393 research outputs found
Domain-Specific Pseudonymous Signatures Revisited
Domain-Specific Pseudonymous Signature schemes were recently proposed for privacy preserving authentication
of digital identity documents by the BSI, German Federal Office for Information
Security.
The crucial property of domain-specific pseudonymous signatures
is that a signer may derive unique pseudonyms within a so called domain.
Now, the signer\u27s true identity is hidden behind his domain pseudonyms
and these pseudonyms are unlinkable, i.e. it is infeasible to
correlate two pseudonyms from distinct domains
with the identity of a single signer.
In this paper we take a critical look at
the security definitions and constructions of domain-specific pseudonymous signatures
proposed by far.
We review two articles which propose ``sound and clean\u27\u27
security definitions and point out some issues
present in these models.
Some of the issues we present may have a strong practical
impact on constructions ``provably secure\u27\u27 in this models.
Additionally, we point out some worrisome
facts about the proposed schemes and their security analysis
Towards Practical Security of Pseudonymous Signature on the BSI eIDAS Token
In this paper we present an extension of Pseudonymous Signature introduced by the German Federal BSI authority as a part of technical recommendations for electronic identity documents.
Without switching to pairing friendly groups we enhance the scheme so that:
(a) the issuer does not know the private keys of the citizen (so it cannot impersonate the citizen),
(b) a powerful adversary that breaks any number of ID cards created by the Issuer cannot forge new cards that could be proven as fake ones,
(c) deanonymization of the pseudonyms used by a citizen is a multi-party protocol, where the consent of each authority is necessary to reveal the identity of a user.
(d) we propose extended features concerning fully anonymous signatures and a pragmatic revocation approach.
(e) we present an argument for unlinkability (cross-domain anonymity) of the presented schemes.
In this way we make a step forwards to overcome the substantial weaknesses of the Pseudonymous Signature scheme. Moreover, the extension is on top of the original scheme with relatively small number of changes, following the strategy of reusing the previous schemes -- thereby reducing the costs of potential technology update
EXPLORING TECHNOLOGY TRUST IN BITCOIN: THE BLOCKCHAIN EXEMPLAR
The acceptance of Bitcoin as an electronic currency is steadily on the rise. This implies there is a surge in the diffusion and adoption of the blockchain technology introduced by Bitcoin as well. Moreover, the potential of this novel disruptive technology has been acknowledged by academic researchers and practitioners alike. IS research has shown that trust is a significant antecedent enabling the adoption of a novel technology and attenuating the apprehensions of risk and uncertainty among consumers. Trust in a technology is formed by the trusting beliefs of a trustor regarding the trustworthiness of the IT artifact. The blockchain technology, the trustee, has features like cryptography, decentralization, hash functions, digital signature, consensus mechanism, which embody trust in the technology. We present an extensive description of Bitcoin as an instantiation of the blockchain technology, while offering a detailed account of the literature on trust in a technology. We conceptually present, through the use of knowledge mapping, how blockchain ensures trust in the technology. We propose future research directions for trust research in the blockchain context and urge IS academics to explore trust in this novel context
The Cryptographic Security of the German Electronic Identity Card
In November 2010, the German government started to issue the new electronic identity card (eID) to its citizens. Besides its original utilization as a ’visual’ identification document, the eID card can be used by the cardholder to prove one’s identity at border control and to enhance security of authentication processes over the Internet, with the eID card serving as a token to reliably
transmit personal data to service providers or terminals, respectively. To this end, the German Federal Office for Information Security (BSI) proposed several cryptographic protocols now deployed on the eID card.
The Password Authenticated Connection Establishment (PACE) protocol secures the wireless communication between the eID card and the user’s local card reader, based on a cryptographically weak password like the PIN chosen by the card owner. Subsequently, the Extended Access Control (EAC) protocol is executed by the chip and the service provider to mutually authenticate and agree on a shared secret session key. This key is then used in the secure channel protocol, called Secure Messaging (SM). Finally, an optional protocol,
called Restricted Identification (RI), provides a method to use pseudonyms such that they can be linked by individual service providers, but not across different service providers (even not by malicious ones).
This thesis consists of two parts. First, we present the above protocols and provide a rigorous analysis on their security from a cryptographic point of view. We show that the Germen eID card provides reasonable security for authentication and exchange of sensitive information allaying concerns regarding its usage.
