% % This file was created by the TYPO3 extension % bib % --- Timezone: CEST % Creation date: 2024-04-19 % Creation time: 15-48-41 % --- Number of references % 14 % @Inproceedings { 2022_matzutt_redactchain, title = {A Moderation Framework for the Swift and Transparent Removal of Illicit Blockchain Content}, year = {2022}, month = {5}, day = {3}, abstract = {Blockchains gained tremendous attention for their capability to provide immutable and decentralized event ledgers that can facilitate interactions between mutually distrusting parties. However, precisely this immutability and the openness of permissionless blockchains raised concerns about the consequences of illicit content being irreversibly stored on them. Related work coined the notion of redactable blockchains, which allow for removing illicit content from their history without affecting the blockchain's integrity. While honest users can safely prune identified content, current approaches either create trust issues by empowering fixed third parties to rewrite history, cannot react quickly to reported content due to using lengthy public votings, or create large per-redaction overheads. In this paper, we instead propose to outsource redactions to small and periodically exchanged juries, whose members can only jointly redact transactions using chameleon hash functions and threshold cryptography. Multiple juries are active at the same time to swiftly redact reported content. They oversee their activities via a global redaction log, which provides transparency and allows for appealing and reversing a rogue jury's decisions. Hence, our approach establishes a framework for the swift and transparent moderation of blockchain content. Our evaluation shows that our moderation scheme can be realized with feasible per-block and per-redaction overheads, i.e., the redaction capabilities do not impede the blockchain's normal operation.}, keywords = {redactable blockchain; illicit content; chameleon hash functions; threshold cryptography}, tags = {mynedata; impact-digital; digital-campus}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2022/2022-matzutt-redactchain.pdf}, publisher = {IEEE}, booktitle = {Proceedings of the 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC '22), May 2-5, 2022, Shanghai, China}, event_place = {Shanghai, China}, event_date = {May 2-5, 2022}, ISBN = {978-1-6654-9538-7/22}, DOI = {10.1109/ICBC54727.2022.9805508}, reviewed = {1}, author = {Matzutt, Roman and Ahlrichs, Vincent and Pennekamp, Jan and Karwacik, Roman and Wehrle, Klaus} } @Inproceedings { 2019_rut_schomakers_privacy, title = {Putting Privacy into Perspective -- Comparing Technical, Legal, and Users' View of Information Sensitivity}, year = {2021}, month = {1}, day = {27}, pages = {857-870}, abstract = {Social media, cloud computing, and the Internet of Things connect people around the globe, offering manifold benefits. However, the technological advances and increased user participation generate novel challenges for users' privacy. From the users' perspective, the consequences of data disclosure depend on the perceived sensitivity of that data. But in light of the new technological opportunities to process and combine data, it is questionable whether users can adequately evaluate risks of data disclosures. As mediating authority, data protection laws such as the European General Data Protection Regulation try to protect user data, granting enhanced protection to ''special categories'' of data. In this paper, we assess the legal, technological, and users' perspectives on information sensitivity and their interplay. Technologically, all data can be referred to as ''potentially sensitive.'' The legal and users' perspective on information sensitivity deviate from this standpoint, as some data types are granted special protection by law but are not perceived as very sensitive by users and vice versa. Our key findings still suggest the GDPR adequately protecting users' privacy but for small adjustments.}, keywords = {Information Sensitivity,Privacy,European Data Protection Law}, tags = {mynedata}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-schomakers-3perspectives.pdf}, web_url = {https://dl.gi.de/handle/20.500.12116/34788}, web_url2 = {https://arxiv.org/abs/1911.06569}, publisher = {Gesellschaft f{\"u}r Informatik}, address = {Bonn}, booktitle = {INFORMATIK 2020}, event_place = {Karlsruhe, Germany}, event_name = {INFORMATIK 2020}, event_date = {2020-09-28 to 2020-10-01}, language = {English}, DOI = {10.18420/inf2020_76}, reviewed = {1}, author = {Schomakers, Eva-Maria and Lidynia, Chantal and M{\"u}llmann, Dirk and Matzutt, Roman and Wehrle, Klaus and Spiecker gen. D{\"o}hmann, Indra and Ziefle, Martina} } @Article { 