30 research outputs found
A NEW UNLINKABLE SECRET HANDSHAKES SCHEME BASED ON ZSS
Secret handshakes (SH) scheme is a key agreement protocol between two members of the same group. Under this scheme two members share a common key if and only if they both belong to the same group. If the protocol fails none of the parties involved get any idea about the group affiliation of the other. Moreover if the transcript of communication is available to a third party, she/he does not get any information about the group affiliation of communicating parties. The concept of SH was given by Balfanz in 2003 who also gave a practical SH scheme using pairing based cryptography. The protocol proposed by Balfanz uses one time credential to insure that handshake protocol performed by the same party cannot be linked. Xu and Yung proposed SH scheme that achieve unlinkability with reusable credentials. In this paper, a new unlinkable secret handshakes scheme is presented. Our scheme is constructed from the ZSS signature and inspired on an identity based authenticated key agreement protocol, proposed by McCullagh et al. In recently proposed work most of unlinkable secret handshake schemes have either design flaw or security flaw, we proved the security of proposed scheme by assuming the intractability of the bilinear inverse Diffie-Hellman and k-CAA problems
Introducing Accountability to Anonymity Networks
Many anonymous communication (AC) networks rely on routing traffic through
proxy nodes to obfuscate the originator of the traffic. Without an
accountability mechanism, exit proxy nodes risk sanctions by law enforcement if
users commit illegal actions through the AC network. We present BackRef, a
generic mechanism for AC networks that provides practical repudiation for the
proxy nodes by tracing back the selected outbound traffic to the predecessor
node (but not in the forward direction) through a cryptographically verifiable
chain. It also provides an option for full (or partial) traceability back to
the entry node or even to the corresponding user when all intermediate nodes
are cooperating. Moreover, to maintain a good balance between anonymity and
accountability, the protocol incorporates whitelist directories at exit proxy
nodes. BackRef offers improved deployability over the related work, and
introduces a novel concept of pseudonymous signatures that may be of
independent interest.
We exemplify the utility of BackRef by integrating it into the onion routing
(OR) protocol, and examine its deployability by considering several
system-level aspects. We also present the security definitions for the BackRef
system (namely, anonymity, backward traceability, no forward traceability, and
no false accusation) and conduct a formal security analysis of the OR protocol
with BackRef using ProVerif, an automated cryptographic protocol verifier,
establishing the aforementioned security properties against a strong
adversarial model
The Prom Problem: Fair and Privacy-Enhanced Matchmaking with Identity Linked Wishes
In the Prom Problem (TPP), Alice wishes to attend a school dance with Bob and needs a risk-free, privacy preserving way to find out whether Bob shares that same wish. If not, no one should know that she inquired about it, not even Bob. TPP represents a special class of matchmaking challenges, augmenting the properties of privacy-enhanced matchmaking, further requiring fairness and support for identity linked wishes (ILW) – wishes involving specific identities that are only valid if all involved parties have those same wishes.
The Horne-Nair (HN) protocol was proposed as a solution to TPP along with a sample pseudo-code embodiment leveraging an untrusted matchmaker. Neither identities nor pseudo-identities are included in any messages or stored in the matchmaker’s database. Privacy relevant data stay within user control. A security analysis and proof-of-concept implementation validated the approach, fairness was quantified, and a feasibility analysis demonstrated practicality in real-world networks and systems, thereby bounding risk prior to incurring the full costs of development.
The SecretMatch™ Prom app leverages one embodiment of the patented HN protocol to achieve privacy-enhanced and fair matchmaking with ILW. The endeavor led to practical lessons learned and recommendations for privacy engineering in an era of rapidly evolving privacy legislation. Next steps include design of SecretMatch™ apps for contexts like voting negotiations in legislative bodies and executive recruiting. The roadmap toward a quantum resistant SecretMatch™ began with design of a Hybrid Post-Quantum Horne-Nair (HPQHN) protocol. Future directions include enhancements to HPQHN, a fully Post Quantum HN protocol, and more
Oblivious Handshakes and Sharing of Secrets of Privacy-Preserving Matching and Authentication Protocols
The objective of this research is focused on two of the most important privacy-preserving techniques: privacy-preserving element matching protocols and privacy-preserving credential authentication protocols, where an element represents the information generated by users themselves and a credential represents a group membership assigned from an independent central authority (CA). The former is also known as private set intersection (PSI) protocol and the latter is also known as secret handshake (SH) protocol. In this dissertation, I present a general framework for design of efficient and secure PSI and SH protocols based on similar message exchange and computing procedures to confirm “commonality” of their exchanged information, while protecting the information from each other when the commonalty test fails. I propose to use the homomorphic randomization function (HRF) to meet the privacy-preserving requirements, i.e., common element/credential can be computed efficiently based on homomorphism of the function and uncommon element/credential are difficult to derive because of the randomization of the same function.
