Wouter Lueks’s research while affiliated with Helmholtz Center for Information Security and other places


Ad

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (41)


A Low-Cost Privacy-Preserving Digital Wallet for Humanitarian Aid Distribution
  • Preprint

October 2024

·

3 Reads

Eva Luvison

·

·

Justinas Sukaitis

·

[...]

·

Wouter Lueks

Humanitarian organizations distribute aid to people affected by armed conflicts or natural disasters. Digitalization has the potential to increase the efficiency and fairness of aid-distribution systems, and recent work by Wang et al. has shown that these benefits are possible without creating privacy harms for aid recipients. However, their work only provides a solution for one particular aid-distribution scenario in which aid recipients receive a pre-defined set of goods. Yet, in many situations it is desirable to enable recipients to decide which items they need at each moment to satisfy their specific needs. We formalize these needs into functional, deployment, security, and privacy requirements, and design a privacy-preserving digital wallet for aid distribution. Our smart-card-based solution enables aid recipients to spend a pre-defined budget at different vendors to obtain the items that they need. We prove our solution's security and privacy properties, and show it is practical at scale.


Designing for data protection

September 2024

·

5 Reads

This handbook is a foundational text which offers a comprehensive, accessible analysis of personal data protection law, and its significance to humanitarian organizations. Bringing together years of research on personal data protection principles, it outlines how humanitarian organizations can use these principles to uphold the rights and dignity of the most vulnerable. Reflecting the rapid evolution of new technologies, the handbook provides an in-depth analysis of the impacts of using specific technologies in humanitarian contexts. It raises awareness of the importance of data protection and suggests practical steps that humanitarian organizations can implement to process the personal data that they hold in a responsible manner that complies with personal data protection principles and requirements. With tailored advice and extensive, up-to-date research, this is a vital resource for humanitarian practitioners and lawyers, data protection authorities and researchers working on humanitarian affairs and personal data protection. This title is also available as Open Access on Cambridge Core.



Janus: Safe Biometric Deduplication for Humanitarian Aid Distribution

August 2023

·

37 Reads

Humanitarian organizations provide aid to people in need. To use their limited budget efficiently, their distribution processes must ensure that legitimate recipients cannot receive more aid than they are entitled to. Thus, it is essential that recipients can register at most once per aid program. Taking the International Committee of the Red Cross's aid distribution registration process as a use case, we identify the requirements to detect double registration without creating new risks for aid recipients. We then design Janus, which combines privacy-enhancing technologies with biometrics to prevent double registration in a safe manner. Janus does not create plaintext biometric databases and reveals only one bit of information at registration time (whether the user registering is present in the database or not). We implement and evaluate three instantiations of Janus based on secure multiparty computation, somewhat homomorphic encryption, and trusted execution environments. We demonstrate that they support the privacy, accuracy, and performance needs of humanitarian organizations. We compare Janus with existing alternatives and show it is the first system that provides the accuracy our scenario requires while providing strong protection.


Figure 1: Structure of our PCM framework. Red arrows show values encrypted under the client's key. í µí±“ í µí±€ designates a matching function: it outputs a binary value í µí¼† indicating whether two sets match. í µí±“ í µí°ís an aggregation function that combines í µí±› matching statuses into a collection-wide result.
Figure 5: Computation time (solid lines) and transfer cost (dotted lines) for computing aggregated chemical similarity.
Figure 8: Computation cost for performing small domain PSI-CA. Two systems provide different security levels: Ruan et al. support 80-bit security while ours provide 128-bit security.
Cost of basic BFV operations.
Private Collection Matching Protocols
  • Article
  • Full-text available

July 2023

·

18 Reads

·

1 Citation

Proceedings on Privacy Enhancing Technologies

We introduce Private Collection Matching (PCM) problems, in which a client aims to determine whether a collection of sets owned by a server matches their interests. Existing privacy-preserving cryptographic primitives cannot solve PCM problems efficiently without harming privacy. We propose a modular framework that enables designers to build privacy-preserving PCM systems that output one bit: whether a collection of server sets matches the client's set. The communication cost of our protocols scales linearly with the size of the client's set and is independent of the number of server elements. We demonstrate the potential of our framework by designing and implementing novel solutions for two real-world PCM problems: determining whether a dataset has chemical compounds of interest, and determining whether a document collection has relevant documents. Our evaluation shows that we offer a privacy gain with respect to existing works at a reasonable communication and computation cost.

