated by developers or participants get separated from the collection
points. In this thesis a decentralized monitoring infrastructure using a
decentralized peer-to-peer network is developed to collect information and detect
anomalies in a collaborative way without coordination by and in absence of a
centralized infrastructure and report detected incidents to a monitoring
infrastructure. We start by introducing background information about peer-to-peer
networks, anomalies and anomaly detection techniques in literature. Then we
present some of the related work regarding monitoring decentralized networks,
anomaly detection and data aggregation in decentralized networks. Then we perform
an analysis of the system objectives, target environment and the desired
properties of the system. Then we design the system in terms of the overall
structure and its individual components. We follow with details about the system
implementation. Lastly, we evaluate the final system implementation against our
desired objectives},
www_section = {anomaly, censorship, detection, GNUnet},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/decmon_0.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@mastersthesis{dold-thesis2014voting,
title = {Cryptographically Secure, Distributed Electronic Voting},
author = {Florian Dold},
school = {Technische Universit{\"a}t M{\"u}nchen},
volume = {B.S},
year = {2014},
month = {August},
address = {M{\"u}nchen},
pages = {0--49},
type = {Bachelor's},
abstract = {Elections are a vital tool for decision-making in democratic societies. The
past decade has witnessed a handful of attempts to apply modern technology to the
election process in order to make it faster and more cost-effective. Most of the
practical efforts in this area have focused on replacing traditional voting
booths with electronic terminals, but did not attempt to apply cryptographic
techniques able to guarantee critical properties of elections such as secrecy of
ballot and verifiability. While such techniques were extensively researched in
the past 30 years, practical implementation of cryptographically secure remote
electronic voting schemes are not readily available. All existing implementation
we are aware of either exhibit critical security flaws, are proprietary black-box
systems or require additional physical assumptions such as a preparatory key
ceremony executed by the election officials. The latter makes such systems
unusable for purely digital communities. This thesis describes the design and
implementation of an electronic voting system in GNUnet, a framework for secure
and decentralized networking. We provide a short survey of voting schemes and
existing implementations. The voting scheme we implemented makes use of threshold
cryptography, a technique which requires agreement among a large subset of the
election officials to execute certain cryptographic operations. Since such
protocols have applications outside of electronic voting, we describe their
design and implementation in GNUnet separately},
www_section = {GNUnet, secure multiparty computation, voting},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/ba_dold_voting_24aug2014.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@conference{dold2016byzantine,
title = {Byzantine Set-Union Consensus using Efficient Set Reconciliation},
author = {Dold, Florian and Grothoff, Christian},
booktitle = {International Conference on Availability, Reliability and Security (ARES)},
year = {2016},
www_section = {Unsorted},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/dold2016byzantine.pdf},
}
@article{fk-2016-1-p46,
title = {Zur Idee herrschaftsfreier kooperativer Internetdienste},
author = {Christian Ricardo K{\"u}hne},
journal = {FIfF-Kommunikation},
year = {2016},
chapter = {46},
www_section = {Architecture, GNUnet, Internet},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/fk-2016-1-p46.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@mastersthesis{jayarama2015,
title = {Publish/Subscribe for Large-Scale Social Interaction: Design, Analysis and
Ressource Provisioning},
author = {Vinay Jayarama Setty},
school = {University of Oslo},
volume = {Doctor of Philosophy},
year = {2015},
month = {March},
www_section = {publish-subscribe, pubsub, social interaction, messaging, multicast},
www_pdf_url = {https://www.duo.uio.no/bitstream/handle/10852/43117/1595-Setty-DUO-Thesis.pdf},
www_tags = {selected},
}
@mastersthesis{lurchi-2017,
title = {Improving Voice over GNUnet},
author = {Christian Ulrich},
school = {TU Berlin},
volume = {Bachelor},
year = {2017},
month = {July},
address = {Berlin},
pages = {0--48},
type = {B.S},
abstract = {In contrast to ubiquitous cloud-based solutions the telephony application
GNUnet conversation provides fully-decentralized, secure voice communication and
thus impedes mass surveillance. The aim of this thesis is to investigate why
GNUnet conversation currently provides poor Quality of Experience under typical
wide area network conditions and to propose optimization measures. After network
shaping and the initialization of two isolated GNUnet peers had been automated,
delay measurements were done. With emulated network characteristics network
delay, cryptography delays and audio codec delays were measured and transmitted
