ANONIZE: A Large-Scale Anonymous Survey System

Slides:



Advertisements
Similar presentations
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Advertisements

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Grid Security. Typical Grid Scenario Users Resources.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.
Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Computer Science Public Key Management Lecture 5.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Chapter 4: Intermediate Protocols
Anonymous Identification in Ad Hoc Groups New York, NY, USAApril 6 th, 2004 Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup
Cryptography, Authentication and Digital Signatures
Lecture 11: Strong Passwords
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Lecture 14 ISAKMP / IKE Internet Security Association and Key Management Protocol / Internet Key Exchange CIS CIS 5357 Network Security.
Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Linkability of Some Blind Signature Schemes Swee-Huay Heng 1, Wun-She Yap 1 Khoongming Khoo 2 1 Multimedia University, 2 DSO National Laboratories.
Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle Jessica Staddon Palo Alto Research Center Brent Waters Princeton University.
Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.
Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.
Fall 2006CS 395: Computer Security1 Key Management.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
On the (im)possibility of perennial message recognition protocols without public-key cryptography Peeter Laud Cybernetica AS & University of Tartu
Key management issues in PGP
Topic 36: Zero-Knowledge Proofs
Cryptography: an overview
Cryptography: an overview
Golden Linear Group Key Agreement Protocol
Anonize “Large Scale Anonymous System”
Grid Security.
On the Size of Pairing-based Non-interactive Arguments
Cryptography Reference: Network Security
Cryptography Reference: Network Security
Secure Sockets Layer (SSL)
Information Security message M one-way hash fingerprint f = H(M)
Boneh-Franklin Identity Based Encryption Scheme
OblivP2P: An Oblivious Peer-to-Peer Content Sharing System
Digital Signatures A digital signature is a protocol that produces the same effect as a real signature: It is a mark that only the sender can make but.
Radius, LDAP, Radius used in Authenticating Users
OblivP2P: An Oblivious Peer-to-Peer Content Sharing System
Authenticated encryption
Installation & User Guide
Introduction to security goals and usage of cryptographic algorithms
Information Security message M one-way hash fingerprint f = H(M)
Course Business I am traveling April 25-May 3rd
Untraceable Electronic Mail, Return addresses, and Digital Pseudonyms
Public Key Infrastructure
0x1A Great Papers in Computer Security
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
9.2 SECURE CHANNELS Medisetty Swathy.
Information Security message M one-way hash fingerprint f = H(M)
Lecture 4 - Cryptography
Installation & User Guide
The Secure Sockets Layer (SSL) Protocol
Cryptography: an overview
Chapter 4 Cryptography / Encryption
Cryptography Reference: Network Security
Interactive Proofs and Secure Multi-Party Computation
ITIS 6200/8200 Chap 5 Dr. Weichao Wang.
PGP CSC 492 Presentation May 2, 2007 Brandon Skari Ruby Matejcik.
Presentation transcript:

ANONIZE: A Large-Scale Anonymous Survey System Susan Hohenberger :Johns Hopkins University Steven Myers : Indiana University Rafael Pass : Cornell University Abhi shelat : University of Virginia Paper cited 1 time.

Topics Requirements for Ad-hoc Surveys. Prior Work. Intro to Ad-hoc Surveys. Background Review. Ad-hoc Surveys in More Details. How Each Property is Achieved. Implementation. Performance Evaluation. Topics

Objective Enables a survey authority to independently select a group of registered users and create a survey in which only selected users can anonymously submit exactly one response.

