Searchable Symmetric Encryption (SSE) schemes provide secure search over encrypted databases while allowing admitted information leakages. Generally, the leakages can be categorized into access, search, and volume pattern. In most existing Searchable Encryption (SE) schemes, these leakages are caused by practical designs but are considered an acceptable price to achieve high search efficiency. Many attacks on SSE schemes have shown that such leakages could be easily exploited to retrieve the underlying keywords for search queries. Each attack abuses a different leakage pattern and uses different techniques to achieve high query recovery accuracy. An attacker could be passive or active, where an active attacker can inject files in an SSE scheme, while a passive attacker only observes the queried data. Some passive attacks use the number of files returned by a query to create a match with a candidate keyword. Others use the co-occurrence of multiple keywords in the files to match a query with the same occurrence. We continue this research and design a new Volume and Access Pattern Leakage-abuse Attack (VAL-Attack) that exploits both the access and volume patterns. Our proposed attack only leverages leaked documents and the keywords present in those documents as auxiliary knowledge and can effectively retrieve document and keyword matches from leaked data. Furthermore, the recovery performs with great accuracy and without false positives. We compare VALAttack with two recent well-defined attacks on several real-world datasets to highlight the effectiveness of our attack and present the performance under popular countermeasures.

This report documents the design and implementation of Clusus, a cyber range to provide students with a safe isolated environment to learn about cyber security and computer networks. This Bachelor project was proposed by the TU Delft cyber security group. During a two week research phase currently existing solutions were evaluated and requirements for the system were determined. Based on these requirements and research into the capabilities of cloud providers a design was proposed. In the second phase of the project was the implementation of the design. The chosen design consists of three major components, a central server that handles the communication between the learning management system and an individual exercise, a containerized exercise, and finally a program that builds these containers. The containerized exercise consists of all virtual machines required for an exercise and a monitoring program that reports progress to the central server.

Authentication of domains has been a crucial part of the growth of web browsing, especially for e-commerce and secure browsing. However, the digital space has expanded from web domains to include devices such as smart cars, smart houses, and other IoT devices. The future for these devices is to communicate autonomously with one another, also known as Machine-to-Machine(M2M) communication. For M2M communication, IoT devices need to be able to authenticate each other. However, IoT devices cannot take over traditional authentication mechanisms. This problem is due to the expected growth in the number of IoT devices and the varying resource capabilities of these devices. In this work, we introduce Bubblechain, a generic, decentralised, and scalable IoT authentication system. In contrast to existing works, Bubblechain can update and remove identities of IoT devices that allows them to authenticate each other in a dynamic setting. Bubblechain also creates a higher trust level for devices that belong to the same Bubble. A Bubble refers to a group of devices that belong together, such as a home or office setting. The system also provides the possibility to authenticate devices from different Bubbles. The authentication process in Bubblechain is autonomous and decentralised.

There is an everlasting arms race between censoring bodies and those in its grip. When the censor is employing increasingly sophisticated techniques to digitally monitor and restrict those in its scope, equally sophisticated means to circumvent the digital repression come forward. Those suffering under digital censorship are using nifty ways to escape the censor's grip. Digitally restrictive regimes occasionally still allow access to blockchain applications such as cryptocurrencies, albeit in limited form. Blockchains often enjoy a global nature, but traditional and well established cryptocurrencies such as Bitcoin often do not have high performance. Second layer solutions, also known as off-chain solutions, offer a network of payment channels where transactions can be completed in peer-to-peer fashion with little interaction with the slow blockchain. In this thesis we investigate how Bitcoin's off-chain solution, the Lightning Network, can be employed to circumvent digital censorship. We introduce Periscope, a protocol that allows for tunneling of internet traffic between two hosts over a stream of micro-transactions embedded with data. Next, we thoroughly analyse its security and the network's suitability from a theoretical perspective. Following this, an empirical evaluation study is done to get an understanding of the performance of the protocol under various circumstances. We hope that Periscope serves as an additional mean to access the free internet to those in need.

Solving propositional satisfiability (SAT) and constraint programming (CP) instances has been a fundamental part of a wide range of modern applications. For this reason a lot of research went into improving the efficiency of modern SAT and CP solvers. Recently much of this research has gone into exploring the possibilities of integrating machine learning approaches with these solvers. However, with hybrid solvers, which combine both SAT and CP, dominating recent benchmarks it is surprising that no research has been done yet to apply those machine learning approach to improve hybrid solvers.This research proposes using a machine learning technique called unsatisfiable core learning to improve the performance of the Lazy Clause Generation solver Chuffed. The approach developed fort his study uses a Graph Convolutional Network model, which is trained on a dataset containing unsatisfiable instances. This machine learning model is then used for predicting unsatisfiable cores on CP instances and the predictions are used to initialise the activity score of the Variable State Independent Sum heuristic which is incorporated in Chuffed. The resulting approach managed to consistently solve a set of Multi-mode Resource-Constrained Project Scheduling instances 2.5% faster on average.These results indicate that, while this technique was originally developed for SAT, it can also be used to improve hybrid SAT/CP solvers.

