Privacy Preserving Cryptographic Protocols for Secure Heterogeneous Networks

Disertační práce se zabývá kryptografickými protokoly poskytující ochranu soukromí, které jsou určeny pro zabezpečení komunikačních a informačních systémů tvořících heterogenní sítě. Práce se zaměřuje především na možnosti využití nekonvenčních kryptografických prostředků, které poskytují rozšířené bezpečnostní požadavky, jako je například ochrana soukromí uživatelů komunikačního systému. V práci je stanovena výpočetní náročnost kryptografických a matematických primitiv na různých zařízeních, které se podílí na zabezpečení heterogenní sítě. Hlavní cíle práce se zaměřují na návrh pokročilých kryptografických protokolů poskytujících ochranu soukromí. V práci jsou navrženy celkově tři protokoly, které využívají skupinových podpisů založených na bilineárním párování pro zajištění ochrany soukromí uživatelů. Tyto navržené protokoly zajišťují ochranu soukromí a nepopiratelnost po celou dobu datové komunikace spolu s autentizací a integritou přenášených zpráv. Pro navýšení výkonnosti navržených protokolů je využito optimalizačních technik, např. dávkového ověřování, tak aby protokoly byly praktické i pro heterogenní sítě.The dissertation thesis deals with privacy-preserving cryptographic protocols for secure communication and information systems forming heterogeneous networks. The thesis focuses on the possibilities of using non-conventional cryptographic primitives that provide enhanced security features, such as the protection of user privacy in communication systems. In the dissertation, the performance of cryptographic and mathematic primitives on various devices that participate in the security of heterogeneous networks is evaluated. The main objectives of the thesis focus on the design of advanced privacy-preserving cryptographic protocols. There are three designed protocols which use pairing-based group signatures to ensure user privacy. These proposals ensure the protection of user privacy together with the authentication, integrity and non-repudiation of transmitted messages during communication. The protocols employ the optimization techniques such as batch verification to increase their performance and become more practical in heterogeneous networks.

Privacy-preserving security solution for cloud services

AbstractWe propose a novel privacy-preserving security solution for cloud services. Our solution is based on an efficient non-bilinear group signature scheme providing the anonymous access to cloud services and shared storage servers. The novel solution offers anonymous authenticationfor registered users. Thus, users' personal attributes (age, valid registration, successful payment) can be proven without revealing users' identity, and users can use cloud services without any threat of profiling their behavior. However, if a user breaks provider's rules, his access right is revoked. Our solution provides anonymous access, unlinkability and the confidentiality of transmitted data. We implement our solution as a proof of concept applicationand present the experimental results. Further, we analyzecurrent privacy preserving solutions for cloud services and group signature schemes as basic parts of privacy enhancing solutions in cloud services. We compare the performance of our solution with the related solutionsand schemes

Road-to-Vehicle Communications with Time-Dependent Anonymity: A Light Weight Construction and its Experimental Results

This paper describes techniques that enable vehicles to collect local information (such as road conditions and traffic information) and report it via road-to-vehicle communications. To exclude malicious data, the collected information is signed by each vehicle. In this communications system, the location privacy of vehicles must be maintained. However, simultaneously linkable information (such as travel routes) is also important. That is, no such linkable information can be collected when full anonymity is guaranteed using cryptographic tools such as group signatures. Similarly, continuous linkability (via pseudonyms, for example) may also cause problem from the viewpoint of privacy. In this paper, we propose a road-to-vehicle communication system with relaxed anonymity via group signatures with time-token dependent linking (GS-TDL). Briefly, a vehicle is unlinkable unless it generates multiple signatures in the same time period. We provide our experimental results (using the RELIC library on a cheap and constrained computational power device, Raspberry Pi), and simulate our system by using a traffic simulator (PTV), a radio wave propagation analysis tool (RapLab), and a network simulator (QualNet). Though a similar functionality of time-token dependent linking was proposed by Wu, Domingo-Ferrer and Gonzälez-Nicoläs (IEEE T. Vehicular Technology 2010), we can show an attack against the scheme where anyone can forge a valid group signature without using a secret key. In contrast, our GS-TDL scheme is provably secure. In addition to the time-dependent linking property, our GS-TDL scheme supports verifier-local revocation (VLR), where a signer (vehicle) is not involved in the revocation procedure. It is particularly worth noting that no secret key or certificate of a signer (vehicle) must be updated whereas the security credential management system (SCMS) must update certificates frequently for vehicle privacy. Moreover, our technique maintains constant signing and verification costs by using the linkable part of signatures. This might be of independent interest

