A NEW UNLINKABLE SECRET HANDSHAKES SCHEME BASED ON ZSS

Secret handshakes (SH) scheme is a key agreement protocol between two members of the same group. Under this scheme two members share a common key if and only if they both belong to the same group. If the protocol fails none of the parties involved get any idea about the group affiliation of the other. Moreover if the transcript of communication is available to a third party, she/he does not get any information about the group affiliation of communicating parties. The concept of SH was given by Balfanz in 2003 who also gave a practical SH scheme using pairing based cryptography. The protocol proposed by Balfanz uses one time credential to insure that handshake protocol performed by the same party cannot be linked. Xu and Yung proposed SH scheme that achieve unlinkability with reusable credentials. In this paper, a new unlinkable secret handshakes scheme is presented. Our scheme is constructed from the ZSS signature and inspired on an identity based authenticated key agreement protocol, proposed by McCullagh et al. In recently proposed work most of unlinkable secret handshake schemes have either design flaw or security flaw, we proved the security of proposed scheme by assuming the intractability of the bilinear inverse Diffie-Hellman and k-CAA problems

Introducing Accountability to Anonymity Networks

Many anonymous communication (AC) networks rely on routing traffic through proxy nodes to obfuscate the originator of the traffic. Without an accountability mechanism, exit proxy nodes risk sanctions by law enforcement if users commit illegal actions through the AC network. We present BackRef, a generic mechanism for AC networks that provides practical repudiation for the proxy nodes by tracing back the selected outbound traffic to the predecessor node (but not in the forward direction) through a cryptographically verifiable chain. It also provides an option for full (or partial) traceability back to the entry node or even to the corresponding user when all intermediate nodes are cooperating. Moreover, to maintain a good balance between anonymity and accountability, the protocol incorporates whitelist directories at exit proxy nodes. BackRef offers improved deployability over the related work, and introduces a novel concept of pseudonymous signatures that may be of independent interest. We exemplify the utility of BackRef by integrating it into the onion routing (OR) protocol, and examine its deployability by considering several system-level aspects. We also present the security definitions for the BackRef system (namely, anonymity, backward traceability, no forward traceability, and no false accusation) and conduct a formal security analysis of the OR protocol with BackRef using ProVerif, an automated cryptographic protocol verifier, establishing the aforementioned security properties against a strong adversarial model

The Prom Problem: Fair and Privacy-Enhanced Matchmaking with Identity Linked Wishes

In the Prom Problem (TPP), Alice wishes to attend a school dance with Bob and needs a risk-free, privacy preserving way to find out whether Bob shares that same wish. If not, no one should know that she inquired about it, not even Bob. TPP represents a special class of matchmaking challenges, augmenting the properties of privacy-enhanced matchmaking, further requiring fairness and support for identity linked wishes (ILW) – wishes involving specific identities that are only valid if all involved parties have those same wishes. The Horne-Nair (HN) protocol was proposed as a solution to TPP along with a sample pseudo-code embodiment leveraging an untrusted matchmaker. Neither identities nor pseudo-identities are included in any messages or stored in the matchmaker’s database. Privacy relevant data stay within user control. A security analysis and proof-of-concept implementation validated the approach, fairness was quantified, and a feasibility analysis demonstrated practicality in real-world networks and systems, thereby bounding risk prior to incurring the full costs of development. The SecretMatch™ Prom app leverages one embodiment of the patented HN protocol to achieve privacy-enhanced and fair matchmaking with ILW. The endeavor led to practical lessons learned and recommendations for privacy engineering in an era of rapidly evolving privacy legislation. Next steps include design of SecretMatch™ apps for contexts like voting negotiations in legislative bodies and executive recruiting. The roadmap toward a quantum resistant SecretMatch™ began with design of a Hybrid Post-Quantum Horne-Nair (HPQHN) protocol. Future directions include enhancements to HPQHN, a fully Post Quantum HN protocol, and more

Oblivious Handshakes and Sharing of Secrets of Privacy-Preserving Matching and Authentication Protocols