Based on the general framework two new PSI protocols with linear computing and communication cost are proposed. The first protocol uses full homomorphic randomization function as the cryptographic basis and the second one uses partial homomorphic randomization function. Both of them achieve element confidentiality and private set intersection. A new SH protocol is also designed based on the framework, which achieves unlinkability with a reusable pair of credential and pseudonym and least number of bilinear mapping operations. I also propose to interlock the proposed PSI protocols and SH protocol to design new protocols with new security properties. When a PSI protocol is executed first and the matched elements are associated with the credentials in a following SH protocol, authenticity is guaranteed on matched elements. When a SH protocol is executed first and the verified credentials is used in a following PSI protocol, detection resistance and impersonation attack resistance are guaranteed on matching elements.
The proposed PSI and SH protocols are implemented to provide privacy-preserving inquiry matching service (PPIM) for social networking applications and privacy-preserving correlation service (PAC) of network security alerts. PPIM allows online social consumers to find partners with matched inquiries and verified group memberships without exposing any information to unmatched parties. PAC allows independent network alert sources to find the common alerts without unveiling their local network information to each other
Oblivious Handshakes and Sharing of Secrets of Privacy-Preserving Matching and Authentication Protocols
The objective of this research is focused on two of the most important privacy-preserving techniques: privacy-preserving element matching protocols and privacy-preserving credential authentication protocols, where an element represents the information generated by users themselves and a credential represents a group membership assigned from an independent central authority (CA). The former is also known as private set intersection (PSI) protocol and the latter is also known as secret handshake (SH) protocol. In this dissertation, I present a general framework for design of efficient and secure PSI and SH protocols based on similar message exchange and computing procedures to confirm “commonality” of their exchanged information, while protecting the information from each other when the commonalty test fails. I propose to use the homomorphic randomization function (HRF) to meet the privacy-preserving requirements, i.e., common element/credential can be computed efficiently based on homomorphism of the function and uncommon element/credential are difficult to derive because of the randomization of the same function.
Based on the general framework two new PSI protocols with linear computing and communication cost are proposed. The first protocol uses full homomorphic randomization function as the cryptographic basis and the second one uses partial homomorphic randomization function. Both of them achieve element confidentiality and private set intersection. A new SH protocol is also designed based on the framework, which achieves unlinkability with a reusable pair of credential and pseudonym and least number of bilinear mapping operations. I also propose to interlock the proposed PSI protocols and SH protocol to design new protocols with new security properties. When a PSI protocol is executed first and the matched elements are associated with the credentials in a following SH protocol, authenticity is guaranteed on matched elements. When a SH protocol is executed first and the verified credentials is used in a following PSI protocol, detection resistance and impersonation attack resistance are guaranteed on matching elements.
The proposed PSI and SH protocols are implemented to provide privacy-preserving inquiry matching service (PPIM) for social networking applications and privacy-preserving correlation service (PAC) of network security alerts. PPIM allows online social consumers to find partners with matched inquiries and verified group memberships without exposing any information to unmatched parties. PAC allows independent network alert sources to find the common alerts without unveiling their local network information to each other
T0RTT: Non-Interactive Immediate Forward-Secret Single-Pass Circuit Construction
Maintaining privacy on the Internet with the presence of powerful adversaries such as nation-state attackers is a challenging topic, and the Tor project is currently the most important tool to protect against this threat. The circuit construction protocol (CCP) negotiates cryptographic keys for Tor circuits, which overlay TCP/IP by routing Tor cells over n onion routers. The current circuit construction protocol provides strong security guarantees such as forward secrecy by exchanging O(n^2) messages.
For several years it has been an open question if the same strong security guarantees could be achieved with less message overhead, which is desirable because of the inherent latency in overlay networks. Several publications described CCPs which require only O(n) message exchanges, but significantly reduce the security of the resulting Tor circuit. It was even conjectured that it is impossible to achieve both message complexity O(n) and forward secrecy immediately after circuit construction (so-called immediate forward secrecy).