Location Privacy in VANETs: Improved Chaff-Based CMIX and Privacy-Preserving End-to-End Communication

VANETs communication systems are technologies and defined policies that can be formed to enable ITS applications to provide road traffic efficacy, warning about such issues as environmental dangers, journey circumstances, and in the provision of infotainment that considerably enhance transportation safety and quality. The entities in VANETs, generally vehicles, form part of a massive network known as the Internet of Vehicles (IoV). The deployment of large-scale VANETs systems is impossible without ensuring that such systems are themselves are safe and secure, protecting the privacy of their users. There is a risk that cars might be hacked, or their sensors become defective, causing inaccurate information to be sent across the network. Consequently, the activities and credentials of participating vehicles should be held responsible and quickly broadcast throughout a vast VANETs, considering the accountability in the system. The openness of wireless communication means that an observer can eavesdrop on vehicular communication and gain access or otherwise deduce users' sensitive information, and perhaps profile vehicles based on numerous factors such as tracing their travels and the identification of their home/work locations. In order to protect the system from malicious or compromised entities, as well as to preserve user privacy, the goal is to achieve communication security, i.e., keep users' identities hidden from both the outside world and the security infrastructure and service providers. Being held accountable while still maintaining one's privacy is a difficult balancing act. This thesis explores novel solution paths to the above challenges by investigating the impact of low-density messaging to improve the security of vehicle communications and accomplish unlinkability in VANETs. This is achieved by proposing an improved chaff-based CMIX protocol that uses fake messages to increase density to mitigate tracking in this scenario. Recently, Christian \etall \cite{vaas2018nowhere} proposed a Chaff-based CMIX scheme that sends fake messages under the presumption low-density conditions to enhance vehicle privacy and confuse attackers. To accomplish full unlinkability, we first show the following security and privacy vulnerabilities in the Christian \etall scheme: linkability attacks outside the CMIX may occur due to deterministic data-sharing during the authentication phase (e.g., duplicate certificates for each communication). Adversaries may inject fake certificates, which breaks Cuckoo Filters' (CFs) updates authenticity, and the injection may be deniable. CMIX symmetric key leakage outside the coverage may occur. We propose a VPKI-based protocol to mitigate these issues. First, we use a modified version of Wang \etall's \cite{wang2019practical} scheme to provide mutual authentication without revealing the real identity. To this end, a vehicle's messages are signed with a different pseudo-identity “certificate”. Furthermore, the density is increased via the sending of fake messages during low traffic periods to provide unlinkability outside the mix-zone. Second, unlike Christian \etall's scheme, we use the Adaptive Cuckoo Filter (ACF) instead of CF to overcome the effects of false positives on the whole filter. Moreover, to prevent any alteration of the ACFs, only RUSs distribute the updates, and they sign the new fingerprints. Third, mutual authentication prevents any leakage from the mix zones' symmetric keys by generating a fresh one for each communication through a Diffie–Hellman key exchange. As a second main contribution of this thesis, we focus on the V2V communication without the interference of a Trusted Third Party (TTP)s in case this has been corrupted, destroyed, or is out of range. This thesis presents a new and efficient end-to-end anonymous key exchange protocol based on Yang \etall's \cite{yang2015self} self-blindable signatures. In our protocol, vehicles first privately blind their own private certificates for each communication outside the mix-zone and then compute an anonymous shared key based on zero-knowledge proof of knowledge (PoK). The efficiency comes from the fact that once the signatures are verified, the ephemeral values in the PoK are also used to compute a shared key through an authenticated Diffie-Hellman key exchange protocol. Therefore, the protocol does not require any further external information to generate a shared key. Our protocol also does not require interfacing with the Roadside Units or Certificate Authorities, and hence can be securely run outside the mixed-zones. We demonstrate the security of our protocol in ideal/real simulation paradigms. Hence, our protocol achieves secure authentication, forward unlinkability, and accountability. Furthermore, the performance analysis shows that our protocol is more efficient in terms of computational and communications overheads compared to existing schemes.Kuwait Cultural Offic