Each user should be allowed to submit only once. Authenticity: ensuring that only the legitimate users can participate in the data collections. Anonymity: ensuring that the there is no link between the legitimate user and his/her data,even if an RA and SA are arbitrarily corrupted and in collusion, (honest feedback!) Each user should be allowed to submit only once. Yet must be anonymous! Requirements nonymitAnonymiAnokkkkkmmmmmjjjjjnymity: ensuring that the there is no link between the legitimate uty: ensuring that the there is no link between the legitimate uy: the there is no link between the legitimate user and his/her data (honest feedback!)ensuring that the therensuring that the there is no link between the legitimate user and his/her data (honest feedback!)e is no link between the legitimate user and his/her data (honest feedback!)

online product reviews. Course Evaluation. online product reviews. Whistleblowing ( Verify that a complaint comes from within the organization) Example nonymitAnonymiAnokkkkkmmmmmjjjjjnymity: ensuring that the there is no link between the legitimate uty: ensuring that the there is no link between the legitimate uy: the there is no link between the legitimate user and his/her data (honest feedback!)ensuring that the therensuring that the there is no link between the legitimate user and his/her data (honest feedback!)e is no link between the legitimate user and his/her data (honest feedback!)

Issue with Third Party. Collect usernames during submission Computer might be stolen. Happened at Cornell University. Contains sensitive data of 45,000 university members. Side Channel indicate who already filled the form (order in which students participated). Jurisdictional boundaries (No sensitive data to be stored on servers run by foreign corporations) if data stripped, No way to verify of multiple submission. nonymitAnonymiAnokkkkkmmmmmjjjjjnymity: ensuring that the there is no link between the legitimate uty: ensuring that the there is no link between the legitimate uy: the there is no link between the legitimate user and his/her data (honest feedback!)ensuring that the therensuring that the there is no link between the legitimate user and his/her data (honest feedback!)e is no link between the legitimate user and his/her data (honest feedback!)

Solution: Cryptography. No need to Trust Third Party.

Prior Work 1) Authenticate 2) Get Token 3) Participate User authenticate to server anonymously. User use token to participate on survey. 1) Authenticate 2) Get Token 3) Participate User check out single use token. Good ... as long as step 2 & 3 separated with long time. However, this make it inconvenience.

Proposed Solution: Ad-hoc survey Anyone can select group and create survey. Only those can complete the survey at most once! Survey initiator initiate survey knowing only identities (email). No further interaction required! Hence, increase user participation. nonymitAnonymiAnokkkkkmmmmmjjjjjnymity: ensuring that the there is no link between the legitimate uty: ensuring that the there is no link between the legitimate uy: the there is no link between the legitimate user and his/her data (honest feedback!)ensuring that the therensuring that the there is no link between the legitimate user and his/her data (honest feedback!)e is no link between the legitimate user and his/her data (honest feedback!)

Ad-hoc Surveys: Actor Role RA - Registration Authority (ex, University) Issue master user token. SA -Survey Authority- Course Administrator. Create Surveys. Users Provide surveys data.

Ad-hoc Surveys: Step 1(one time) Register ( e.x email) User (e.x student) 2) secret master user token (unlinkable) RA (Registration Authority) (e.x University) Token used for all surveys

Ad-hoc Surveys: Step 2 (Repeated) Choose Survey ID SA (e.x Course Administrator) Choose List of identities (e.x email)

Ad-hoc Surveys: Step 3 (Repeated) survey key + master user token = one-time token (No interaction) submit (Non interactively) User one-time token, properties: No link to student identity. For given survey, one token. Anonymous network like Tor. SA

Background: Tor (Anonymity network). Tor is free software for enabling anonymous communication. Name derived from: The Onion Router. Directs Internet traffic through a free, worldwide, volunteer network consisting of more than 6,000 relay. NSA:"the King of high-secure, low-latency Internet anonymity" with "no contenders for the throne in waiting"

Background: Commitment Scheme. Allows one to commit to a chosen value (or chosen statement) while keeping it hidden to others, with the ability to reveal the committed value later

Background: Commitment Scheme. Example: Coin flipping. Not in the same place: Alice "calls" the coin flip but only tells Bob a commitment to her call. Bob flips the coin and reports the result. Alice reveals what she committed to. Bob verifies that Alice's call matches her commitment If Alice's revelation matches the coin result Bob reported, Alice wins. If they are physically in the same place: Alice "calls" the coin flip. Bob flips the coin. If Alice's call is correct, she wins, otherwise Bob wins.

