Privacy-Preserving & User-Auditable Pseudonym Systems. Jan Camenisch, Anja Lehmann IBM Research Zurich
|
|
- Silas Bruce
- 5 years ago
- Views:
Transcription
1 Privacy-Preserving & User-Auditable Pseudonym Systems Jan Camenisch, Anja Lehmann IBM Research Zurich
2 Motivation: How to maintain related yet distributed data? examples: social security system, ehealth different entities maintain data of citizens eventually data needs to be exchanged or correlated Laboratory Health Insurance Doctor B Alice.1210 Bob.0411 Carol.2503 Bob.0411? Bob.0411 Carol.2503 Dave.1906 simple solution: data gets associated with globally unique identifiers (e.g., US, Belgium, Sweden,...) unique identifiers are security & privacy risk no control about data exchange & usage if associated data is lost, all pieces can be linked together user is fully traceable 2
3 Local Pseudonyms & Trusted Converter user data is associated with random looking local identifiers the pseudonyms only central entity the converter can link & convert pseudonyms Converter Main Alice.1210 Hba02 7twnG Bob.0411 Carol uj sd7ab + control about data exchange from?? + if records are lost, pieces cannot be linked together Hba02 912uj sd7ab y2b4m 3
4 4 Local Pseudonyms & Trusted Converter user data is associated with random looking local identifiers the pseudonyms only central entity the converter can link & convert pseudonyms User Portal for Bob /26/2017 Unique Bob.0411 Converter Main Alice.1210 Hba02 7twnG Bob.0411 Carol uj sd7ab + control about data exchange from?? + if records are lost, pieces cannot be linked together + converter can provide audit logs to users (GDPR-requirement) converter learns all request & knows all correlations Hba02 912uj sd7ab y2b4m
5 5 Privacy-Preserving Pseudonym System (CCS 15) user data is associated with random looking local identifiers the pseudonyms only central entity the converter can link & convert pseudonyms User Portal for Bob /26/2017 Unique Bob.0411 Converter Main Alice.1210 Hba02 7twnG Bob.0411 Carol uj sd7ab + control about data exchange from?? + if records are lost, pieces cannot be linked together + converter can provide audit logs to users (GDPR-requirement) converter learns all request & knows all correlations Hba02 912uj sd7ab y2b4m
6 This work: Privacy-Preserving & User-Auditable Pseudonym System 6 user data is associated with random looking local identifiers the pseudonyms only central entity the converter can link & convert pseudonyms User Portal for Bob /26/2017 Unique Bob.0411 Converter Main Alice.1210 Hba02 7twnG Bob.0411 Carol uj sd7ab + control about data exchange from?? + if records are lost, pieces cannot be linked together + converter can provide audit logs to users (GDPR-requirement) converter learns all request & knows all correlations Hba02 912uj sd7ab y2b4m
7 (Un)linkable Pseudonyms Pseudonym Generation user, converter & server jointly derive pseudonyms from unique identifiers Converter Hba02 912uj Unique Bob.0411 previous work [CL15]: generation required converter to know user s this work: oblivious pseudonym generation triggered by user sd7ab y2b4m 7
8 (Un)linkable Pseudonyms Pseudonym Conversion only converter can link & convert pseudonyms, but does so in a blind way Converter at? blind conversion at at blind conversion request unblinding conversion response?? Hba02 912uj sd7ab y2b4m 8
9 (Un)linkable Pseudonyms Pseudonym Conversion & Audit Logs only converter can link & convert pseudonyms, but does so in a blind way every conversion triggers blind generation of audit log entry Audit Bulletin Board. 02/26/2017 Converter at? Unique Bob.0411 blind conversion audit log entries are only accessible by the affected user at at blind conversion request unblinding conversion response?? Hba02 912uj sd7ab y2b4m 9
10 (Un)linkable Pseudonyms Consistency pseudonym conversions & generatios are fully consistent conversions are transitive, unlinkable data can be aggregated Invoice for Hba02 Converter 912uj Invoice for Invoice for RtE14 Insurance 6Wz6P fx4o7 RtE14 $ $ $ sd7ab y2b4m 10
11 Our Protocol high-level idea of convertible pseudonyms adding (efficient) auditability security against active adversaries
12 High-level Idea Pseudonym Generation Core Idea Generation: X blindly computes nym i,a PRF(k,uid i ) x A pk A,sk A [1] X and U i jointly compute z i OPRF(k,uid i ) k, for each server: x A, x B, x C, C nym [3] X blindly computes nym i,a C nym C nym xa nym i,a [4] S A decrypts pseudonym nym i,a Dec(sk A,C nym ) [2] Ui encrypts z i for S A C nym Enc(pk A,z i ) z i C nym uid i 12
