Alessandro Melloni

1

Alessandro Melloni

Ph.D. started in: 2019
Expected year of graduation: 2022
COINS consortium member: University of Bergen
Supervised by: Martijn Stam
Research area: Privacy
Project title: Security of Protocols and Privacy Enhancing Technologies
Project description: Last year public awareness of privacy gained a significant boost with the
full enacting of the EU’s GDPR. Cryptology is a crucial enabler of complex
functionalities while ensuring privacy. However, whereas assuring confidentiality
of simple data items using cryptology is well-understood and relatively easy,
the requirements to ensure privacy are less clear. Engineering efforts have
combined cryptographic primitives into ambitious privacy enhancing technologies
(PETs) such as TOR and encrypted searchable databases. Yet how well these
PETs preserve, or indeed enhance, privacy is often not very clear.

In common with complex cryptographic protocols such as authenticated key exchange
and channel establishment, attacks on deployed systems are still common and
conversely, the lack of attacks despite clear attention serves to build trust
in a system. This contrasts with the more rigorous cryptographic approach of
clearly specifying desired security properties that are subsequently proved
based on well-understood assumptions. For the recent Internet standard TLS 1.3,
the design went hand in hand with a thorough cryptologic analysis. This
symbiotic design paradigm was only possible as a result of many years of both
attacks and rigorous analysis of components of TLS 1.2.

For the majority of other complex cryptographic functionalities, the state of
the art is not as far advanced; moreover as a result of inevitable efficiency and
functionality trade-offs the usual “strongest black-and-white security”
approach typical in cryptology is unlikely to succeed. Instead, a metric for
security degradation (cf. differential privacy) looks more promising. This
project aims to look at suitable ways to express and reason about the
security of complex cryptographic functionalities as deployed in the wild,
with an early emphasis on select PETs such as TOR.

This entry was posted in Students and tagged . Bookmark the permalink.