Switching energy suppliers can be a time consuming process and the manner in which permissions regarding consumer data are stored lacks transparency. To overcome these issues, a solution was proposed in the form of a mandate register. Said register keeps track of which consumer gave what permission, regarding energy data, to whom. In this project a prototype of such a register was built. The register is required to be designed in such a way that it is expandable and secure. From these characteristics, the conclusion was drawn that a permissioned blockchain network was the most suitable option for storing mandates in a decentralised and immutable fashion. The most fitting consensus algorithm for the blockchain network was determined to be the Raft algorithm. For implementation of the blockchain network, a widely-documented and advanced framework called Hyperledger Fabric was used, which was be configured to use Raft. A network in Hyperledger Fabric is a set of organisations of which subsets can form channels together. Each organisation consists of multiple peer nodes, each with a corresponding ledger, database and smart contracts. The mandate register network consists of two channels, the first containing seven organisations, with two peer nodes per organisation. Apart from these seven organisations, the network contains seven orderers, which work in the second channel and which are responsible for managing transactions made by an application. On top of the network, an application was built that connects to the network and functions as a simple web server. The web server allows consumers to submit their mandates as input to the network and query mandates from the network. Performance evaluation of the network shows that it requires much optimisation before being ready for deployment in the real world. Apart from optimisation, there are various tasks related to security, authentication, deployment, and the GDPR which have to be completed before the register can be used in production.

Double Auctions are mechanisms to trade commodities such as electricity or parts of the wireless spectrum at optimal prices. Bidders and sellers simultaneously submit quantity-price pairs to an auctioneer, denoting the quantity they want to buy or sell at specific prices. The auctioneer aggregates the offers into demand and supply curves to compute the auction result by finding the intersection between supply and demand. In this way, commodities exchange owners in an economically efficient manner, driven by the market. In an ideal scenario, the auctioneer is a trusted third party that does not abuse the information they gain. However, in reality, offers reveal usage patterns of customers, such as electricity usage, or may be used by the auctioneer for their economic gain as insider information. The auctioneer also has opportunities to manipulate results of which there are real-life allegations in electricity trading or advertisement auctions. These concerns call for solutions that conduct the auction in a privacy-preserving and verifiable way while not compromising the auction functionality or economic efficiency. Proposed solutions for privacy-preserving and verifiable double auctions offer confidentiality but do not allow participants to verify results independently or vice versa without interaction of participants in the full auction procedure. We specifically focus on electricity trading to design a solution covering the above concerns. To the best of our knowledge, we propose the first privacy-preserving and verifiable double auction scheme without interactivity of all participants, tailored to electricity trading on (inter)national exchanges. Using cryptographic schemes, including Homomorphic encryption, Commitment schemes, and Zero-knowledge-proofs, we propose a solution to establish a double auction protocol that preserves privacy and allows for verification.

Begun in 2020, Polkadot is one of the largest blockchains in market capitalization and development. However, privacy on the Polkadot network has yet to be one of the key focus points. Especially unlinkability between the user’s IP address and Polkadot address is essential. Without this unlinkability, users are vulnerable to targeted ads, manipulation, blackmail, reputational damage, financial loss, physical harm, discrimination, and more. This thesis investigates the viability of Tor or a VPN with Polkadot as external privacy-enhancing tools to hide the user’s IP address, as users aiming to achieve unlinkability cannot easily change the Polkadot code. To analyze the viability, we set up a measurement study to examine the performance of a Polkadot full node behind Tor or a VPN. We investigated, among other things, the latency, throughput, and the number of discovered and connected peers to determine the performance of three Polkadot full nodes located in London, Seoul, and North California. Furthermore, we did a security analysis to determine any vulnerabilities that could emerge from using Polkadot with either of the network environments. And we investigated in-depth the susceptibility of the Polkadot node to an Eclipse attack, as previous research has shown that Bitcoin with Tor was vulnerable to an Eclipse attack. Our results show that a Polkadot node with Tor has considerably high latency and cannot maintain long-lasting connections. The short connection time decreases the time to perform an Eclipse attack on a Polkadot node from a couple of months and weeks for the normal and VPN environment to potentially six days or less for the Tor environment. We calculated the cost of running an Eclipse attack to be approximately €482 per week. The Polkadot node behind the VPN does perform considerably better. The Polkadot node in London, behind the VPN located in Frankfurt, performed similarly in terms of latency to the Polkadot node in a normal network environment. However, the Polkadot nodes in both the Tor and VPN environment have only outgoing connections. If too many nodes ran behind one of these environments, fewer peers would be able to establish connections with one another, resulting in network partitions or network failure. This study emphasizes the importance of unlinkability between a Polkadot user’s address and IP. However, using Tor or a VPN as privacy-enhancing tools could impact the security of the Polkadot node and the whole Polkadot network. So users should avoid using Tor with Polkadot and carefully consider the tradeoff between privacy and security when using a VPN. The security issues mentioned in this thesis should be further investigated and tested. Furthermore, a default solution built into the Polkadot source code should be investigated.

