A fair payment system with online anonymous transfer

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 2007.Includes bibliographical references (p. 26-27).Physical cash can be anonymously transfered. Transferability is a desirable property because it allows for flexible, private commerce where neither the seller nor the buyer must identify themselves to the bank. In some cases, however, anonymity can be abused and lead to problems such as blackmail and money laundering. In 1996, Camenisch, Piveteau, and Stadler introduced the concept of fairness for (non-transferable) ECash, where a trusted authority can revoke the anonymity of certain transactions as needed. To our knowledge, no current ECash system supports both anonymous transfer and fairness. We have designed and implemented such a system. Also, we formally describe a set of desirable properties for ECash systems and prove that our system meets all of these properties under the Strong RSA assumption and the Decisional Diffie-Hellman assumption in the random oracle model. Furthermore, we provide extensions for our system that could allow it to deal with offline payments and micropayments. Our system has been implemented in java. Tests have shown that it performs and scales well, as expected.by Bin D. Vo.M.Eng

Cybersecurity through an Identity Management System

Cybersecurity is a concern of growing importance as internet usage continues to spread into new areas. Strong authentication combined with accountability is a powerful measure towards individuals' protection against any type of identity theft. On the other hand, such strong identification raises privacy concerns. In this paper, we argue that authentication, accountability and privacy can be combined into a single, deployable identity management system which can be adopted to current citizenship database infrastructures. More specifically, we present the properties that such a system would need in order to meet the applications of current infrastructures, aid in general operations of day to day life, and take into consideration the privacy of individuals

Privacy-Preserving, Taxable Bank Accounts

Current banking systems do not aim to protect user privacy. Purchases made from a single bank account can be linked to each other by many parties. This could be addressed in a straight-forward way by generating unlinkable credentials from a single master credential using Camenisch and Lysyanskaya's algorithm; however, if bank accounts are taxable, some report must be made to the tax authority about each account. Using unlinkable credentials, digital cash, and zero knowledge proofs of knowledge, we present a solution that prevents anyone, even the tax authority, from knowing which accounts belong to which users, or from being able to link any account to another or to purchases or deposits

A Real World Identity Management System with Master Secret Revocation

Cybersecurity mechanisms have become increasingly important as online and offline worlds converge. Strong authentication and accountability are key tools for dealing with online attacks, and we would like to realize them through a token-based, centralized identity management system. In this report, we present a privacy-preserving group of protocols comprising a unique per user digital identity card, with which its owner is able to authenticate himself, prove possession of attributes, register himself to multiple online organizations (anonymously or not) and provide proof of membership. Unlike existing credential-based identity management systems, this card is revocable, i.e., its legal owner may invalidate it if physically lost, and still recover its content and registrations into a new credential. This card will protect an honest individual's anonymity when applicable as well as ensure his activity is known only to appropriate users

Secure Anonymous Database Search

There exist many large collections of private data that must be protected on behalf of the entities that hold them or the clients they serve. However, there are also often many legitimate reasons for sharing that data in a controlled manner. How can two parties decide to share data without prior knowledge of what data they have? For example, two intelligence agencies might be willing to cooperate by sharing documents about a specific case, and need a way of determining which documents might be of interest to each other. We introduce and address the problem of allowing such entities to search each other's data securely and anonymously. We aim to protect the content of the queries, as well as the content of documents unrelated to those queries, while concealing the identity of the participants. Although there exist systems for solving similar problems, to our knowledge we are the first to address this specific need and also the first to present a secure anonymous search system that is practical for real-time querying. In order to achieve this in an efficient manner, we make use of Bloom filters [5], definitions of security for deterministic encryption [22] that we adapt and instantiate in the private key setting and of a novel encryption primitive, reroutable encryption

