1,157 research outputs found
I2PA, U-prove, and Idemix: An Evaluation of Memory Usage and Computing Time Efficiency in an IoT Context
The Internet of Things (IoT), in spite of its innumerable advantages, brings
many challenges namely issues about users' privacy preservation and constraints
about lightweight cryptography. Lightweight cryptography is of capital
importance since IoT devices are qualified to be resource-constrained. To
address these challenges, several Attribute-Based Credentials (ABC) schemes
have been designed including I2PA, U-prove, and Idemix. Even though these
schemes have very strong cryptographic bases, their performance in
resource-constrained devices is a question that deserves special attention.
This paper aims to conduct a performance evaluation of these schemes on
issuance and verification protocols regarding memory usage and computing time.
Recorded results show that both I2PA and U-prove present very interesting
results regarding memory usage and computing time while Idemix presents very
low performance with regard to computing time
Recommended from our members
Privacy-preserving Payments for Transportation Systems
The operation of our society heavily relies on high mobility of people. Not only our social life but also our economy and trade are built upon a system where people need to be able to move around easily. The costs for building and maintaining a suitable transportation infrastructure to satisfy those needs are high, and to charge users is thus a central requirement. This calls for well functioning payment systems satisfying the multitude of requirements that transportation systems impose on them.
Electronic payment systems have many benefits over traditional cash payments as they are easy to maintain, can be more secure, reduce revenue collection costs, and can reduce the execution time of a payment. However, as a drawback, currently employed electronic payment systems usually reveal a payerâs identity during a payment which greatly infringes customer privacy. In the transportation domain this allows to generate fine grain patterns of customersâ locations.
Cryptographic payment protocols called e-cash have been proposed which allow to preserve a customerâs privacy. E-cash provides provable guarantees for both security and user privacy, as it allows secure, unlinkable payments which do not reveal the identity of the payer during a payment. From a security and privacy perspective these protocols present a good solution. However, even though e-cash protocols have been proposed three decades ago, there are relatively few actual implementations. One reason for this is their high computational complexity which makes an implementation on potential mobile payment devices rather difficult. While customers usually value their privacy they often do not accept to sacrifice convenience. A fast execution of payments is thus a hard constraint, which conflicts with the computational complexity of e-cash schemes.
This dissertation analyzes how e-cash can be used to solve the issue of privacy in the domain of transportation payments while satisfying the unique requirements of transportation payment systems and achieving high security and ease of use. Highlyefficient implementations of the underlying cryptographic primitives of e-cash schemes on constrained devices as they might be used in the transportation setting are presented. Based on the efficient implementations of these primitives, e-cash schemes are analyzed with regards to speed and hardware requirements. The results show that e-cash presents a good solution for privacy-preserving payments in the domain of public transport, if the number of coins that have to be spent can be limited. It is further practically shown that this limitation can be alleviated relying on the e-cash based privacy-preserving pre-payments with refunds scheme (P4R). Moreover, it is demonstrated that the promising feature of supporting the encoding of user attributes into electronic coins can be implemented at only moderate extra cost. Finally, an ecash based e-mobility payment scheme is presented which highlights the flexibility and unique advantages of e-cash based transportation payment schemes