2021_matzutt_coinprune_v2, title = {CoinPrune: Shrinking Bitcoin's Blockchain Retrospectively}, journal = {IEEE Transactions on Network and Service Management}, year = {2021}, month = {9}, day = {10}, volume = {18}, number = {3}, pages = {3064-3078}, abstract = {Popular cryptocurrencies continue to face serious scalability issues due to their ever-growing blockchains. Thus, modern blockchain designs began to prune old blocks and rely on recent snapshots for their bootstrapping processes instead. Unfortunately, established systems are often considered incapable of adopting these improvements. In this work, we present CoinPrune, our block-pruning scheme with full Bitcoin compatibility, to revise this popular belief. CoinPrune bootstraps joining nodes via snapshots that are periodically created from Bitcoin's set of unspent transaction outputs (UTXO set). Our scheme establishes trust in these snapshots by relying on CoinPrune-supporting miners to mutually reaffirm a snapshot's correctness on the blockchain. This way, snapshots remain trustworthy even if adversaries attempt to tamper with them. Our scheme maintains its retrospective deployability by relying on positive feedback only, i.e., blocks containing invalid reaffirmations are not rejected, but invalid reaffirmations are outpaced by the benign ones created by an honest majority among CoinPrune-supporting miners. Already today, CoinPrune reduces the storage requirements for Bitcoin nodes by two orders of magnitude, as joining nodes need to fetch and process only 6 GiB instead of 271 GiB of data in our evaluation, reducing the synchronization time of powerful devices from currently 7 h to 51 min, with even larger potential drops for less powerful devices. CoinPrune is further aware of higher-level application data, i.e., it conserves otherwise pruned application data and allows nodes to obfuscate objectionable and potentially illegal blockchain content from their UTXO set and the snapshots they distribute.}, keywords = {blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin}, tags = {mynedata; impact_digital; digital_campus}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-matzutt-coinprune-v2.pdf}, language = {English}, ISSN = {1932-4537}, DOI = {10.1109/TNSM.2021.3073270}, reviewed = {1}, author = {Matzutt, Roman and Kalde, Benedikt and Pennekamp, Jan and Drichel, Arthur and Henze, Martin and Wehrle, Klaus} } @Inproceedings { 2020_matzutt_coinprune, title = {How to Securely Prune Bitcoin’s Blockchain}, year = {2020}, month = {6}, day = {24}, pages = {298-306}, abstract = {Bitcoin was the first successful decentralized cryptocurrency and remains the most popular of its kind to this day. Despite the benefits of its blockchain, Bitcoin still faces serious scalability issues, most importantly its ever-increasing blockchain size. While alternative designs introduced schemes to periodically create snapshots and thereafter prune older blocks, already-deployed systems such as Bitcoin are often considered incapable of adopting corresponding approaches. In this work, we revise this popular belief and present CoinPrune, a snapshot-based pruning scheme that is fully compatible with Bitcoin. CoinPrune can be deployed through an opt-in velvet fork, i.e., without impeding the established Bitcoin network. By requiring miners to publicly announce and jointly reaffirm recent snapshots on the blockchain, CoinPrune establishes trust into the snapshots' correctness even in the presence of powerful adversaries. Our evaluation shows that CoinPrune reduces the storage requirements of Bitcoin already by two orders of magnitude today, with further relative savings as the blockchain grows. In our experiments, nodes only have to fetch and process 5 GiB instead of 230 GiB of data when joining the network, reducing the synchronization time on powerful devices from currently 5 h to 46 min, with even more savings for less powerful devices.}, keywords = {blockchain; block pruning; synchronization; bootstrapping; scalability; velvet fork; Bitcoin}, tags = {mynedata; impact_digital; digital_campus}, url = {https://comsys.rwth-aachen.de/fileadmin/papers/2020/2020-matzutt-coinprune.pdf}, web_url = {https://coinprune.comsys.rwth-aachen.de}, publisher = {IEEE}, booktitle = {Proceedings of the 19th IFIP Networking 2020 Conference (NETWORKING '20), June 22-26, 2020, Paris, France}, event_place = {Paris, France}, event_name = {NETWORKING 2020}, event_date = {June 22-26, 2020}, ISBN = {978-3-903176-28-7}, reviewed = {1}, author = {Matzutt, Roman and Kalde, Benedikt and Pennekamp, Jan and Drichel, Arthur and Henze, Martin and Wehrle, Klaus} } @Inproceedings { 2019_wagner_dispute_resolution, title = {Dispute Resolution for Smart Contract-based Two Party Protocols}, year = {2019}, month = {5}, abstract = {Blockchain systems promise to mediate interactions of mutually distrusting parties without a trusted third party. However, protocols with full smart contract-based security are either limited in functionality or complex, with high costs for secured interactions. This observation leads to the development of protocol-specific schemes to avoid costly dispute resolution in case all participants remain honest. In this paper, we introduce SmartJudge, an extensible generalization of this trend for smart contract-based two-party protocols. SmartJudge relies on a protocol-independent mediator smart contract that moderates two-party interactions and only consults protocol-specific verifier smart contracts in case of a dispute. This way, SmartJudge avoids verification costs in absence of disputes and sustains interaction confidentiality among honest parties. We implement verifier smart contracts for cross-blockchain trades and exchanging digital goods and show that SmartJudge can reduce costs by 46-50\% and 22\% over current state of the art, respectively.}, keywords = {Ethereum,Bitcoin,smart contracts,two-party protocols,dispute resolution,cross-blockchain trades}, tags = {mynedata, impact-digital, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2019/2019-wagner-dispute.pdf}, publisher = {IEEE}, booktitle = {IEEE International Conference on Blockchain and Cryptocurrency 2019 (ICBC 2019)}, event_place = {Seoul, South Korea}, event_name = {IEEE International Conference on Blockchain and Cryptocurrency 2019}, language = {English}, DOI = {10.1109/BLOC.2019.8751312}, reviewed = {1}, author = {Wagner, Eric and V{\"o}lker, Achim and Fuhrmann, Frederik and Matzutt, Roman and Wehrle, Klaus} } @Inproceedings { 2018-matzutt-bitcoin-content, title = {A Quantitative Analysis of the Impact of Arbitrary Blockchain Content on Bitcoin}, year = {2018}, month = {2}, day = {26}, abstract = {Blockchains primarily enable credible accounting of digital events, e.g., money transfers in cryptocurrencies. However, beyond this original purpose, blockchains also irrevocably record arbitrary data, ranging from short messages to pictures. This does not come without risk for users as each participant has to locally replicate the complete blockchain, particularly including potentially harmful content. We provide the first systematic analysis of the benefits and threats of arbitrary blockchain content. Our analysis shows that certain content, e.g., illegal pornography, can render the mere possession of a blockchain illegal. Based on these insights, we conduct a thorough quantitative and qualitative analysis of unintended content on Bitcoin's blockchain. Although most data originates from benign extensions to Bitcoin's protocol, our analysis reveals more than 1600 files on the blockchain, over 99\% of which are texts or images. Among these files there is clearly objectionable content such as links to child pornography, which is distributed to all Bitcoin participants. With our analysis, we thus highlight the importance for future blockchain designs to address the possibility of unintended data insertion and protect blockchain users accordingly.}, tags = {mynedata}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018_matzutt_bitcoin-contents_preproceedings-version.pdf}, web_url_date = {2018-01-07}, misc2 = {Online}, publisher = {Springer}, booktitle = {Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC), Nieuwpoort, Cura\c{c}ao}, event_place = {Nieuwpoort, Cura\c{c}ao}, event_name = {Financial Cryptography and Data Security 2018}, language = {en}, DOI = {10.1007/978-3-662-58387-6_23}, reviewed = {1}, author = {Matzutt, Roman and Hiller, Jens and Henze, Martin and Ziegeldorf, Jan Henrik and M{\"u}llmann, Dirk and Hohlfeld, Oliver and Wehrle, Klaus} } @Inproceedings { 2018-matzutt-bitcoin-content-countermeasures, title = {Thwarting Unwanted Blockchain Content Insertion}, year = {2018}, month = {4}, day = {17}, pages = {364-370}, abstract = {Since the introduction of Bitcoin in 2008, blockchain systems have seen an enormous increase in adoption. By providing a persistent, distributed, and append-only ledger, blockchains enable numerous applications such as distributed consensus, robustness against equivocation, and smart contracts. However, recent studies show that blockchain systems such as Bitcoin can be (mis)used to store arbitrary content. This has already been used to store arguably objectionable content on Bitcoin's blockchain. Already single instances of clearly objectionable or even illegal content can put the whole system at risk by making its node operators culpable. To overcome this imminent risk, we survey and discuss the design space of countermeasures against the insertion of such objectionable content. Our analysis shows a wide spectrum of potential countermeasures, which are often combinable for increased efficiency. First, we investigate special-purpose content detectors as an ad hoc mitigation. As they turn out to be easily evadable, we also investigate content-agnostic countermeasures. We find that mandatory minimum fees as well as mitigation of transaction manipulability via identifier commitments significantly raise the bar for inserting harmful content into a blockchain.