13 High-level Idea Pseudonym Conversion Core Idea Generation: X blindly computes nym i,a PRF(k,uid i ) x A Conversion: X blindly computes nym i,b nym i,a xb / xa [1] S A encrypts nym i,a under S B 's key C Enc(pk B, nym i,a ) C, S B, qid pk A,sk A nym i,a k, for each server: x A, x B, x C, C', S A, qid [2] X blindly transforms encrypted pseudonym C' C Δ with Δ = x B / x A C = Enc(pk B, nym i,a ) x B / xa C ' = Enc(pk B, PRF(k,uid i ) x A ) x B / xa C ' = Enc(pk B, PRF(k,uid i ) x B ) C = Enc(pk B, nym i,b ) Server B pk B,sk B nym i,b [3] S B decrypts converted pseudonym nym i,b Dec(sk B, C') 13
14 High-level Idea NymRequest NymResponse nym i,a Generation Conversion ConvRequest nym i,a ConvResponse Server B nym i,b 14
15 High-level Idea Adding Auditability usk, upk upk is randomizable encryption key upk RAND(upk) decrypt all audit ciphertexts: info Dec(usk,C*)? NymRequest, upk NymResponse, upk nym i,a, upk Generation Conversion ConvRequest, upk nym i,a, upk Audit Bulletin Board C* C* Enc(upk, info) ConvResponse, upk Server B nym i,b, upk 15
16 High-level Idea Adding Efficient Auditability (via Audit Tags) decrypt ciphertext for T A : info Dec(usk,C*) usk, upk, {T A } NymRequest, upk, C T C T Enc(pk A, T A ) for random T A NymResponse, upk, C T nym i,a, upk, T A T A Dec(sk A, C T ) Generation Conversion ConvRequest, upk, T A nym i,a, upk, T A Audit Bulletin Board T A, C* C* Enc(upk, info) ConvResponse, upk Server B nym i,b, upk 16
17 High-level Idea Adding Efficient Auditability (via Audit Tags) usk, upk, {T A, T A, } decrypt ciphertext for T A : info Dec(usk,C*) C T Enc(pk A, T A ) for random T A get new audit tags for T A : T A Dec(usk, C* TA ) NymRequest, upk, C T NymResponse, upk, C T nym i,a, upk, T A T A Dec(sk A, C T ) Generation Conversion ConvRequest, upk, T A, C* TA nym i,a, upk, T A Audit Bulletin Board T A, C* Tag Chain: T A, C* TA C* Enc(upk, info) ConvResponse, upk T A C* TA Enc(upk, T A ) for random T A Server B nym i,b, upk 17
18 High-level Idea Adding Efficient Auditability (via Audit Tags) usk, upk, {T A, T A, T B } decrypt ciphertext for T A : info Dec(usk,C*) C T Enc(pk A, T A ) for random T A get new audit tags for T A : T A Dec(usk, C* TA ) T B Dec(usk, C* TB ) NymRequest, upk, C T NymResponse, upk, C T nym i,a, upk, T A T A Dec(sk A, C T ) Generation Conversion ConvRequest, upk, T A, C* TA nym i,a, upk, T A Audit Bulletin Board T A, C* Tag Chain: T A, C* TA T A, C* TB C* Enc(upk, info) ConvResponse, upk C* TB T A C* TA Enc(upk, T A ) for random T A Server B nym i,b, upk, T B C* TB Enc(upk, T B ) for random T B 18
19 High-level Idea Security against Active Adversaries decrypt ciphertext for T A : info Dec(usk,C*) get new audit tags for T A : T A Dec(usk, C* TA ) T B Dec(usk, C* TB ) usk, upk, {T A, T A, T B } C T Enc(pk A, T A ) for random T A NymRequest, upk, C T NymResponse, upk, C T Signature scheme for homomorphic encodings nym i,a, upk, T A T A Dec(sk A, C T ) Generation Conversion ConvRequest, upk, T A, C* TA, π A nym i,a, upk, T A Audit Bulletin Board T A, C* Tag Chain: T A, C* TA T A, C* TB C* Enc(upk, info) ConvResponse, upk C* TB T A C* TA Enc(upk, T A ) for random T A Server B nym i,b, upk, T B C* TB Enc(upk, T B ) for random T B 19
20 (Un)linkable & Auditable Pseudonyms Security & Efficiency provably secure construction in the Universal Composability (UC) framework based on homomorphic encryption scheme (ElGamal encryption) homomorphic encryption scheme with re-randomizable public keys (ElGamal-based) oblivious pseudorandom function with committed outputs (based on Dodis-Yampolskiy-PRF) signature scheme for homomorphic encoding functions (based on Groth signature scheme) zero-knowledge proofs (Fiat-Shamir NIZKs) commitment scheme (ElGamal based) secure against actively corrupt users & servers, and honest-but-curious converter concrete instantiation ~50ms computational time per party for conversion 20
21 (Un)linkable & Auditable Pseudonyms Summary pseudonym scheme for (un)linkable data storage with controlled & auditable data exchange pseudonyms can only be linked via a central, but oblivious converter oblivious converter blindly generates user-centric audit logs conversions & audit logs are done in a blind way converter must not be a trusted entity paradigm shift: unlinkability per default, linkability only when necessary Thanks! Questions? anj@zurich.ibm.com 21
22 (Un)linkable & Auditable Pseudonyms Efficiency