Nymbler: Privacy-enhanced Protection from Abuses of Anonymity

Anonymous communications networks help to solve the real and important problem of enabling users to communicate privately over the Internet. However, by doing so, they also introduce an entirely new problem: How can service providers on the Internet---such as websites, IRC networks and mail servers---allow anonymous access while protecting themselves against abuse by misbehaving anonymous users? Recent research efforts have focused on using anonymous blacklisting systems (also known as anonymous revocation systems) to solve this problem. As opposed to revocable anonymity systems, which enable some trusted third party to deanonymize users, anonymous blacklisting systems provide a way for users to authenticate anonymously with a service provider, while enabling the service provider to revoke access from individual misbehaving anonymous users without revealing their identities. The literature contains several anonymous blacklisting systems, many of which are impractical for real-world deployment. In 2006, however, Tsang et al. proposed Nymble, which solves the anonymous blacklisting problem very efficiently using trusted third parties. Nymble has inspired a number of subsequent anonymous blacklisting systems. Some of these use fundamentally different approaches to accomplish what Nymble does without using third parties at all; so far, these proposals have all suffered from serious performance and scalability problems. Other systems build on the Nymble framework to reduce Nymble's trust assumptions while maintaining its highly efficient design. The primary contribution of this thesis is a new anonymous blacklisting system built on the Nymble framework---a nimbler version of Nymble---called Nymbler. We propose several enhancements to the Nymble framework that facilitate the construction of a scheme that minimizes trust in third parties. We then propose a new set of security and privacy properties that anonymous blacklisting systems should possess to protect: 1) users' privacy against malicious service providers and third parties (including other malicious users), and 2) service providers against abuse by malicious users. We also propose a set of performance requirements that anonymous blacklisting systems should meet to maximize their potential for real-world adoption, and formally define some optional features in the anonymous blacklisting systems literature. We then present Nymbler, which improves on existing Nymble-like systems by reducing the level of trust placed in third parties, while simultaneously providing stronger privacy guarantees and some new functionality. It avoids dependence on trusted hardware and unreasonable assumptions about non-collusion between trusted third parties. We have implemented all key components of Nymbler, and our measurements indicate that the system is highly practical. Our system solves several open problems in the anonymous blacklisting systems literature, and makes use of some new cryptographic constructions that are likely to be of independent theoretical interest

Revocable Hierarchical Attribute-based Signatures from Lattices

Attribute-based Signatures (ABS) allow users to obtain attributes from issuing authorities, and sign messages whilst simultaneously proving compliance of their attributes with a verification policy. ABS demands that both the signer and the set of attributes used to satisfy a policy remain hidden to the verifier. Hierarchical ABS (HABS) supporting roots of trust and delegation were recently proposed to alleviate scalability issues in centralised ABS schemes. An important yet challenging property for privacy-preserving ABS is revocation, which may be applied to signers or some of the attributes they possess. Existing ABS schemes lack efficient revocation of either signers or their attributes, relying on generic costly proofs.Moreover, in HABS there is a further need to support revocation of authorities on the delegation paths, which is not provided by existing HABS constructions. This paper proposes a direct HABS scheme with a Verifier-Local Revocation (VLR) property. We extend the original HABS security model to address revocation and develop a new attribute delegation technique with appropriate VLR mechanism for HABS, which also implies the first ABS scheme to support VLR. Moreover, our scheme supports inner-product signing policies, offering a wider class of attribute relations than previous HABS schemes, and is the first to be based on lattices, which are thought to offer post-quantum security