}, keywords = {Bitcoin,blockchain,security,objectionable content,countermeasure}, tags = {mynedata,iop}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-matzutt-blockchain-contents-countermeasures.pdf}, web_url = {https://ieeexplore.ieee.org/document/8360355}, publisher = {IEEE}, booktitle = {Proceedings of the First IEEE Workshop on Blockchain Technologies and Applications (BTA), co-located with the IEEE International Conference on Cloud Engineering 2018 (IC2E 2018)}, event_place = {Orlando, Florida, USA}, event_name = {First IEEE Workshop on Blockchain Technologies and Applications (BTA)}, event_date = {2018-04-17}, language = {English}, ISBN = {978-1-5386-5008-0}, DOI = {10.1109/IC2E.2018.00070}, reviewed = {1}, author = {Matzutt, Roman and Henze, Martin and Ziegeldorf, Jan Henrik and Hiller, Jens and Wehrle, Klaus} } @Inproceedings { 2018-bader-ethereum-car-insurance, title = {Smart Contract-based Car Insurance Policies}, year = {2018}, month = {12}, day = {9}, tags = {mynedata, internet-of-production, rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-bader-ethereum-car-insurance.pdf}, web_url = {https://ieeexplore.ieee.org/document/8644136}, publisher = {IEEE}, booktitle = {2018 IEEE Globecom Workshops (GC Wkshps)}, event_place = {Abu Dhabi, United Arab Emirates}, event_name = {1st International Workshop on Blockchain in IoT, co-located with IEEE Globecom 2018}, event_date = {2018-12-09}, DOI = {10.1109/GLOCOMW.2018.8644136}, reviewed = {1}, author = {Bader, Lennart and B{\"u}rger, Jens Christoph and Matzutt, Roman and Wehrle, Klaus} } @Inproceedings { 2018-ziegeldorf-shield, title = {SHIELD: A Framework for Efficient and Secure Machine Learning Classification in Constrained Environments}, year = {2018}, month = {12}, pages = {1-15}, tags = {iop,mynedata}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2018/2018-ziegeldorf-acsac-shield.pdf}, publisher = {ACM}, address = {New York, NY, USA}, booktitle = {Proceedings of the 34rd Annual Computer Security Applications Conference}, event_place = {San Juan, Puerto Rico, USA}, event_name = {The 34rd Annual Computer Security Applications Conference (ACSAC 2018)}, event_date = {2018-12-03 - 2018-12-07}, language = {English}, DOI = {10.1145/3274694.3274716}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Metzke, Jan and Wehrle, Klaus} } @Inproceedings { 2017-ziegeldorf-wons-tracemixer, title = {TraceMixer: Privacy-Preserving Crowd-Sensing sans Trusted Third Party}, year = {2017}, month = {2}, day = {21}, pages = {17-24}, tags = {mynedata}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-wons-tracemixer.pdf}, misc2 = {Online}, publisher = {IEEE}, booktitle = {Proceedings of the 2017 13th Annual Conference on Wireless On-demand Network Systems and Services (WONS), Jackson Hole, WY, USA}, language = {en}, ISBN = {978-3-901882-88-3}, DOI = {10.1109/WONS.2017.7888771}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Henze, Martin and Bavendiek, Jens and Wehrle, Klaus} } @Inproceedings { 2017-ziegeldorf-codaspy-priward, title = {Privacy-Preserving HMM Forward Computation}, year = {2017}, month = {3}, day = {22}, pages = {83-94}, tags = {mynedata}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-codaspy-priward.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (CODASPY 2017), Scottsdale, AZ, USA}, language = {en}, ISBN = {978-1-4503-4523-1}, DOI = {10.1145/3029806.3029816}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Metzke, Jan and R{\"u}th, Jan and Henze, Martin and Wehrle, Klaus} } @Article { 2017-ziegeldorf-bmcmedgenomics-bloom, title = {BLOOM: BLoom filter based Oblivious Outsourced Matchings}, journal = {BMC Medical Genomics}, year = {2017}, month = {7}, day = {26}, volume = {10}, number = {Suppl 2}, pages = {29-42}, abstract = {Whole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations. We propose FHE-Bloom and PHE-Bloom, two efficient approaches for genetic disease testing using homomorphically encrypted Bloom filters. Both approaches allow the data owner to securely outsource storage and computation to an untrusted cloud. FHE-Bloom is fully secure in the semi-honest model while PHE-Bloom slightly relaxes security guarantees in a trade-off for highly