23 (Un)linkable Pseudonyms Corruption Model Audit Bulletin Board Converter? Hba02 912uj Unique Bob.0411 sd7ab y2b4m servers and users can be fully corrupt converter at most honest-but-curious 23
24 (Un)linkable Pseudonyms Consistency pseudonym generation is deterministic & consistent with blind conversion Converter Hba02 912uj Unique Bob.0411 sd7ab y2b4m 24
25 (Un)linkable Pseudonyms Consistency pseudonym conversions are transitive, unlinkable data can be aggregated Invoice for Hba02 Converter 912uj Invoice for Invoice for RtE14 Insurance 6Wz6P fx4o7 RtE14 $ $ $ sd7ab y2b4m 25
Privacy-Enhancing Technologies: Anonymous Credentials and Pseudonym Systems. Anja Lehmann IBM Research Zurich
Privacy-Enhancing Technologies: Anonymous Credentials and Pseudonym Systems Anja Lehmann IBM Research Zurich ROADMAP Anonymous Credentials privacy-preserving (user) authentication Pseudonym Systems privacy-preserving
More informationCryptography 4 People
ZISC Lunch Seminar, ETH Zurich, March 15, 2017 Cryptography 4 People bases Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch Facts We
More informationCryptography 4 People
International Workshop on Inference & Privacy in a Hyperconnected World 2016 Cryptography 4 People Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch
More informationPrivacy-Enhancing Technologies & Applications to ehealth. Dr. Anja Lehmann IBM Research Zurich
Privacy-Enhancing Technologies & Applications to ehealth Dr. Anja Lehmann IBM Research Zurich IBM Research Zurich IBM Research founded in 1945 employees: 3,000 12 research labs on six continents IBM Research
More informationDirections in Security Research
Directions in Security Research Jan Camenisch IBM Research Zurich jca@zurich.ibm.com @JanCamenisch ibm.biz/jancamenisch Facts 33% of cyber crimes, including identity theft, take less time than to make
More informationDirect Anonymous Attestation
Direct Anonymous Attestation Revisited Jan Camenisch IBM Research Zurich Joint work with Ernie Brickell, Liqun Chen, Manu Drivers, Anja Lehmann. jca@zurich.ibm.com, @JanCamenisch, ibm.biz/jancamenisch
More informationForschungsrichtungen in der IT-Sicherheit
Forschungsrichtungen in der IT-Sicherheit Dr. Jan Camenisch Principle Researcher; Member, IBM Academy of Technology IBM Research Zurich jca@zurich.ibm.com @JanCamenisch ibm.biz/jancamenisch Facts 33% of
More informationUnbounded Inner Product Functional Encryption from Bilinear Maps ASIACRYPT 2018
Unbounded Inner Product Functional Encryption from Bilinear Maps ASIACRYPT 2018 Junichi Tomida (NTT), Katsuyuki Takashima (Mitsubishi Electric) Functional Encryption[OʼNeill10, BSW11] msk Bob f(x) sk f
More informationAnonymous Credentials: How to show credentials without compromising privacy. Melissa Chase Microsoft Research
Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research Credentials: Motivation ID cards Sometimes used for other uses E.g. prove you re over 21, or
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationImprovement of Camenisch-Neven-Shelat Oblivious Transfer Scheme
Improvement of Camenisch-Neven-Shelat Oblivious Transfer Scheme Zhengjun Cao and Hanyue Cao Department of Mathematics, Shanghai University, Shanghai, China caozhj@shu.edu.cn Abstract. In 2007, Camenisch,
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationSecure Multiparty Computation
Secure Multiparty Computation Li Xiong CS573 Data Privacy and Security Outline Secure multiparty computation Problem and security definitions Basic cryptographic tools and general constructions Yao s Millionnare
More informationFORMALIZING GROUP BLIND SIGNATURES... PRACTICAL CONSTRUCTIONS WITHOUT RANDOM ORACLES. Essam Ghadafi ACISP 2013
FORMALIZING GROUP BLIND SIGNATURES AND PRACTICAL CONSTRUCTIONS WITHOUT RANDOM ORACLES Essam Ghadafi ghadafi@cs.bris.ac.uk University of Bristol ACISP 2013 FORMALIZING GROUP BLIND SIGNATURES... OUTLINE
More informationSecurity Protections for Mobile Agents
Stephen R. Tate Dept. of Computer Science and Engineering University of North Texas Talk describes joint work with Ke Xu and Vandana Gunupudi Research supported by the National Science Foundation class
More informationAnonymous RAM. 1 Introduction. Michael Backes 1,2, Amir Herzberg 3, Aniket Kate 4, and Ivan Pryvalov 1
Anonymous RAM Michael Backes 1,2, Amir Herzberg 3, Aniket Kate 4, and Ivan Pryvalov 1 1 CISPA, Saarland University, Germany 2 MPI-SWS, Germany 3 Bar-Ilan University, Israel 4 Purdue University, USA Abstract.