Security, privacy and trust in wireless mesh networks

With the advent of public key cryptography, digital signature schemes have been extensively studied in order to minimize the signature sizes and to accelerate their execution while providing necessary security properties. Due to the privacy concerns pertaining to the usage of digital signatures in authentication schemes, privacy-preserving signature schemes, which provide anonymity of the signer, have attracted substantial interest in research community. Group signature algorithms, where a group member is able to sign on behalf of the group anonymously, play an important role in many privacy-preserving authentication/ identification schemes. On the other hand, a safeguard is needed to hold users accountable for malicious behavior. To this end, a designated opening/revocation manager is introduced to open a given anonymous signature to reveal the identity of the user. If the identified user is indeed responsible for malicious activities, then s/he can also be revoked by the same entity. A related scheme named direct anonymous attestation is proposed for attesting the legitimacy of a trusted computing platform while maintaining its privacy. This dissertation studies the group signature and direct anonymous attestation schemes and their application to wireless mesh networks comprising resource-constrained embedded devices that are required to communicate securely and be authenticated anonymously, while malicious behavior needs to be traced to its origin. Privacy-aware devices that anonymously connect to wireless mesh networks also need to secure their communication via efficient symmetric key cryptography, as well. In this dissertation, we propose an efficient, anonymous and accountable mutual authentication and key agreement protocol applicable to wireless mesh networks. The proposed scheme can easily be adapted to other wireless networks. The proposed scheme is implemented and simulated using cryptographic libraries and simulators that are widely deployed in academic circles. The implementation and simulation results demonstrate that the proposed scheme is effective, efficient and feasible in the context of hybrid wireless mesh networks, where users can also act as relaying agents. The primary contribution of this thesis is a novel privacy-preserving anonymous authentication scheme consisting of a set of protocols designed to reconcile user privacy and accountability in an efficient and scalable manner in the same framework. The three-party join protocol, where a user can connect anonymously to the wireless mesh network with the help of two semi-trusted parties (comprising the network operator and a third party), is efficient and easily applicable in wireless networks settings. Furthermore, two other protocols, namely two-party identification and revocation protocols enable the network operator, with the help of the semi-trusted third party, to trace suspected malicious behavior back to its origins and revoke users when necessary. The last two protocols can only be executed when the two semi-trusted parties cooperate to provide accountability. Therefore, the scheme is protected against an omni-present authority (e.g. network operator) violating the privacy of network users at will. We also provide arguments and discussions for security and privacy of the proposed scheme

Research on security and privacy in vehicular ad hoc networks

Los sistemas de redes ad hoc vehiculares (VANET) tienen como objetivo proporcionar una plataforma para diversas aplicaciones que pueden mejorar la seguridad vial, la eficiencia del tráfico, la asistencia a la conducción, la regulación del transporte, etc. o que pueden proveer de una mejor información y entretenimiento a los usuarios de los vehículos. Actualmente se está llevando a cabo un gran esfuerzo industrial y de investigación para desarrollar un mercado que se estima alcance en un futuro varios miles de millones de euros. Mientras que los enormes beneficios que se esperan de las comunicaciones vehiculares y el gran número de vehículos son los puntos fuertes de las VANET, su principal debilidad es la vulnerabilidad a los ataques contra la seguridad y la privacidad.En esta tesis proponemos cuatro protocolos para conseguir comunicaciones seguras entre vehículos. En nuestra primera propuesta empleamos a todas las unidades en carretera (RSU) para mantener y gestionar un grupo en tiempo real dentro de su rango de comunicación. Los vehículos que entren al grupo de forma anónima pueden emitir mensajes vehículo a vehículo (V2V) que inmediatamente pueden ser verificados por los vehículos del mismo grupo (y grupos de vecinos). Sin embargo, en la primera fase del despliegue de este sistema las RSU pueden no estar bien distribuídas. Consecuentemente, se propone un conjunto de mecanismos para hacer frente a la seguridad, privacidad y los requisitos de gestión de una VANET a gran escala sin la suposición de que las RSU estén densamente distribuidas. La tercera propuesta se centra principalmente en la compresión de las evidencias criptográficas que nos permitirán demostrar, por ejemplo, quien era el culpable en caso de accidente. Por último, investigamos los requisitos de seguridad de los sistemas basados en localización (LBS) sobre VANETs y proponemos un nuevo esquema para la preservación de la privacidad de la localización en estos sistemas sobre dichas redes.Vehicular ad hoc network (VANET) systems aim at providing a platform for various applications that can improve traffic safety and efficiency, driver assistance, transportation regulation, infotainment, etc. There is substantial research and industrial effort to develop this market. It is estimated that the market for vehicular communications will reach several billion euros. While the tremendous benefits expected from vehicular communications and the huge number of vehicles are strong points of VANETs, their weakness is vulnerability to attacks against security and privacy.In this thesis, we propose four protocols for secure vehicle communications. In our first proposal, we employ each road-side unit (RSU) to maintain and manage an on-the-fly group within its communication range. Vehicles entering the group can anonymously broadcast vehicle-to-vehicle (V2V) messages, which can be instantly verified by the vehicles in the same group (and neighbor groups). However, at the early stage of VANET deployment, the RSUs may not be well distributed. We then propose a set of mechanisms to address the security, privacy, and management requirements of a large-scale VANET without the assumption of densely distributed RSUs. The third proposal is mainly focused on compressing cryptographic witnesses in VANETs. Finally, we investigate the security requirements of LBS in VANETs and propose a new privacy-preserving LBS scheme for those networks