speech was recorded. An analysis of the measurement results and a subjective
assessment of the speech recordings revealed that extreme outliers occur in most
scenarios and impair QoE. Moreover it was shown that GNUnet conversation
introduces a large delay that confines the environment in which good QoE is
possible. In the measurement environment at least 23 ms always ocurred of which
large parts are were caused by cryptography. It was shown that optimization in
the cryptography part and other components are possible. Finally the conditions
for currently reaching good QoE were determined and ideas for further
investigations were presented},
www_section = {CADET, GNUnet, measurement, performance},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/lurchi-bs-thesis.pdf},
}
@mastersthesis{ma_dold_consensus_21dec2015byzantine,
title = {Byzantine Fault Tolerant Set Consensus with Efficient Set Reconciliation},
author = {Florian Dold},
school = {Technische Universit{\"a}t M{\"u}nchen},
volume = {M.S},
year = {2015},
month = {December},
address = {M{\"u}nchen},
pages = {0--69},
type = {Master},
abstract = {Byzantine consensus is a fundamental and well-studied problem in the area of
distributed system. It requires a group of peers to reach agreement on some
value, even if a fraction of the peers is controlled by an adversary. This thesis
proposes set union consensus, an efficient generalization of Byzantine consensus
from single elements to sets. This is practically motivated by Secure Multiparty
Computation protocols such as electronic voting, where a large set of elements
must be collected and agreed upon. Existing practical implementations of
Byzantine consensus are typically based on state machine replication and not
well-suited for agreement on sets, since they must process individual agreements
on all set elements in sequence. We describe and evaluate our implementation of
set union consensus in GNUnet, which is based on a composition of Eppstein set
reconciliation protocol with the simple gradecast consensus prococol described by
Ben-Or},
www_section = {byzantine consensus, GNUnet, secure multiparty computation, set
reconciliation, voting},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/ma_dold_consensus_21dec2015.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@article{mcb-en2015,
title = {NSA's MORECOWBELL: Knell for DNS},
author = {Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum},
journal = {unknown},
institution = {GNUnet e.V},
year = {2015},
month = {January},
address = {M{\"u}nchen},
www_section = {DNS, DNSSEC, MORECOWBELL, NAMECOIN, TLS},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/mcb-en.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@article{mcb-es2015,
title = {El programa MORECOWBELL de la NSA: Doblan las campanas para el DNS},
author = {Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum},
journal = {unknown},
institution = {GNUnet e.V},
year = {2015},
month = {January},
address = {M{\"u}nchen},
www_section = {DNS, DNSSEC, MORECOWBELL, NAMECOIN},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/mcb-es.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@article{mcb-fr2015,
title = {Le programme MORECOWBELL de la NSA Sonne le glas du NSA},
author = {Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum and
Ludovic Court{\`e}s},
journal = {unknown},
institution = {GNUnet e.V},
year = {2015},
month = {January},
address = {M{\"u}nchen},
www_section = {DNS, DNSSEC, MORECOWBELL, NAMECOIN},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/mcb-fr.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@article{mcb-it2015,
title = {Il programma MORECOWBELL della NSA: Campane a morto per il DNS},
author = {Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum and
Luca Saiu},
journal = {unknown},
institution = {GNUnet e.V},
year = {2015},
month = {January},
address = {M{\"u}nchen},
www_section = {DNS, DNSSEC, MORECOWBELL, NAMECOIN},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/mcb-it.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@mastersthesis{morales2014cryogenic,
title = {Cryogenic: Enabling Power-Aware Applications on Linux},
author = {Alejandra Morales},
school = {Technische Universit{\"a}t M{\"u}nchen},
volume = {M. Sc},
year = {2014},
month = {February},
address = {Garching bei M{\"u}nchen},
pages = {0--106},
type = {Masters},
abstract = {As a means of reducing power consumption, hardware devices are capable to
enter into sleep-states that have low power consumption. Waking up from those
states in order to return to work is typically a rather energy-intensive
activity. Some existing applications have non-urgent tasks that currently force
hardware to wake up needlessly or prevent it from going to sleep. It would be
better if such non-urgent activities could be scheduled to execute when the
respective devices are active to maximize the duration of sleep-states. This
requires cooperation between applications and the kernel in order to determine
when the execution of a task will not be expensive in terms of power consumption.
This work presents the design and implementation of Cryogenic, a POSIX-compatible
API that enables clustering tasks based on the hardware activity state.