More informationIdentity Mixer: From papers to pilots and beyond. Gregory Neven, IBM Research Zurich IBM Corporation
Identity Mixer: From papers to pilots and beyond Gregory Neven, IBM Research Zurich Motivation Online security & trust today: SSL/TLS for encryption and server authentication Username/password for client
More informationScratch & Vote: Self-Contained Paper-Based Cryptographic Voting
Scratch & Vote: Self-Contained Paper-Based Cryptographic Voting Ben Adida Ronald L. Rivest 30 October 2006 The Next Harvard Pres! Chain of Custody Chain of Custody /* * source * code */ 1 if (... Vendor
More informationA Decade of Direct Anonymous Attestation
A Decade of Direct Anonymous Attestation From Research to Standard and Back Jan Camenisch IBM Research Zurich Joint work with Ernie Brickell, Liqun Chen, Manu Drivers, Anja Lehmann. jca@zurich.ibm.com
More informationPhoenix: Rebirth of a Cryptographic Password-Hardening Service
Phoenix: Rebirth of a Cryptographic Password-Hardening Service Russell W.F. Lai 1,2 Christoph Egger 1 Dominique Schro der 1 Sherman S.M. Chow 2 1 Friedrich-Alexander-Universita t Erlangen-Nu rnberg University
More informationSecure Multiparty Computation: Introduction. Ran Cohen (Tel Aviv University)
Secure Multiparty Computation: Introduction Ran Cohen (Tel Aviv University) Scenario 1: Private Dating Alice and Bob meet at a pub If both of them want to date together they will find out If Alice doesn
More informationA Machine Learning Approach to Privacy-Preserving Data Mining Using Homomorphic Encryption
A Machine Learning Approach to Privacy-Preserving Data Mining Using Homomorphic Encryption Seiichi Ozawa Center for Mathematical Data Science Graduate School of Engineering Kobe University 2 What is PPDM?
More informationAn Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation
An Efficient System for Non-transferable Anonymous Credentials with ptional Anonymity Revocation Jan Camenisch IBM Research Zurich Research Laboratory CH 8803 Rüschlikon jca@zurich.ibm.com Anna Lysyanskaya
More informationSecure Multi-party Computation
Secure Multi-party Computation What it is, and why you d care Manoj Prabhakaran University of Illinois, Urbana-Champaign SMC SMC SMC conceived more than 30 years back SMC SMC conceived more than 30 years
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationDesign and Implementation of Privacy-Preserving Surveillance. Aaron Segal
1 Design and Implementation of Privacy-Preserving Surveillance Aaron Segal Yale University May 11, 2016 Advisor: Joan Feigenbaum 2 Overview Introduction Surveillance and Privacy Privacy Principles for
More informationCRYPTOGRAPHY AGAINST CONTINUOUS MEMORY ATTACKS
CRYPTOGRAPHY AGAINST CONTINUOUS MEMORY ATTACKS Yevgeniy Dodis, Kristiyan Haralambiev, Adriana Lopez-Alt and Daniel Wichs NYU NY Area Crypto Reading Group Continuous Leakage Resilience (CLR): A Brief History
More informationCPSC 467b: Cryptography and Computer Security
Outline ZKIP Other IP CPSC 467b: Cryptography and Computer Security Lecture 19 Michael J. Fischer Department of Computer Science Yale University March 31, 2010 Michael J. Fischer CPSC 467b, Lecture 19
More informationAnonymous Attestation with Subverted TPMs
Anonymous Attestation with Subverted TPMs Jan Camenisch 1, Manu Drijvers 1,2, and Anja Lehmann 1 1 IBM Research Zurich, Säumerstrasse 4, 8803 Rüschlikon, Switzerland {jca,mdr,anj}@zurich.ibm.com 2 Department
More informationMore crypto and security
More crypto and security CSE 199, Projects/Research Individual enrollment Projects / research, individual or small group Implementation or theoretical Weekly one-on-one meetings, no lectures Course grade
More informationFujitsu World Tour 2018
Fujitsu World Tour 2018 May 30, 2018 #FujitsuWorldTour 1 Copyright 2018 FUJITSU Security and Privacy of Big Data A NIST Perspective Arnab Roy Fujitsu Laboratories of America Co-Chair, NIST Big Data WG:
More informationStudy Guide for the Final Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #22 Professor M. J. Fischer April 30, 2005 1 Exam Coverage Study Guide for the Final Exam The final
More informationA Flexible Framework for Secret Handshakes
A Flexible Framework for Secret Handshakes (Multi-Party Anonymous and Un-observable Authentication) Gene Tsudik and Shouhuai Xu Abstract. In the society increasingly concerned with the erosion of privacy,
More informationPractical Anonymous Subscriptions! Alan Dunn, Jonathan Katz, Sangman Kim, Michael Lee, Lara Schmidt, Brent Waters, Emmett Witchel"