Accountable infrastructure and its impact on internet security and privacy

The Internet infrastructure relies on the correct functioning of the basic underlying protocols, which were designed for functionality. Security and privacy have been added post hoc, mostly by applying cryptographic means to different layers of communication. In the absence of accountability, as a fundamental property, the Internet infrastructure does not have a built-in ability to associate an action with the responsible entity, neither to detect or prevent misbehavior. In this thesis, we study accountability from a few different perspectives. First, we study the need of having accountability in anonymous communication networks as a mechanism that provides repudiation for the proxy nodes by tracing back selected outbound traffic in a provable manner. Second, we design a framework that provides a foundation to support the enforcement of the right to be forgotten law in a scalable and automated manner. The framework provides a technical mean for the users to prove their eligibility for content removal from the search results. Third, we analyze the Internet infrastructure determining potential security risks and threats imposed by dependencies among the entities on the Internet. Finally, we evaluate the feasibility of using hop count filtering as a mechanism for mitigating Distributed Reflective Denial-of-Service attacks, and conceptually show that it cannot work to prevent these attacks.Die Internet-Infrastrutur stützt sich auf die korrekte Ausführung zugrundeliegender Protokolle, welche mit Fokus auf Funktionalität entwickelt wurden. Sicherheit und Datenschutz wurden nachträglich hinzugefügt, hauptsächlich durch die Anwendung kryptografischer Methoden in verschiedenen Schichten des Protokollstacks. Fehlende Zurechenbarkeit, eine fundamentale Eigenschaft Handlungen mit deren Verantwortlichen in Verbindung zu bringen, verhindert jedoch, Fehlverhalten zu erkennen und zu unterbinden. Diese Dissertation betrachtet die Zurechenbarkeit im Internet aus verschiedenen Blickwinkeln. Zuerst untersuchen wir die Notwendigkeit für Zurechenbarkeit in anonymisierten Kommunikationsnetzen um es Proxyknoten zu erlauben Fehlverhalten beweisbar auf den eigentlichen Verursacher zurückzuverfolgen. Zweitens entwerfen wir ein Framework, das die skalierbare und automatisierte Umsetzung des Rechts auf Vergessenwerden unterstützt. Unser Framework bietet Benutzern die technische Möglichkeit, ihre Berechtigung für die Entfernung von Suchergebnissen nachzuweisen. Drittens analysieren wir die Internet-Infrastruktur, um mögliche Sicherheitsrisiken und Bedrohungen aufgrund von Abhängigkeiten zwischen den verschiedenen beteiligten Entitäten zu bestimmen. Letztlich evaluieren wir die Umsetzbarkeit von Hop Count Filtering als ein Instrument DRDoS Angriffe abzuschwächen und wir zeigen, dass dieses Instrument diese Art der Angriffe konzeptionell nicht verhindern kann