The objective of this research is focused on two of the most important privacy-preserving techniques: privacy-preserving element matching protocols and privacy-preserving credential authentication protocols, where an element represents the information generated by users themselves and a credential represents a group membership assigned from an independent central authority (CA). The former is also known as private set intersection (PSI) protocol and the latter is also known as secret handshake (SH) protocol. In this dissertation, I present a general framework for design of efficient and secure PSI and SH protocols based on similar message exchange and computing procedures to confirm “commonality” of their exchanged information, while protecting the information from each other when the commonalty test fails. I propose to use the homomorphic randomization function (HRF) to meet the privacy-preserving requirements, i.e., common element/credential can be computed efficiently based on homomorphism of the function and uncommon element/credential are difficult to derive because of the randomization of the same function. Based on the general framework two new PSI protocols with linear computing and communication cost are proposed. The first protocol uses full homomorphic randomization function as the cryptographic basis and the second one uses partial homomorphic randomization function. Both of them achieve element confidentiality and private set intersection. A new SH protocol is also designed based on the framework, which achieves unlinkability with a reusable pair of credential and pseudonym and least number of bilinear mapping operations. I also propose to interlock the proposed PSI protocols and SH protocol to design new protocols with new security properties. When a PSI protocol is executed first and the matched elements are associated with the credentials in a following SH protocol, authenticity is guaranteed on matched elements. When a SH protocol is executed first and the verified credentials is used in a following PSI protocol, detection resistance and impersonation attack resistance are guaranteed on matching elements. The proposed PSI and SH protocols are implemented to provide privacy-preserving inquiry matching service (PPIM) for social networking applications and privacy-preserving correlation service (PAC) of network security alerts. PPIM allows online social consumers to find partners with matched inquiries and verified group memberships without exposing any information to unmatched parties. PAC allows independent network alert sources to find the common alerts without unveiling their local network information to each other

Oblivious Handshakes and Sharing of Secrets of Privacy-Preserving Matching and Authentication Protocols

The objective of this research is focused on two of the most important privacy-preserving techniques: privacy-preserving element matching protocols and privacy-preserving credential authentication protocols, where an element represents the information generated by users themselves and a credential represents a group membership assigned from an independent central authority (CA). The former is also known as private set intersection (PSI) protocol and the latter is also known as secret handshake (SH) protocol. In this dissertation, I present a general framework for design of efficient and secure PSI and SH protocols based on similar message exchange and computing procedures to confirm “commonality” of their exchanged information, while protecting the information from each other when the commonalty test fails. I propose to use the homomorphic randomization function (HRF) to meet the privacy-preserving requirements, i.e., common element/credential can be computed efficiently based on homomorphism of the function and uncommon element/credential are difficult to derive because of the randomization of the same function. Based on the general framework two new PSI protocols with linear computing and communication cost are proposed. The first protocol uses full homomorphic randomization function as the cryptographic basis and the second one uses partial homomorphic randomization function. Both of them achieve element confidentiality and private set intersection. A new SH protocol is also designed based on the framework, which achieves unlinkability with a reusable pair of credential and pseudonym and least number of bilinear mapping operations. I also propose to interlock the proposed PSI protocols and SH protocol to design new protocols with new security properties. When a PSI protocol is executed first and the matched elements are associated with the credentials in a following SH protocol, authenticity is guaranteed on matched elements. When a SH protocol is executed first and the verified credentials is used in a following PSI protocol, detection resistance and impersonation attack resistance are guaranteed on matching elements. The proposed PSI and SH protocols are implemented to provide privacy-preserving inquiry matching service (PPIM) for social networking applications and privacy-preserving correlation service (PAC) of network security alerts. PPIM allows online social consumers to find partners with matched inquiries and verified group memberships without exposing any information to unmatched parties. PAC allows independent network alert sources to find the common alerts without unveiling their local network information to each other

T0RTT: Non-Interactive Immediate Forward-Secret Single-Pass Circuit Construction

Maintaining privacy on the Internet with the presence of powerful adversaries such as nation-state attackers is a challenging topic, and the Tor project is currently the most important tool to protect against this threat. The circuit construction protocol (CCP) negotiates cryptographic keys for Tor circuits, which overlay TCP/IP by routing Tor cells over n onion routers. The current circuit construction protocol provides strong security guarantees such as forward secrecy by exchanging O(n^2) messages. For several years it has been an open question if the same strong security guarantees could be achieved with less message overhead, which is desirable because of the inherent latency in overlay networks. Several publications described CCPs which require only O(n) message exchanges, but significantly reduce the security of the resulting Tor circuit. It was even conjectured that it is impossible to achieve both message complexity O(n) and forward secrecy immediately after circuit construction (so-called immediate forward secrecy). Inspired by the latest advancements in zero round-trip time key exchange (0-RTT), we present a new CCP protocol Tor 0-RTT (T0RTT). Using modern cryptographic primitives such as puncturable encryption allow to achieve immediate forward secrecy using only O(n) messages. We implemented these new primitives to give a first indication of possible problems and how to overcome them in order to build practical CCPs with O(n) messages and immediate forward secrecy in the future

