299 research outputs found
Biometric Verification Secure Against Malicious Adversaries
Biometric verification has been widely deployed in current authentication
solutions as it proves the physical presence of individuals. To protect the
sensitive biometric data in such systems, several solutions have been developed
that provide security against honest-but-curious (semi-honest) attackers.
However, in practice attackers typically do not act honestly and multiple
studies have shown drastic biometric information leakage in such
honest-but-curious solutions when considering dishonest, malicious attackers.
In this paper, we propose a provably secure biometric verification protocol
to withstand malicious attackers and prevent biometric data from any sort of
leakage. The proposed protocol is based on a homomorphically encrypted log
likelihood-ratio-based (HELR) classifier that supports any biometric modality
(e.g. face, fingerprint, dynamic signature, etc.) encoded as a fixed-length
real-valued feature vector and performs an accurate and fast biometric
recognition. Our protocol, that is secure against malicious adversaries, is
designed from a protocol secure against semi-honest adversaries enhanced by
zero-knowledge proofs. We evaluate both protocols for various security levels
and record a sub-second speed (between s and s) for the protocol
against semi-honest adversaries and between s and s for the
protocol secure against malicious adversaries.Comment: This is a complete reworking and major expansion of our paper
arXiv:1705.09936 * Reworking of original semi-honest protocol and its
security proof * Major expansions: tailored zero-knowledge proofs; efficient
variant of original protocol that we prove secure against malicious
adversaries; extensive experimental evaluation using three different
datasets; in-depth comparison with related wor
A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing
To ensure the privacy of users in transport systems, researchers are working
on new protocols providing the best security guarantees while respecting
functional requirements of transport operators. In this paper, we design a
secure NFC m-ticketing protocol for public transport that preserves users'
anonymity and prevents transport operators from tracing their customers' trips.
To this end, we introduce a new practical set-membership proof that does not
require provers nor verifiers (but in a specific scenario for verifiers) to
perform pairing computations. It is therefore particularly suitable for our
(ticketing) setting where provers hold SIM/UICC cards that do not support such
costly computations. We also propose several optimizations of Boneh-Boyen type
signature schemes, which are of independent interest, increasing their
performance and efficiency during NFC transactions. Our m-ticketing protocol
offers greater flexibility compared to previous solutions as it enables the
post-payment and the off-line validation of m-tickets. By implementing a
prototype using a standard NFC SIM card, we show that it fulfils the stringent
functional requirement imposed by transport operators whilst using strong
security parameters. In particular, a validation can be completed in 184.25 ms
when the mobile is switched on, and in 266.52 ms when the mobile is switched
off or its battery is flat
Privacy-Aware Architectures for NFC and RFID Sensors in Healthcare Applications
World population and life expectancy have increased steadily in recent years, raising issues regarding access to medical treatments and related expenses. Through last-generation medical sensors, NFC (Near Field Communication) and radio frequency identification (RFID) technologies can enable healthcare internet of things (H-IoT) systems to improve the quality of care while reducing costs. Moreover, the adoption of point-of-care (PoC) testing, performed whenever care is needed to return prompt feedback to the patient, can generate great synergy with NFC/RFID H-IoT systems. However, medical data are extremely sensitive and require careful management and storage to protect patients from malicious actors, so secure system architectures must be conceived for real scenarios. Existing studies do not analyze the security of raw data from the radiofrequency link to cloud-based sharing. Therefore, two novel cloud-based system architectures for data collected from NFC/RFID medical sensors are proposed in this paper. Privacy during data collection is ensured using a set of classical countermeasures selected based on the scientific literature. Then, data can be shared with the medical team using one of two architectures: in the first one, the medical system manages all data accesses, whereas in the second one, the patient defines the access policies. Comprehensive analysis of the H-IoT system can be useful for fostering research on the security of wearable wireless sensors. Moreover, the proposed architectures can be implemented for deploying and testing NFC/RFID-based healthcare applications, such as, for instance, domestic PoCs
DNS++: Dynamic Name Resolution with Homomorphic Encryption Based Privacy
This paper presents DNS++, a re-design of the Internet's name resolution system that addresses dynamic information and privacy. DNS++ uses a pub/sub overlay to send updates about a given service to interested clients, allowing them to (re)select between replicas according to their requirements, as updates about services and their features dynamically change. Since third-party brokers in the overlay are not always trusted for the confidentiality of the content flowing through them, clients' privacy is preserved in DNS++ through homomorphic encryption. Brokers are prevented from accessing encrypted service information but can perform homomorphic match and forward service updates to relevant clients through the overlay accordingly. Assuming that forwarding tables in each broker are implemented via ordered data structures, the time required for adding a new client's subscription, and to perform homomorphic match between existing subscriptions and service updates, would grow logarithmically with the number of entries within a table. This is shown by our performance evaluation, which confirms that DNS++ is feasible to be deployed with an acceptable performance overhead
BOREALIS: Building Block for Sealed Bid Auctions on Blockchains
We focus on securely computing the ranks of sealed integers
distributed among parties. For example, we securely compute the
largest or smallest integer, the median, or in general the
-ranked integer. Such computations are a useful building
block to securely implement a variety of sealed-bid auctions. Our
objective is efficiency, specifically low interactivity between
parties to support blockchains or other scenarios where multiple
rounds are time-consuming. Hence, we dismiss powerful, yet
highly-interactive MPC frameworks and propose BOREALIS, a
special-purpose protocol for secure computation of ranks among
integers. BOREALIS uses additively homomorphic encryption to implement
core comparisons, but computes under distinct keys, chosen by each
party to optimize the number of rounds. By carefully combining
cryptographic primitives, such as ECC Elgamal encryption, encrypted
comparisons, ciphertext blinding, secret sharing, and shuffling,
BOREALIS sets up systems of multi-scalar equations which we efficiently
prove with Groth-Sahai ZK proofs. Therewith, BOREALIS implements a
multi-party computation of pairwise comparisons and rank
zero-knowledge proofs secure against malicious adversaries. BOREALIS
completes in at most rounds which is constant in both bit length
of integers and the number of parties . This is not only
asymptotically optimal, but surpasses generic constant-round secure
multi-party computation protocols, even those based on shared-key
fully homomorphic encryption. Furthermore, our implementation shows
that BOREALIS is very practical. Its main bottleneck, ZK proof
computations, is small in practice. Even for a large number of
parties () and high-precision integers (),
computation time of all proofs is less than a single Bitcoin block
interval
- âŠ