Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *

Published byTina Railton Modified over 10 years ago

Similar presentations

Presentation on theme: "Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *"— Presentation transcript:

1 Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham * *David R. Cheriton School of Computer Science, University of Waterloo

2 Outline Introduction ◦ Review of Nymble ◦ New goals Ring Signature for dummies! Proposed Solution ◦ Distributed Pseudonym Manager ◦ Distributed Nymble Manager Analysis Future Work Summary

3 Review of Nymble

4 Nymble Weaknesses Collusion between NM and PM ◦ De-anonymizes the network ◦ Reveals user behavior TTPs are single point of failure Scalability problem

5 Related Work BLacklistable Anonymous Credential (BLAC) ◦ Pros: Eliminates the reliance of TTPs ◦ Cons: Suffers from severe bottleneck at the side of Service Providers PEREA ◦ Pros: Computation is linear in the size of the blacklist ◦ Cons: Performance is still a problem

6 New goals Maintaining security properties of original Nymble Design ◦ Mis-authentication resistance ◦ Blacklistability ◦ Anonymity and Non-frameability Enhancements ◦ Unconditional Anonymity ◦ Scalability & Robustness

7 Proposed Solutions Consists of two main parts: ◦ Distributing Pseudonym Manager ◦ Distributing Nymble Manager

8 Ring Signature By Rivest, Shamir and Tauman ◦ A group member can sign a message on behalf of the group without revealing her identity. ◦ Ring signature is created on demand!  No setup procedure or agreement

9 Distributing Pseudonym Manager UserPM IP address pnym Previously Motivation If a pseudonym can represent an IP, why don’t we use it recursively?

10 AlicePM i IP A Round 1 PM 1 PM 2 PM n Alice ◦ Chooses a random index i ◦ Connects to PM i directly with her IP A ◦ Requests a pseudonym for the next round

11 AlicePM j IP A Round 1 (cont’d) PM 1 PM 2 PM n PM i ◦ Generates a codename for Alice ◦ Signs using a ring signature scheme ◦ Informs all other PMs “IP A has been issued a pseudonym in round 1” IP A

12 AlicePM i Codename + Ack IP A Round 1 (cont’d) PM 1 PM 2 PM n PM i ◦ Waits for Acknowledgements from other PMs ◦ Sends ‘codename’ back to Alice Ack

13 Somebody PM j codename Round 2 PM 1 PM 2 PM n Alice ◦ Chooses another random index j ◦ Connects to PM j anonymously using Tor ◦ Requests a pseudonym to connect to NM

14 Somebody PM j codename + Round 2 (cont’d) PM 1 PM 2 PM n PM j ◦ Verifies the validity of ◦ Creates a pnym for that ‘somebody’ ◦ Signs pnym using a ring signature scheme ◦ Informs all other PMs: “The guy with ‘codename’ has been issued a pseudonym in round 2” codename

15 Somebody PM j pnym + Ack Round 2 (cont’d) PM 1 PM 2 PM n PM j ◦ Waits for Acknowledgement from other PMs ◦ Sends back to the user Ack

16 Aspects of DPM Alice’s IP address is protected by one more security level It’s not feasible for Alice to obtain more than one pseudonym with her IP

17 Distributing NM NM PM i PM j Codename acquisition Pseudonym acquisition NymbleTicket acquisition

18 Distributing NM Service Provider Server Authentication

19 Distributing NM Service Provider NM’ Linking Token Extraction NM

20 Distributing NM - Requirements generate nymble tickets for a user it must be the same as tickets generated by any other NM verify the nymble ticket upon request verify freshness of a blacklist Each NM should be able to verify a nymble ticket without knowing anything about the nymble manager who issued the ticket communicate with any NM to extract the linking token Each server should be able to

21 Distributing NM (cont’d) Seed  H khk N (pnym,sid,w) How should we generate the seed? ◦ S1: Ask another NM to create the hash of server id with his own key  Seed will not be unique ◦ S2: Ask another NM to create the hash of server id with the shared key  Vulnerable to brute force attack

22 Analysis Our Solution: ◦ Provides collusion prevention without eliminating TTPs  No proof generation and proof verification needed  Better performance than BLAC and PEREA ◦ Decreases the number of required signature ◦ Eliminates unnecessary key sharing ◦ Makes use of an efficient ring signature scheme with efficient size

23 Future Work Dynamic Forgiveness Multiple Rounds for Pseudonym Registration Optimal Ring Signature Experimental Analysis

24 Summary We introduced an anonymous blocking system based on Nymble ◦ Using distributed TTPs architecture ◦ With collusion resistance feature ◦ With less computation cost ◦ With increased usability

25 Thank You!

Download ppt "Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *"

Similar presentations

1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Efficient Signature Generation by Smart Cards 20103112 Suk Ki Kim 20103114 Sunyeong Kim.

Efficient Signature Generation by Smart Cards Suk Ki Kim Sunyeong Kim.
多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
236349 Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Similar presentations

Ads by Google