62 research outputs found
I2PA, U-prove, and Idemix: An Evaluation of Memory Usage and Computing Time Efficiency in an IoT Context
The Internet of Things (IoT), in spite of its innumerable advantages, brings
many challenges namely issues about users' privacy preservation and constraints
about lightweight cryptography. Lightweight cryptography is of capital
importance since IoT devices are qualified to be resource-constrained. To
address these challenges, several Attribute-Based Credentials (ABC) schemes
have been designed including I2PA, U-prove, and Idemix. Even though these
schemes have very strong cryptographic bases, their performance in
resource-constrained devices is a question that deserves special attention.
This paper aims to conduct a performance evaluation of these schemes on
issuance and verification protocols regarding memory usage and computing time.
Recorded results show that both I2PA and U-prove present very interesting
results regarding memory usage and computing time while Idemix presents very
low performance with regard to computing time
Privacy-Preserving Trust Management Mechanisms from Private Matching Schemes
Cryptographic primitives are essential for constructing privacy-preserving
communication mechanisms. There are situations in which two parties that do not
know each other need to exchange sensitive information on the Internet. Trust
management mechanisms make use of digital credentials and certificates in order
to establish trust among these strangers. We address the problem of choosing
which credentials are exchanged. During this process, each party should learn
no information about the preferences of the other party other than strictly
required for trust establishment. We present a method to reach an agreement on
the credentials to be exchanged that preserves the privacy of the parties. Our
method is based on secure two-party computation protocols for set intersection.
Namely, it is constructed from private matching schemes.Comment: The material in this paper will be presented in part at the 8th DPM
International Workshop on Data Privacy Management (DPM 2013
ZKlaims: Privacy-preserving Attribute-based Credentials using Non-interactive Zero-knowledge Techniques
In this paper we present ZKlaims: a system that allows users to present
attribute-based credentials in a privacy-preserving way. We achieve a
zero-knowledge property on the basis of Succinct Non-interactive Arguments of
Knowledge (SNARKs). ZKlaims allow users to prove statements on credentials
issued by trusted third parties. The credential contents are never revealed to
the verifier as part of the proving process. Further, ZKlaims can be presented
non-interactively, mitigating the need for interactive proofs between the user
and the verifier. This allows ZKlaims to be exchanged via fully decentralized
services and storages such as traditional peer-to-peer networks based on
distributed hash tables (DHTs) or even blockchains. To show this, we include a
performance evaluation of ZKlaims and show how it can be integrated in
decentralized identity provider services.Comment: 8 pages, published at SECRYPT 201
Trusted Computing in Mobile Action
Due to the convergence of various mobile access technologies like UMTS, WLAN,
and WiMax the need for a new supporting infrastructure arises. This
infrastructure should be able to support more efficient ways to authenticate
users and devices, potentially enabling novel services based on the security
provided by the infrastructure. In this paper we exhibit some usage scenarios
from the mobile domain integrating trusted computing, which show that trusted
computing offers new paradigms for implementing trust and by this enables new
technical applications and business scenarios. The scenarios show how the
traditional boundaries between technical and authentication domains become
permeable while a high security level is maintained.Comment: In: Peer-reviewed Proceedings of the Information Security South
Africa (ISSA) 2006 From Insight to Foresight Conference, 5 to 7 July 2006,
Sandton, South Afric
Attribute Based Pseudonyms : Anonymous and Linkable Scoped Credentials
Attribute-based credentials (ABCs) provide an efficient way to transfer custody of personal and private data to the final user, while minimizing the risk of sensitive data revelation and thus granting anonymity. Nevertheless, this method cannot detect whether one attribute has been used more than once without compromising anonymity when the emitter and consumer collude with one another. The protocol proposed in this article deals with this issue by using a modification of ZSS pairing-based short signatures over elliptic curves and Verheul's self-blinded credentials scheme. Each user can generate an identifier (pseudonym) that is unique and verifiable by everyone in a given scope, without compromising anonymity. However, the identifier cannot be reused in the same scope, since such reuse would be detected
Quantitative assessment and comparison of cloud service providers' privacy practices
The economic and technical advantages of cloud computing are widely recognized by the industry. However, the lack of knowledge on the privacy features offered by cloud service providers remains as one of the barriers for the adoption of cloud services. In this paper we describe a mechanism for the quantitative assessment of the privacy practices of different cloud service providers, so that cloud service clients can compare among them and choose the one that better fits their needs. Our contributions have been validated in three different scenarios
Security and Privacy Enablers for Future Identity Management Systems
Abstract: In recent years, Identity Management (IdM) has gained a lot of attention in industry, standardisation and academia. In particular, a couple of research projects, like Daidalos or Prime, have invested considerable effort to bring IdM forward, to take advantage of features like improved usability and security. Nevertheless, there are important issues that have not been addressed so far. The SWIFT project leverages IdM as a key technology of the Future Internet, tackling problems like the integration of the network and application layer from an IdM perspective as well as the use of electronic identity cards. Moreover, aspects like the integration of several user devices, backward compatibility and a new access control infrastructure are required by future IdM solutions. We consider all these aspects by extending existing IdM solutions with six new security and privacy enablers that are part of the overall SWIFT framework. These enablers have been partially implemented towards a new IdM architecture. First evaluation results of the implementation are promising to pave the way towards future IdM solutions
MIX-crowds, an anonymity scheme for file retrieval systems
In this paper, we propose an anonymous scheme for file retrieval systems, MIX-Crowds, in which it is harder for an attacker to identify the requester of the file by making use of the idea of MIX [7] and Crowds [20] to establish a path from the requester to the file holder. Result shows that predecessor attack [26] is much more difficult to succeed compared with Crowds [20]. We are able to reduce the estimated number of rounds needed for successful predecessor attack for MIX-Crowds. We also propose a file transfer strategy according to file size. With such strategy, requests for small size files can be completed faster while the downloading time of large size files only increases slightly. © 2009 IEEE.published_or_final_versionThe 28th International Conference on Computer Communications (IEEE INFOCOM 2009), Rio de Janeiro, Brazil, 19-25 April 2009. In Proceedings of the IEEE Infocom, 2009, p. 1170-117
- …