Anonymous, authentic, and accountable resource management based on the E-cash paradigm

The prevalence of digital information management in an open network has driven the need to maintain balance between anonymity, authenticity and accountability (AAA). Anonymity allows a principal to hide its identity from strangers before trust relationship is established. Authenticity ensures the correct identity is engaged in the transaction even though it is hidden. Accountability uncovers the hidden identity when misbehavior of the principal is detected. The objective of this research is to develop an AAA management framework for secure resource allocations. Most existing resource management schemes are designed to manage one or two of the AAA attributes. How to provide high strength protection to all attributes is an extremely challenging undertaking. Our study shows that the electronic cash (E-cash) paradigm provides some important knowledge bases for this purpose. Based on Chaum-Pederson’s general transferable E-cash model, we propose a timed-zero-knowledge proof (TZKP) protocol, which greatly reduces storage spaces and communication overheads for resource transfers, without compromising anonymity and accountability. Based on Eng-Okamoto’s general divisible E-cash model, we propose a hypercube-based divisibility framework, which provides a sophisticated and flexible way to partition a chunk of resources, with different trade-offs in anonymity protection and computational costs, when it is integrated with different sub-cube allocation schemes. Based on the E-cash based resource management framework, we propose a privacy preserving service oriented architecture (SOA), which allows the service providers and consumers to exchange services without leaking their sensitive data. Simulation results show that the secure resource management framework is highly practical for missioncritical applications in large scale distributed information systems

Ensuring Application Specific Security, Privacy and Performance Goals in RFID Systems

Radio Frequency IDentification (RFID) is an automatic identification technology that uses radio frequency to identify objects. Securing RFID systems and providing privacy in RFID applications has been the focus of much academic work lately. To ensure universal acceptance of RFID technology, security and privacy issued must be addressed into the design of any RFID application. Due to the constraints on memory, power, storage capacity, and amount of logic on RFID devices, traditional public key based strong security mechanisms are unsuitable for them. Usually, low cost general authentication protocols are used to secure RFID systems. However, the generic authentication protocols provide relatively low performance for different types of RFID applications. We identified that each RFID application has unique research challenges and different performance bottlenecks based on the characteristics of the system. One strategy is to devise security protocols such that application specific goals are met and system specific performance requirements are maximized. This dissertation aims to address the problem of devising application specific security protocols for current and next generation RFID systems so that in each application area maximum performance can be achieved and system specific goals are met. In this dissertation, we propose four different authentication techniques for RFID technologies, providing solutions to the following research issues: 1) detecting counterfeit as well as ensuring low response time in large scale RFID systems, 2) preserving privacy and maintaining scalability in RFID based healthcare systems, 3) ensuring security and survivability of Computational RFID (CRFID) networks, and 4) detecting missing WISP tags efficiently to ensure reliability of CRFID based system\u27s decision. The techniques presented in this dissertation achieve good levels of privacy, provide security, scale to large systems, and can be implemented on resource-constrained RFID devices

(Un)Suitability of Anonymous Communication Systems to WSN

Abstract Anonymous communication systems have been extensively studied by the research community to prevent the disclosure of sensitive information from the analysis of individuals' traffic patterns. Many remarkable solutions have been developed in this area, most of which have proven to be effective in the protection of user privacy against different types of attacks. Recently, the privacy preservation problem has also been considered in the realm of wireless sensor networks (WSNs) due to their imminent adoption in real-world scenarios. A special challenge that arises from the analysis of the flow of sensor nodes' communications is the location privacy problem. In this work we concentrate on analyzing the suitability of traditional anonymous communication systems originally designed for the Internet to the original scenario of sensor networks. The results show that, in most cases, traditional solutions do not provide the adequate protection means for the particular problem of location privacy, while other solutions are too resource-consuming for the restricted capabilities of sensor nodes