Specifically, Cryogenic's API allows applications to defer their execution until
other tasks use the device they want to use. As a result, two actions that
contribute to reduce the device energy consumption are achieved: reduce the
number of hardware wake-ups and maximize the idle periods. The energy
measurements enacted at the end of this thesis demonstrate that, for the specific
setup and conditions present during our experimentation, Cryogenic is capable to
achieve savings between 1\% and 10\% for a USB WiFi device. Although we ideally
target mobile platforms, Cryogenic has been developed by means a new Linux module
that integrates with the existing POSIX event loop system calls. This allows to
use Cryogenic on many different platforms as long as they use a GNU/Linux
distribution as the main operating system. An evidence of this can be found in
this thesis, where we demonstrate the power savings on a single-board computer},
www_section = {cooperative, cryogenic, GNUnet, Linux, POSIX, power},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/morales2014cryogenic.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@mastersthesis{mteich-2017,
title = {Implementing Privacy Preserving Auction Protocols},
author = {Markus Teich},
school = {TUM},
volume = {Master of Science},
year = {2017},
month = {February},
address = {Munich},
pages = {0--100},
editor = {Totakura, Sree Harsha and Grothoff, Christian and Felix Brandt},
abstract = {In this thesis we translate Brandt's privacy preserving sealed-bid online
auction protocol from RSA to elliptic curve arithmetic and analyze the
theoretical and practical benefits. With Brandt's protocol, the auction outcome
is completely resolved by the bidders and the seller without the need for a
trusted third party. Loosing bids are not revealed to anyone. We present
libbrandt, our implementation of four algorithms with different outcome and
pricing properties, and describe how they can be incorporated in a real-world
online auction system. Our performance measurements show a reduction of
computation time and prospective bandwidth cost of over 90\% compared to an
implementation of the RSA version of the same algorithms. We also evaluate how
libbrandt scales in different dimensions and conclude that the system we have
presented is promising with respect to an adoption in the real world},
www_section = {auctions, GNUnet, secure multi-party computation},
www_tags = {selected},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/thesis_0.pdf},
url = {https://bibliography.gnunet.org},
}
@mastersthesis{mwachs2014,
title = {A Secure and Resilient Communication Infrastructure for Decentralized Networking
Applications},
author = {Matthias Wachs},
school = {Technische Universit{\"a}t M{\"u}nchen},
volume = {PhD},
year = {2015},
month = {February},
address = {M{\"u}nchen},
pages = {0--250},
type = {PhD},
abstract = {This thesis provides the design and implementation of a secure and resilient
communication infrastructure for decentralized peer-to-peer networks. The
proposed communication infrastructure tries to overcome limitations to
unrestricted communication on today's Internet and has the goal of
re-establishing unhindered communication between users. With the GNU name system,
we present a fully decentralized, resilient, and privacy-preserving alternative
to DNS and existing security infrastructures},
www_section = {Communication, GNU Name System, GNUnet, P2P, resilience},
www_tags = {selected},
isbn = {3-937201-45-9},
doi = {10.2313/NET-2015-02-1},
url = {http://nbn-resolving.de/urn/resolver.pl?urn:bvb:91-diss-20150225-1231854-0-7},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/NET-2015-02-1.pdf},
}
@conference{p4t2016,
title = {Privacy-Preserving Abuse Detection in Future Decentralised Online Social
Networks},
author = {{\'A}lvaro Garc{\'\i}a-Recuero and Jeffrey Burdges and Christian Grothoff},
booktitle = {Data Privacy Management (DPM)},
organization = {Springer},
year = {2016},
month = {September},
address = {Heraklion, Greece},
publisher = {Springer},
abstract = {Future online social networks need to not only protect sensitive data of
their users, but also protect them from abusive behavior coming from malicious
participants in the network. We investigate the use of supervised learning
techniques to detect abusive behavior and describe privacy-preserving protocols
to compute the feature set required by abuse classification algorithms in a
secure and privacy-preserving way. While our method is not yet fully resilient
against a strong adaptive adversary, our evaluation suggests that it will be
useful to detect abusive behavior with a minimal impact on privacy},
www_section = {abuse, GNUnet, Privacy preserving, reputation, Social networking},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/p4t.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@mastersthesis{panic2014,
title = {An Approach for Home Routers to Securely Erase Sensitive Data},
author = {Nicolas Bene{\v s}},
school = {Technische Universit{\"a}t M{\"u}nchen},
volume = {Bachelor},
year = {2014},
month = {October},
address = {Munich},
pages = {0--64},
type = {Bachelor Thesis},
abstract = {Home routers are always-on low power embedded systems and part of the
Internet infrastructure. In addition to the basic router functionality, they can
be used to operate sensitive personal services, such as for private web and email
servers, secure peer-to-peer networking services like GNUnet and Tor, and
encrypted network file system services. These services naturally involve
cryptographic operations with the cleartext keys being stored in RAM. This makes
router devices possible targets to physical attacks by home intruders. Attacks
include interception of unprotected data on bus wires, alteration of firmware
through exposed JTAG headers, or recovery of cryptographic keys through the cold
boot attack. This thesis presents Panic!, a combination of open hardware design
and free software to detect physical integrity attacks and to react by securely
erasing cryptographic keys and other sensitive data from memory. To improve
auditability and to allow cheap reproduction, the components of Panic! are kept
simple in terms of conceptual design and lines of code. First, the motivation to
use home routers for services besides routing and the need to protect their
physical integrity is discussed. Second, the idea and functionality of the Panic!