In a world where more data gets uploaded to the cloud, it is essential that the data gets stored securely. For users to keep search functionality, searchable symmetric encryption has been developed. SSE works by a user sending a token representing a keyword (or a range), after which the server returns the documents that match the keyword (or values in the queried range). These observed documents are called the access pattern. A number of attacks that work on range SSE schemes have been developed. Yet, most of these attacks work on density or query assumptions that hinder their performance if these assumptions are false. Furthermore, a number of these attacks use auxiliary information. Yet none of them uses known search tokens. We, thus, propose a novel approach that uses a PQ-Tree to get the order of the observed documents. It uses the known pairs to assign possibilities for these documents and returns a list of options for each observed token and estimated values for each document. The basic attack guarantees that the correct query is always available by assigning document values based on the known tokens. A refined attack was made that assigns more known tokens by adding the best matches based on confidence score. This refinement allows for more exact token and query matches. Both of these attacks were extended using partial or similar documents from which document volume or rank information could be gathered to further increase the attack performance in cases where such data is available. We evaluate our attacks against current state-of-the-art and outperform those regarding document and query recovery on all tested datasets. Lastly, we use two countermeasures and see that all attacks are impacted but that our attack still outperforms most.

Payment channels allow parties to utilize the blockchain to send transactions for a cheaper fee. Previous work has analyzed to which degree a party can profit by facilitating the transaction process. The aim is to increase the usability of the network and to be rewarded for providing this service. However, previous work focuses on maximizing the reward of the individual player in isolation, a model that we aim to expand. That is why in this work we extend the action space to allow other parties to act and react, and observe the impact this has on the rewards of the player that would otherwise act in isolation. Testing existing placement strategies by performing channel placement games, we can assess the difference in the reward that indicates the potential loss that competition may cause when operating in the Bitcoin Lightning Network. Furthermore, we have developed a new strategy that is able to improve the performance in the multi-actor model.

Fraudulent behavior within online marketplaces is a prominent but unsolved problem. Most marketplace operators try to mitigate this behavior by serving as the central authority. This approach requires user data collection and is not privacy-friendly. In an attempt to build a foundation for solving the fraud concerns and privacy issues, this paper elaborates on the design and implementation of a simple marketplace system using peer-to-peer (P2P) technology in combination with a Self-Sovereign Identity (SSI) solution. The P2P network ensures no single points of control, reduces risks of a big data breach and simply costs less to operate. The SSI solution makes sure that users cannot create multiple accounts to whitewash their dishonest behavior. Ensuring every user has only one identity makes the platform Sybil-resistant. In contrast to other identity verification systems used in marketplaces, such as Facebook Login, SSI aims to put the user in control and to not collect personal data. Users know what data are asked and give explicit consent for each request. This user-centric approach makes them privacy-friendly. Reaching Sybil resistance without having a central authority in a marketplace has not been done before. In the future a reputation system can be built on top of the Sybil-resistant P2P system, ensuring users’ behavior can not be whitewashed. Several methods are used during the design and the implementation process. They include the Scrum framework, MoSCoW prioritization and Class-Responsibility-Collaboration cards. Git was used for version control while code quality was kept high through a custom CI setup. Additionaly, every merge request required at least two approvals to ensure thorough code review. This resulted in an application that is both Sybil-resistant and privacy-friendly

Tor is an anonymity network used by a vast number of users in order to protect their privacy on the internet. It should not come as a surprise that this service is also used for abuse such as Denial of service attacks and other malicious activities because of the anonymity it provides. For protecting themselves from this abuse, websites block Tor in various ways. We investigate the extent and frequency of this kind of blocking by requesting the Alexa top 1000 websites with and without Tor with the objective of highlighting the differential treatment observed by privacy-minded users. We build upon existing studies by using diverse metrics to measure discrimination and by extending our search to three sub pages of websites for detecting sophisticated blocking. We find at least 25.8% of the Alexa top 1000 websites discriminating on the home page against Tor users as opposed to 20.03% observed in previous studies. This number rises to 31.7% after including the three sub pages. We also discover new types of blocks such as Tor users being served old or different versions of websites. We categorize the blocked websites and find that Online Shopping and Finance/ Banking categories discriminate most against Tor while Social Networking sites and Search Engines discriminate the least.