29/Jul/2009 Young Hoon Park.  M.Bellare, D.Micciancio, B.Warinschi, Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and.

Slides:

Advertisements

Similar presentations

A Crash Course in Modern Crypto Tools Dan Boneh Stanford University.

Advertisements

Wenmao Liu Harbin Institute of Technology China. Outline ITS & VANETs Security Issues and Solutions An autonomous architecture Conclusion.

Chapter 14 – Authentication Applications

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Privacy in signatures. Hiding in rings, hiding in groups.

This document and the information therein are the property of Morpho, They must not be copied or communicated to a third party without the prior written.

Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

Securing Vehicular Communications Author ： Maxim Raya, Panos Papadimitratos, and Jean-Pierre Hubaux From ： IEEE Wireless Communications Magazine, Special.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Public Key Management and X.509 Certificates

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Secure Vehicular Communications Speaker: Xiaodong Lin University of Waterloo

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

Information Security of Embedded Systems : Public Key Cryptosystems, Communication Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

A New Life for Group Signatures Dan Boneh Stanford University.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

An Efficient and Spontaneous Privacy-Preserving Protocol for Secure Vehicular Communications Hu Xiong, Konstantin Beznosov, Zhiguang Qin, Matei Ripeanu.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.

1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Secure pseudonym generation for efficient broadcast authentication in VANETs Deepak N Ananth and Manjusha Gadiraju CSC / ECE 774.

Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.

Bob can sign a message using a digital signature generation algorithm

Chapter 10: Authentication Guide to Computer Network Security.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

An Efficient Identity-based Cryptosystem for

Privacy Issues in Vehicular Ad Hoc Networks.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

Implementation and Evaluation of Certificate Revocation List Distribution for Vehicular Ad-hoc Networks Petra Ardelean Advisor: Panos Papadimitratos.

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-

Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.

Security PGP IT352 | Network Security |Najwa AlGhamdi 1.

P2: Privacy-Preserving Communication and Precise Reward Architecture for V2G Networks in Smart Grid P2: Privacy-Preserving Communication and Precise Reward.

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

Group-based Source Authentication in VANETs You Lu, Biao Zhou, Fei Jia, Mario Gerla UCLA {youlu, zhb, feijia,

多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity Date： Reporter :Chien-Wen Huang 出處： 2008 Second International Conference on Future.

10/25/04 Security of Ad Hoc and Sensor Networks (SASN) 1/22 An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol.

Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)

A Simple Traceable Pseudonym Certificate System for RSA-based PKI SCGroup Jinhae Kim.

Computer Science Revocation and Tracing Schemes for Stateless Receivers Dalit Naor, Moni Naor, Jeff Lotspiech Presented by Attila Altay Yavuz CSC 774 In-Class.

Fair Blind Signature Based Authentication for Super Peer P2P Network Authors: Xiaoliang Wang and Xingming Sun Source: 2009, Information Technology Journal,

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

1 Compact Group Signatures Without Random Oracles Xavier Boyen and Brent Waters.

Security  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

ICICS2002, Singapore 1 A Group Signature Scheme Committing the Group Toru Nakanishi, Masayuki Tao, and Yuji Sugiyama Dept. of Communication Network Engineering.

VANETs. Agenda System Model → What is VANETs? → Why VANETs? Threats Proposed Protocol → AOSA → SPCP → PARROTS Evaluation → Entropy → Anonymity Set → Tracking.

VEHICULAR AD HOC NETWORKS GAURAV KORDE KAPIL SHARMA.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Security. Security Needs Computers and data are used by the authorized persons Computers and their accessories, data, and information are available to.

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Indian Institute Of Technology, Delhi Page 1 Enhancements in Security, Performance Modeling and Optimization in Vehicular Networks Ashwin Rao 2006SIY7513.

