Cryptography 4 People
|
|
- Alvin Stone
- 5 years ago
- Views:
Transcription
1 International Workshop on Inference & Privacy in a Hyperconnected World 2016 Cryptography 4 People Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research ibm.biz/jancamenisch
2 Facts We increasingly conduct our daily task electronically, in an increasingly electronic environment, and...are becoming increasingly vulnerable to cybercrimes 2
3 Facts 33% of cyber crimes, including identity theft, take less time than to make a cup of tea. 3
4 Facts 10 Years ago, your identity information on the black market was worth $150. Today. 4
5 Facts $4'500'000'000 cost of identity theft worldwide 5
6 Houston, we have a problem! ᄅ 6
7 Houston, we have a problem! ᄅ Buzz Aldrin's footprints are still up there (Robin Wilton) 7
8 Computers don't forget " Apps built to use & generate (too much) data " Data is stored by default " Data mining gets ever better " New (ways of) businesses using personal data " Humans forget most things too quickly " Paper collects dust in drawers 8
9 Where's all my data? The ways of data are hard to understand " Devices, operating systems, & apps are getting more complex and intertwined Mashups, Ad networks Machines virtual and realtime configured Not visible to users, and experts Data processing changes constantly " IoT makes things harder still unprotected network, devices with low footprint different operators no or small UI No control over data and far too easy to loose them 9
10 The real problem Applications are designed with the sandy beach in mind but are then built on the moon. Feature creep, security comes last, if at all Everyone can do apps and sell them Networks and systems hard not (well) protected 10
11 Security & Privacy is not a lost cause! We need paradigm shift: build stuff for the moon rather than the sandy beach! 11
12 Security & Privacy is not a lost cause! That means: " Reveal only minimal data necessary " Encrypt every bit " Attach usage policies to each bit Cryptography can do that! 12
13 Cryptography to the Aid 13
14 Vehicle-to-vehicle/infrastructure/cloud communication Secure communication requirements: Security: authenticate real vehicles to prevent attacker from disrupting traffic Privacy: impossible to track individual vehicles V2V/V2I: high message frequency, low communication bandwidth V2Cloud: less resource-critical 14
15 privacy Anonymous authentication with classical crypto same signing key built into all vehicles perfect privacy bad security: key compromised revoke all vehicles same key in batches of vehicles poor privacy: only anonymous within batch poor security: only anonymous security 15 Car2Car online pseudonym authority: authority becomes security/efficiency bottleneck vehicles have to store/fetch fresh pseudonyms different signing key in each vehicle good security no privacy: vehicles traceable by their public keys
16 Privacy ABCs in V2V: privacy and security can co-exist Different key ( credential ) in each vehicle, can be individually revoked optimal privacy optimal security Offline authority (or multiple) can de-anonymize signatures Vehicles can locally self-certify pseudonyms no server interaction needed optionally limit number of pseudonyms per vehicle/day/... Big challenge: efficiency (signature size + computation) 16
17 Privacy-ABCs Identity Mixer 17
18 Privacy-protecting authentication with Privacy ABCs Users' Keys: " One secret Identity (secret key) " Many Public Pseudonyms (public keys) " Variation: domain pseudonym unique per domain use a different identity for each communication partner or even transaction 18
19 Privacy-protecting authentication with Privacy ABCs Certified attributes from Identity provider " Issuing a credential Name = Alice Doe Birth date = April 3,
20 Privacy-protecting authentication with Privacy ABCs Certified attributes from purchasing department " Issuing a credential 20
21 Privacy-protecting authentication with Privacy ABCs I wish to see Alice in Wonderland You need: - subscription - be older than 12 21
22 Privacy-protecting authentication with Privacy ABCs Proving identity claims " but does not send credentials " only minimal disclosure - valid subscription - eid with age 12 22
23 Proving Identity Claims: Minimal Disclosure 23 Alice Doe Age: 12+ Hauptstr 7, Zurich CH single Exp. Valid ve r ID ified ve r ID ified Alice Doe Dec 12, 1998 Hauptstr. 7, Zurich CH single Exp. Aug 4, 2018
24 Privacy-protecting authentication with Privacy ABCs Proving identity claims " but does not send credential " only minimal disclosure (Public Verification Key of issuer) Aha, you are - older than 12 - have a subscription Transaction is not linkable to any other of Alice's transactions! 24
25 Healthcare Use Case Anonymous consultations with specialists online chat with at physician / online consultation with IBM Watson to check eligibility Alice gets a health insurance credential Insurance 1. Alice proves she has insurance 2. Alice describes symptoms 3. Alice gets credential that she is allowed to get treatment Health portal 4. Alice gets treatment from physician, hospital, etc Insurance Alice sends bill to insurance and proves that she had gotten the necessary permission for the treatment.