Background: Pseudo-random functions (PRF) A PRF is a seeded deterministic function that maps any input to a random looking output, assuming one has no knowledge of the seed. This is the intuition behind pseudo-random functions: Bob gives alice some random i, and Alice returns FK(i), where FK(i) is indistinguishable from a random function, that is, given any x1,...,xm,FK(x1),...,FK(xm), no adversary can predict FK(xm+1) for any xm Used for symmetric encryption.

Background:non-interactive zero-knowledge NIZK Non-interactive zero-knowledge (NIZK) proofs are a variant of zero-knowledge proofs in which no interaction is necessary between prover and verifier. Common reference string shared between the prover and the verifier is enough to achieve computational zero-knowledge without requiring interaction.

Background: Blind signature blind signature is a form of digital signature in which the content of a message is disguised (blinded) before it is signed. The resulting blind signature can be publicly verified against the original, unblinded message in the manner of a regular digital signature. Typically employed in privacy-related protocols where the signer and message author are different parties. Examples include cryptographic election systems.

Registration- More Details: Step 1(one time) 2)Register: send commitment to random seed sid PRF Provide NIZK that commitment is well formed. 1.Generate public key pair. 3) sign the commitment with its sign key (Blind signature). User (e.x student) 4) signature: master user token (unlinkable) RA (Registration Authority) (e.x University) Token used for all surveys

Ad-hoc Surveys - More Details: Step 2 (Repeated) Choose Survey ID (vid) SA (e.x Course Administrator) Choose List of identities (e.x email) called “L”

Ad-hoc Surveys - More Details: Step 3 (Repeated) submit m (Non interactively) User survey key (vid) + master user token = one-time token (No interaction)= Fsid (vid) (Evaluate PRF using seed sid with input vid ) Present NIZK proof that “it knows a signature by the RA on it’s identity id and a commitment to a seed sid”. NIZK also proof “it’s signed by the SA on it’s id (meaning id is on the L) Thereby user data is authenticated by NIZK. SA

How Each Property is Achieved. Only authorized users complete survey NIZK (Tag based). User can complete survey at most once One user token. PRF always give same value, computed from s. Anonymity. Neither RA nor SA see the seed (only see commitments), Zero-knowledge property. Pseudo-random property of PRF.

Implementation: System setup - Implementation: System setup RA generate public key-pair pkRA (public), skRA(private). Each SA generate public key-pair pkSA, skSA.

Implementation: User Registration - Implementation: User Registration User and RA execute the protocol (RegRA, RegU). which allow user will get unlinkable “master credential” credid.

Implementation: Survey Registration - Implementation: Survey Registration SA generate a “survey public key”. Or pksid GenSurvey(1n, sid, L, skSA) survey ID. SA private key.

Implementation: Complete Survey - Implementation: Complete Survey User combined master credential credid with survey identifier sid to generate one time token. Or sub = (tok,m,tokauth) submit(1n, sid,pksid, m,credid) Submit Sub to SA through anonymous channel. If they are physically in the same place: Alice "calls" the coin flip. Bob flips the coin. If Alice's call is correct, she wins, otherwise Bob wins. tok: one time token. tokauth: authenticator to bind m to tok.

Implementation: Audit - Implementation: Audit User could check if submission counted by inspecting their submission output. User use Check (pkSA,pkRA,sid,pksid,sub) to check if sub is valid submission (No ballout/survey-stuffing) User could use Authorized( pkSA,sid,pksid,id’) to check user id’ is authorized to do survey (result not targeted to particular user). If they are physically in the same place: Alice "calls" the coin flip. Bob flips the coin. If Alice's call is correct, she wins, otherwise Bob wins.

Concrete Implementation: Implemented in C++ using MIRCALE big number library. Supports pairing (bilinear map)-based cryptography. Free for Educational purpose. If they are physically in the same place: Alice "calls" the coin flip. Bob flips the coin. If Alice's call is correct, she wins, otherwise Bob wins. Maps a vector space X into another space Y. There are no practical limits to the precision except the ones implied by the available memory in the machine.

Performance: Timing Result Barreto–Lynn–Scott pairing curve Barreto– Naehrig pairing curve degree k=12, Verify 1 million submissions in approximately 33 hours per CPU core.

Thank You.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.