Presentation is loading. Please wait.

Presentation is loading. Please wait.

ANONIZE: A Large-Scale Anonymous Survey System

Published byBeverly Howard Modified over 7 years ago

Similar presentations

Presentation on theme: "ANONIZE: A Large-Scale Anonymous Survey System"— Presentation transcript:

1 ANONIZE: A Large-Scale Anonymous Survey System
Susan Hohenberger :Johns Hopkins University Steven Myers : Indiana University Rafael Pass : Cornell University Abhi shelat : University of Virginia Paper cited 1 time.

2 Topics Requirements for Ad-hoc Surveys. Prior Work.
Intro to Ad-hoc Surveys. Background Review. Ad-hoc Surveys in More Details. How Each Property is Achieved. Implementation. Performance Evaluation. Topics

3 Objective Enables a survey authority to independently select a group of registered users and create a survey in which only selected users can anonymously submit exactly one response.

4 Each user should be allowed to submit only once.
Authenticity: ensuring that only the legitimate users can participate in the data collections. Anonymity: ensuring that the there is no link between the legitimate user and his/her data,even if an RA and SA are arbitrarily corrupted and in collusion, (honest feedback!) Each user should be allowed to submit only once. Yet must be anonymous! Requirements nonymitAnonymiAnokkkkkmmmmmjjjjjnymity: ensuring that the there is no link between the legitimate uty: ensuring that the there is no link between the legitimate uy: the there is no link between the legitimate user and his/her data (honest feedback!)ensuring that the therensuring that the there is no link between the legitimate user and his/her data (honest feedback!)e is no link between the legitimate user and his/her data (honest feedback!)

5 online product reviews.
Course Evaluation. online product reviews. Whistleblowing ( Verify that a complaint comes from within the organization) Example nonymitAnonymiAnokkkkkmmmmmjjjjjnymity: ensuring that the there is no link between the legitimate uty: ensuring that the there is no link between the legitimate uy: the there is no link between the legitimate user and his/her data (honest feedback!)ensuring that the therensuring that the there is no link between the legitimate user and his/her data (honest feedback!)e is no link between the legitimate user and his/her data (honest feedback!)

6 Issue with Third Party. Collect usernames during submission
Computer might be stolen. Happened at Cornell University. Contains sensitive data of 45,000 university members. Side Channel indicate who already filled the form (order in which students participated). Jurisdictional boundaries (No sensitive data to be stored on servers run by foreign corporations) if data stripped, No way to verify of multiple submission. nonymitAnonymiAnokkkkkmmmmmjjjjjnymity: ensuring that the there is no link between the legitimate uty: ensuring that the there is no link between the legitimate uy: the there is no link between the legitimate user and his/her data (honest feedback!)ensuring that the therensuring that the there is no link between the legitimate user and his/her data (honest feedback!)e is no link between the legitimate user and his/her data (honest feedback!)

7 Solution: Cryptography. No need to Trust Third Party.

8 Prior Work 1) Authenticate 2) Get Token 3) Participate
User authenticate to server anonymously. User use token to participate on survey. 1) Authenticate 2) Get Token 3) Participate User check out single use token. Good ... as long as step 2 & 3 separated with long time. However, this make it inconvenience.

9 Proposed Solution: Ad-hoc survey
Anyone can select group and create survey. Only those can complete the survey at most once! Survey initiator initiate survey knowing only identities ( ). No further interaction required! Hence, increase user participation. nonymitAnonymiAnokkkkkmmmmmjjjjjnymity: ensuring that the there is no link between the legitimate uty: ensuring that the there is no link between the legitimate uy: the there is no link between the legitimate user and his/her data (honest feedback!)ensuring that the therensuring that the there is no link between the legitimate user and his/her data (honest feedback!)e is no link between the legitimate user and his/her data (honest feedback!)

10 Ad-hoc Surveys: Actor Role
RA - Registration Authority (ex, University) Issue master user token. SA -Survey Authority- Course Administrator. Create Surveys. Users Provide surveys data.

11 Ad-hoc Surveys: Step 1(one time)
Register ( e.x ) User (e.x student) 2) secret master user token (unlinkable) RA (Registration Authority) (e.x University) Token used for all surveys

12 Ad-hoc Surveys: Step 2 (Repeated)
Choose Survey ID SA (e.x Course Administrator) Choose List of identities (e.x )

13 Ad-hoc Surveys: Step 3 (Repeated)
survey key + master user token = one-time token (No interaction) submit (Non interactively) User one-time token, properties: No link to student identity. For given survey, one token. Anonymous network like Tor. SA

14 Background: Tor (Anonymity network).
Tor is free software for enabling anonymous communication. Name derived from: The Onion Router. Directs Internet traffic through a free, worldwide, volunteer network consisting of more than 6,000 relay. NSA:"the King of high-secure, low-latency Internet anonymity" with "no contenders for the throne in waiting"

15 Background: Commitment Scheme.
Allows one to commit to a chosen value (or chosen statement) while keeping it hidden to others, with the ability to reveal the committed value later

16 Background: Commitment Scheme.
Example: Coin flipping. Not in the same place: Alice "calls" the coin flip but only tells Bob a commitment to her call. Bob flips the coin and reports the result. Alice reveals what she committed to. Bob verifies that Alice's call matches her commitment If Alice's revelation matches the coin result Bob reported, Alice wins. If they are physically in the same place: Alice "calls" the coin flip. Bob flips the coin. If Alice's call is correct, she wins, otherwise Bob wins.