26 Concept: Inspection TTP If car is broken: ID with insurance needs be retrieved Can verifiably encrypt any certified attribute (optional) TTP is off-line & can be distributed to lessen trust 26
27 You might already have Identity Mixer on your devices Identity Mixer (and related protocols) in standards " TPM V1.2 (2004) and V2.0 (2015) call it Direct Anonymous Attestation " FIDO Alliance authentication is standardizing this as well (w/ and w/out chip) TPMs allow one to store secret key in a secure place! Alice 27
28 Unlinkable Identifiers for Databases [Camenisch Lehmann CCS' 15] 28
29 How to maintain related yet distributed data? Example use case: social security system " Different entities maintain data of citizens " Eventually data needs to be exchanged or correlated Health Insurance Doctor A Doctor B Hospital Pension Fund Tax Authority Welfare Center Many other different use case: IoT, Industry 4.0, Home Appliances, Metering,... 29
30 Globally Unique Identifier " user data is associated with globally unique identifier e.g., social security number, insurance ID Doctor A ID Data Alice.1210 " different entities can easily share & link related data records Bob.0411 Record of Bob.0411? Carol.2503 Hospital ID Data Bob.0411 Carol.2503 Dave
31 Globally Unique Identifier " user data is associated with globally unique identifier e.g., social security number, insurance ID Doctor A ID Data Alice.1210 " different entities can easily share & link related data records Bob.0411 Record of Bob.0411? Carol.2503 Hospital + simple data exchange no control about data exchange if records are lost, pieces can be linked together data has high-value requires strong protection 31 ID Data Bob.0411 Carol.2503 Dave.1906
32 Using Privacy-ABCs to derive Identifiers Doctor A ID Data fadl039nd d028naid8 10nziadod " Use Domain pseudonym Hospital ID Data o1anlpzad Landi1nad p1mslzna 32
33 Using Privacy-ABCs to derive Identifiers Doctor A ID Data fadl039nd d028naid8 10nziadod " Use Domain pseudonym " Needs credential to ensure consistency Hospital ID Data o1anlpzad Landi1nad p1mslzna 33
34 Using Privacy-ABCs to derive Identifiers Doctor A ID Data fadl039nd d028naid8 10nziadod " Use Domain pseudonym " Needs credential to ensure consistency Can also transfer attributes proof of ownership of pseudonym 34 Hospital ID Data o1anlpzad Landi1nad p1mslzna
35 Using Privacy-ABCs to derive Identifiers Doctor A ID Data fadl039nd d028naid8 10nziadod " Use Domain pseudonym " Needs credential to ensure consistency Can also transfer attributes proof of ownership of pseudonym " Approach also works for IoT collected data authenticate data with pseudonym & credentials Hospital ID Data o1anlpzad Landi1nad p1mslzna data exchange needs to involve user + control about data exchange + lost records are cannot be linked together 35
36 Local Pseudonyms & Trusted Converter " central converter derives independent server-local identifiers from unique identifier " user data is associated with (unlinkable) server-local identifiers aka pseudonyms " only converter can link & convert pseudonyms central hub for data exchange Doctor A ID Data Hba02 P89dy Converter Main ID ID-A ID-H Alice.1210 Hba02 7twnG Bob.0411 P89dy ML3m5 Carol uj sd7ab Dave G3wx y2b4m 912uj Hospital ID Data ML3m5 sd7ab y2b4m 36
37 Local Pseudonyms & Trusted Converter " central converter derives independent server-local identifiers from unique identifier " user data is associated with (unlinkable) server-local identifiers aka pseudonyms " only converter can link & convert pseudonyms central hub for data exchange Doctor A Record of P89dy from Hospital? ID-A ID-H Alice.1210 Hba02 7twnG Bob.0411 P89dy ML3m5 Carol uj sd7ab Dave G3wx y2b4m Data Hba02 P89dy Converter Main ID ID 912uj Record of ML3m5? Hospital ID Data ML3m5 sd7ab y2b4m 37
38 Local Pseudonyms & Trusted Converter " central converter derives independent server-local identifiers from unique identifier " user data is associated with (unlinkable) server-local identifiers aka pseudonyms " only converter can link & convert pseudonyms central hub for data exchange Doctor A Record of P89dy from Hospital? ID-A ID-H Alice.1210 Hba02 7twnG Bob.0411 P89dy ML3m5 Carol uj sd7ab Dave G3wx y2b4m Data Hba02 P89dy Converter Main ID ID 912uj Record of ML3m5? Hospital + control about data exchange + if records are lost, pieces cannot be linked together ID Data ML3m5 sd7ab y2b4m converter learns all request & knows all correlations 38
39 (Un)linkable Pseudonyms Pseudonym Generation " converter & servers jointly derive pseudonyms from unique identifiers servers do not learn unique identifiers, converter does not learn the pseudonyms P89dy Doctor A ID Data Hba02 Converter Main ID Pseudonym for Doctor A P89dy 912uj Alice.1210 Bob.0411 Carol.2503 Dave
40 (Un)linkable Pseudonyms Pseudonym Conversion " converter & servers jointly derive pseudonyms from unique identifiers servers do not learn unique identifiers, converter does not learn the pseudonyms " only converter can link & convert pseudonyms but does so in a blind way Doctor A ID Data Hba02 Converter P89dy 912uj 40
