Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reporter:Chien-Wen Huang

Published byCordelia Elliott Modified over 6 years ago

Similar presentations

Presentation on theme: "Reporter:Chien-Wen Huang"— Presentation transcript:

1 Reporter:Chien-Wen Huang
Protecting the Privacy of Users in Retrieving Valuable Information by a PIR Scheme with Mutual Authentication by RSA Signature Algorithm Date: Reporter:Chien-Wen Huang 出處:Innovative Computing, Information and Control, ICICIC '07. Second International Conference

2 The proposed PIR scheme
Outline Introduction 1 Related work 2 3 The proposed PIR scheme Security Analysis of the proposed scheme and comparisons with others 4 Conclusions and Future Work 5

3 Private Information Retrieval (PIR)
Introduction Motivation As the user query a patent but the server will not know which patent the user queried. Private Information Retrieval (PIR) Initial research of PIR was done by Chor et al.(1995) Beimel proposed several robust PIR schemes.(2004) Results A new one-server PIR scheme, with mutual authentication between the user and the server.

4 Computational Private Information Retrieval
Related work Computational Private Information Retrieval Chor et al. introduced a c-PIR scheme(from information-theory security to computational security) Kushilevitz et al. proposed a CPIR scheme based on the quadratic residuosity assumption. Cachin et al. proposed a CPIR scheme which is based on the -Hiding assumption.

5 Private Information Retrieval Using a Secure Coprocessor (SC)
An SC is a temper-proof device with small memory in it; it is designed to prevent anybody from accessing its memory. Conquers the problem of CPIR which can only deal with one bit per query. the communication complexity to O(1). the server’s computation complexity is still O(n).

6 For the reason of confusing
the server, in the kth query, the SC must read previously accessed records,and one unread record.

7 The proposed PIR scheme

8 Registering phase: Preprocessing phase: User U calculates
User U computes C1 = and send to SC. On receiving C1 , the SC decrypts C1with its private key SKSC and then stores to the ID file in server S. Preprocessing phase: The preprocessing phase is to produce a shuffled copy of DB in server S and a shuffled index in the SC.

9 Online-query phase: U selects a ru(a part of the session key)and sends C2= to the SC. The SC decrypts C2 with its private key SK SC to get IDU and ru. SC selects a rs random number(another part of the session key)and calculates the session key ,then send C3= to user. User U calculates the session key and decrypts (with K’).if the result= ru, user U send to the SC,otherwise not.

10 User calculates C4= and send to SC.
SC checks whether if the answer is correct then go to next one,else stop the online-query. SC reads the Ri from the shuffled database according to the shuffled index and sends User U decrypts with K’.

11 Security Analysis of the proposed scheme and comparisons with others
The proposed scheme is a mutual authentication scheme Lemma1. The proposed scheme correctly authenticates a legal user U. Proof:E can generate in step(5),s.t. ,E can be authenticated successfully in step(6).Thus,

12 Lemma2. The proposed scheme correctly authenticates Server S (with the SC in it).
Proof: If the SC knows the secret key SKSC,it can decrypt C2 to obtain ru and calculate the session key user U calculates the session key Thus,the session keys Ksu and Kus are the same value. Theorem 3. The proposed scheme is a mutual authentication scheme.(Lemma1,2)

13 The proposed scheme is a secure scheme
The key exchange scheme is secure if the following requirements are satisfied: If both participants honestly execute the scheme then the session key is K=Ksu = Kus. No one can calculate the session key except participants(U and SC in the Server S) The session key is indistinguishable from a truly random number.

14 Lemma 4. The proposed scheme satisfies the first requirement.
Proof: Lemma 5. The proposed scheme satisfies the second requirement. Proof: (The random number ru is selected by user and encrypted by ) Lemma 6. The proposed scheme satisfies the third requirement Proof: ru,rs are two random numbers selected by user U and the SC The session key K is also a random number.

15 Comparisons with other schemes
the proposed scheme, which uses only one server, is more practical in feasibility. It has mutual authentication and key agreement process, which makes it more robust in security than past schemes.

16 Conclusions and Future Work
The proposed scheme is more practical than previous PIR k-server schemes and it has mutual authentication and key agreement process. It can not only apply in the environment mentioned above, but also other applications which need the privacy of users on the internet(e.g:e-voting).

17 Thank You !

Download ppt "Reporter:Chien-Wen Huang"

Similar presentations

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No6. 1998 Reporter : Chen, Chun-Hua Date.

Private Information Retrieval Benny Chor, Oded Goldreich, Eyal Kushilevitz and Madhu Sudan Journal of ACM Vol.45 No Reporter : Chen, Chun-Hua Date.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科 教授 (Prof. Jinn-Ke Jan) 陳育毅.

1 電子商務代理人與無線射頻系統上安全設計之研究 The Study of Secure Schemes on Agent-based Electronic Commerce Transaction and RFID system 指導教授 : 詹進科 教授 (Prof. Jinn-Ke Jan) 陳育毅.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
Private Information Retrieval Amos Beimel – Ben-Gurion University Tel-Hai, June 4, 2003 This talk is based on talks by:

Private Information Retrieval Amos Beimel – Ben-Gurion University Tel-Hai, June 4, 2003 This talk is based on talks by:
Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.

Theory I Algorithm Design and Analysis (9 – Randomized algorithms) Prof. Dr. Th. Ottmann.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2

Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Information Security for Managers (Master MIS)

Information Security for Managers (Master MIS)
多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/05 報告人:向峻霈.

多媒體網路安全實驗室 A novel user identification scheme with key distribution preserving user anonymity for distributed computer networks Date:2011/10/05 報告人:向峻霈.
1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.
EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.

EXTENDED PRIVATE INFORMATION RETRIEVAL (EPIR) AND ITS APPLICATION IN BIOMETRICS AUTHENTICATIONS AUTHOR: SUMUKHI CHANDRASHEKAR.
DRM Building Blocks - Protecting and Tracking Content Adopted from Chapter 5, Digital Rights Management Business and Technology.

DRM Building Blocks - Protecting and Tracking Content Adopted from Chapter 5, Digital Rights Management Business and Technology.
Email Security.  email is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.
1 Practical Techniques for Searches on Encrypted Data Dawn Song, David Wagner, Adrian Perrig.

1 Practical Techniques for Searches on Encrypted Data Dawn Song, David Wagner, Adrian Perrig.
Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient.

Efficient remote mutual authentication and key agreement Improvement of Chien et al. ’ s remote user authentication scheme using smart cards An efficient.
Phosphor A Cloud based DRM Scheme with Sim Card 2010 12 th International Asia-Pacific Web Conference Author : Peng Zou, Chaokun Wang, Zhang Liu, Dalei.

Phosphor A Cloud based DRM Scheme with Sim Card th International Asia-Pacific Web Conference Author : Peng Zou, Chaokun Wang, Zhang Liu, Dalei.
An ID-Based Mutual Authentication and Key Exchange Protocol for Low- Power Mobile Devices Authors: Tsu-Yang Wu and Yuh-Min Tseng Source: The Computer Journal.

An ID-Based Mutual Authentication and Key Exchange Protocol for Low- Power Mobile Devices Authors: Tsu-Yang Wu and Yuh-Min Tseng Source: The Computer Journal.

Similar presentations

Ads by Google