Recent Advances and Success of Zero-Knowledge Security Protocols

How someone can get health insurance without sharing his health infor-mation? How you can get a loan without disclosing your credit score? There is a method to certify certain attributes of various data, either this is health metrics or finance information, without revealing the data itself or any other kind of personal data. This method is known as “zero-knowledge proofs”. Zero-Knowledge techniques are mathematical methods used to verify things without sharing or revealing underlying data. Zero-Knowledge protocols have vast applications from simple identity schemes and blockchains to de-fense research programs and nuclear arms control. In this article we present the basic principles behind ZKP technology, possible applications and the threats and vulnerabilities that it is subject to and we review proposed securi-ty solutions

Implementing Zero-Knowledge Authentication with Zero Knowledge (ZKA_wzk)

A practical web/python implementation of Zero-Knowledge Authentication protocol without any prior knowledge of the concept of Zero-Knowledge Proof.The Zero-Knowledge Proof is a concept used in many cryptography systems. It allows a party to prove that he/she knows something (i.e. credential), without having to send over the value of the credential. In this implementation, it will be used to prove the password of the user without sending over the actual password. The system also allows for no password hashes to be stored on the server.The purpose of the implementation is to make implementing the Zero-Knowledge Proof Authentication portable and easily customizable. This is achieved by using python based scripts in web applications to simulate the protocol

Implementing Zero-Knowledge Authentication with Zero Knowledge (ZKA_wzk)

A practical web/python implementation of Zero-Knowledge Authentication protocol without any prior knowledge of the concept of Zero-Knowledge Proof.The Zero-Knowledge Proof (http://en.wikipedia.org/wiki/Zero-knowledge_proof) is a concept used in many cryptography systems. It allows a party to prove that he/she knows something (i.e. credential), without having to send over the value of the credential. In this implementation, it will be used to prove the password of the user without sending over the actual password. The system also allows for no password hashes to be stored on the server.The purpose of the implementation is to make implementing the Zero-Knowledge Proof Authentication portable and easily customizable. This is achieved by using python based scripts in web applications to simulate the protocol

ZERO KNOWLEDGE PASSWORD AUTHENTICATION PROTOCOL

In many applications, the password is sent as cleartext to the server to be authenticated thus providing the eavesdropper with opportunity to steal valuable data. This paper presents a simple protocol based on zero knowledge proof by which the user can prove to the authentication server that he has the password without having to send the password to the server as either cleartext or in encrypted format. Thus the user can authenticate himself without having to actually reveal the password to the server. Also, another version of this protocol has been proposed which makes use of public key cryptography thus adding one more level of security to the protocol and enabling mutual authentication between the client & server

KawalPilkada: A Conceptual Secure ElectronicVote System Based Blockchain Technology

 Today, elections are one of the foremost important means of sustaining democracies. thanks to the opportunities brought by technology, the need of creating the elections within the physical environment is decreasing every day. Instead, the difficulty of creating elections within the electronic environment is becoming more and more popular. With the emergence of Blockchain technology, the safety of the elections within the electronic environment has also been ensured to an excellent extent. On the opposite hand, moving the election system to the electronic environment will eliminate the physical costs, make sure the election security within the authoritarian regimes by eliminating the central authority through blockchain, and increase the participation rates within the elections because people can vote from anywhere with internet access. one of the foremost important elements within the blockchain-based electoral system is that the connection between the voter and therefore the vote, in other words, user privacy. during this article, we might wish to introduce an idea of blockchain- based voting system