41 (Un)linkable Pseudonyms Pseudonym Conversion " converter & servers jointly derive pseudonyms from unique identifiers servers do not learn unique identifiers, converter does not learn the pseudonyms " only converter can link & convert pseudonyms but does so in a blind way Converter Record of P89dy at Hospital Doctor A Record of P89dy at Hospital Record of P89dy at Hospital blind conversion request ID Data Hba02 P89dy 912uj Hospital ID Data ML3m5 sd7ab y2b4m 41
42 (Un)linkable Pseudonyms Pseudonym Conversion " converter & servers jointly derive pseudonyms from unique identifiers servers do not learn unique identifiers, converter does not learn the pseudonyms " only converter can link & convert pseudonyms but does so in a blind way Converter Record of P89dy at Hospital Doctor A Record of P89dy at Hospital Record of P89dy at Hospital blind conversion request blind conversion Record of P89dy? ID Data Hba02 P89dy 912uj unblinding conversion response Record of P89dy? Record of ML3m5? Hospital ID Data ML3m5 sd7ab y2b4m 42
43 (Un)linkable Pseudonyms Security " converter & servers jointly derive pseudonyms from unique identifiers servers do not learn unique identifiers, converter does not learn the pseudonyms " only converter can link & convert pseudonyms but does so in a blind way Converter Record of P89dy at Hospital Doctor A Record of P89dy at Hospital Record of P89dy at Hospital blind conversion request blind conversion Record of P89dy? Hba02 P89dy 912uj Record of P89dy? + converter does not learn pseudonyms in request can not even tell if requests are for the same pseudonym + converter can not link data itself Data unblinding conversion response + control about data exchange + if records are lost, pieces cannot be linked together 43 ID Record of ML3m5? Hospital ID Data ML3m5 sd7ab y2b4m
44 (Un)linkable Pseudonyms Consistency " pseudonyms are unique & consistent generation is deterministic, injective and consistent with blind conversion P89dy Doctor A ID Data Hba02 P89dy Converter 912uj Main ID Bob.0411 ML3m5 Hospital ID Data ML3m5 sd7ab y2b4m 44
45 (Un)linkable Pseudonyms Consistency " pseudonyms are unique & consistent generation is deterministic, injective and consistent with blind conversion conversions are consistent and transitive Invoice for P89dy Doctor A ID Data Hba02 P89dy Converter 912uj Invoice for Invoice for ML3m5 RtE14 Insurance ID Data 6Wz6P $ $ $ fx4o7 RtE14 45 Hospital ID Data ML3m5 sd7ab y2b4m
46 (Un)linkable Pseudonyms Construction " security formally defined in the Universal Composability (UC) framework ideal functionality describing the optimal behaviour of such a system converter and servers can be fully corrupt " provably secure construction based on homomorphic encryption scheme (ElGamal encryption) verifiable pseudorandom function (Dodis-Yampolskiy-PRF) pseudorandom permutation ( lazy sampling ) dual-mode and standard signature schemes (AGOT+, Schnorr signatures) zero-knowledge proofs (Fiat-Shamir NIZKs with trapdoored ElGamal) 46
47 High-level Idea Pseudonym Generation " converter X and server SA jointly compute a pseudonym nymi,a for user uidi X's input: unique user-id uidi and server ID SA 1) compute global core identifier using secret key k zi PRF(k,uidi) 2) compute server-local inner pseudonym using server-specific secret key xa xnymi,a zixa Server A ka, ska xnymi,a Converter X k, skx, for each server: xa, xb, xc, 47 3) compute final pseudonym using a secret key ka nymi,a PRP(kA,xnymi,A)
48 High-level Idea Pseudonym Conversion " server SA wishes to convert a pseudonym nymi,a for server SB SA's input: nymi,a, SB, qid Server A ka,ska Server B kb,skb Converter X k, skx, for each server: xa, xb, xc, 48
49 High-level Idea Pseudonym Conversion " server SA wishes to convert a pseudonym nymi,a for server SB nymi,a SA's input: nymi,a, SB, qid xnymi,a = zixa Server A ka,ska Server B kb,skb Converter X k, skx, for each server: xa, xb, xc, xnymi,b = zixb nymi,b 49
50 High-level Idea Pseudonym Conversion " server SA wishes to convert a pseudonym nymi,a for server SB nymi,a PRP-1(kA, nymi,a) SA's input: nymi,a, SB, qid xnymi,a = zixa Converter X Server A ka,ska Server B kb,skb xnymi,b = xnymi,a xb /xa k, skx, for each server: xa, xb, xc, xnymi,b = zixb PRP(kB, xnymi,b) nymi,b 50
51 High-level Idea Pseudonym Conversion " server SA wishes to convert a pseudonym nymi,a for server SB SA's input: nymi,a, SB, qid 1) re-obtain xnymi,a PRP-1(kA, nymi,a) 2) encrypt xnymi,a under SB's and Converter X''s key C Enc(pkX, (Enc(pkB, xnymi,a)) C, SB, qid Server A ka,ska Server B kb,skb Converter X k, skx, for each server: xa, xb, xc, 51