system is introduced and the high-level interactions between its components
explained. Third, the software components to be run on the router are described.
Fourth, the requirements of the measurement circuit are declared and a prototype
is presented. Fifth, some characteristics of pressurized environments are
discussed and the difficulties for finding adequate containments are explained.
Finally, an outlook to tasks left for the future is given},
www_section = {GNUnet, home router, intrusion detection, memory erasure, Panic, physical
access},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/panic.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@conference{paper_short2014,
title = {Automatic Transport Selection and Resource Allocation for Resilient
Communication in Decentralised Networks},
author = {Matthias Wachs and Fabian Oehlmann and Christian Grothoff},
booktitle = {14-th IEEE International Conference on Peer-to-Peer Computing},
year = {2014},
month = {October},
address = {London. England},
abstract = {Making communication more resilient is a main focus for modern decentralised
networks. A current development to increase connectivity between participants and
to be resilient against service degradation attempts is to support different
communication protocols, and to switch between these protocols in case
degradation or censorship are detected. Supporting multiple protocols with
different properties and having to share resources for communication with
multiple partners creates new challenges with respect to protocol selection and
resource allocation to optimally satisfy the applications' requirements for
communication. This paper presents a novel approach for automatic transport
selection and resource allocation with a focus on decentralised networks. Our
goal is to evaluate the communication mechanisms available for each communication
partner and then allocate resources in line with the requirements of the
applications. We begin by detailing the overall requirements for an algorithm for
transport selection and resource allocation, and then compare three different
solutions using (1) a heuristic, (2) linear optimisation, and (3) machine
learning. To show the suitability and the specific benefits of each approach, we
evaluate their performance with respect to usability, scalability and quality of
the solution found in relation to application requirements},
www_section = {GNUnet, resource allocation},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/paper_short.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@phdthesis{schanzen-2020,
title = {Towards Self-sovereign, decentralized personal data sharing and identity
management},
author = {Schanzenbach, Martin},
school = {Technische Universit{\"a}t M{\"u}nchen},
year = {2020},
address = {Munich},
type = {Dissertation},
keywords = {DNS, GNU Name System, GNUnet, privacy, ReclaimID},
www_section = {Self-sovereign identity, GNUnet, GNU Name System},
www_tags = {selected},
www_pdf_url = {http://mediatum.ub.tum.de/?id=1545514},
url = {https://bibliography.gnunet.org},
abstract = {Today, identity management is a key element for commercial and private
services on the Internet. Over the past decade, digital identities evolved away
from decentralized, pseudonymous, user-controlled personas towards centralized,
unabiguous identities managed at and provided through service providers. This
development was sparked by the requirement of real identities in the context of
electronic commerce. However, it was particularly fuelled later by the emergence
of social media and the possibilities it provides to people in order to establish
social connections. The following centralization of identities at a handful of
service providers significantly improved usability and reliability of identity
services. Those benefits come at the expense of other, arguably equally important
areas. For users, it is privacy and the permanent threat of being tracked and
analyzed. For service providers, it is liability and the risk of facing
significant punishment caused by strict privacy regulations which try to
counteract the former. In this thesis, we investigate state-of-the-art approaches
to modern identity management. We take a look at existing standards and recent
research in order to understand the status quo and how it can be improved. As a
result from our research, we present the following contributions: In order to
allow users to reclaim control over their identities and personal data, we
propose a design for a decentralized, self-sovereign directory service. This
service allows users to share personal data with services without the need of a
trusted third party. Unlike existing research in this area, we propose mechanisms
which allow users to efficiently enforce access control on their data. Further,
we investigate how trust can be established in user-managed, self-sovereign
identities. We propose a trust establishment mechanism through the use of secure
name systems. It allows users and organizations to establish trust relationships
and identity assertions without the need of centralized public key
