Optionally Identifiable Private Handshakes Yanjiang Yang.

Slides:

Advertisements

Similar presentations

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Advertisements

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan.

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

From: Cryptographers’ Track of the RSA Conference 2008 Date: Reporter: Yi-Chun Shih 1.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao Source: IEEE Comm. Letters 13 (5) (2009) Presenter: Yu-Chi Chen.

Secret Handshakes from CA-Oblivious Encryption Asiacrypt 2004, Jeju-do, Korea Claude Castelluccia, Stanisław Jarecki, Gene Tsudik UC Irvine.

Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao (PR China) Source: IEEE Comm. Letters 13 (5) (2009) Presenter:

Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.

1 A few challenges in security & privacy in the context of ubiquitous computing Gene Tsudik SCONCE: Secure Computing and Networking Center UC Irvine

Buyer-Seller Watermarking (BSW) Protocols Geong Sen Poh 31 Oct 2006.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人：陳昱升.

Group Key Distribution Chih-Hao Huang

11/11/20031 Secret Handshakes from Pairing- Based Key Agreements Dirk Balfanz, Glenn Durfee, Narrendar Shankar Diana Smetters, Jessica Staddon, Hao-chi.

An Enhanced Two-factor User Authentication Scheme in Wireless Sensor Networks DAOJING HE, YI GAO, SAMMY CHAN, CHUN CHEN, JIAJUN BU Ad Hoc & Sensor Wireless.

KYUSHUUNIVERSITYKYUSHUUNIVERSITY SAKURAILABORATORYSAKURAILABORATORY 1 Introduction of Sakurai Lab. Kyushu Univ. JAPAN.

Brian Padalino Sammy Lin Arnold Perez Helen Chen

30/04/2004Gene Tsudik, UCLA CSD Research Review1 Some Security Issues & Challenges in MANETs and Sensor Nets Gene Tsudik SCONCE: Secure Computing and Networking.

On the Risks of IBE Himanshu Khurana and Jim Basney NCSA, University of Illinois International Workshop on Applied PKC (IWAP), Dalian, China, Nov 2006.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

Self-Enforcing Private Inference Control Yanjiang Yang (I2R, Singapore) Yingjiu Li (SMU, Singapore) Jian Weng (Jinan Univ. China) Jianying Zhou (I2R, Singapore)

DATA DYNAMICS AND PUBLIC VERIFIABILITY CHECKING WITHOUT THIRD PARTY AUDITOR GUIDED BY PROJECT MEMBERS: Ms. V.JAYANTHI M.E Assistant Professor V.KARTHIKEYAN.

Anonymous Identification in Ad Hoc Groups New York, NY, USAApril 6 th, 2004 Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup

Technical Seminar Presentation-2004 Presented by : ASHOK KUMAR SAHOO (EI ) NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY Presented By Ashok Kumar.

RFID Privacy Using User-controllable Uniqueness Sozo INOUE, Hiroto YASUURA System LSI Research Center, Grad. Sch. Information Science & Electrical Engineering,

1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,

1 Membership Control in P2P and MANETs Nitesh Saxena, Gene Tsudik, Jeong H. Yi Computer Science Department University of California at Irvine {nitesh,

A Secure Identification and Key Agreement Protocol with User Anonymity (SIKA) Authors: Kumar Mangipudi and Rajendra Katti Source: Computers & Security,

1 Common Secure Index for Conjunctive Keyword-Based Retrieval over Encrypted Data Peishun Wang, Huaxiong Wang, and Josef Pieprzyk: SDM LNCS, vol.

Linkability of Some Blind Signature Schemes Swee-Huay Heng 1, Wun-She Yap 1 Khoongming Khoo 2 1 Multimedia University, 2 DSO National Laboratories.

WISTP’08 ©LAM /05/2008 A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup Christer Andersson Markulf Kohlweiss.

Brian A. LaMacchia Director, XCG Security & Cryptography, Microsoft Research.

Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.

Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.