52 High-level Idea Pseudonym Conversion " server SA wishes to convert a pseudonym nymi,a for server SB SA's input: nymi,a, SB, qid 1) re-obtain xnymi,a PRP-1(kA, nymi,a) 2) encrypt xnymi,a under SB's and Converter X''s key C Enc(pkX, (Enc(pkB, xnymi,a)) C, SB, qid Server A ka,ska Server B kb,skb Converter X k, skx, for each server: xa, xb, xc, 3) decrypt first layer as C' Dec(skX, C) 4) blindly transform encrypted pseudonym C'' C' Δ with Δ = xb / xa C'' = Enc(pkB, xnymi,a) xb / xa C'' = Enc(pkB, PRF(k,uidi) xa) xb / xa C'' = Enc(pkB, PRF(k,uidi) xb) C'' = Enc(pkB, xnymi,b) 52
53 High-level Idea Pseudonym Conversion " server SA wishes to convert a pseudonym nymi,a for server SB SA's input: nymi,a, SB, qid 1) re-obtain xnymi,a PRP-1(kA, nymi,a) 2) encrypt xnymi,a under SB's and Converter X''s key C Enc(pkX, (Enc(pkB, xnymi,a)) C, SB, qid Server A ka,ska Server B kb,skb Converter X k, skx, for each server: xa, xb, xc, C'', SA, qid 3) decrypt first layer as C' Dec(skX, C) 4) blindly transform encrypted pseudonym C'' C' Δ with Δ = xb / xa C'' = Enc(pkB, xnymi,a) xb / xa C'' = Enc(pkB, PRF(k,uidi) xa) xb / xa Enc(pkB, PRF(k,uidi) xb) 5) decrypt inner pseudonym xnymi,b Dec(skB, C'') 6) compute final pseudonym as nymi,b PRP(kB, xnymi,b) C'' = C'' = Enc(pkB, xnymi,b) 53
54 High-level Idea Active Corruptions Converter X xnymi,a xnymi,a PRF(k,uidi) xa Server A nymi,a PRP(kA,xnymi,A) Generation Conversion C, SB, qid Converter X C'' Dec(skX, C) xb / xa Server A C Enc(pkX, (Enc(pkB, xnymi,a)) C'', SA, qid Server B nymi,b PRP(kB,Dec(skB, C'')) 54
55 High-level Idea Active Corruptions (Server) " ensure that servers can convert only their pseudonyms Converter X xnymi,a xnymi,a PRF(k,uidi) xa Server A nymi,a PRP(kA,xnymi,A) Generation Conversion C, SB, qid Converter X C'' Dec(skX, C) xb / xa Server A C Enc(pkX, (Enc(pkB, xnymi,a)) C'', SA, qid Server B nymi,b PRP(kB,Dec(skB, C'')) 55
56 High-level Idea Active Corruptions (Server) " ensure that servers can convert only their pseudonyms generation: bind pseudonym nymi,a to server SA via server-specific signature conversion: SA proves that C contains a correctly signed pseudonym Converter X xnymi,a xnymi,a PRF(k,uidi) xa Server A nymi,a PRP(kA,xnymi,A) Generation Conversion C, SB, qid, πa Converter X C'' Dec(skX, C) xb / xa Server A C Enc(pkX, (Enc(pkB, xnymi,a)) C'', SA, qid Server B nymi,b PRP(kB,Dec(skB, C'')) 56
57 High-level Idea Active Corruptions (Server) " ensure that servers can convert only their pseudonyms generation: bind pseudonym nymi,a to server SA via server-specific signature conversion: SA proves that C contains a correctly signed pseudonym " challenge: how to sign pseudonyms in a blind conversion? Converter X xnymi,a xnymi,a PRF(k,uidi) xa Server A nymi,a PRP(kA,xnymi,A) Generation Conversion C, SB, qid, πa Converter X C'' Dec(skX, C) xb / xa Server A C Enc(pkX, (Enc(pkB, xnymi,a)) C'', SA, qid Server B nymi,b PRP(kB,Dec(skB, C'')) 57
58 High-level Idea Active Corruptions (Server) " ensure that servers can convert only their pseudonyms generation: bind pseudonym nymi,a to server SA via server-specific signature conversion: SA proves that C contains a correctly signed pseudonym " challenge: how to sign pseudonyms in a blind conversion? dual-mode signatures: signature on ciphertext, can be decrypted to signature on plaintext Converter X xnymi,a xnymi,a PRF(k,uidi) xa Server A nymi,a PRP(kA,xnymi,A) Generation Conversion C, SB, qid, πa Converter X C'' Dec(skX, C) xb / xa Server A C Enc(pkX, (Enc(pkB, xnymi,a)) C'', SA, qid Server B nymi,b PRP(kB,Dec(skB, C'')) 58
59 High-level Idea Active Corruptions (Server) " ensure that servers can convert only their pseudonyms generation: bind pseudonym nymi,a to server SA via server-specific signature conversion: SA proves that C contains a correctly signed pseudonym " challenge: how to sign pseudonyms in a blind conversion? dual-mode signatures: signature on ciphertext, can be decrypted to signature on plaintext Converter X xnymi,a xnymi,a PRF(k,uidi) xa Server A nymi,a PRP(kA,xnymi,A) Generation Conversion C, SB, qid, πa Converter X C'' Dec(skX, C) xb / xa Server A C Enc(pkX, (Enc(pkB, xnymi,a)) C'', SA, qid Server B nymi,b PRP(kB,Dec(skB, C'')) 59
60 High-level Idea Active Corruptions (Converter) " ensure consistency of pseudonyms and conversions even in the presence of a corrupt converter let converter X prove correctness of his computations via NIZKs Converter X xnymi,a xnymi,a PRF(k,uidi) xa Server A nymi,a PRP(kA,xnymi,A) Generation Conversion C, SB, qid, πa Converter X C'' Dec(skX, C) xb / xa Server A C Enc(pkX, (Enc(pkB, xnymi,a)) C'', SA, qid Server B nymi,b PRP(kB,Dec(skB, C'')) 60
61 High-level Idea Active Corruptions (Converter) " ensure consistency of pseudonyms and conversions even in the presence of a corrupt converter let converter X prove correctness of his computations via NIZKs Converter X xnymi,a,πnym xnymi,a PRF(k,uidi) xa Server A nymi,a PRP(kA,xnymi,A) Generation Conversion C, SB, qid, πa Converter X C'' Dec(skX, C) xb / xa Server A C Enc(pkX, (Enc(pkB, xnymi,a)) C'', C,πA,πX, SA, qid Server B nymi,b PRP(kB,Dec(skB, C'')) 61