Practical Anonymous Subscriptions! Alan Dunn, Jonathan Katz, Sangman Kim, Michael Lee, Lara Schmidt, Brent Waters, Emmett Witchel" Practical Anonymous Subscriptions! Alan Dunn, Jonathan Katz, Sangman Kim,
More informationSecuring Distributed Computation via Trusted Quorums. Yan Michalevsky, Valeria Nikolaenko, Dan Boneh
Securing Distributed Computation via Trusted Quorums Yan Michalevsky, Valeria Nikolaenko, Dan Boneh Setting Distributed computation over data contributed by users Communication through a central party
More informationPolymorphic Encryption and Pseudonymization in the Dutch eid scheme. IRMA meeting, 23 September 2016
1 Polymorphic Encryption and Pseudonymization in the Dutch eid scheme Eric.Verheul@logius.nl IRMA meeting, 23 September 2016 1 2 Agenda Background on the Dutch eid scheme The Dutch eid Introduction Plateau
More informationFunctional Encryption: Deterministic to Randomized Functions from Simple Assumptions. Shashank Agrawal and David J. Wu
Functional Encryption: Deterministic to Randomized Functions from Simple Assumptions Shashank Agrawal and David J. Wu Public-Key Functional Encryption [BSW11, O N10] x f(x) Keys are associated with deterministic
More informationOne-Shot Verifiable Encryption from Lattices. Vadim Lyubashevsky and Gregory Neven IBM Research -- Zurich
One-Shot Verifiable Encryption from Lattices Vadim Lyubashevsky and Gregory Neven IBM Research -- Zurich Zero-Knowledge Proofs Zero-Knowledge Proofs Relation f(s)=t, and want to prove knowledge of s Zero-Knowledge
More informationIntroduction to Secure Multi-Party Computation
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation
More informationHomomorphic encryption (whiteboard)
Crypto Tutorial Homomorphic encryption Proofs of retrievability/possession Attribute based encryption Hidden vector encryption, predicate encryption Identity based encryption Zero knowledge proofs, proofs
More informationA Flexible Framework for Secret Handshakes
A Flexible Framework for Secret Handshakes (Multi-party Anonymous and Un-observable Authentication) Gene Tsudik 1 and Shouhuai Xu 2 1 Department of Computer Science, University of California, Irvine gts@ics.uci.edu
More informationAnonymity and Privacy
Computer Security Spring 2008 Anonymity and Privacy Aggelos Kiayias University of Connecticut Anonymity in networks Anonymous Credentials Anonymous Payments Anonymous E-mail and Routing E-voting Group,
More informationA Flexible Framework for Secret Handshakes
A Flexible Framework for Secret Handshakes (Multi-Party Anonymous and Un-observable Authentication) Gene Tsudik and Shouhuai Xu Abstract. In the society increasingly concerned with the erosion of privacy,
More informationTANDEM: Securing Keys by Using a Central Server While Preserving Privacy
TANDEM: Securing Keys by Using a Central Server While Preserving Privacy Wouter Lueks SPRING Lab, EPFL wouter.lueks@epfl.ch Brinda Hampiholi Radboud University brinda@cs.ru.nl Greg Alpár Open University
More informationPedro MMCI, Saarland University
CoinShuffle: Practical Decentralized Coin Mixing for Bitcoin [project page] [paper] @real_or_random Pedro Moreno-Sanchez @pedrorechez MMCI, Saarland University Aniket Kate @aniketpkate Introduction Alice
More informationEncrypted Data Deduplication in Cloud Storage
Encrypted Data Deduplication in Cloud Storage Chun- I Fan, Shi- Yuan Huang, Wen- Che Hsu Department of Computer Science and Engineering Na>onal Sun Yat- sen University Kaohsiung, Taiwan AsiaJCIS 2015 Outline
More informationHierarchical Attribute-based Signatures
Hierarchical Attribute-based Signatures Constantin-Cǎtǎlin Drǎgan, Daniel Gardham and Mark Manulis Surrey Centre for Cyber Security, University of Surrey, UK c.dragan@surrey.ac.uk, d.gardham@surrey.ac.uk,
More informationCryptography 4 Privacy
SuRI School of Computer and Communication Sciences EPFL Cryptography 4 Privacy Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch Facts
More informationPrivacy-Preserving Using Data mining Technique in Cloud Computing
Cis-601 Graduate Seminar Privacy-Preserving Using Data mining Technique in Cloud Computing Submitted by: Rajan Sharma CSU ID: 2659829 Outline Introduction Related work Preliminaries Association Rule Mining
More informationKey Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings
Key Exchange References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings Outlines Primitives Root Discrete Logarithm Diffie-Hellman ElGamal Shamir s Three Pass
More informationAdvanced Topics in Cryptography
