4,905 research outputs found
Towards a Flexible Intra-Trustcenter Management Protocol
This paper proposes the Intra Trustcenter Protocol (ITP), a flexible and
secure management protocol for communication between arbitrary trustcenter
components. Unlike other existing protocols (like PKCS#7, CMP or XKMS) ITP
focuses on the communication within a trustcenter. It is powerful enough for
transferring complex messages which are machine and human readable and easy to
understand. In addition it includes an extension mechanism to be prepared for
future developments.Comment: 12 pages, 0 figures; in The Third International Workshop for Applied
PKI (IWAP2004
I2PA : An Efficient ABC for IoT
Internet of Things (IoT) is very attractive because of its promises. However,
it brings many challenges, mainly issues about privacy preserving and
lightweight cryptography. Many schemes have been designed so far but none of
them simultaneously takes into account these aspects. In this paper, we propose
an efficient ABC scheme for IoT devices. We use ECC without pairing, blind
signing and zero knowledge proof. Our scheme supports block signing, selective
disclosure and randomization. It provides data minimization and transactions'
unlinkability. Our construction is efficient since smaller key size can be used
and computing time can be reduced. As a result, it is a suitable solution for
IoT devices characterized by three major constraints namely low energy power,
small storage capacity and low computing power
On the efficiency of revocation in RSA-based anonymous systems
© 2016 IEEEThe problem of revocation in anonymous authentication systems is subtle and has motivated a lot of work. One of the preferable solutions consists in maintaining either a whitelist L-W of non-revoked users or a blacklist L-B of revoked users, and then requiring users to additionally prove, when authenticating themselves, that they are in L-W (membership proof) or that they are not in L-B (non-membership proof). Of course, these additional proofs must not break the anonymity properties of the system, so they must be zero-knowledge proofs, revealing nothing about the identity of the users. In this paper, we focus on the RSA-based setting, and we consider the case of non-membership proofs to blacklists L = L-B. The existing solutions for this setting rely on the use of universal dynamic accumulators; the underlying zero-knowledge proofs are bit complicated, and thus their efficiency; although being independent from the size of the blacklist L, seems to be improvable. Peng and Bao already tried to propose simpler and more efficient zero-knowledge proofs for this setting, but we prove in this paper that their protocol is not secure. We fix the problem by designing a new protocol, and formally proving its security properties. We then compare the efficiency of the new zero-knowledge non-membership protocol with that of the protocol, when they are integrated with anonymous authentication systems based on RSA (notably, the IBM product Idemix for anonymous credentials). We discuss for which values of the size k of the blacklist L, one protocol is preferable to the other one, and we propose different ways to combine and implement the two protocols.Postprint (author's final draft
Oblivion: Mitigating Privacy Leaks by Controlling the Discoverability of Online Information
Search engines are the prevalently used tools to collect information about
individuals on the Internet. Search results typically comprise a variety of
sources that contain personal information -- either intentionally released by
the person herself, or unintentionally leaked or published by third parties,
often with detrimental effects on the individual's privacy. To grant
individuals the ability to regain control over their disseminated personal
information, the European Court of Justice recently ruled that EU citizens have
a right to be forgotten in the sense that indexing systems, must offer them
technical means to request removal of links from search results that point to
sources violating their data protection rights. As of now, these technical
means consist of a web form that requires a user to manually identify all
relevant links upfront and to insert them into the web form, followed by a
manual evaluation by employees of the indexing system to assess if the request
is eligible and lawful.
We propose a universal framework Oblivion to support the automation of the
right to be forgotten in a scalable, provable and privacy-preserving manner.
First, Oblivion enables a user to automatically find and tag her disseminated
personal information using natural language processing and image recognition
techniques and file a request in a privacy-preserving manner. Second, Oblivion
provides indexing systems with an automated and provable eligibility mechanism,
asserting that the author of a request is indeed affected by an online
resource. The automated ligibility proof ensures censorship-resistance so that
only legitimately affected individuals can request the removal of corresponding
links from search results. We have conducted comprehensive evaluations, showing
that Oblivion is capable of handling 278 removal requests per second, and is
hence suitable for large-scale deployment
Smart Ticket Protection: An Architecture for Cyber-Protecting Physical Tickets Using Digitally Signed Random Pattern Markers
In order to counter forgeries of tickets for public transport or mass events,
a method to validate them, using printed unique random pattern markers was
developed. These markers themselves are unforgeable by their physically random
distribution. To assure their authenticity, however, they have to be
cryptographically protected and equipped with an environment for successful
validation, combining physical and cyber security protection. This paper
describes an architecture for cryptographically protecting these markers, which
are stored in Aztec codes on physical tickets, in order to assure that only an
authorized printer can generate a valid Aztec code of such a pattern, thus
providing forge protection in combination with the randomness and uniqueness of
the pattern. Nevertheless, the choice of the signature algorithm is heavily
constrained by the sizes of the pattern, ticket provider data, metadata and the
signature confronted by the data volume the code hold. Therefore, this paper
also defines an example for a signature layout for the proposed architecture.
This allows for a lightweight ticket validation system that is both physically
and cryptographically secured to form a smart solution for mass access
verification for both shorter to longer periods at relatively low cost.Comment: 4 pages, 2 figure
LPKI - A Lightweight Public Key Infrastructure for the Mobile Environments
The non-repudiation as an essential requirement of many applications can be
provided by the asymmetric key model. With the evolution of new applications
such as mobile commerce, it is essential to provide secure and efficient
solutions for the mobile environments. The traditional public key cryptography
involves huge computational costs and is not so suitable for the
resource-constrained platforms. The elliptic curve-based approaches as the
newer solutions require certain considerations that are not taken into account
in the traditional public key infrastructures. The main contribution of this
paper is to introduce a Lightweight Public Key Infrastructure (LPKI) for the
constrained platforms such as mobile phones. It takes advantages of elliptic
curve cryptography and signcryption to decrease the computational costs and
communication overheads, and adapting to the constraints. All the computational
costs of required validations can be eliminated from end-entities by
introduction of a validation authority to the introduced infrastructure and
delegating validations to such a component. LPKI is so suitable for mobile
environments and for applications such as mobile commerce where the security is
the great concern.Comment: 6 Pages, 6 Figure
- …