62 High-level Idea Active Corruptions (Converter) " ensure consistency of pseudonyms and conversions even in the presence of a corrupt converter let converter X prove correctness of his computations via NIZKs " pseudonym generation can be anonymous or not non-anon: Server SA can verify that xnymi,a was correctly derived from uidi option important for bootstrapping / migration Converter X xnymi,a, πnym,, (uidi) xnymi,a PRF(k,uidi) xa Server A nymi,a PRP(kA,xnymi,A) Generation Conversion C, SB, qid, πa Converter X C'' Dec(skX, C) xb / xa Server A C Enc(pkX, (Enc(pkB, xnymi,a)) C'', C,πA,πX, SA, qid Server B nymi,b PRP(kB,Dec(skB, C'')) 62
63 (Un)linkable Pseudonyms Efficiency & Summary efficiency security against corrupt converter and corrupt servers: generation (X +SA): 15 exponentiations + 8 pairings conversion (X +SA+SB): 84 exponentiations + 30 pairings more efficient variant if converter is honest-but-curious (but servers fully corrupt) generation (X +SA): 7 exponentiations conversion (X +SA+SB): 40 exponentiations + 16 pairings (most exp. can be merged into multi-exponentiations) (un)linkable pseudonyms without trusted converter unlinkable data storage with controlled data exchange servers maintain data w.r.t. local, random-looking pseudonyms pseudonyms can only be linked via a central converter conversions done in a blind way converter must not be a trusted entity efficient and provably secure protocol paradigm shift: unlinkable as default, linkable only when necessary 63
64 Further Research Needed! " Securing the infrastructure & IoT ad-hoc establishment of secure authentication and communication audit-ability & privacy (where is my information, crime traces) security services, e.g., better CA, oblivious TTPs, anon. routing, " Usability HCI Infrastructure (setup, use, changes by end users) " Provably secure protocols Properly modeling protocols (UC, realistic attacks models,...) Verifiable security proofs Retaining efficiency 64
65 Further Research Needed! " Quantum Computers Lots of new crypto needed still Build apps algorithm agnostic " Towards a secure information society Society gets shaped by quickly changing technology Consequences are hard to grasp yet We must inform and engage in a dialog 65
66 Conclusion Let engage in some rocket science! " Much of the needed technology exists " need to use them & build apps for the moon " and make apps usable & secure for end users Thank you! Joint work w/ Maria Dubovitskaya, Anja Lehmann, Anna Lysyanskaya, Gregory Neven, and many many more. ibm.biz/jancamenisch
Cryptography 4 People
ZISC Lunch Seminar, ETH Zurich, March 15, 2017 Cryptography 4 People bases Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch Facts We
More informationCryptographic dimensions of Privacy
PRIVACY SUMMIT 2016 The Alain Turing Institute Cryptographic dimensions of Privacy Dr. Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch
More informationPrivacy-Preserving & User-Auditable Pseudonym Systems. Jan Camenisch, Anja Lehmann IBM Research Zurich
Privacy-Preserving & User-Auditable Pseudonym Systems Jan Camenisch, Anja Lehmann IBM Research Zurich Motivation: How to maintain related yet distributed data? examples: social security system, ehealth
More informationDirections in Security Research
Directions in Security Research Jan Camenisch IBM Research Zurich jca@zurich.ibm.com @JanCamenisch ibm.biz/jancamenisch Facts 33% of cyber crimes, including identity theft, take less time than to make
More informationPrivacy-Enhancing Technologies: Anonymous Credentials and Pseudonym Systems. Anja Lehmann IBM Research Zurich
Privacy-Enhancing Technologies: Anonymous Credentials and Pseudonym Systems Anja Lehmann IBM Research Zurich ROADMAP Anonymous Credentials privacy-preserving (user) authentication Pseudonym Systems privacy-preserving
More informationIBM Identity Mixer. Introduction Deployment Use Cases Blockchain More Features
Introduction Deployment Use Cases Blockchain More Features IBM Identity Mixer Privacy-preserving identity management and authentication for Blockchain and beyond Dr. Maria Dubovitskaya IBM Research Zurich
More informationCryptography 4 Privacy
SuRI School of Computer and Communication Sciences EPFL Cryptography 4 Privacy Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch Facts
More informationPrivacy-Enhancing Technologies & Applications to ehealth. Dr. Anja Lehmann IBM Research Zurich
Privacy-Enhancing Technologies & Applications to ehealth Dr. Anja Lehmann IBM Research Zurich IBM Research Zurich IBM Research founded in 1945 employees: 3,000 12 research labs on six continents IBM Research
More informationIBM Identity Mixer. Authentication without identification. Introduction Demo Use Cases Features Overview Deployment
Introduction Demo Use Cases Features Overview Deployment IBM Identity Mixer Authentication without identification Jan Camenisch, Maria Dubovitskaya, Peter Kalambet, Anja Lehmann, Gregory Neven, Franz-Stefan
More informationPrivacy in an Electronic World A Lost Cause?