Advanced Topics in Cryptography Lecture 9: Identity based encryption (IBE), Cocks scheme. Benny Pinkas page 1 1 Related papers Lecture notes from MIT http://crypto.csail.mit.edu/classes/6.876/lecture-notes.html
More informationIntegrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services
Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services David Nuñez, Isaac Agudo, and Javier Lopez Network, Information and Computer Security Laboratory (NICS Lab)
More informationHomomorphic Encryption. By Raj Thimmiah
Homomorphic Encryption By Raj Thimmiah Symmetric Key Encryption Symmetric Key Encryption Symmetric Key Encryption: XOR Gates XOR gates are the simplest way to implement symmetric key encryption XOR gates
More informationStructure-Preserving Certificateless Encryption and Its Application
SESSION ID: CRYP-T06 Structure-Preserving Certificateless Encryption and Its Application Prof. Sherman S. M. Chow Department of Information Engineering Chinese University of Hong Kong, Hong Kong @ShermanChow
More informationMaintaining the Anonymity of Direct Anonymous Attestation with Subverted Platforms MIT PRIMES Computer Science Conference October 13, 2018
Maintaining the Anonymity of Direct Anonymous Attestation with Subverted Platforms MIT PRIMES Computer Science Conference October 13, 2018 By: Ethan Mendes and Patrick Zhang Mentor: Kyle Hogan What is
More informationSTRONGER SECURITY NOTIONS FOR DECENTRALIZED TRACEABLE ATTRIBUTE-BASED SIGNATURES AND MORE EFFICIENT CONSTRUCTIONS
STRONGER SECURITY NOTIONS FOR DECENTRALIZED TRACEABLE ATTRIBUTE-BASED SIGNATURES AND MORE EFFICIENT CONSTRUCTIONS Essam Ghadafi University College London e.ghadafi@ucl.ac.uk CT-RSA 2015 STRONGER SECURITY
More informationCryptography Lecture 4. Attacks against Block Ciphers Introduction to Public Key Cryptography. November 14, / 39
Cryptography 2017 Lecture 4 Attacks against Block Ciphers Introduction to Public Key Cryptography November 14, 2017 1 / 39 What have seen? What are we discussing today? What is coming later? Lecture 3
More informationAnonymous communications and systems
Anonymous communications and systems A short introduction George Danezis Computer Security Group Computer Laboratory 1 Introducing Hiding Two strategies to safeguard assets: protect (guards, walls, safes,
More informationAn Exploration of Group and Ring Signatures
An Exploration of Group and Ring Signatures Sarah Meiklejohn February 4, 2011 Abstract Group signatures are a modern cryptographic primitive that allow a member of a specific group (e.g., the White House
More informationLecture 8: Cryptography in the presence of local/public randomness
Randomness in Cryptography Febuary 25, 2013 Lecture 8: Cryptography in the presence of local/public randomness Lecturer: Yevgeniy Dodis Scribe: Hamidreza Jahanjou So far we have only considered weak randomness
More informationScalable privacy-enhanced traffic monitoring in vehicular ad hoc networks
Scalable privacy-enhanced traffic monitoring in vehicular ad hoc networks Yi Liu1,2,3 Jie Ling 1 Qianhong Wu4,6 Bo Qin5 Presented By Khaled Rabieh Introduction & Problem Statement In traffic monitoring
More informationAttribute-based Credentials on Smart Cards
Attribute-based Credentials on Smart Cards ir. Pim Vullers p.vullers@cs.ru.nl Privacy & Identity Lab Institute for Computing and Information Sciences Digital Security SaToSS Research Meeting 28th February
More informationEfficient Non-Interactive Secure Computation
Efficient Non-Interactive Secure Computation Yuval Ishai 1, Eyal Kushilevitz 1, Rafail Ostrovsky 2, Manoj Prabhakaran 3, and Amit Sahai 2 1 Dept. of Computer Science, Technion, Haifa, Israel. 2 University
More informationNYMBLE: Blocking Misbehaving Users in Anonymizing Networks
RESEARCH ARTICLE OPEN ACCESS NYMBLE: Blocking Misbehaving Users in Anonymizing Networks 1 R.Ravikumar, 2 J.Ramesh Kumar 1 Asst.professor, Dept.of.Computer Science, Tamil University, Thanjavur-613010. 2
More informationTopology Hiding Computation on All Graphs. Rio LaVigne
Topology Hiding Computation on All Graphs by Rio LaVigne B.S. Stanford University 2015 Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements
More informationPublicly-verifiable proof of storage: a modular construction. Federico Giacon
Publicly-verifiable proof of storage: a modular construction Federico Giacon Ruhr-Universita t Bochum federico.giacon@rub.de 6th BunnyTN, Trent 17 December 2015 Proof of Storage Proof of Storage (PoS)
More informationA public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks
A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks Jan Camenisch 1, Nishanth Chandran 2, and Victor Shoup 3 1 IBM Research, work funded
