Anonize “Large Scale Anonymous System”

Slides:



Advertisements
Similar presentations
Secret Ballot Receipts: True Voter Verifiable Elections Author: David Chaum Published: IEEE Security & Privacy Presenter: Adam Anthony.
Advertisements

Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Digital Signatures and Hash Functions. Digital Signatures.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.
Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
How to get your free Windows Store Access
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Chapter 10: Authentication Guide to Computer Network Security.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September
Chapter 4: Intermediate Protocols
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Networks Management and Security Lecture 3.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Based on Schneier Chapter 5: Advanced Protocols Dulal C. Kar.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Slide 1 © 2004 Reactivity The Gap Between Reliability and Security Eric Gravengaard Reactivity.
Reputation Based Trust The using of reputation to accomplish trust between users on the Internet M.Vološin, R.Gore, Ibe2roč. PF UPJŠ, Košice, Slovakia.
Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.
May 20, 2013 Anon-Pass: Practical Anonymous Subscriptions Michael Z. Lee †, Alan M. Dunn †, Jonathan Katz *, Brent Waters †, Emmett Witchel † † University.
Linkability of Some Blind Signature Schemes Swee-Huay Heng 1, Wun-She Yap 1 Khoongming Khoo 2 1 Multimedia University, 2 DSO National Laboratories.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Digital Signatures, Message Digest and Authentication Week-9.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.
Private key
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Verifiable Mixing Protocol How can a mixer prove its integrity?
Fall 2006CS 395: Computer Security1 Key Management.
Doc.: IEEE /1212r0 Submission September 2011 IEEE Slide 1 The Purpose and Justification of WAPI Comparing Apples to Apples, not Apples to.
1 Introduction to Information Security , Spring 2016 Lecture 4: Applied cryptography: asymmetric Zvi Ostfeld Slides credit: Eran Tromer.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
ANONIZE: A Large-Scale Anonymous Survey System
Grid Security.
Secure Sockets Layer (SSL)
Modern symmetric-key Encryption
Introduction to security goals and usage of cryptographic algorithms
TCEQ Migration to EPA’s National NetDMR
TCEQ Migration to EPA’s National NetDMR
The TESLA Broadcast Authentication Protocol CS 218 Fall 2017
Information Security message M one-way hash fingerprint f = H(M)
Digital Signature Schemes and the Random Oracle Model
Public Key Infrastructure
Foundations of Fully Dynamic Group Signatures
Lecture 4 - Cryptography
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
X-Road as a Platform to Exchange MyData
Protocol ap1.0: Alice says “I am Alice”
Digital Signatures…!.
Consensus Algorithms.
CDK: Chapter 7 TvS: Chapter 9
Chapter 8 roadmap 8.1 What is network security?
Cryptography Lecture 26.
Presentation transcript:

Anonize “Large Scale Anonymous System” Proposed by: Susan Hohenberger, Steven Myers, Rafael Pass, abhi shelat Presented by : Vijendra Rana

Lets start with a Question Will You fill out this 15 min survey?

What about now ??

Agenda Motivation already seen 3 important things Existing technique Important definitions Back to Anonize How it works Results Technology in a Nutshell I will come back to the question

3 Important thing Anonymity (Obvious) Authenticity(I want to spend my money wisely) Only one response per user (Think about me giving 100$ 10 times to same person)

Existing Technique 3rd party survey like Survey Monkey Can we trust them Is their any link between our response and our identity (If not what if I keep on filling multiple surveys) What if somebody break into their system to get my info (Cornell university computer 2009 45000 records including SSN) Can we trust a 3rd party for some financial, Medical Surveys (Is it legal)

Link between our response and identity Cryptographic Voting Technique 2 step in each survey users authenticate themselves to a server and anonymously check out a single-use token ,which carries no link to user identity users participate in the specified survey using their token. But the problem here the 2 steps should have proper time lag or else there Is certainly a time link. Sometimes the time gap can be a day Makes surveys really inconvenient – Who want to wait for a day

Any solution Yes we have Anonize – they use the cryptographic Techniques to make sure Anonymity Authenticity One response (Response can be edited before deadline) Are we saving any link ?? Let’s see

Before we dive into system Some definitions first Commitment Scheme A commitment scheme Lets a sender commit to a Message without revealing that message to a receiver http://slideplayer.com/slide/5023820/

PRF A PRF is a seeded deterministic function that maps any input to a random looking output, assuming one has no knowledge of the seed (Important thing Same input Same output)

Interactive Zero Knowledge Proof Taken from UCL slides lets say alice says I have a positive number

An Analogy Ali Baba Sesame secret but no idea what the secret is We all know reporter Know the secret but no idea what the secret is http://pages.cs.wisc.edu/~mkowalcz/628.pdf

NIZP Only one proof sent verifier agree Simulation going on

Back to Anonize – The Setup Lets take the University Survey System (3 Steps) Registration Survey Creation Survey execution

Registration with a RA(Registration Authority aka University) A user with identity id registers with the RA by sending a commitment to a random seed sid of a pseudo-random function (PRF) F and providing a NIZK that the commitment is well-formed. If the user has not previously been registered, the RA signs the user’s name along with the commitment. The signature returned to the user is its “master user token”.

Survey created by SA(Survey Authority aka Teacher) To create a survey, an SA publishes a list of signed user identities along with a survey id, vid.

Response (by User client aka Student) To complete a survey for survey id vid, a user id generates a single-use token Fsid (vid) (by evaluating the PRF on the seed sid with input vid) and presents a NIZK that it “knows a signature by the RA on its identity id and a commitment to a seed sid” and that it “knows a signature by the SA on its id” and that the single-use token is computed as Fsid (vid).

Some Math Now An ad-hoc survey scheme is a tuple of algorithms (GenRA, GenSA, RegRA,RegU, GenSurvey, Authorized, Submit, Check)

Registration

Survey Register

Completing a Survey

What else in the paper Math that shows the correctness of algorithm Proof of security Concurrent security

Experiment and Result BN curve for a lot of low configuration machine BLS curve low number of high configuration machines

Technology in a nut shell by Anonize User Registration When you register your Anonize app, the app receives in return a cryptographic "master token". Think of this master token as a stamp. This stamp can be used to mint "digital coins", which will be used to submit surveys. Only Authorized Users Can Submit Using their master token, a user can mint one and only one coin for any survey they are authorized for. On the other hand, no user can forge a coin for surveys they are not authorized for. Anyone can verify whether a coin is "valid" for a particular survey. Coins are Unlinkable Anyone can verify that the coin minted by a user is valid (that is, it corresponds to a user that is authorized to submit in the survey) but there is absolutely no link between the user and the coin. The coins can therefore be used to replace user names when submitting a survey.

Full circle Now I think we can do it ??

Thanks Any Questions