Cryptographic Protection of Digital Identity
DizertaÄnĂ prĂĄce se zabĂœvĂĄ kryptografickĂœmi schĂ©maty zvyĆĄujĂcĂ ochranu soukromĂ uĆŸivatelĆŻ v systĂ©mech ĆĂzenĂ pĆĂstupu a sbÄru dat. V souÄasnosti jsou systĂ©my fyzickĂ©ho ĆĂzenĂ pĆĂstupu na bĂĄzi ÄipovĂœch karet vyuĆŸĂvĂĄny tĂ©mÄĆ dennodennÄ vÄtĆĄinou z nĂĄs, napĆĂklad v zamÄstnĂĄnĂ, ve veĆejnĂ© dopravÄ a v hotelech. Tyto systĂ©my vĆĄak stĂĄle neposkytujĂ dostateÄnou kryptografickou ochranu a tedy bezpeÄnost. UĆŸivatelskĂ© identifikĂĄtory a klĂÄe lze snadno odposlechnout a padÄlat. Funkce, kterĂ© by zajiĆĄĆ„ovaly ochranu soukromĂ uĆŸivatele, tĂ©mÄĆ vĆŸdy chybĂ. Proto je zde reĂĄlnĂ© riziko moĆŸnĂ©ho sledovanĂ lidĂ, jejich pohybu a chovanĂ. PoskytovatelĂ© sluĆŸeb nebo pĆĂpadnĂ ĂștoÄnĂci, kteĆĂ odposlouchĂĄvajĂ komunikaci, mohou vytvĂĄĆet profily uĆŸivatelĆŻ, vĂ, co dÄlajĂ, kde se pohybujĂ a o co se zajĂmajĂ. Za ĂșÄelem zlepĆĄenĂ tohoto stavu jsme navrhli ÄtyĆi novĂĄ kryptografickĂĄ schĂ©mata zaloĆŸenĂĄ na efektivnĂch dĆŻkazech s nulovou znalostĂ a kryptografii eliptickĂœch kĆivek. KonkrĂ©tnÄ dizertaÄnĂ prĂĄce prezentuje tĆi novĂĄ autentizaÄnĂ schĂ©mata pro vyuĆŸitĂ v systĂ©mech ĆĂzenĂ pĆĂstupu a jedno novĂ© schĂ©ma pro vyuĆŸitĂ v systĂ©mech sbÄru dat. PrvnĂ schĂ©ma vyuĆŸĂvĂĄ distribuovanĂœ autentizaÄnĂ pĆĂstup vyĆŸadujĂcĂ spoluprĂĄci vĂce RFID prvkĆŻ v autentizaÄnĂm procesu. Tato vlastnost je vĂœhodnĂĄ zvlĂĄĆĄtÄ v pĆĂpadech ĆĂzenĂ pĆĂstupu do nebezpeÄnĂœch prostor, kdy pro povolenĂ pĆĂstupu uĆŸivatele je nezbytnĂ©, aby byl uĆŸivatel vybaven ochrannĂœmi pomĆŻckami (se zabudovanĂœmi RFID prvky). DalĆĄĂ dvÄ schĂ©mata jsou zaloĆŸena na atributovĂ©m zpĆŻsobu ovÄĆenĂ, tj. schĂ©mata umoĆŸĆujĂ anonymnÄ prokĂĄzat vlastnictvĂ atributĆŻ uĆŸivatele, jako je vÄk, obÄanstvĂ a pohlavĂ. ZatĂm co jedno schĂ©ma implementuje efektivnĂ revokaÄnĂ a identifikaÄnĂ mechanismy, druhĂ© schĂ©ma poskytuje nejrychlejĆĄĂ verifikaci drĆŸenĂ uĆŸivatelskĂœch atributĆŻ ze vĆĄech souÄasnĂœch ĆeĆĄenĂ. PoslednĂ, ÄtvrtĂ© schĂ©ma reprezentuje schĂ©ma krĂĄtkĂ©ho skupinovĂ©ho podpisu pro scĂ©nĂĄĆ sbÄru dat. SchĂ©mata sbÄru dat se pouĆŸĂvajĂ pro bezpeÄnĂœ a spolehlivĂœ pĆenos dat ze vzdĂĄlenĂœch uzlĆŻ do ĆĂdĂcĂ jednotky. S rostoucĂm vĂœznamem chytrĂœch mÄĆiÄĆŻ v energetice, inteligentnĂch zaĆĂzenĂ v domĂĄcnostech a rozliÄnĂœch senzorovĂœch sĂtĂ, se potĆeba bezpeÄnĂœch systĂ©mĆŻ sbÄru dat stĂĄvĂĄ velmi nalĂ©havou. Tato schĂ©mata musĂ podporovat nejen standardnĂ bezpeÄnostnĂ funkce, jako je dĆŻvÄrnost a autentiÄnost pĆenĂĄĆĄenĂœch dat, ale takĂ© funkce novĂ©, jako je silnĂĄ ochrana soukromĂ a identity uĆŸivatele Äi identifikace ĆĄkodlivĂœch uĆŸivatelĆŻ. NavrĆŸenĂĄ schĂ©mata jsou prokazatelnÄ bezpeÄnĂĄ a nabĂzĂ celou Ćadu funkcĂ rozĆĄiĆujĂcĂ ochranu soukromĂ a identity uĆŸivatele, jmenovitÄ se pak jednĂĄ o zajiĆĄtÄnĂ anonymity, nesledovatelnosti a nespojitelnosti jednotlivĂœch relacĂ uĆŸivatele. KromÄ ĂșplnĂ© kryptografickĂ© specifikace a bezpeÄnostnĂ analĂœzy navrĆŸenĂœch schĂ©mat, obsahuje tato prĂĄce takĂ© vĂœsledky mÄĆenĂ implementacĂ jednotlivĂœch schĂ©mat na v souÄasnosti nejpouĆŸĂvanÄjĆĄĂch zaĆĂzenĂch v oblasti ĆĂzenĂ pĆĂstupu a sbÄru dat.The doctoral thesis deals with privacy-preserving cryptographic schemes in access control and data collection areas. Currently, card-based physical access control systems are used by most people on a daily basis, for example, at work, in public transportation and at hotels. However, these systems have often very poor cryptographic protection. For instance, user identifiers and keys can be easily eavesdropped and counterfeited. Furthermore, privacy-preserving features are almost missing and, therefore, userâs movement and behavior can by easily tracked. Service providers (and even eavesdroppers) can profile users, know what they do, where they go, and what they are interested in. In order to improve this state, we propose four novel cryptographic schemes based on efficient zero-knowledge proofs and elliptic curve cryptography. In particular, the thesis presents three novel privacy-friendly authentication