29,511 research outputs found
Citizen Electronic Identities using TPM 2.0
Electronic Identification (eID) is becoming commonplace in several European
countries. eID is typically used to authenticate to government e-services, but
is also used for other services, such as public transit, e-banking, and
physical security access control. Typical eID tokens take the form of physical
smart cards, but successes in merging eID into phone operator SIM cards show
that eID tokens integrated into a personal device can offer better usability
compared to standalone tokens. At the same time, trusted hardware that enables
secure storage and isolated processing of sensitive data have become
commonplace both on PC platforms as well as mobile devices.
Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of
the Trusted Platform Module (TPM) specification. We propose an eID architecture
based on the new, rich authorization model introduced in the TCGs TPM 2.0. The
goal of the design is to improve the overall security and usability compared to
traditional smart card-based solutions. We also provide, to the best our
knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities
using TPM 2.0, to appear in the Proceedings of the 4th international workshop
on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale,
Arizona, USA, http://dx.doi.org/10.1145/2666141.266614
Distributed Random Process for a Large-Scale Peer-to-Peer Lottery
Most online lotteries today fail to ensure the verifiability of the random
process and rely on a trusted third party. This issue has received little
attention since the emergence of distributed protocols like Bitcoin that
demonstrated the potential of protocols with no trusted third party. We argue
that the security requirements of online lotteries are similar to those of
online voting, and propose a novel distributed online lottery protocol that
applies techniques developed for voting applications to an existing lottery
protocol. As a result, the protocol is scalable, provides efficient
verification of the random process and does not rely on a trusted third party
nor on assumptions of bounded computational resources. An early prototype
confirms the feasibility of our approach
Privacy-Preserving Electronic Ticket Scheme with Attribute-based Credentials
Electronic tickets (e-tickets) are electronic versions of paper tickets,
which enable users to access intended services and improve services'
efficiency. However, privacy may be a concern of e-ticket users. In this paper,
a privacy-preserving electronic ticket scheme with attribute-based credentials
is proposed to protect users' privacy and facilitate ticketing based on a
user's attributes. Our proposed scheme makes the following contributions: (1)
users can buy different tickets from ticket sellers without releasing their
exact attributes; (2) two tickets of the same user cannot be linked; (3) a
ticket cannot be transferred to another user; (4) a ticket cannot be double
spent; (5) the security of the proposed scheme is formally proven and reduced
to well known (q-strong Diffie-Hellman) complexity assumption; (6) the scheme
has been implemented and its performance empirically evaluated. To the best of
our knowledge, our privacy-preserving attribute-based e-ticket scheme is the
first one providing these five features. Application areas of our scheme
include event or transport tickets where users must convince ticket sellers
that their attributes (e.g. age, profession, location) satisfy the ticket price
policies to buy discounted tickets. More generally, our scheme can be used in
any system where access to services is only dependent on a user's attributes
(or entitlements) but not their identities.Comment: 18pages, 6 figures, 2 table
Best Effort and Practice Activation Codes
Activation Codes are used in many different digital services and known by
many different names including voucher, e-coupon and discount code. In this
paper we focus on a specific class of ACs that are short, human-readable,
fixed-length and represent value. Even though this class of codes is
extensively used there are no general guidelines for the design of Activation
Code schemes. We discuss different methods that are used in practice and
propose BEPAC, a new Activation Code scheme that provides both authenticity and
confidentiality. The small message space of activation codes introduces some
problems that are illustrated by an adaptive chosen-plaintext attack (CPA-2) on
a general 3-round Feis- tel network of size 2^(2n) . This attack recovers the
complete permutation from at most 2^(n+2) plaintext-ciphertext pairs. For this
reason, BEPAC is designed in such a way that authenticity and confidentiality
are in- dependent properties, i.e. loss of confidentiality does not imply loss
of authenticity.Comment: 15 pages, 3 figures, TrustBus 201
Trust dynamics for collaborative global computing
Recent advances in networking technology have increased the potential for dynamic enterprise collaborations between an open set of entities on a global scale. The security of these collaborations is a major concern, and requires novel approaches suited to this new environment to be developed. Trust management appears to be a promising approach. Due to the dynamic nature of these collaborations,dynamism in the formation, evolution and exploitation of trust is essential. In this paper we explore the properties of trust dynamics in this context. Trust is formed and evolves according to personal experience and recommendations. The properties of trust dynamics are expressed through a formal model of trust. Specific examples, based on an e-purse application scenario are used to demonstrate these properties
Secure and Transferable Mobile Ticketing Using Digital Rights Managements
The increasingly matured mobile commerce enriches our daily lives. Mobile ticketing, a process that allows consumers to order, make payment, acquire, and authenticate tickets using their mobile phones, will become popular since it can be conducted from anywhere and at anytime. In addition to the convenience of use, the fabrication and distribution costs of traditional paper-tickets can be greatly reduced with mobile tickets. Many applications, such as traffic tickets, concert tickets, movie tickets, and so on, may take the advantages of mobile ticketing. Such tickets, in their paper-forms, can be transferred to anyone before use since no specific identity is recorded in these tickets. Nevertheless, current schemes restrict mobile tickets to be non-transferable because the transferring will result in the tickets being invalidated. To overcome the non-transferability problem, we use the idea of digital rights managements to separate the content and the usage-rules of mobile tickets, and propose a transferrable mobile ticketing scheme. The usage-rule, i.e. the rights object of the ticket, registers the ticket identification and a hashed number comprising an issuer’s random number and the International Mobile Equipment Identity (IMEI) of the ticket owner. The rights object is independently issued by a trusted third party. When a ticket is transferred, the issuer will be notified and he will modify the rights object with a new hash value, computed from a new random number and the IMEI of the new owner who receives the transferred ticket. Therefore, mobile tickets are secured and transferrable in our proposed mobile ticketing scheme
UniquID: A Quest to Reconcile Identity Access Management and the Internet of Things
The Internet of Things (IoT) has caused a revolutionary paradigm shift in
computer networking. After decades of human-centered routines, where devices
were merely tools that enabled human beings to authenticate themselves and
perform activities, we are now dealing with a device-centered paradigm: the
devices themselves are actors, not just tools for people. Conventional identity
access management (IAM) frameworks were not designed to handle the challenges
of IoT. Trying to use traditional IAM systems to reconcile heterogeneous
devices and complex federations of online services (e.g., IoT sensors and cloud
computing solutions) adds a cumbersome architectural layer that can become hard
to maintain and act as a single point of failure. In this paper, we propose
UniquID, a blockchain-based solution that overcomes the need for centralized
IAM architectures while providing scalability and robustness. We also present
the experimental results of a proof-of-concept UniquID enrolment network, and
we discuss two different use-cases that show the considerable value of a
blockchain-based IAM.Comment: 15 pages, 10 figure
- …