An Improved Efficient Secret Handshakes Scheme with Unlinkability Author: Jie Gu and Zhi Xue Source: IEEE Comm. Letters 15 (2) (2011) Presenter: Yu-Chi.

Privacy Preserving Payments in Credit Networks By: Moreno-Sanchez et al from Saarland University Presented By: Cody Watson Some Slides Borrowed From NDSS’15.

Pretense ： A New Threat to Electronic Settlement Systems INET98 Track3: Commerce and Finance S.Miwa and Y.Shinoda School of Informational Science JAIST.

1 Covert Communication based Privacy Preservation in Mobile Vehicular Networks Rasheed Hussain*, Donghyun Kim**, Alade O. Tokuta**, Hayk M. Melikyan**,

10/25/04 Security of Ad Hoc and Sensor Networks (SASN) 1/22 An Attack on the Proactive RSA Signature Scheme in the URSA Ad Hoc Network Access Control Protocol.

1 Privacy Aware Incentive Mechanism to Collect Mobile Data While Preventing Duplication Junggab Son*, Donghyun Kim*, Rasheed Hussain**, Sung-Sik Kwon*,

A Simple Traceable Pseudonym Certificate System for RSA-based PKI SCGroup Jinhae Kim.

Security Analysis of a Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption Scheme.

Doc.: IEEE /303 Submission May 2001 Simon Blake-Wilson, CerticomSlide 1 EAP-TLS Alternative for Security Simon Blake-Wilson Certicom.

2011 IEEE TrustCom-11 Sushmita Ruj Amiya Nayak and Ivan Stojmenovic Regular Seminar Tae Hoon Kim.

ICICS2002, Singapore 1 A Group Signature Scheme Committing the Group Toru Nakanishi, Masayuki Tao, and Yuji Sugiyama Dept. of Communication Network Engineering.

Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,

多媒體網路安全實驗室 A Secure Privacy-Preserving Roaming Protocol Based on Hierarchical Identity-Based Encryption for mobile Networks 作者 :Zhiguo Wan,Kui Ren,Bart.

Manu Drijvers, Joint work with Jan Camenisch, Anja Lehmann. March 9 th, 2016 Universally Composable Direct Anonymous Attestation.

1 Secret Handshakes or Privacy-Preserving Interactive Authentication Gene Tsudik University of California, Irvine joint work with: Claude Castelluccia,

Jaap-Henk Hoepman Security of Systems (SoS) Radboud University Nijmegen The Netherlands Jaap-Henk Hoepman TNO Information.

Author : Guilin Wang Source : Information Processing Letters

A Secure Anonymity Preserving Authentication Scheme for Roaming Service in Global Mobility Networks Source: Wireless Personal Communications, ahead of.

Re(AC)t Reputation and Anonymous Credentials for Access Control (t=2)

Source： Ad Hoc Networks, Vol. 71, pp , 2018

SCONCE: Secure Computing and Networking Center

Presentation transcript:

Optionally Identifiable Private Handshakes Yanjiang Yang

RFID Security Seminar Agenda Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion

RFID Security Seminar Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion

RFID Security Seminar Secret handshakes Users are increasingly concerned about individual privacy in cyberspace –Privacy-preserving techniques are expected play a key part –Secret handshakes non-members learn nothing on the handshake between the two users A non-member cannot impersonate a member

RFID Security Seminar Unlinkable secret handshakes Secret handshakes are linkable Unlinkable secret handshakes provides unlinkability Traceability is a feature of unlinkable secret handshakes Differences between unlinkable secret handshakes and anonymous credentials

RFID Security Seminar Project Summary - why should it be done? Private handshakes Traceability may not be always desired Hoepman proposed the concept of private handshakes No traceability whatsoever in private handshakes

RFID Security Seminar Optionally identifiable private handshakes Secret handshakes/private handshakes each have own applications A primitive optionally between them is more flexible We proposed the concept of optionally identifiable private handshakes

RFID Security Seminar Nutshell Private handshakes (linkable) Secret handshakes Optionally identifiable private handshakes No identifiabilityidentifiability Unlinkable secret handshakes

