I2PA, U-prove, and Idemix: An Evaluation of Memory Usage and Computing Time Efficiency in an IoT Context

The Internet of Things (IoT), in spite of its innumerable advantages, brings many challenges namely issues about users' privacy preservation and constraints about lightweight cryptography. Lightweight cryptography is of capital importance since IoT devices are qualified to be resource-constrained. To address these challenges, several Attribute-Based Credentials (ABC) schemes have been designed including I2PA, U-prove, and Idemix. Even though these schemes have very strong cryptographic bases, their performance in resource-constrained devices is a question that deserves special attention. This paper aims to conduct a performance evaluation of these schemes on issuance and verification protocols regarding memory usage and computing time. Recorded results show that both I2PA and U-prove present very interesting results regarding memory usage and computing time while Idemix presents very low performance with regard to computing time

Privacy-Preserving Trust Management Mechanisms from Private Matching Schemes

Cryptographic primitives are essential for constructing privacy-preserving communication mechanisms. There are situations in which two parties that do not know each other need to exchange sensitive information on the Internet. Trust management mechanisms make use of digital credentials and certificates in order to establish trust among these strangers. We address the problem of choosing which credentials are exchanged. During this process, each party should learn no information about the preferences of the other party other than strictly required for trust establishment. We present a method to reach an agreement on the credentials to be exchanged that preserves the privacy of the parties. Our method is based on secure two-party computation protocols for set intersection. Namely, it is constructed from private matching schemes.Comment: The material in this paper will be presented in part at the 8th DPM International Workshop on Data Privacy Management (DPM 2013

ZKlaims: Privacy-preserving Attribute-based Credentials using Non-interactive Zero-knowledge Techniques

In this paper we present ZKlaims: a system that allows users to present attribute-based credentials in a privacy-preserving way. We achieve a zero-knowledge property on the basis of Succinct Non-interactive Arguments of Knowledge (SNARKs). ZKlaims allow users to prove statements on credentials issued by trusted third parties. The credential contents are never revealed to the verifier as part of the proving process. Further, ZKlaims can be presented non-interactively, mitigating the need for interactive proofs between the user and the verifier. This allows ZKlaims to be exchanged via fully decentralized services and storages such as traditional peer-to-peer networks based on distributed hash tables (DHTs) or even blockchains. To show this, we include a performance evaluation of ZKlaims and show how it can be integrated in decentralized identity provider services.Comment: 8 pages, published at SECRYPT 201

Trusted Computing in Mobile Action

Due to the convergence of various mobile access technologies like UMTS, WLAN, and WiMax the need for a new supporting infrastructure arises. This infrastructure should be able to support more efficient ways to authenticate users and devices, potentially enabling novel services based on the security provided by the infrastructure. In this paper we exhibit some usage scenarios from the mobile domain integrating trusted computing, which show that trusted computing offers new paradigms for implementing trust and by this enables new technical applications and business scenarios. The scenarios show how the traditional boundaries between technical and authentication domains become permeable while a high security level is maintained.Comment: In: Peer-reviewed Proceedings of the Information Security South Africa (ISSA) 2006 From Insight to Foresight Conference, 5 to 7 July 2006, Sandton, South Afric

Attribute Based Pseudonyms : Anonymous and Linkable Scoped Credentials

Attribute-based credentials (ABCs) provide an efficient way to transfer custody of personal and private data to the final user, while minimizing the risk of sensitive data revelation and thus granting anonymity. Nevertheless, this method cannot detect whether one attribute has been used more than once without compromising anonymity when the emitter and consumer collude with one another. The protocol proposed in this article deals with this issue by using a modification of ZSS pairing-based short signatures over elliptic curves and Verheul's self-blinded credentials scheme. Each user can generate an identifier (pseudonym) that is unique and verifiable by everyone in a given scope, without compromising anonymity. However, the identifier cannot be reused in the same scope, since such reuse would be detected

Quantitative assessment and comparison of cloud service providers' privacy practices

The economic and technical advantages of cloud computing are widely recognized by the industry. However, the lack of knowledge on the privacy features offered by cloud service providers remains as one of the barriers for the adoption of cloud services. In this paper we describe a mechanism for the quantitative assessment of the privacy practices of different cloud service providers, so that cloud service clients can compare among them and choose the one that better fits their needs. Our contributions have been validated in three different scenarios

Security and Privacy Enablers for Future Identity Management Systems

Abstract: In recent years, Identity Management (IdM) has gained a lot of attention in industry, standardisation and academia. In particular, a couple of research projects, like Daidalos or Prime, have invested considerable effort to bring IdM forward, to take advantage of features like improved usability and security. Nevertheless, there are important issues that have not been addressed so far. The SWIFT project leverages IdM as a key technology of the Future Internet, tackling problems like the integration of the network and application layer from an IdM perspective as well as the use of electronic identity cards. Moreover, aspects like the integration of several user devices, backward compatibility and a new access control infrastructure are required by future IdM solutions. We consider all these aspects by extending existing IdM solutions with six new security and privacy enablers that are part of the overall SWIFT framework. These enablers have been partially implemented towards a new IdM architecture. First evaluation results of the implementation are promising to pave the way towards future IdM solutions

MIX-crowds, an anonymity scheme for file retrieval systems

In this paper, we propose an anonymous scheme for file retrieval systems, MIX-Crowds, in which it is harder for an attacker to identify the requester of the file by making use of the idea of MIX [7] and Crowds [20] to establish a path from the requester to the file holder. Result shows that predecessor attack [26] is much more difficult to succeed compared with Crowds [20]. We are able to reduce the estimated number of rounds needed for successful predecessor attack for MIX-Crowds. We also propose a file transfer strategy according to file size. With such strategy, requests for small size files can be completed faster while the downloading time of large size files only increases slightly. © 2009 IEEE.published_or_final_versionThe 28th International Conference on Computer Communications (IEEE INFOCOM 2009), Rio de Janeiro, Brazil, 19-25 April 2009. In Proceedings of the IEEE Infocom, 2009, p. 1170-117