infrastructures (PKIs). Additionally, we show how recent advancements in the area
of non-interactive zero-knowledge (NIZK) protocols can be leveraged in order to
create privacy-preserving attribute-based credentials (PP-ABCs) suitable for use
in self-sovereign identity systems including our proposed directory service. We
provide proof of concept implementations of our designs and evaluate them to show
that they are suitable for practical applications.},
}
@mastersthesis{scheibner-thesis2014,
title = {Control Flow Analysis for Event-Driven Programs},
author = {Florian Scheibner},
school = {Technical University of Munich},
volume = {B.Sc},
year = {2014},
month = {July},
address = {Munich},
pages = {0--71},
type = {Bachelors},
abstract = {Static analysis is often used to automatically check for common bugs in
programs. Compilers already check for some common programming errors and issue
warnings; however, they do not do a very deep analysis because this would slow
the compilation of the program down. Specialized tools like Coverity or Clang
Static Analyzer look at possible runs of a program and track the state of
variables in respect to function calls. This information helps to identify
possible bugs. In event driven programs like GNUnet callbacks are registered for
later execution. Normal static analysis cannot track these function calls. This
thesis is an attempt to extend different static analysis tools so that they can
handle this case as well. Different solutions were thought of and executed with
Coverity and Clang. This thesis describes the theoretical background of model
checking and static analysis, the practical usage of wide spread static analysis
tools, and how these tools can be extended in order to improve their usefulness},
www_section = {event-driven, flow control, GNUnet, static analysis},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/scheibner_thesis.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}
@conference{taler2016space,
title = {Enabling Secure Web Payments with GNU Taler},
author = {Jeffrey Burdges and Florian Dold and Christian Grothoff and Marcello Stanisci},
booktitle = {6th International Conference on Security, Privacy and Applied Cryptographic
Engineering},
organization = {Springer},
year = {2016},
month = {December},
address = {Hyderabad},
publisher = {Springer},
abstract = {GNU Taler is a new electronic online payment system which provides privacy
for customers and accountability for merchants. It uses an exchange service to
issue digital coins using blind signatures, and is thus not subject to the
performance issues that plague Byzantine fault-tolerant consensus-based
solutions. The focus of this paper is addressing the challenges payment systems
face in the context of the Web. We discuss how to address Web-specific
challenges, such as handling bookmarks and sharing of links, as well as
supporting users that have disabled JavaScript. Web payment systems must also
navigate various constraints imposed by modern Web browser security architecture,
such as same-origin policies and the separation between browser extensions and
Web pages. While our analysis focuses on how Taler operates within the security
infrastructure provided by the modern Web, the results partially generalize to
other payment systems. We also include the perspective of merchants, as existing
systems have often struggled with securing payment information at the merchant's
side. Here, challenges include avoiding database transactions for customers that
do not actually go through with the purchase, as well as cleanly separating
security-critical functions of the payment system from the rest of the Web
service},
www_section = {blind signatures, GNUnet, incentives, payments, Taler, web},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/taler2016space.pdf},
www_tags = {selected},
url = {https://taler.net/en/bibliography.html},
}
@mastersthesis{xrs2016,
title = {GNUnet und Informationsmacht: Analyse einer P2P-Technologie und ihrer sozialen
Wirkung},
author = {Christian Ricardo K{\"u}hne},
school = {Humboldt-Universit{\"a}t zu Berlin},
volume = {Diplominformatiker},
year = {2016},
month = {April},
address = {Berlin},
pages = {0--103},
type = {Diplomarbeit},
abstract = {This thesis studies the GNUnet project comprising its history, ideas and the
P2P network technology. It specifically investigates the question of emancipatory
potentials with regard to forms of information power due to a widely deployed new
Internet technology and tries to identify essential suspensions of power within
the scope of an impact assessment. Moreover, we will see by contrasting the
GNUnet project with the critical data protection project, founded on social
theory, that both are heavily concerned about the problem of illegitimate and
unrestrained information power, giving us additional insights for the assessment.
Last but least I'll try to present a scheme of how both approaches may interact
to realize their goals},
www_section = {GNUnet, peer-to-peer},
www_pdf_url = {https://git.gnunet.org/bibliography.git/plain/docs/xrs2016.pdf},
www_tags = {selected},
url = {https://bibliography.gnunet.org},
}