More informationPlaintext Awareness via Key Registration
Plaintext Awareness via Key Registration Jonathan Herzog CIS, TOC, CSAIL, MIT Plaintext Awareness via Key Registration p.1/38 Context of this work Originates from work on Dolev-Yao (DY) model Symbolic
More informationRound-Optimal Composable Blind Signatures in the Common Reference String Model
Round-Optimal Composable Blind Signatures in the Common Reference String Model Marc Fischlin Darmstadt University of Technology, Germany marc.fischlin @ gmail.com www.fischlin.de Abstract We build concurrently
More informationFoundations of Cryptography CS Shweta Agrawal
Foundations of Cryptography CS 6111 Shweta Agrawal Course Information 4-5 homeworks (20% total) A midsem (25%) A major (35%) A project (20%) Attendance required as per institute policy Challenge questions
More informationUsing Blockchain for Consent and Access to Private and Sensitive Data in the GDPR Environment
Using Blockchain for Consent and Access to Private and Sensitive Data in the GDPR Environment Gary Leeming, Chief Technology Officer Connected Health Cities, University of Manchester 1 Connected Health
More informationCIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products
CIAM: Need for Identity Governance & Assurance Yash Prakash VP of Products Key Tenets of CIAM Solution Empower consumers, CSRs & administrators Scale to millions of entities, cloud based service Security
More informationGeneric Transformation of a CCA2-Secure Public-Key Encryption Scheme to an eck-secure Key Exchange Protocol in the Standard Model
Generic Transformation of a CCA2-Secure Public-Key Encryption Scheme to an eck-secure Key Exchange Protocol in the Standard Model Janaka Alawatugoda Department of Computer Engineering University of Peradeniya,
More informationCryptanalysis of a Universally Verifiable Efficient Re-encryption Mixnet
Cryptanalysis of a Universally Verifiable Efficient Re-encryption Mixnet Shahram Khazaei, khazaei@kth.se Björn Terelius, terelius@kth.se Douglas Wikström, dog@csc.kth.se February 24, 2012 Abstract We study
More informationLecture 9. Anonymity in Cryptocurrencies
Lecture 9 Anonymity in Cryptocurrencies Some say Bitcoin provides anonymity Bitcoin is a secure and anonymous digital currency WikiLeaks donations page Others say it doesn t Bitcoin won't hide you from
More informationStrong Privacy for RFID Systems from Plaintext-Aware Encryption
Strong Privacy for RFID Systems from Plaintext-Aware Encryption Khaled Ouafi and Serge Vaudenay ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE http://lasec.epfl.ch/ supported by the ECRYPT project SV strong
More informationPrivacy-Preserving Personal Information Management
1 / 25 Privacy-Preserving Personal Information Management Mohamed Layouni PhD Oral Defense School of Computer Science, McGill University 2 / 25 Main Focus of this Work Designing protocols that are : Secure
More informationAnonymous communication with on-line and off-line onion encoding
Anonymous communication with on-line and off-line onion encoding Marek Klonowski, Mirosław Kutyłowski, and Filip Zagórski Institute of Mathematics, Wrocław University of Technology, Marek.Klonowski@im.pwr.wroc.pl
More informationSecurity & Indistinguishability in the Presence of Traffic Analysis
Security & Indistinguishability in the Presence of Traffic Analysis Cristina Onete 1 Daniele Venturi 2 1 Darmstadt University of Technology & CASED, Germany www.minicrypt.de 2 SAPIENZA University of Rome,
More informationModelling and Automatically Analysing Privacy Properties for Honest-but-Curious Adversaries
Modelling and Automatically Analysing Privacy Properties for Honest-but-Curious Adversaries Andrew Paverd Department of Computer Science University of Oxford andrew.paverd@cs.ox.ac.uk Andrew Martin Department
More informationCourse Map. COMP 7/8120 Cryptography and Data Security. Learning Objectives. How to use PRPs (Block Ciphers)? 2/14/18
Course Map Key Establishment Authenticated Encryption Key Management COMP 7/8120 Cryptography and Data Security Lecture 8: How to use Block Cipher - many time key Stream Ciphers Block Ciphers Secret Key
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 El Gamal Encryption RSA Encryption Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More information1 A Tale of Two Lovers
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Dec. 12, 2006 Lecture Notes 19 (expanded): Secure Two-Party Computation Recommended Reading. Goldreich Volume II 7.2.2, 7.3.2, 7.3.3.