schemes for access control and one for data collection application scenarios. The first scheme supports distributed multi-device authentication with multiple Radio-Frequency IDentification (RFID) userâs devices. This feature is particularly important in applications for controlling access to dangerous areas where the presence of protective equipment is checked during each access control session. The other two presented schemes use attribute-based approach to protect userâs privacy, i.e. these schemes allow users to anonymously prove the ownership of their attributes, such as age, citizenship, and gender. While one of our scheme brings efficient revocation and identification mechanisms, the other one provides the fastest authentication phase among the current state of the art solutions. The last (fourth) proposed scheme is a novel short group signature scheme for data collection scenarios. Data collection schemes are used for secure and reliable data transfer from multiple remote nodes to a central unit. With the increasing importance of smart meters in energy distribution, smart house installations and various sensor networks, the need for secure data collection schemes becomes very urgent. Such schemes must provide standard security features, such as confidentiality and authenticity of transferred data, as well as novel features, such as strong protection of userâs privacy and identification of malicious users. The proposed schemes are provably secure and provide the full set of privacy-enhancing features, namely anonymity, untraceability and unlinkability of users. Besides the full cryptographic specification and security analysis, we also show the results of our implementations on devices commonly used in access control and data collection applications.
Privacy Preserving Cryptographic Protocols for Secure Heterogeneous Networks
DisertaÄnĂ prĂĄce se zabĂœvĂĄ kryptografickĂœmi protokoly poskytujĂcĂ ochranu soukromĂ, kterĂ© jsou urÄeny pro zabezpeÄenĂ komunikaÄnĂch a informaÄnĂch systĂ©mĆŻ tvoĆĂcĂch heterogennĂ sĂtÄ. PrĂĄce se zamÄĆuje pĆedevĆĄĂm na moĆŸnosti vyuĆŸitĂ nekonvenÄnĂch kryptografickĂœch prostĆedkĆŻ, kterĂ© poskytujĂ rozĆĄĂĆenĂ© bezpeÄnostnĂ poĆŸadavky, jako je napĆĂklad ochrana soukromĂ uĆŸivatelĆŻ komunikaÄnĂho systĂ©mu. V prĂĄci je stanovena vĂœpoÄetnĂ nĂĄroÄnost kryptografickĂœch a matematickĂœch primitiv na rĆŻznĂœch zaĆĂzenĂch, kterĂ© se podĂlĂ na zabezpeÄenĂ heterogennĂ sĂtÄ. HlavnĂ cĂle prĂĄce se zamÄĆujĂ na nĂĄvrh pokroÄilĂœch kryptografickĂœch protokolĆŻ poskytujĂcĂch ochranu soukromĂ. V prĂĄci jsou navrĆŸeny celkovÄ tĆi protokoly, kterĂ© vyuĆŸĂvajĂ skupinovĂœch podpisĆŻ zaloĆŸenĂœch na bilineĂĄrnĂm pĂĄrovĂĄnĂ pro zajiĆĄtÄnĂ ochrany soukromĂ uĆŸivatelĆŻ. Tyto navrĆŸenĂ© protokoly zajiĆĄĆ„ujĂ ochranu soukromĂ a nepopiratelnost po celou dobu datovĂ© komunikace spolu s autentizacĂ a integritou pĆenĂĄĆĄenĂœch zprĂĄv. Pro navĂœĆĄenĂ vĂœkonnosti navrĆŸenĂœch protokolĆŻ je vyuĆŸito optimalizaÄnĂch technik, napĆ. dĂĄvkovĂ©ho ovÄĆovĂĄnĂ, tak aby protokoly byly praktickĂ© i pro heterogennĂ sĂtÄ.The dissertation thesis deals with privacy-preserving cryptographic protocols for secure communication and information systems forming heterogeneous networks. The thesis focuses on the possibilities of using non-conventional cryptographic primitives that provide enhanced security features, such as the protection of user privacy in communication systems. In the dissertation, the performance of cryptographic and mathematic primitives on various devices that participate in the security of heterogeneous networks is evaluated. The main objectives of the thesis focus on the design of advanced privacy-preserving cryptographic protocols. There are three designed protocols which use pairing-based group signatures to ensure user privacy. These proposals ensure the protection of user privacy together with the authentication, integrity and non-repudiation of transmitted messages during communication. The protocols employ the optimization techniques such as batch verification to increase their performance and become more practical in heterogeneous networks.