RFID Security Seminar Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion

RFID Security Seminar Secret handshakes Balfanz et al. first formulated the notion of secret handshakes (S&P’03) Castelluccia et al. proposed secret handshake protocols, with security under computational Diffie-Hellman assumption (Asiacrypt’04)

RFID Security Seminar Secret handshakes - continued Jarecki et al. (CT-RSA’07) and Vergnaud et al. (coding and cryptography’05) proposed RSA-based secret handshakes

RFID Security Seminar Unlinkable secret handshakes Xu et al. proposed k-anonymous secret handshakes (CCS’04) Tsudik et al. proposed (full) unlinkable secret handshakes, but all members from the same group are required to share a group secret Jarecki et al.’s scheme does not sharing of group secret (ACNS’07) Ateniese et al. proposed fuzzy unlinkable secret handnhakes (NDSS’07)

RFID Security Seminar Private handshakes Hoepma proposed private handshakes (security and privacy in Ad Hoc and sensor networks’07)

RFID Security Seminar Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion

RFID Security Seminar Project Summary - why should it be done? Model Entities –a set of users –a set of groups –a set of group administrators who create groups and enrol users in groups. –a user may or may not be affiliated to a group –if a user belongs to a group, then he is a member of that group; otherwise, he is non-member of that group.

RFID Security Seminar Model - continued Algorithms –CreateGroup(1 k ) –EnrolUser(G, u) –HandShake(u 1, u 2, b) –RevokeUser(G, u)

RFID Security Seminar Project Summary - why should it be done? Details of algorithms Parameters G, GG –e(G 1, G 1 )  G 2 –H 0, H 1,H 2 –Enc().

RFID Security Seminar Project Summary - why should it be done? Details of algorithms - continued CreateGroup(1 k ) –Group administrator selects s G EnrolUser(G, u) –Group administrator issues u a credential x u = s G H 0 (u),

RFID Security Seminar Project Summary - why should it be done? Details of algorithms - continued Handshake(u 1, u 2, b) R 1 =r 1 H 0 (u 1 ) u1u1 u2u2 x u1 =s G H 0 (u 1 ) x u2 =s G H 0 (u 2 ) R 1, b R 2 =r 2 H 0 (u 2 ) V 2 = H 1 (e(R 1,r 2 x u2 ), b) R 2, V 2 u1u1 u2u2 x u1 =s G H 0 (u 1 ) x u2 =s G H 0 (u 2 )

RFID Security Seminar Details of algorithms - continued u1u1 u2u2 x u1 =s G H 0 (u 1 ) x u2 =s G H 0 (u 1 ) H 1 (e(r 1 x u1, r 2 ), b) =? V 2 V 1 = H 1 (b, e(r 1 x u1, R 2 )) sk 1 = H 2 (e(r 1 x u1, R 2 ), R 1, R 2 ) H 1 (b, e(R 1, r 2 x u2 )) =? V 1 sk 2 = H 2 (e(r 2 x u2, R 1 ), R 1, R 2 ) V1V1 So far, private handshake is completed!

RFID Security Seminar Details of algorithms - continued u1u1 u2u2 x u1 =s G H 0 (u 1 ) x u2 =s G H 0 (u 1 ) C 1 = Enc(sk u1, r 1, u 1 ) C1C1 (r 1 ’, u 1 ’) = Enc(sk u2, C 1 ) R 1 =? r 1 ’H 0 (u 1 ’) C 2 = Enc(sk u2, r 2, u 2 ) sk u2 = … C2C2 …

RFID Security Seminar Future Work User Revocation

RFID Security Seminar Security Impersonation resistance Membership detection resistance Unlinkability of private handshake Unlinkability to eavesdropper

RFID Security Seminar Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion

RFID Security Seminar Conclusion We proposed the concept of private handshakes with optional identifiability, interpolating between private handshakes and secret handshakes, representing a more flexible primitive A concrete scheme was presented, and its security was defined and proved.

RFID Security Seminar Project Summary - why should it be done? Q & A THANK YOU!