Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:

Slides:



Advertisements
Similar presentations
What is. Digital Certificate It is an identity.
Advertisements

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Secure Multiparty Computations on Bitcoin
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Public Key Infrastructure (PKI)
Digital Signatures and Hash Functions. Digital Signatures.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Public Key Management and X.509 Certificates
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Secret Handshakes from CA-Oblivious Encryption Asiacrypt 2004, Jeju-do, Korea Claude Castelluccia, Stanisław Jarecki, Gene Tsudik UC Irvine.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Computer Science Public Key Management Lecture 5.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
X.509 Certificate management in.Net By, Vishnu Kamisetty
Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Identity Based Encryption Debdeep Mukhopadhyay Associate Professor Dept of Computer Sc and Engg, IIT Kharagpur.
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Cryptography, Authentication and Digital Signatures
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.
15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
Public Key Infrastructure (PKI) Chien-Chung Shen
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
A Simple Traceable Pseudonym Certificate System for RSA-based PKI SCGroup Jinhae Kim.
Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
1 Public Key Infrastructure Dr. Rocky K. C. Chang 25 February, 2002.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Key Management and Distribution Anand Seetharam CST 312.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
1 Secret Handshakes or Privacy-Preserving Interactive Authentication Gene Tsudik University of California, Irvine joint work with: Claude Castelluccia,
Key management issues in PGP
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Digital Certificates and X.509
Chapter 4 Cryptography / Encryption
Chapter 15 Key Management
Presentation transcript:

Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From: ACNS 2007, LNCS 4521,pp ,2007 Reporter: 張延詮 2011/12/6 1

OUTLINE Introduction Scheme Conclusion 2

Introduction Unlinkable Secret Handshakes an Unlinkable Secret Handshake scheme is a perfectly private authentication method in the PKI setting: One can establish authenticated communication with parties that possess the credentials required by one’s policy,and at the same time one’s affiliation and identity remain perfectly secret to everyone except of the parties to whom one wants to authenticate. EX: FBI- 3

Introduction Unlinkable Secret Handshakes Definition PKI (Public Key Infrastructure) In a traditional public key cryptography (PKC), a user Alice signs a message using her private key. A verifier Bob verifies the signature using Alice's public key. However, the public key is just merely a random string and it does not provide authentication of the signer by itself. 4

Introduction Unlinkable Secret Handshakes Definition PKI ( Public Key Infrastructure) This problem can be solved by incorporating a certifcate generated by a trusted party called the Certifcate Authority (CA) that provides an unforgeable signature and trusted link between the public key and the identity of the signer. The hierarchical framework is called the public key infrastructure (PKI), which is responsible to issue and manage the certifcate (chain). In this case,prior to the verification of a signature, Bob needs to obtain Alice's certifcate in advance and verify the validity of her certifcate. If it is valid, Bob extracts the corresponding public key which is then used to verify the signature. In the point of view of a verifier, it takes two verifcation steps for independent signatures. 5

Introduction Unlinkable Secret Handshakes affiliation hiding- Unlinkability- policy hiding- 6

Introduction Unlinkable Secret Handshakes Definition policy hiding EXAMPLE : Bob is a bank offering certain special-rate loans and Alice would like to know whether she is eligible for such a loan before she applies. Alice has a digital driver license certificate issued by the state authority; the certificate contains her birth-date, address, and other attribute data. Alice has also an income certificate issued by her employer documenting her salary and the starting date of her employment. Bob determines whether Alice is eligible for a special- rate loan based on Alice’s attribute information. For example, Bob may require that one of the following two conditions holds: 7

Introduction Unlinkable Secret Handshakes Definition policy hiding For example, Bob may require that one of the following two conditions holds: (1) Alice is over 30 years old, has an income of no less than $43K, and has been in the current job for over six months; (2) Alice is over 25 years old, has an income of no less than $45K, and has been in the current job for at least one year. Bob is willing to reveal that his loan-approval policy uses the applicant’s birth-date, current salary, and the length of the current employment; however, Bob considers the detail of his policy to be commercial secret and does not want to reveal it to others 8

Introduction Key-Private Group Key Management is a stateful version of the publickey broadcast encryption 9

Introduction Key-Private Group Key Management In a Public-Key GKM scheme we consider a group of players administered by a group manager, who creates a public (encryption) key, issues private (decryption) keys to the group members, and can revoke any member by broadcasting a revocation information, which is used to update both the public and the private keys. 10

OUTLINE Introduction Scheme Conclusion 11

Scheme Unlinkable Handshakes from Key-Private Group Key Management H : {0, 1} ∗ → {0, 1}k is a hash function modeled as random oracle in the security analysis. Each player’s inputs in the protocol is a triple (SK,TPK, resp/init). SK is that player’s GKM key. TPK is the public key. resp/init is the player’s role in the protocol. (initial/response) PKGroup(TPK) identifies the group of the public key. 12

Scheme SKGroup(SK) = PKGroup(TPK) 13

OUTLINE Introduction Scheme Conclusion 14

Conclusion The main ingredient in our solution is a construction of a key-private publickey group key management [PKGKM], which is a stateful version of the publickey broadcast encryption. 15