With a Little Help from My Friends: Constructing Practical Anonymous Credentials
Anonymous credentials (ACs) are a powerful cryptographic tool for the secure use of digital services, when simultaneously aiming for strong privacy guarantees of users combined with strong authentication guarantees for providers of services. They allow users to selectively prove possession of attributes encoded in a credential without revealing any other meaningful information about themselves. While there is a significant body of research on AC systems, modern use-cases of ACs such as mobile applications come with various requirements not sufficiently considered so far. These include preventing the sharing of credentials and coping with resource constraints of the platforms (e.g., smart cards such as SIM cards in smartphones). Such aspects are typically out of scope of AC constructions, and, thus AC systems that can be considered entirely practical have been elusive so far.
In this paper we address this problem by introducing and formalizing the notion of core/helper anonymous credentials (CHAC). The model considers a constrained core device (e.g., a SIM card) and a powerful helper device (e.g., a smartphone). The key idea is that the core device performs operations that do not depend on the size of the credential or the number of attributes, but at the same time the helper device is unable to use the credential without its help. We present a provably secure generic construction of CHACs using a combination of signatures with flexible public keys (SFPK) and the novel notion of aggregatable attribute-based equivalence class signatures (AAEQ) along with a concrete instantiation. The key characteristics of our scheme are that the size of showing tokens is independent of the number of attributes in the credential(s) and that the core device only needs to compute a single elliptic curve scalar multiplication, regardless of the number of attributes. We confirm the practical efficiency of our CHACs with an implementation of our scheme on a Multos smart card as the core and an Android smartphone as the helper device. A credential showing requires less than 500 ms on the smart card and around 200 ms on the smartphone (even for a credential with 1000 attributes)
Fast Keyed-Verification Anonymous Credentials on Standard Smart Cards
Cryptographic anonymous credential schemes allow users to prove their personal attributes, such as age, nationality, or the validity of a ticket or a pre-paid pass, while preserving their privacy, as such proofs are unlinkable and attributes can be selectively disclosed. Recently, Chase et al. (CCS 2014) observe that in such systems, a typical setup is that the credential issuer also serves as the verifier. They introduce keyed-verification credentials that are tailored to this setting. In this paper, we present a novel keyed-verification credential system designed for lightweight devices (primarily smart cards) and prove its security. By using a novel algebraic MAC based on Boneh-Boyen signatures, we achieve the most efficient proving protocol compared to existing schemes. To demonstrate the practicality of our scheme in real applications, including large-scale services such as public transportation or e-government, we present an implementation on a standard, off-the-shelf, Multos smart card. While using significantly higher security parameters than most existing implementations, we achieve performance that is more than 44 % better than the current state-of-the-art implementation
Integration of hardware tokens in the Idemix library
The Idemix library provides the implementation of the Camenisch-Lysyanskaya (CL) Attribute-based Credential System (ABC), its protocol extensions and the U-Prove ABC. In the case of the CL ABC, the library can delegate some cryptographic operations to a hardware token (e.g. a smart card). In the last few years several practitioners have proposed different implementations of ABCs in smart
cards. The IRMA card provides at the time of writing this manuscript, an optimal performance for practical applications. In this report, we address the case of integrating this implementation in the Idemix library. We opted for implementing the key binding use case together with the generation of exclusive scope pseudonyms and public key commitments on card. The integration requires two additional classes
(one that parses system parameters, credential specifications and issuer public keys and other one that interfaces the card and its functionalities with the CL building block) together with one modification in the code if the signature randomization is delegated to the card (only required in one of the proposed alternatives). The integration of the key binding use case requires 540 bytes extra in the smart card. We can perform all the involved cryptographic operations in only 206.75 ms, including the computation of exclusive scope pseudonyms (55.19 ms)
Privacy-Preserving Billing for e-Ticketing Systems in Public Transportation
Many electronic ticketing systems for public transportation have been deployed around the world. Using the example of Singapore\u27s EZ-Link system we show that it is easy to invade a traveller\u27s privacy and obtain his travel records in a real-world system. Then we propose encrypted bill processing of the travel records preventing any kind of privacy breach. Clear advantages of using bill processing instead of electronic cash are the possibility of privacy-preserving data mining analyses by the transportation company and monthly billing entailing a tighter customer relation and advanced tariffs. Moreover, we provide an implementation to demonstrate the feasibility of our solution
- âŠ