Trade-offs in Private Search

Encrypted search -- performing queries on protected data -- is a well researched problem. However, existing solutions have inherent inefficiency that raises questions of practicality. Here, we step back from the goal of achieving maximal privacy guarantees in an encrypted search scenario to consider efficiency as a priority. We propose a privacy framework for search that allows tuning and optimization of the trade-offs between privacy and efficiency. As an instantiation of the privacy framework we introduce a tunable search system based on the SADS scheme and provide detailed measurements demonstrating the trade-offs of the constructed system. We also analyze other existing encrypted search schemes with respect to this framework. We further propose a protocol that addresses the challenge of document content retrieval in a search setting with relaxed privacy requirements

Usable Secure Private Search

Real-world applications commonly require untrusting parties to share sensitive information securely. This article describes a secure anonymous database search (SADS) system that provides exact keyword match capability. Using a new reroutable encryption and the ideas of Bloom filters and deterministic encryption, SADS lets multiple parties efficiently execute exact-match queries over distributed encrypted databases in a controlled manner. This article further considers a more general search setting allowing similarity searches, going beyond existing work that considers similarity in terms of error tolerance and Hamming distance. This article presents a general framework, built on the cryptographic and privacy-preserving guarantees of the SADS primitive, for engineering usable private secure search systems

The designability of protein switches by chemical rescue of structure: mechanisms of inactivation and reactivation

This document is the Accepted Manuscript version of a Published Work that appeared in final form in the Journal of the American Chemical Society, copyright © American Chemical Society after peer review and technical editing by the publisher. To access the final edited and published work see http://doi.org/10.1021/ja407644b.The ability to selectively activate function of particular proteins via pharmacological agents is a longstanding goal in chemical biology. Recently, we reported an approach for designing a de novo allosteric effector site directly into the catalytic domain of an enzyme. This approach is distinct from traditional chemical rescue of enzymes in that it relies on disruption and restoration of structure, rather than active site chemistry, as a means to achieve modulate function. However, rationally identifying analogous de novo binding sites in other enzymes represents a key challenge for extending this approach to introduce allosteric control into other enzymes. Here we show that mutation sites leading to protein inactivation via tryptophan-to-glycine substitution and allowing (partial) reactivation by the subsequent addition of indole are remarkably frequent. Through a suite of methods including a cell-based reporter assay, computational structure prediction and energetic analysis, fluorescence studies, enzymology, pulse proteolysis, x-ray crystallography and hydrogen-deuterium mass spectrometry we find that these switchable proteins are most commonly modulated indirectly, through control of protein stability. Addition of indole in these cases rescues activity not by reverting a discrete conformational change, as we had observed in the sole previously reported example, but rather rescues activity by restoring protein stability. This important finding will dramatically impact the design of future switches and sensors built by this approach, since evaluating stability differences associated with cavity-forming mutations is a far more tractable task than predicting allosteric conformational changes. By analogy to natural signaling systems, the insights from this study further raise the exciting prospect of modulating stability to design optimal recognition properties into future de novo switches and sensors built through chemical rescue of structure

Establishing and validating noninvasive prenatal testing procedure for fetal aneuploidies in Vietnam

Noninvasive prenatal testing (NIPT) for fetal aneuploidies has been widely adopted in developed countries. Despite the sharp decrease in the cost of massively parallel sequencing, the technical know-how and skilled personnel are still one of the major limiting factors for applying this technology to NIPT in low-income settings. Here, we present the establishment and validation of our NIPT procedure called triSure for detection of fetal aneuploidies.We established the triSure algorithm based on the difference in proportion of fetal and maternal fragments from the target chromosome to all chromosomes. Our algorithm was validated using a published data set and an in-house data set obtained from high-risk pregnant women in Vietnam who have undergone amniotic testing. Several other aneuploidy calling methods were also applied to the same data set to benchmark triSure performance.The triSure algorithm showed similar accuracy to size-based method when comparing them using published data set. Using our in-house data set from 130 consecutive samples, we showed that triSure correctly identified the most samples (overall sensitivity and specificity of 0.983 and 0.986, respectively) compared to other methods tested including count-based, sized-based, RAPIDR and NIPTeR.We have demonstrated that our triSure NIPT procedure can be applied to pregnant women in low-income settings such as Vietnam, providing low-risk screening option to reduce the need for invasive diagnostic tests