Bitcoin e schemi sequenziali di Hashing

Los motivos históricos y económicos que han llevado a programar el protocolo Bitcoin se encuentran en la actualidad con una interesante fase evolutiva de los algoritmos de encriptación para la identificación de datos y la transmisión de derechos, tratándose de un sistema que presenta aspectos jurídicos dignos de mención.The theme of this paper is, on purpose, recalling the definition of sequential analysis typical of Statistics where the analysis goes on forming a representative sample with no predetermination of its magnitude or numerical amount, which will depend on the result gained as the observation or the experiment are going by. The reason for this choice is depending on the very nature of the topic we aim to analyse: a new subject matter, which effect are keeping on changing, thus making quite difficult the sample abstract determination. The historical reasons that, over time, have led to the Bitcoin protocol development are nowadays having an interesting implement in the encrypting algorithm for data identification and goods transferring, a system with remarkable legal effects.Il tema di questo articolo richiama volutamente la definizione di analisi sequenziale propria delle scienze statistiche, nel cui ambito si procede formando un campione rappresentativo senza determinarne a priori l’ampiezza o la numerosità, che dipenderanno dai risultati ottenuti col progredire dell’osservazione o dell’esperimento. La ragione di questa scelta dipende dalla natura stessa del tema esaminato: si tratta di una materia nuova, in continua metamorfosi degli effetti, al punto da rendere particolarmente difficoltosa la determinazione astratta del campione di studio. Le ragioni storiche ed economiche che, nel tempo, hanno portato alla programmazione del protocollo Bitcoin hanno conoscono oggi un’interessante fase evolutiva negli algoritmi di criptazione per l’identificazione di dati e il trasferimento di diritti, un sistema che presenta risvolti giuridici degni di nota

Dynamic reputation-based trust computation in private networks

Technical Report IIIA-TR-2009-02The use of collaborative networks services in general, and web based social networks (WBSN) services in particular, is today increasing and, therefore, the protection of the resources shared by network participants is becoming a crucial need. In a collaborative network, one of the main parameters on which access control relies is represented by trust and reputation, since access to a resource may or may not be granted on the basis of the trust/reputation of the requesting node. Therefore, the calculation of the trust of the nodes becomes a very important issue, mainly in business to business (BtoB) social networks, where trustworthy nodes can increase their benefits taking profit of their good reputation in the network. In order to address this point, in this paper we propose a mechanism to dynamically compute nodes trust, based on their past behavior. The key characteristic of our proposal is that trust is computed in a private way. This is obtained by anonymizing the local log files storing information about nodes actions.Preprin

Identification Protocols in Cryptography

In this paper we examine the role of Identification Protocols in the field of Cryptography. Firstly, the rationale behind the need for Identification Protocols is discussed. Secondly, we examine, in detail, challenge-response protocols, based upon zero-knowledge proofs, that form a subset of Identification Protocols in general. Thirdly, the mathematical tools necessary for the understanding of how these protocols work is given. Finally, we discuss four main Identification Protocols: Fiat-Shamir, Feige-Fiat-Shamir, Schnorr and Guillou- Quisquater. This discussion includes the theory, practical examples and the security aspects of each protocol

A Security Architecture for Data Aggregation and Access Control in Smart Grids

We propose an integrated architecture for smart grids, that supports data aggregation and access control. Data can be aggregated by home area network, building area network and neighboring area network in such a way that the privacy of customers is protected. We use homomorphic encryption technique to achieve this. The consumer data that is collected is sent to the substations where it is monitored by remote terminal units (RTU). The proposed access control mechanism gives selective access to consumer data stored in data repositories and used by different smart grid users. Users can be maintenance units, utility centers, pricing estimator units or analyzing and prediction groups. We solve this problem of access control using cryptographic technique of attribute-based encryption. RTUs and users have attributes and cryptographic keys distributed by several key distribution centers (KDC). RTUs send data encrypted under a set of attributes. Users can decrypt information provided they have valid attributes. The access control scheme is distributed in nature and does not rely on a single KDC to distribute keys. Bobba \emph{et al.} \cite{BKAA09} proposed an access control scheme, which relies on a centralized KDC and is thus prone to single-point failure. The other requirement is that the KDC has to be online, during data transfer which is not required in our scheme. Our access control scheme is collusion resistant, meaning that users cannot collude and gain access to data, when they are not authorized to access. We theoretically analyze our schemes and show that the computation overheads are low enough to be carried out in smart grids. To the best of our knowledge, ours is the first work on smart grids, which integrates these two important security components (privacy preserving data aggregation and access control) and presents an overall security architecture in smart grids.Comment: 12 Pages, 3 figure