17 Background: Pseudo-random functions (PRF)
A PRF is a seeded deterministic function that maps any input to a random looking output, assuming one has no knowledge of the seed. This is the intuition behind pseudo-random functions: Bob gives alice some random i, and Alice returns FK(i), where FK(i) is indistinguishable from a random function, that is, given any x1,...,xm,FK(x1),...,FK(xm), no adversary can predict FK(xm+1) for any xm Used for symmetric encryption.

18 Background:non-interactive zero-knowledge NIZK
Non-interactive zero-knowledge (NIZK) proofs are a variant of zero-knowledge proofs in which no interaction is necessary between prover and verifier. Common reference string shared between the prover and the verifier is enough to achieve computational zero-knowledge without requiring interaction.

19 Background: Blind signature
blind signature is a form of digital signature in which the content of a message is disguised (blinded) before it is signed. The resulting blind signature can be publicly verified against the original, unblinded message in the manner of a regular digital signature. Typically employed in privacy-related protocols where the signer and message author are different parties. Examples include cryptographic election systems.

20 Registration- More Details: Step 1(one time)
2)Register: send commitment to random seed sid PRF Provide NIZK that commitment is well formed. 1.Generate public key pair. 3) sign the commitment with its sign key (Blind signature). User (e.x student) 4) signature: master user token (unlinkable) RA (Registration Authority) (e.x University) Token used for all surveys

21 Ad-hoc Surveys - More Details: Step 2 (Repeated)
Choose Survey ID (vid) SA (e.x Course Administrator) Choose List of identities (e.x ) called “L”

22 Ad-hoc Surveys - More Details: Step 3 (Repeated)
submit m (Non interactively) User survey key (vid) + master user token = one-time token (No interaction)= Fsid (vid) (Evaluate PRF using seed sid with input vid ) Present NIZK proof that “it knows a signature by the RA on it’s identity id and a commitment to a seed sid”. NIZK also proof “it’s signed by the SA on it’s id (meaning id is on the L) Thereby user data is authenticated by NIZK. SA

23 How Each Property is Achieved.
Only authorized users complete survey NIZK (Tag based). User can complete survey at most once One user token. PRF always give same value, computed from s. Anonymity. Neither RA nor SA see the seed (only see commitments), Zero-knowledge property. Pseudo-random property of PRF.

24 Implementation: System setup
- Implementation: System setup RA generate public key-pair pkRA (public), skRA(private). Each SA generate public key-pair pkSA, skSA.

25 Implementation: User Registration
- Implementation: User Registration User and RA execute the protocol (RegRA, RegU). which allow user will get unlinkable “master credential” credid.

26 Implementation: Survey Registration
- Implementation: Survey Registration SA generate a “survey public key”. Or pksid GenSurvey(1n, sid, L, skSA) survey ID. SA private key.

27 Implementation: Complete Survey
- Implementation: Complete Survey User combined master credential credid with survey identifier sid to generate one time token. Or sub = (tok,m,tokauth) submit(1n, sid,pksid, m,credid) Submit Sub to SA through anonymous channel. If they are physically in the same place: Alice "calls" the coin flip. Bob flips the coin. If Alice's call is correct, she wins, otherwise Bob wins. tok: one time token. tokauth: authenticator to bind m to tok.

28 Implementation: Audit
- Implementation: Audit User could check if submission counted by inspecting their submission output. User use Check (pkSA,pkRA,sid,pksid,sub) to check if sub is valid submission (No ballout/survey-stuffing) User could use Authorized( pkSA,sid,pksid,id’) to check user id’ is authorized to do survey (result not targeted to particular user). If they are physically in the same place: Alice "calls" the coin flip. Bob flips the coin. If Alice's call is correct, she wins, otherwise Bob wins.

29 Concrete Implementation:
Implemented in C++ using MIRCALE big number library. Supports pairing (bilinear map)-based cryptography. Free for Educational purpose. If they are physically in the same place: Alice "calls" the coin flip. Bob flips the coin. If Alice's call is correct, she wins, otherwise Bob wins. Maps a vector space X into another space Y. There are no practical limits to the precision except the ones implied by the available memory in the machine.

30 Performance: Timing Result
Barreto–Lynn–Scott pairing curve Barreto– Naehrig pairing curve degree k=12, Verify 1 million submissions in approximately 33 hours per CPU core.

31 Thank You.

Download ppt "ANONIZE: A Large-Scale Anonymous Survey System"

Similar presentations

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.

Requirements for a Secure Voting System  Only authorized voters can vote  No one can vote more than once  No one can determine for whom anyone else.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.

Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.
Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.

Introduction to Modern Cryptography, Lecture 9 More about Digital Signatures and Identification.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Chapter 4: Intermediate Protocols

Chapter 4: Intermediate Protocols
Anonymous Identification in Ad Hoc Groups New York, NY, USAApril 6 th, 2004 Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup

Anonymous Identification in Ad Hoc Groups New York, NY, USAApril 6 th, 2004 Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures
Lecture 11: Strong Passwords

Lecture 11: Strong Passwords
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Similar presentations

Ads by Google