5,639 research outputs found
Practical Schemes For Privacy & Security Enhanced RFID
Proper privacy protection in RFID systems is important. However, many of the
schemes known are impractical, either because they use hash functions instead
of the more hardware efficient symmetric encryption schemes as a efficient
cryptographic primitive, or because they incur a rather costly key search time
penalty at the reader. Moreover, they do not allow for dynamic, fine-grained
access control to the tag that cater for more complex usage scenarios.
In this paper we investigate such scenarios, and propose a model and
corresponding privacy friendly protocols for efficient and fine-grained
management of access permissions to tags. In particular we propose an efficient
mutual authentication protocol between a tag and a reader that achieves a
reasonable level of privacy, using only symmetric key cryptography on the tag,
while not requiring a costly key-search algorithm at the reader side. Moreover,
our protocol is able to recover from stolen readers.Comment: 18 page
Anonymity and trust in the electronic world
Privacy has never been an explicit goal of authorization mechanisms. The traditional
approach to authorisation relies on strong authentication of a stable identity
using long term credentials. Audit is then linked to authorization via the same
identity. Such an approach compels users to enter into a trust relationship with
large parts of the system infrastructure, including entities in remote domains. In
this dissertation we advance the view that this type of compulsive trust relationship
is unnecessary and can have undesirable consequences. We examine in some
detail the consequences which such undesirable trust relationships can have on
individual privacy, and investigate the extent to which taking a unified approach
to trust and anonymity can actually provide useful leverage to address threats to
privacy without compromising the principal goals of authentication and audit. We
conclude that many applications would benefit from mechanisms which enabled
them to make authorization decisions without using long-term credentials. We
next propose specific mechanisms to achieve this, introducing a novel notion of
a short-lived electronic identity, which we call a surrogate. This approach allows
a localisation of trust and entities are not compelled to transitively trust other entities
in remote domains. In particular, resolution of stable identities needs only
ever to be done locally to the entity named. Our surrogates allow delegation, enable
role-based access control policies to be enforced across multiple domains,
and permit the use of non-anonymous payment mechanisms, all without compromising
the privacy of a user. The localisation of trust resulting from the approach
proposed in this dissertation also has the potential to allow clients to control the
risks to which they are exposed by bearing the cost of relevant countermeasures
themselves, rather than forcing clients to trust the system infrastructure to protect
them and to bear an equal share of the cost of all countermeasures whether or not
effective for them. This consideration means that our surrogate-based approach
and mechanisms are of interest even in Kerberos-like scenarios where anonymity
is not a requirement, but the remote authentication mechanism is untrustworthy
Privacy-Preserving Electronic Ticket Scheme with Attribute-based Credentials
Electronic tickets (e-tickets) are electronic versions of paper tickets,
which enable users to access intended services and improve services'
efficiency. However, privacy may be a concern of e-ticket users. In this paper,
a privacy-preserving electronic ticket scheme with attribute-based credentials
is proposed to protect users' privacy and facilitate ticketing based on a
user's attributes. Our proposed scheme makes the following contributions: (1)
users can buy different tickets from ticket sellers without releasing their
exact attributes; (2) two tickets of the same user cannot be linked; (3) a
ticket cannot be transferred to another user; (4) a ticket cannot be double
spent; (5) the security of the proposed scheme is formally proven and reduced
to well known (q-strong Diffie-Hellman) complexity assumption; (6) the scheme
has been implemented and its performance empirically evaluated. To the best of
our knowledge, our privacy-preserving attribute-based e-ticket scheme is the
first one providing these five features. Application areas of our scheme
include event or transport tickets where users must convince ticket sellers
that their attributes (e.g. age, profession, location) satisfy the ticket price
policies to buy discounted tickets. More generally, our scheme can be used in
any system where access to services is only dependent on a user's attributes
(or entitlements) but not their identities.Comment: 18pages, 6 figures, 2 table
- …