In the second part of this thesis, we introduce two possible modifications to enhance the security of these protocols even further. Namely, we show how to (a) add to PACE an additional efficient chip authentication step, and (b) augment RI to allow also for signatures under pseudonyms
Efficient cryptographic primitives: Secure comparison, binary decomposition and proxy re-encryption
”Data outsourcing becomes an essential paradigm for an organization to reduce operation costs on supporting and managing its IT infrastructure. When sensitive data are outsourced to a remote server, the data generally need to be encrypted before outsourcing. To preserve the confidentiality of the data, any computations performed by the server should only be on the encrypted data. In other words, the encrypted data should not be decrypted during any stage of the computation. This kind of task is commonly termed as query processing over encrypted data (QPED).
One natural solution to solve the QPED problem is to utilize fully homomorphic encryption. However, fully homomorphic encryption is yet to be practical. The second solution is to adopt multi-server setting. However, the existing work is not efficient. Their implementations adopt costly primitives, such as secure comparison, binary decomposition among others, which reduce the efficiency of the whole protocols. Therefore, the improvement of these primitives results in high efficiency of the protocols. To have a well-defined scope, the following types of computations are considered: secure comparison (CMP), secure binary decomposition (SBD) and proxy re-encryption (PRE). We adopt the secret sharing scheme and paillier public key encryption as building blocks, and all computations can be done on the encrypted data by utilizing multiple servers. We analyze the security and the complexity of our proposed protocols, and their efficiencies are evaluated by comparing with the existing solutions.”--Abstract, page iii
Zero-Knowledge Proof-of-Identity: Sybil-Resistant, Anonymous Authentication on Permissionless Blockchains and Incentive Compatible, Strictly Dominant Cryptocurrencies
Zero-Knowledge Proof-of-Identity from trusted public certificates (e.g.,
national identity cards and/or ePassports; eSIM) is introduced here to
permissionless blockchains in order to remove the inefficiencies of
Sybil-resistant mechanisms such as Proof-of-Work (i.e., high energy and
environmental costs) and Proof-of-Stake (i.e., capital hoarding and lower
transaction volume). The proposed solution effectively limits the number of
mining nodes a single individual would be able to run while keeping membership
open to everyone, circumventing the impossibility of full decentralization and
the blockchain scalability trilemma when instantiated on a blockchain with a
consensus protocol based on the cryptographic random selection of nodes.
Resistance to collusion is also considered.
Solving one of the most pressing problems in blockchains, a zk-PoI
cryptocurrency is proved to have the following advantageous properties:
- an incentive-compatible protocol for the issuing of cryptocurrency rewards
based on a unique Nash equilibrium
- strict domination of mining over all other PoW/PoS cryptocurrencies, thus
the zk-PoI cryptocurrency becoming the preferred choice by miners is proved to
be a Nash equilibrium and the Evolutionarily Stable Strategy
- PoW/PoS cryptocurrencies are condemned to pay the Price of Crypto-Anarchy,
redeemed by the optimal efficiency of zk-PoI as it implements the social
optimum
- the circulation of a zk-PoI cryptocurrency Pareto dominates other PoW/PoS
cryptocurrencies
- the network effects arising from the social networks inherent to national
identity cards and ePassports dominate PoW/PoS cryptocurrencies
- the lower costs of its infrastructure imply the existence of a unique
equilibrium where it dominates other forms of paymentComment: 2.1: Proof-of-Personhood Considered Harmful (and Illegal); 4.1.5:
Absence of Active Authentication; 4.2.6: Absence of Active Authentication;
4.2.7: Removing Single-Points of Failure; 4.3.2: Combining with
Non-Zero-Knowledge Authentication; 4.4: Circumventing the Impossibility of
Full Decentralizatio
Hang With Your Buddies to Resist Intersection Attacks
Some anonymity schemes might in principle protect users from pervasive
network surveillance - but only if all messages are independent and unlinkable.
Users in practice often need pseudonymity - sending messages intentionally
linkable to each other but not to the sender - but pseudonymity in dynamic
networks exposes users to intersection attacks. We present Buddies, the first
systematic design for intersection attack resistance in practical anonymity
systems. Buddies groups users dynamically into buddy sets, controlling message
transmission to make buddies within a set behaviorally indistinguishable under
traffic analysis. To manage the inevitable tradeoffs between anonymity
guarantees and communication responsiveness, Buddies enables users to select
independent attack mitigation policies for each pseudonym. Using trace-based
simulations and a working prototype, we find that Buddies can guarantee
non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for
both short-lived and long-lived pseudonyms.Comment: 15 pages, 8 figure
- …