Download


Not Yet Another Digital ID: Privacy-preserving Humanitarian Aid Distribution

March 2023

·

24 Reads

Humanitarian aid-distribution programs help bring physical goods (e.g., food, blankets) to people in need. Traditional paper-based solutions to support aid distribution do not scale to large populations and are hard to secure. Existing digital solutions solve these issues, at the cost of collecting large amount of personal information. Failing to protect aid recipients' privacy can result on harms for them and enables surveillance in the long run. In collaboration with the International Committee of the Red Cross, we build a safe aid-distribution system in this paper. We first systematize the requirements such a system should satisfy and then propose a decentralized solution based on the use of tokens. Our design provides strong scalability and accountability, at the same time, ensures privacy by design. We provide two instantiations of our design, on a smart card and on a smartphone. We formally prove the security and privacy properties of our design, and empirically show that the two instantiations can scale to hundreds of thousands of recipients.



Private Set Matching Protocols

June 2022

·

15 Reads

We introduce Private Set Matching (PSM) problems, in which a client aims to determine whether a collection of sets owned by a server matches her interest. Existing privacy-preserving cryptographic primitives cannot solve PSM problems efficiently without harming privacy. We propose a new modular framework that enables designers to build privacy-friendly PSM systems that output one bit: whether a server set or collection of server sets matches the client's set, while guaranteeing privacy of client and server sets. The communication cost of our protocols scales linearly with the size of the client's set and is independent of the number of server sets and their total size. We demonstrate the potential of our framework by designing and implementing novel solutions for two real-world PSM problems: determining whether a dataset has chemical compounds of interest, and determining whether a document collection has relevant documents. Our evaluation shows that our privacy gain comes at a reasonable communication and computation cost.


Fig. 1. Overview of our presence-tracing system
CrowdNotifier: Decentralized Privacy-Preserving Presence Tracing

October 2021

·

204 Reads

·

9 Citations

Proceedings on Privacy Enhancing Technologies

There is growing evidence that SARS-CoV-2 can be transmitted beyond close proximity contacts, in particular in closed and crowded environments with insufficient ventilation. To help mitigation efforts, contact tracers need a way to notify those who were present in such environments at the same time as infected individuals. Neither traditional human-based contact tracing powered by handwritten or electronic lists, nor Bluetooth-enabled proximity tracing can handle this problem efficiently. In this paper, we propose CrowdNotifier, a protocol that can complement manual contact tracing by efficiently notifying visitors of venues and events with SARS-CoV-2-positive attendees. We prove that CrowdNotifier provides strong privacy and abuse-resistance, and show that it can scale to handle notification at a national scale.


Ad

Citations (24)


... Wang et al. [29] were the first to identify the challenges of aid distribution digitalization. The deployment constraints make designing a (privacy-preserving) solution difficult. ...

Reference:

A Low-Cost Privacy-Preserving Digital Wallet for Humanitarian Aid Distribution
Not Yet Another Digital ID: Privacy-Preserving Humanitarian Aid Distribution
  • Citing Conference Paper
  • May 2023

... Transmission during the first two to three days before the onset of symptoms is estimated to account for about half of overall transmissions. Thus, quick quarantining is essential (Troncoso et al. 2020). According to the COVID-19 Digital Rights Tracker, in 2020 there were 120 contact tracing apps available in seventy-one countries, and sixty digital tracking measures have been introduced in thirty-eight countries (Woodhams 2020). ...

Decentralized Privacy-Preserving Proximity Tracing: Overview of Data Protection and Security
  • Citing Article
  • May 2020

... The differential privacy has been applied to the geospatial data from the 2020 census by the U.S. Census Bureau before releasing the data, allowing public access for research policymaking while protecting sensitive individuals or household data [31]. The technique was also used during the COVID-19 pandemic, where the contact tracing apps or sharing of disease spread spatial data for analysis of disease transmission patterns while preventing re-identification of individuals [32]. ...