InfoSec 2015 Summer School on Information Security Bilbao Privacy in an Electronic World A Lost Cause? Dr. Jan Camenisch Cryptography & Privacy Principal Research Staff Member Member, IBM Academy of Technology
More informationForschungsrichtungen in der IT-Sicherheit
Forschungsrichtungen in der IT-Sicherheit Dr. Jan Camenisch Principle Researcher; Member, IBM Academy of Technology IBM Research Zurich jca@zurich.ibm.com @JanCamenisch ibm.biz/jancamenisch Facts 33% of
More informationCryptography for People
CySeP2015 Winter School on Cyber Security & Privacy KTH Stockholm Cryptography for People Dr. Jan Camenisch Cryptography & Privacy Principal Research Staff Member Member, IBM Academy of Technology jca@zurich.ibm.com
More informationDirect Anonymous Attestation
Direct Anonymous Attestation Revisited Jan Camenisch IBM Research Zurich Joint work with Ernie Brickell, Liqun Chen, Manu Drivers, Anja Lehmann. jca@zurich.ibm.com, @JanCamenisch, ibm.biz/jancamenisch
More informationIdentity Mixer: From papers to pilots and beyond. Gregory Neven, IBM Research Zurich IBM Corporation
Identity Mixer: From papers to pilots and beyond Gregory Neven, IBM Research Zurich Motivation Online security & trust today: SSL/TLS for encryption and server authentication Username/password for client
More informationAnonymous Credentials: How to show credentials without compromising privacy. Melissa Chase Microsoft Research
Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research Credentials: Motivation ID cards Sometimes used for other uses E.g. prove you re over 21, or
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationAttribute-based Credentials on Smart Cards
Attribute-based Credentials on Smart Cards ir. Pim Vullers p.vullers@cs.ru.nl Privacy & Identity Lab Institute for Computing and Information Sciences Digital Security SaToSS Research Meeting 28th February
More informationKey Protection for Endpoint, Cloud and Data Center
Key Protection for Endpoint, Cloud and Data Center ENCRYPTION IS ONLY AS SECURE AS ITS LEAST SECURE KEY Encryption is undoubtedly one of the pillars of information security. It is used everywhere today:
More informationU-Prove Technology Overview
U-Prove Technology Overview November 2010 TOC Introduction Community Technology Preview Additional Capabilities RSA Demo Conclusion 2 Introduction History U-Prove well established in academia Patent portfolio
More informationPrivacy with attribute-based credentials ABC4Trust Project. Fatbardh Veseli
Privacy with attribute-based credentials ABC4Trust Project Fatbardh Veseli Deutsche Telekom Chair for Mobile Business and Multilateral Security Goethe University Frankfurt, Germany fatbardh.veseli@m-chair.de
More informationA Decade of Direct Anonymous Attestation
A Decade of Direct Anonymous Attestation From Research to Standard and Back Jan Camenisch IBM Research Zurich Joint work with Ernie Brickell, Liqun Chen, Manu Drivers, Anja Lehmann. jca@zurich.ibm.com
More informationTrusted Computing: Introduction & Applications
Trusted Computing: Introduction & Applications Lecture 5: Remote Attestation, Direct Anonymous Attestation Dr. Andreas U. Schmidt Fraunhofer Institute for Secure Information Technology SIT, Darmstadt,
More informationCovert Identity Information in Direct Anonymous Attestation (DAA)
Covert Identity Information in Direct Anonymous Attestation (DAA) Carsten Rudolph Fraunhofer Institute for Secure Information Technology - SIT, Rheinstrasse 75, Darmstadt, Germany, Carsten.Rudolph@sit.fraunhofer.de
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationICS 180 May 4th, Guest Lecturer: Einar Mykletun
ICS 180 May 4th, 2004 Guest Lecturer: Einar Mykletun 1 Symmetric Key Crypto 2 Symmetric Key Two users who wish to communicate share a secret key Properties High encryption speed Limited applications: encryption
More information1 A Tale of Two Lovers
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Dec. 12, 2006 Lecture Notes 19 (expanded): Secure Two-Party Computation Recommended Reading. Goldreich Volume II 7.2.2, 7.3.2, 7.3.3.