Security&Privacy Considerations for IP over p OCB

Author : Guilin Wang Source : Information Processing Letters

Foundations of Fully Dynamic Group Signatures

Presentation transcript:

29/Jul/2009 Young Hoon Park

 M.Bellare, D.Micciancio, B.Warinschi, Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction based on General Assumptions (Eurocrypt ’03)  B.K.Chaurasia, S.Verma, S.M.Bhasker, Message broadcast in VANETs using Group Signature (IEEE WCSN ’08)  X.Sun, X.Lin, P.H.Ho, Secure Vehicular Communications Based on Group Signature and ID-based Signature Scheme (IEEE, ICC ’07)

 Simple solution: give all users same private key …  … but, extra requirements: ◦ Ability to revoke signers when needed. ◦ Tracing Authority Key Issuer User 1 User 2 Is sig from user 1 or 2? msg sig

 D. Chaum and E. van Heyst. [EC ’91]  N. Baric and B. Pfitzman [EC ’97]  G. Ateniese, J. Camenisch, M. Joye, G. Tsudik [EC ’00]  J. Camenisch and A. Lysyanskaya. [Cr ’02]  G. Ateniese, D. Song, and G. Tsudik [FC ’02]  M. Bellare, D. Micciancio, and B. Warinschi [EC ’03]

Basic: tracing, but no revocation (static groups). Group sig system consists of four algorithms: ◦ Setup(, n) : = sec param. n = #users. output: group-pub-key ( GPK ), ( GSK 1, …, GSK n ), group-tracing key ( GTK ) ◦ Sign(M, GSK i ) : outputs group signature  on M. ◦ Verify(M, , GPK) : outputs yes or no. ◦ Trace(M, , GTK) : outputs i  {1,…,n} or fail.

 Applications ◦ Trusted Computing ◦ Vehicle Safety Communication  Issues ◦ Revocation Mechanism ◦ Traceability

 Type 0 ◦ For each revocation event, generate new GPK. ◦ Give each unrevoked user its new private key.  Type 1 ◦ For each revocation event, send a short broadcast message RL to all signers and all verifiers.  (GPK old, RL)  GPK new  (GSK i, old, RL)  GSK i, new  Type 2 ◦ For each revocation, send RL to verifiers only.  Verify(GPK, (m,  ), RL)

 Type 0 ◦ No tracing possible  Type 1 ◦ Given a black box signing device, can identify at least one number of coalition that created device.  Type 2 ◦ Given a signature, can identify at least one number of coalition that created signature.

 Vehicular Ad-hoc NETwork  The main goal is providing safety and comfort for passengers  Major components ◦ Road Side Units(RSUs)  are located in the critical points of the road.  communicates with vehicles. ◦ On Board Units(OBUs)  The communication devices on the vehicles

 Message spoofing  Message replay attack  Integrity attack  Impersonation attack  Denial of service  Movement tracking

 Integrity and source authentication  Vehicle anonymity  RSU ID Exposure  Vehicle ID Traceability  Efficiency  Robustness

 RSU does not need anonymity  Hence, the public key based digital signatures are used.  Message format for RSU

 The main challenge of communications is contradiction between anonymity and traceability.  The straightforward solutions ◦ Anonymous certificate ◦ Signatures should be saved in the central manager.  Problems ◦ It is difficult to maintain. ◦ It is inefficient to trace back to the real identities.  Proposed solution ◦ Using group signature (RSA based)

 Key setup ◦ Group manager’s private key : only GM knows. ◦ Group public key : shared to all members.  Membership registration ◦ Make individual private key  Shared to each member and GM ◦ Generate and send the user public key. private key Individual, Group public key

 Signing ◦ Message is signed with not only user’s private key, but also public key and group public key  Verification ◦ Signed message can be verified with group public key. ◦ Only group member can verify ◦ Only group member’s signature can be verified.  Recover ◦ Performed by the group manager. ◦ After the operation, the sender’s public key is revealed.

 Membership revocation ◦ The examples of the case  The vehicle is compromised  ID and private keys are identified by the law authority. ◦ The group manager have to change the public key. ◦ Two ways of changing public key  GM makes all unrevoked users update the new public key.  Verifier Local Revocation

 Average Delay ◦  Average Loss Ratio ◦

 Group signature should provide not only the integrity of message and the anonymity, but also the traceability and member’s revocation.  VANET is one of the applications of group signature to support vehicles’ security and privacy.  However, algorithm of revocation should be developed for the efficiency.