Deploying decentralized, privacy-preserving proximity tracing
  • Citing Article
  • September 2022

Communications of the ACM

... Distinct from the scientific study of app effectiveness in stemming transmission [30] is the study of viral transmission itself to learn its incubation period, infectious period, and mode of transmission [31]. An obstacle to such a study was that some privacy-first rhetoric rejected making the study of SARS-CoV-2 transmission an aim of the scheme, even if the science could be done in a manner that preserved privacy. ...

Toward a Common Performance and Effectiveness Terminology for Digital Proximity Tracing Applications

Frontiers in Digital Health

... To reduce time and cost intensive resources required by contact tracing solely performed by humans, numerous digital contact tracing (DCT) protocols and smartphone apps have been developed [2]. These protocols commonly utilize native smartphone features, such as Bluetooth, WiFi (e.g., WiFiTrace [3]), GPS (e.g., SafePaths [4]), acoustic signals (e.g., ATurf [5] and NOVID [6]), or QR code scanning (e.g., CrowdNotifier [7]) to provide the underlying mechanisms for smartphone apps to determine encounters with other individuals and ultimately notify of potential exposure to positive diagnosed users. ...

CrowdNotifier: Decentralized Privacy-Preserving Presence Tracing

Proceedings on Privacy Enhancing Technologies

... Privacy-preserving protocols for digital contact tracing (DCT) have been introduced, using either centralized (25)(26)(27) or distributed (28)(29)(30) approaches, primarily relying on Bluetooth lowenergy (BLE) communication to detect physical proximity without geolocation. The analysis of data obtained from early implementations of DCT apps indicates a tangible contribution to epidemic containment, providing an additional quantitative and qualitative advantage over MCT (31)(32)(33)(34). ...

Early evidence of effectiveness of digital contact tracing for SARS-CoV-2 in Switzerland

Swiss medical weekly: official journal of the Swiss Society of Infectious Diseases, the Swiss Society of Internal Medicine, the Swiss Society of Pneumology

... Por ejemplo, los primeros datos de las autoridades sanitarias suizas indicaron que sólo el 12% de las personas infectadas informaban de que son seropositivas a través de la aplicación (Salathé et al., 2020). En España, esta cifra se reducía a aproximadamente el 2% en la práctica, a pesar de un documento basado en un estudio piloto Un elemento clave del éxito de un sistema digital de rastreo de contactos es su adopción, es decir, el porcentaje de personas que lo utilizan de forma activa y eficaz realizado en La Gomera (Islas Canarias) que planteaba expectativas mucho mayores sobre la eficacia de la aplicación (Rodríguez et al., 2021). ...

Early Evidence of Effectiveness of Digital Contact Tracing for SARS-CoV-2 in Switzerland

... When a user tests positive for COVID-19, the app can rapidly notify those with whom he or she has had close contact, allowing them to take appropriate measures such as self-isolation or testing Cho et al., 2020). Numerous nations have created and implemented such applications, with differing degrees of success (Braithwaite et al., 2020;Troncoso et al., 2020). Effectively balancing effectiveness and privacy concerns is one of the most difficult aspects of digital contact tracing. ...

Decentralized Privacy-Preserving Proximity Tracing
  • Citing Article
  • March 2020

... The signing protocol employs measures against an adversary guessing that PIN, or making a copy of the memory of the smartphone. Lueks et al. [20] have proposed a system with the same kind of 2-out-of-2 sharing, where also the users' usage patterns are protected; the system also relies on blind signatures. For the threshold decryption, Kirss et al. [21] have proposed a protocol with the same measures for protecting the keyshare in the smartphone as [5]; together with the clone detection mechanisms of [22], it could offer a viable alternative to secure elements [6]. ...

Tandem: Securing Keys by Using a Central Server While Preserving Privacy

Proceedings on Privacy Enhancing Technologies

... However, the widespread use of these embedded sensors after the Corona Virus Disease 2019 (COVID-19) outbreak increased the risk of user privacy leakage [25,26]. Troncoso et al. [27] proposed and analyzed a decentralized proximity-tracking system for COVID-19 propagation, that focuses on security and privacy preservation by using anonymous identifiers to tag COVID-19-positive users without the need to provide exact location information to the authorities. ...

Decentralized Privacy-Preserving Proximity Tracing