improved performance. We implement and evaluate both approaches on a large dataset of up to 50 patient genomes each with up to 1000000 variations (single nucleotide polymorphisms). For both implementations, overheads scale linearly in the number of patients and variations, while PHE-Bloom is faster by at least three orders of magnitude. For example, testing disease susceptibility of 50 patients with 100000 variations requires only a total of 308.31 s (\(\sigma\)=8.73 s) with our first approach and a mere 0.07 s (\(\sigma\)=0.00 s) with the second. We additionally discuss security guarantees of both approaches and their limitations as well as possible extensions towards more complex query types, e.g., fuzzy or range queries. Both approaches handle practical problem sizes efficiently and are easily parallelized to scale with the elastic resources available in the cloud. The fully homomorphic scheme, FHE-Bloom, realizes a comprehensive outsourcing to the cloud, while the partially homomorphic scheme, PHE-Bloom, trades a slight relaxation of security guarantees against performance improvements by at least three orders of magnitude.}, note = {Proceedings of the 5th iDASH Privacy and Security Workshop 2016}, keywords = {Secure outsourcing; Homomorphic encryption; Bloom filters}, tags = {sscilops; mynedata; rfc}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-bmcmedgenomics-bloom.pdf}, misc2 = {Online}, publisher = {BioMed Central}, event_place = {Chicago, IL, USA}, event_date = {November 11, 2016}, language = {en}, ISSN = {1755-8794}, DOI = {10.1186/s12920-017-0277-y}, reviewed = {1}, author = {Ziegeldorf, Jan Henrik and Pennekamp, Jan and Hellmanns, David and Schwinger, Felix and Kunze, Ike and Henze, Martin and Hiller, Jens and Matzutt, Roman and Wehrle, Klaus} } @Inproceedings { 2017-matzutt-mynedata, title = {myneData: Towards a Trusted and User-controlled Ecosystem for Sharing Personal Data}, year = {2017}, pages = {1073-1084}, abstract = {Personal user data is collected and processed at large scale by a handful of big providers of Internet services. This is detrimental to users, who often do not understand the privacy implications of this data collection, as well as to small parties interested in gaining insights from this data pool, e.g., research groups or small and middle-sized enterprises. To remedy this situation, we propose a transparent and user-controlled data market in which users can directly and consensually share their personal data with interested parties for monetary compensation. We define a simple model for such an ecosystem and identify pressing challenges arising within this model with respect to the user and data processor demands, legal obligations, and technological limits. We propose myneData as a conceptual architecture for a trusted online platform to overcome these challenges. Our work provides an initial investigation of the resulting myneData ecosystem as a foundation to subsequently realize our envisioned data market via the myneData platform.}, note = {Presentation slides are in German}, keywords = {Personal User Data, Personal Information Management, Data Protection Laws, Privacy Enhancing Technologies, Platform Design, Profiling}, tags = {mynedata_show}, url = {https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-matzutt-informatik-mynedata.pdf}, web_url = {https://www.comsys.rwth-aachen.de/fileadmin/misc/mynedata/talks/2017-matzutt-informatik-mynedata-presentation.pdf}, web_url_date = {Presentation slides}, editor = {Eibl, Maximilian and Gaedke, Martin}, publisher = {Gesellschaft f{\"u}r Informatik, Bonn}, booktitle = {INFORMATIK 2017}, event_place = {Chemnitz}, event_name = {INFORMATIK 2017}, event_date = {2017-09-28}, language = {English}, ISBN = {978-3-88579-669-5}, ISSN = {1617-5468}, DOI = {10.18420/in2017_109}, reviewed = {1}, author = {Matzutt, Roman and M{\"u}llmann, Dirk and Zeissig, Eva-Maria and Horst, Christiane and Kasugai, Kai and Lidynia, Sean and Wieninger, Simon and Ziegeldorf, Jan Henrik and Gudergan, Gerhard and Spiecker gen. D{\"o}hmann, Indra and Wehrle, Klaus and Ziefle, Martina} } @Inproceedings { 2016-matzutt-ccs-bitcoin, title = {POSTER: I Don't Want That Content! On the Risks of Exploiting Bitcoin's Blockchain as a Content Store}, year = {2016}, month = {10}, day = {24}, pages = {1769-1771}, tags = {mynedata}, url = {/fileadmin/papers/2016/2016-matzutt-ccs-blockchaincontent.pdf}, misc2 = {Online}, publisher = {ACM}, booktitle = {Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria}, language = {en}, ISBN = {978-1-4503-4139-4}, DOI = {10.1145/2976749.2989059}, reviewed = {1}, author = {Matzutt, Roman and Hohlfeld, Oliver and Henze, Martin and Rawiel, Robin and Ziegeldorf, Jan Henrik and Wehrle, Klaus} }