Inspired by the latest advancements in zero round-trip time key exchange (0-RTT), we present a new CCP protocol Tor 0-RTT (T0RTT). Using modern cryptographic primitives such as puncturable encryption allow to achieve immediate forward secrecy using only O(n) messages. We implemented these new primitives to give a first indication of possible problems and how to overcome them in order to build practical CCPs with O(n) messages and immediate forward secrecy in the future
Anonymous, authentic, and accountable resource management based on the E-cash paradigm
The prevalence of digital information management in an open network has driven
the need to maintain balance between anonymity, authenticity and accountability (AAA).
Anonymity allows a principal to hide its identity from strangers before trust relationship
is established. Authenticity ensures the correct identity is engaged in the transaction even
though it is hidden. Accountability uncovers the hidden identity when misbehavior of the
principal is detected. The objective of this research is to develop an AAA management
framework for secure resource allocations. Most existing resource management schemes
are designed to manage one or two of the AAA attributes. How to provide high strength
protection to all attributes is an extremely challenging undertaking. Our study shows that
the electronic cash (E-cash) paradigm provides some important knowledge bases for this
purpose. Based on Chaum-Pederson’s general transferable E-cash model, we propose a
timed-zero-knowledge proof (TZKP) protocol, which greatly reduces storage spaces and
communication overheads for resource transfers, without compromising anonymity and
accountability. Based on Eng-Okamoto’s general divisible E-cash model, we propose a hypercube-based divisibility framework, which provides a sophisticated and flexible way
to partition a chunk of resources, with different trade-offs in anonymity protection and
computational costs, when it is integrated with different sub-cube allocation schemes.
Based on the E-cash based resource management framework, we propose a privacy
preserving service oriented architecture (SOA), which allows the service providers and
consumers to exchange services without leaking their sensitive data. Simulation results
show that the secure resource management framework is highly practical for missioncritical
applications in large scale distributed information systems
Ensuring Application Specific Security, Privacy and Performance Goals in RFID Systems
Radio Frequency IDentification (RFID) is an automatic identification technology that uses radio frequency to identify objects. Securing RFID systems and providing privacy in RFID applications has been the focus of much academic work lately. To ensure universal acceptance of RFID technology, security and privacy issued must be addressed into the design of any RFID application. Due to the constraints on memory, power, storage capacity, and amount of logic on RFID devices, traditional public key based strong security mechanisms are unsuitable for them. Usually, low cost general authentication protocols are used to secure RFID systems. However, the generic authentication protocols provide relatively low performance for different types of RFID applications. We identified that each RFID application has unique research challenges and different performance bottlenecks based on the characteristics of the system. One strategy is to devise security protocols such that application specific goals are met and system specific performance requirements are maximized.
This dissertation aims to address the problem of devising application specific security protocols for current and next generation RFID systems so that in each application area maximum performance can be achieved and system specific goals are met. In this dissertation, we propose four different authentication techniques for RFID technologies, providing solutions to the following research issues: 1) detecting counterfeit as well as ensuring low response time in large scale RFID systems, 2) preserving privacy and maintaining scalability in RFID based healthcare systems, 3) ensuring security and survivability of Computational RFID (CRFID) networks, and 4) detecting missing WISP tags efficiently to ensure reliability of CRFID based system\u27s decision. The techniques presented in this dissertation achieve good levels of privacy, provide security, scale to large systems, and can be implemented on resource-constrained RFID devices
(Un)Suitability of Anonymous Communication Systems to WSN
Abstract Anonymous communication systems have been extensively studied by the research community to prevent the disclosure of sensitive information from the analysis of individuals' traffic patterns. Many remarkable solutions have been developed in this area, most of which have proven to be effective in the protection of user privacy against different types of attacks. Recently, the privacy preservation problem has also been considered in the realm of wireless sensor networks (WSNs) due to their imminent adoption in real-world scenarios. A special challenge that arises from the analysis of the flow of sensor nodes' communications is the location privacy problem. In this work we concentrate on analyzing the suitability of traditional anonymous communication systems originally designed for the Internet to the original scenario of sensor networks. The results show that, in most cases, traditional solutions do not provide the adequate protection means for the particular problem of location privacy, while other solutions are too resource-consuming for the restricted capabilities of sensor nodes