KCRS: A Blockchain-Based Key Compromise Resilient Signature System

Digital signatures are widely used to assure authenticity and integrity of messages (including blockchain transactions). This assurance is based on assumption that the private signing key is kept secret, which may be exposed or compromised without being detected in the real world. Many schemes have been proposed to mitigate this problem, but most schemes are not compatible with widely used digital signature standards and do not help detect private key exposures. In this paper, we propose a Key Compromise Resilient Signature (KCRS) system, which leverages blockchain to detect key compromises and mitigate the consequences. Our solution keeps a log of valid certificates and digital signatures that have been issued on the blockchain, which can deter the abuse of compromised private keys. Since the blockchain is an open system, KCRS also provides a privacy protection mechanism to prevent the public from learning the relationship between signatures. We present a theoretical framework for the security of the system and a provably-secure construction. We also implement a prototype of KCRS and conduct experiments to demonstrate its practicability

Modeling profile-attribute disclosure in online social networks from a game theoretic perspective

Privacy settings are a crucial part of any online social network as users are confronted with determining which and how many profile attributes to disclose. Revealing more attributes increases users chances of finding friends and yet leaves users more vulnerable to dangers such as identity theft. In this dissertation, we consider the problem of finding the optimal strategy for the disclosure of user attributes in social networks from a game-theoretic perspective. We model the privacy settings\u27 dynamics of social networks with three game-theoretic approaches. In a two-user game, each user selects an ideal number of attributes to disclose to each other according to a utility function. We extend this model with a basic evolutionary game to observe how much of their profiles users are comfortable with revealing, and how this changes over time. We then consider a weighted evolutionary game to investigate the influence of attribute importance, benefit, risk and the network topology on the users\u27 attribute disclosure behavior. The two-user game results show how one user\u27s privacy settings are influenced by the settings of another user. The basic evolutionary game results show that the higher the motivation to reveal attributes, the longer users take to stabilize their privacy settings. Results from the weighted evolutionary game show that: irrespective of risk, users are more likely to reveal their most important attributes than their least important. attributes; when the users\u27 range of influence is increased, the risk factor plays a smaller role in attribute disclosure; the network topology exhibits a considerable effect on the privacy in an environment with risk. Motivation and risk are identified as important factors in determining how efficiently stability of privacy settings is achieved and what settings users will adopt given different parameters. Additionally, the privacy settings are affected by the network topology and the importance users attach to specific attributes. Our models indicate that users of social networks eventually adopt profile settings that provide the highest possible privacy if there is any risk, despite how high the motivation to reveal attributes is. The provided models and the gained results are particularly important to social network designers and providers because they enable us to understand the influence of different factors on users\u27 privacy choices