Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.

Slides:

Advertisements

Similar presentations

Chapter 14 – Authentication Applications

Advertisements

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Public Key Management and X.509 Certificates

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

PGP Overview 2004/11/30 Information-Center meeting peterkim.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科教授 (Prof. Jinn-Ke Jan) 陳育毅.

Security Jonathan Calazan December 12, 2005.

Homework #5 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

Computer Science Public Key Management Lecture 5.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Chapter 10: Authentication Guide to Computer Network Security.

Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.

CS555Topic 211 Cryptography CS 555 Topic 21: Digital Schemes (1)

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

P2: Privacy-Preserving Communication and Precise Reward Architecture for V2G Networks in Smart Grid P2: Privacy-Preserving Communication and Precise Reward.

DIGITAL SIGNATURE.

1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,

Security fundamentals Topic 5 Using a Public Key Infrastructure.

A Simple Traceable Pseudonym Certificate System for RSA-based PKI SCGroup Jinhae Kim.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Key Management Network Systems Security Mort Anvari.

A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments Authors: Kui Ren, Wenjing Lou, Kwangjo Kim, and.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

ICICS2002, Singapore 1 A Group Signature Scheme Committing the Group Toru Nakanishi, Masayuki Tao, and Yuji Sugiyama Dept. of Communication Network Engineering.

Fall 2006CS 395: Computer Security1 Key Management.

1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.

Meeting Reports  A new delegation-based authentication protocol for use in portable communication systems IEEE Transactions on Wireless Communications,

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

29/Jul/2009 Young Hoon Park.  M.Bellare, D.Micciancio, B.Warinschi, Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and.

Key management issues in PGP

Digital Signatures Network Security.

Presentation transcript:

Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong Kong Changjie WANG Dept. of Computer Science & Engineering The Chinese University of Hong Kong Dickson K. W. CHIU Senior Member, IEEE

Secure ForumCEC05 -2 Motivation and Background Privacy in forums over the Internet - anonymous through alias Registration via verification is often unreliable Registration procedures of most of the providers are not based secured information such as electronic certificates Relatively easy to obtain others’ mail account information through the spread of spyware or to set up an server through breaking into others’ computers Even registration with e-cert is inadequate to protect the privacy of a participant Forum operator can still know the participant’s ID E.g., user’s often used for spam  Solution: adapt our protocol for Internet public auctions

Secure ForumCEC05 -3 Security Issues in Public Forums Anonymity of participants. Protection of privacy of identities of participants Participants are identified only with their protected aliases nobody can associate the real identity of a participant with the posted messages Traceability and Non-repudiation of Winners. The authority can trace the participant under malicious situations Impossibility of Impersonation. Unforgeability - No one can forge a valid message posting Public Verifiability - anyone can confirm that a message is posted by a legitimate alias Fairness - forum cannot deny any specific valid message Un-involvement of authorities - a one-time participant registration procedure.

Secure ForumCEC05 -4 An Anonymous and Secure Forum Scheme Blind signature of RM on alias and temporary key pairs of participant Internet Forum Manager (FM) Registration Manager (RM) Participant 1,Participant 2, … Participant n Identity encryption and binding of alias and temporary key pairs with alias certificate Verify and record the alias certificate Forum ( Monitor ) Bulletin Board Signature from FM on the alias certificate of participant (1) Alias Registration between participant and RM for alias cert (2). Registration between participant and FM (3). Participant enters the forum. (1)(2) (3)

Secure ForumCEC05 -5 Alias Registration Participant T RM Generates: wheresnis a random number selected by T. Msg 1 (1) Verifies the validity ofT ’ s signature inMsg 1. (2) Generates: Msg 2 (1) Verifies the validity of RM ’ ssignature inMsg 2. (2) Generates: random numberr,s. (3) Compute alias: (4) Generates: a pair of temporary keys: (5) Blinds thepn T andTP T Gets a RSA signature of RMon (pn T,TP T ) by calculating: Cut-and-Choose protocol between T and RM Msg 3 ),,( 1 snrequestIDMsg T T S T  )||) ((rsnIDHHpn TT  TT TPTS, )(mod),( ) )),(( )(mod)( 3 RM d TT d e TT d nsTPpn nsTPpn ncMsg RM    Signs on c to generate: )(mod),(/ 3RM d TT nTPpnsMsg RM  Self-signed request Blinding so that RM cannot link pn T with T’s identity Could allow multiple alias We require RM to use the RSA scheme, so P RM =(n RM, e RM ) and S RM =d RM.

Secure ForumCEC05 -6 Registration Participant with FM T FM Generates: Msg 4 : { Msg 2, r, } Msg 4 (1) Checks database to ensue that in Msg 2 has not been registered before. (2) Verifies the all signatures of RM in Msg 4. (3) Checks that whether the equation holds or not. (4) If the above verifications succeed, FM signs on to generates an alias certificate for T as: Acert T {,, }. Acert T After verification of FM’s signature T obtains the alias certificate Acert T. FM does not know ID T, but he verifies that T has properly registered

Secure ForumCEC05 -7 Posting Message at a Forum message Message Acert T pn T message content Time Stamp pn T, TP T Acert T Verification Whether the signature of RM and FM in Acert T is valid? No The Acert T is not authenticated by RM and FM. The message is invalid Whether the signature is valid? Yes No The message cannot be verified with the public key in Acert T Yes Valid Msg Prevent replay attack

Secure ForumCEC05 -8 Suspected Participant Tracing To reveal the identity of the suspected participant A, then RM and FM can join hand to reveal his identity. Suppose A submitted Forum sends the message m a to FM as evidence FM verifies from the signature / Acert that A is a registered trader checks FM’s database to find the Msg 2 corresponding to pn A forwards all the information to RM RM ID A that matches Msg 2

Secure ForumCEC05 -9 Revoking participants’ alias certificate Maintain a revocation certificate list Even after the certificate revocation, no one, even the FM or RM alone, can identify the participant T. No one else, except the participant T himself, can request a certificate revocation since only T can generate a validated signature of the revocation request

Secure ForumCEC Analysis (detail proof skipped) Anonymity. No one (not even RM and MM) knows who submitted a bid/ask, which is only attached with Acert T instead of ID T. Traceability. RM and MM can join hand and trace the real identity of a trader from a bid/ask. Impossibility of Impersonation. No one (not even the RM and MM) can impersonate a trader to submit a valid bid/ask. Unforgeability of Valid Bids/Asks. Public Verifiability. Un-involvement of authorities (main contribution over previous schemes)

Secure ForumCEC Conclusion Secure scheme to protect anonymity yet able to trace malicious suspects Applicability to other Internet group activities, e.g., group mailing lists, messages based chat rooms Limitations: when the real-time requirement is tough, e.g., shared blackboards and voice chat Future work bargaining negotiation integrating with the management of electronic marketplaces

Secure ForumCEC Question and Answer Thank you!