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationSoftware Security and Intro to Cryptography
CSE 484 / CSE M 584 (Spring 2012) Software Security and Intro to Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet
More informationRound-Optimal Password-Protected Secret Sharing and T-PAKE in the Password-Only Model
Round-Optimal Password-Protected Secret Sharing and T-PAKE in the Password-Only Model Stanislaw Jarecki 1, Aggelos Kiayias 2, and Hugo Krawczyk 3 1 University of California Irvine, stasio@ics.uci.edu 2
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 Public-Key Encryption: El-Gamal, RSA Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationProblem: Equivocation!
Bitcoin: 10,000 foot view Bitcoin and the Blockchain New bitcoins are created every ~10 min, owned by miner (more on this later) Thereafter, just keep record of transfers e.g., Alice pays Bob 1 BTC COS
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationMulti-Theorem Preprocessing NIZKs from Lattices
Multi-Theorem Preprocessing NIZKs from Lattices Sam Kim and David J. Wu Stanford University Soundness: x L, P Pr P, V (x) = accept = 0 No prover can convince honest verifier of false statement Proof Systems
More informationCryptography. Lecture 12. Arpita Patra
Cryptography Lecture 12 Arpita Patra Digital Signatures q In PK setting, privacy is provided by PKE q Integrity/authenticity is provided by digital signatures (counterpart of MACs in PK world) q Definition:
More informationCollabora've, Privacy Preserving Data Aggrega'on at Scale
Collabora've, Privacy Preserving Data Aggrega'on at Scale Michael J. Freedman Princeton University Joint work with: Benny Applebaum, Haakon Ringberg, MaHhew Caesar, and Jennifer Rexford Problem: Network
More informationA new Approach for Private Searches on Public-Key Encrypted Data
A new Approach for Private Searches on Public-Key Encrypted Data Amar SIAD LAGA, UMR 7539, CNRS, Department of Mathematics, University of Paris XIII and University Paris of VIII, 2 rue de la Liberté 93526
More informationBNymble (a short paper)
BNymble (a short paper) More anonymous blacklisting at almost no cost Peter Lofgren and Nicholas Hopper University of Minnesota Abstract. Anonymous blacklisting schemes allow online service providers to
More informationCommunication Locality in Secure Multi-Party Computation
Communication Locality in Secure Multi-Party Computation How to Run Sublinear Algorithms in a Distributed Setting Elette Boyle 1, Shafi Goldwasser 2, and Stefano Tessaro 1 1 MIT CSAIL, eboyle@mit.edu,
More informationHow not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios
How not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios David Bernhard 1, Olivier Pereira 2, and Bogdan Warinschi 1 1 University of Bristol 2 Université Catholique de
More informationAttribute-based Key Exchange with General Policies
Attribute-based Key Exchange with General Policies Vladimir Kolesnikov Bell Labs kolesnikov@research.belllabs.com Alex J. Malozemoff Galois amaloz@galois.com Hugo Krawczyk IBM Research hugo@ee.technion.ac.il
More informationNotes for Lecture 14
COS 533: Advanced Cryptography Lecture 14 (November 6, 2017) Lecturer: Mark Zhandry Princeton University Scribe: Fermi Ma Notes for Lecture 14 1 Applications of Pairings 1.1 Recap Consider a bilinear e
More informationHOST Cryptography I ECE 525. Cryptography Handbook of Applied Cryptography &
Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect
More information