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationScalable privacy-enhanced traffic monitoring in vehicular ad hoc networks
Scalable privacy-enhanced traffic monitoring in vehicular ad hoc networks Yi Liu1,2,3 Jie Ling 1 Qianhong Wu4,6 Bo Qin5 Presented By Khaled Rabieh Introduction & Problem Statement In traffic monitoring
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationPrivacy Privacy Preserving Authentication Schemes: Theory and Applications
Privacy Privacy Preserving Authentication Schemes: Theory and Applications 18 th Infocom World, Athens, Greece, 2016 Yannis C. Stamatiou Computer Technology Institute & Press Diophantus and Business Administration
More informationProf. Christos Xenakis
From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis H2020 Clustering
More informationStructure-Preserving Certificateless Encryption and Its Application
SESSION ID: CRYP-T06 Structure-Preserving Certificateless Encryption and Its Application Prof. Sherman S. M. Chow Department of Information Engineering Chinese University of Hong Kong, Hong Kong @ShermanChow
More informationProf. Christos Xenakis
From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis SAINT Workshop
More informationNigori: Storing Secrets in the Cloud. Ben Laurie
Nigori: Storing Secrets in the Cloud Ben Laurie (benl@google.com) April 23, 2013 1 Introduction Secure login is something we would clearly like, but achieving it practically for the majority users turns
More informationAnonymity. Assumption: If we know IP address, we know identity
03--4 Anonymity Some degree of anonymity from using pseudonyms However, anonymity is always limited by address TCP will reveal your address address together with ISP cooperation Anonymity is broken We
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationDYNAMIC PRIVACY PROTECTING SHORT GROUP SIGNATURE SCHEME
DYNAMIC PRIVACY PROTECTING SHORT GROUP SIGNATURE SCHEME Ashy Eldhose 1 and Thushara Sukumar 2 1 Student, Department of Computer Science and Engineering, MBITS Nellimattom 2 Assistant Professor, Department
More informationIRMA: I Reveal My Attributes
IRMA: I Reveal My Attributes Roland van Rijswijk - Deij roland.vanrijswijk@surfnet.nl rijswijk@cs.ru.nl Project partners 2 What is an attribute? An attribute is a property of a person: Full name Date of
More informationCS 425 / ECE 428 Distributed Systems Fall 2017
CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy) Dec 5, 2017 Lecture 27: Security All slides IG Security Threats Leakage Unauthorized access to service or data E.g., Someone knows your
More informationk Anonymous Private Query Based on Blind Signature and Oblivious Transfer
Edith Cowan University Research Online International Cyber Resilience conference Conferences, Symposia and Campus Events 2011 k Anonymous Private Query Based on Blind Signature and Oblivious Transfer Russell
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationImprovement of Camenisch-Neven-Shelat Oblivious Transfer Scheme
Improvement of Camenisch-Neven-Shelat Oblivious Transfer Scheme Zhengjun Cao and Hanyue Cao Department of Mathematics, Shanghai University, Shanghai, China caozhj@shu.edu.cn Abstract. In 2007, Camenisch,
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationShort-term Linkable Group Signatures with Categorized Batch Verification
Short-term Linkable Group Signatures with Categorized Batch Verification Lukas Malina 1, Jordi Castella-Rocà 2, Arnau Vives-Guasch 2, Jan Hajny 1 1 Department of Telecommunications Faculty of Electrical
More informationOn the Revocation of U-Prove Tokens
On the Revocation of U-Prove Tokens Christian Paquin, Microsoft Research September nd 04 U-Prove tokens provide many security and privacy benefits over conventional credential technologies such as X.509
More informationECA Trusted Agent Handbook
Revision 8.0 September 4, 2015 Introduction This Trusted Agent Handbook provides instructions for individuals authorized to perform personal presence identity verification of subscribers enrolling for
More informationWorksheet - Reading Guide for Keys and Passwords
Unit 2 Lesson 15 Name(s) Period Date Worksheet - Reading Guide for Keys and Passwords Background Algorithms vs. Keys. An algorithm is how to execute the encryption and decryption and key is the secret
More informationChapter 10: Key Management
Chapter 10: Key Management Session and Interchange Keys Key Exchange Key Generation Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #10-1 Overview Key exchange Session
More informationDesign and Implementation of Privacy-Preserving Surveillance. Aaron Segal
1 Design and Implementation of Privacy-Preserving Surveillance Aaron Segal Yale University May 11, 2016 Advisor: Joan Feigenbaum 2 Overview Introduction Surveillance and Privacy Privacy Principles for
More informationPhoenix: Rebirth of a Cryptographic Password-Hardening Service
Phoenix: Rebirth of a Cryptographic Password-Hardening Service Russell W.F. Lai 1,2 Christoph Egger 1 Dominique Schro der 1 Sherman S.M. Chow 2 1 Friedrich-Alexander-Universita t Erlangen-Nu rnberg University
More informationAuthentication with Privacy for Connected Cars - A research perspective -
Authentication with Privacy for Connected Cars - A research perspective - Mark Manulis Surrey Centre for Cyber Security, Deputy-Director Department of Computer Science University of Surrey sccs.surrey.ac.uk
More informationPractical Anonymous Subscriptions! Alan Dunn, Jonathan Katz, Sangman Kim, Michael Lee, Lara Schmidt, Brent Waters, Emmett Witchel"
Practical Anonymous Subscriptions! Alan Dunn, Jonathan Katz, Sangman Kim, Michael Lee, Lara Schmidt, Brent Waters, Emmett Witchel" Practical Anonymous Subscriptions! Alan Dunn, Jonathan Katz, Sangman Kim,
More informationThe security challenge in a mobile world
The security challenge in a mobile world Contents Executive summary 2 Executive summary 3 Controlling devices and data from the cloud 4 Managing mobile devices - Overview - How it works with MDM - Scenario
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: Anonymity Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationCS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD
ERIK JONSSON SCHOOL OF ENGINEERING & COMPUTER SCIENCE Cyber Security Research and Education Institute CS 6324: Information Security Dr. Junia Valente Department of Computer Science The University of Texas
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationBuilding on existing security
Building on existing security infrastructures Chris Mitchell Royal Holloway, University of London http://www.isg.rhul.ac.uk/~cjm 1 Acknowledgements This is joint work with Chunhua Chen and Shaohua Tang
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationFujitsu World Tour 2018
Fujitsu World Tour 2018 May 30, 2018 #FujitsuWorldTour 1 Copyright 2018 FUJITSU Security and Privacy of Big Data A NIST Perspective Arnab Roy Fujitsu Laboratories of America Co-Chair, NIST Big Data WG:
More informationDigital Cash Systems
Digital Cash Systems Xiang Yin Department of Computer Science McMaster University December 1, 2010 Outline 1 Digital Cash 2 3 4 5 Digital Cash Overview Properties Digital Cash Systems Digital Cash Digital
More informationHIPAA AND SECURITY. For Healthcare Organizations
HIPAA AND EMAIL SECURITY For Healthcare Organizations Table of content Protecting patient information 03 Who is affected by HIPAA? 06 Why should healthcare 07 providers care? Email security & HIPPA 08
More informationAPPLICATIONS AND PROTOCOLS. Mihir Bellare UCSD 1
APPLICATIONS AND PROTOCOLS Mihir Bellare UCSD 1 Some applications and protocols Internet Casino Commitment Shared coin flips Threshold cryptography Forward security Program obfuscation Zero-knowledge Certified
More informationLecture Notes 14 : Public-Key Infrastructure
6.857 Computer and Network Security October 24, 2002 Lecture Notes 14 : Public-Key Infrastructure Lecturer: Ron Rivest Scribe: Armour/Johann-Berkel/Owsley/Quealy [These notes come from Fall 2001. These
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationKey Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings
Key Exchange References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings Outlines Primitives Root Discrete Logarithm Diffie-Hellman ElGamal Shamir s Three Pass
More informationAn Introduction to Trusted Platform Technology
An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK Siani_Pearson@hp.com Content What is Trusted Platform technology and TCPA? Why is Trusted Platform technology
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationCryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1
Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationLecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24
Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable for authentication of sender Lecturers: Mark D. Ryan and David Galindo.
More informationSecuring Distributed Computation via Trusted Quorums. Yan Michalevsky, Valeria Nikolaenko, Dan Boneh
Securing Distributed Computation via Trusted Quorums Yan Michalevsky, Valeria Nikolaenko, Dan Boneh Setting Distributed computation over data contributed by users Communication through a central party
More informationOverview. Public Key Algorithms I
Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012
Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2012 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationSecure Multiparty Computation
Secure Multiparty Computation Li Xiong CS573 Data Privacy and Security Outline Secure multiparty computation Problem and security definitions Basic cryptographic tools and general constructions Yao s Millionnare
More informationIntroduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory
Introduction to Traffic Analysis George Danezis University of Cambridge, Computer Laboratory Outline Introduction to anonymous communications Macro-level Traffic Analysis Micro-level Traffic Analysis P2P
More informationAnonymous Attestation with Subverted TPMs
Anonymous Attestation with Subverted TPMs Jan Camenisch 1, Manu Drijvers 1,2, and Anja Lehmann 1 1 IBM Research Zurich, Säumerstrasse 4, 8803 Rüschlikon, Switzerland {jca,mdr,anj}@zurich.ibm.com 2 Department
More informationISA 562: Information Security, Theory and Practice. Lecture 1
ISA 562: Information Security, Theory and Practice Lecture 1 1 Encryption schemes 1.1 The semantics of an encryption scheme. A symmetric key encryption scheme allows two parties that share a secret key
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More informationSecurity and Privacy in Car2Car Adhoc Networks
Security and Privacy in Car2Car Adhoc Networks Antonio Kung Trialog www.trialog.com 15/06/2016 1 Introduction French SME Involved since 2002 in security and privacy for connected vehicles 15/06/2016 2
More informationHomomorphic encryption (whiteboard)
Crypto Tutorial Homomorphic encryption Proofs of retrievability/possession Attribute based encryption Hidden vector encryption, predicate encryption Identity based encryption Zero knowledge proofs, proofs
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2018 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Roadmap: TPM
More informationLecture 44 Blockchain Security I (Overview)
Blockchains Architecture, Design and Use Cases Prof. Sandip Chakraborty Prof. Praveen Jayachandran Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture 44 Blockchain
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationD2.2 - Architecture for Attribute-based Credential Technologies - Final Version
D2.2 - Architecture for Attribute-based Credential Technologies - Final Version Patrik Bichsel, Jan Camenisch, Maria Dubovitskaya, Robert R. Enderlein, Stephan Krenn, Ioannis Krontiris, Anja Lehmann, Gregory
More informationChapter 13. Digital Cash. Information Security/System Security p. 570/626
Chapter 13 Digital Cash Information Security/System Security p. 570/626 Introduction While cash is used in illegal activities such as bribing money laundering tax evasion it also protects privacy: not
More informationUsing existing security infrastructures
Using existing security infrastructures Chris Mitchell Royal Holloway, University of London http://www.isg.rhul.ac.uk/~cjm 1 Acknowledgements This is joint work with Chunhua Chen and Shaohua Tang (South
More information