Presentation is loading. Please wait.

Presentation is loading. Please wait.

Optionally Identifiable Private Handshakes Yanjiang Yang.

Published byIbrahim Lefort Modified over 9 years ago

Similar presentations

Presentation on theme: "Optionally Identifiable Private Handshakes Yanjiang Yang."— Presentation transcript:

1 Optionally Identifiable Private Handshakes Yanjiang Yang

2 RFID Security Seminar 2008 2 Agenda Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion

3 RFID Security Seminar 2008 3 Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion

4 RFID Security Seminar 2008 4 Secret handshakes Users are increasingly concerned about individual privacy in cyberspace –Privacy-preserving techniques are expected play a key part –Secret handshakes non-members learn nothing on the handshake between the two users A non-member cannot impersonate a member

5 RFID Security Seminar 2008 5 Unlinkable secret handshakes Secret handshakes are linkable Unlinkable secret handshakes provides unlinkability Traceability is a feature of unlinkable secret handshakes Differences between unlinkable secret handshakes and anonymous credentials

6 RFID Security Seminar 2008 6 Project Summary - why should it be done? Private handshakes Traceability may not be always desired Hoepman proposed the concept of private handshakes No traceability whatsoever in private handshakes

7 RFID Security Seminar 2008 7 Optionally identifiable private handshakes Secret handshakes/private handshakes each have own applications A primitive optionally between them is more flexible We proposed the concept of optionally identifiable private handshakes

8 RFID Security Seminar 2008 8 Nutshell Private handshakes (linkable) Secret handshakes Optionally identifiable private handshakes No identifiabilityidentifiability Unlinkable secret handshakes

9 RFID Security Seminar 2008 9 Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion

10 RFID Security Seminar 2008 10 Secret handshakes Balfanz et al. first formulated the notion of secret handshakes (S&P’03) Castelluccia et al. proposed secret handshake protocols, with security under computational Diffie-Hellman assumption (Asiacrypt’04)

11 RFID Security Seminar 2008 11 Secret handshakes - continued Jarecki et al. (CT-RSA’07) and Vergnaud et al. (coding and cryptography’05) proposed RSA-based secret handshakes

12 RFID Security Seminar 2008 12 Unlinkable secret handshakes Xu et al. proposed k-anonymous secret handshakes (CCS’04) Tsudik et al. proposed (full) unlinkable secret handshakes, but all members from the same group are required to share a group secret Jarecki et al.’s scheme does not sharing of group secret (ACNS’07) Ateniese et al. proposed fuzzy unlinkable secret handnhakes (NDSS’07)

13 RFID Security Seminar 2008 13 Private handshakes Hoepma proposed private handshakes (security and privacy in Ad Hoc and sensor networks’07)

14 RFID Security Seminar 2008 14 Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion

15 RFID Security Seminar 2008 15 Project Summary - why should it be done? Model Entities –a set of users –a set of groups –a set of group administrators who create groups and enrol users in groups. –a user may or may not be affiliated to a group –if a user belongs to a group, then he is a member of that group; otherwise, he is non-member of that group.

16 RFID Security Seminar 2008 16 Model - continued Algorithms –CreateGroup(1 k ) –EnrolUser(G, u) –HandShake(u 1, u 2, b) –RevokeUser(G, u)

17 RFID Security Seminar 2008 17 Project Summary - why should it be done? Details of algorithms Parameters G, GG –e(G 1, G 1 )  G 2 –H 0, H 1,H 2 –Enc().

18 RFID Security Seminar 2008 18 Project Summary - why should it be done? Details of algorithms - continued CreateGroup(1 k ) –Group administrator selects s G EnrolUser(G, u) –Group administrator issues u a credential x u = s G H 0 (u),

19 RFID Security Seminar 2008 19 Project Summary - why should it be done? Details of algorithms - continued Handshake(u 1, u 2, b) R 1 =r 1 H 0 (u 1 ) u1u1 u2u2 x u1 =s G H 0 (u 1 ) x u2 =s G H 0 (u 2 ) R 1, b R 2 =r 2 H 0 (u 2 ) V 2 = H 1 (e(R 1,r 2 x u2 ), b) R 2, V 2 u1u1 u2u2 x u1 =s G H 0 (u 1 ) x u2 =s G H 0 (u 2 )

20 RFID Security Seminar 2008 20 Details of algorithms - continued u1u1 u2u2 x u1 =s G H 0 (u 1 ) x u2 =s G H 0 (u 1 ) H 1 (e(r 1 x u1, r 2 ), b) =? V 2 V 1 = H 1 (b, e(r 1 x u1, R 2 )) sk 1 = H 2 (e(r 1 x u1, R 2 ), R 1, R 2 ) H 1 (b, e(R 1, r 2 x u2 )) =? V 1 sk 2 = H 2 (e(r 2 x u2, R 1 ), R 1, R 2 ) V1V1 So far, private handshake is completed!

21 RFID Security Seminar 2008 21 Details of algorithms - continued u1u1 u2u2 x u1 =s G H 0 (u 1 ) x u2 =s G H 0 (u 1 ) C 1 = Enc(sk u1, r 1, u 1 ) C1C1 (r 1 ’, u 1 ’) = Enc(sk u2, C 1 ) R 1 =? r 1 ’H 0 (u 1 ’) C 2 = Enc(sk u2, r 2, u 2 ) sk u2 = … C2C2 …

22 RFID Security Seminar 2008 22 Future Work User Revocation

23 RFID Security Seminar 2008 23 Security Impersonation resistance Membership detection resistance Unlinkability of private handshake Unlinkability to eavesdropper

24 RFID Security Seminar 2008 24 Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion

25 RFID Security Seminar 2008 25 Conclusion We proposed the concept of private handshakes with optional identifiability, interpolating between private handshakes and secret handshakes, representing a more flexible primitive A concrete scheme was presented, and its security was defined and proved.

26 RFID Security Seminar 2008 26 Project Summary - why should it be done? Q & A THANK YOU!

Download ppt "Optionally Identifiable Private Handshakes Yanjiang Yang."

Similar presentations

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan.

A New Approach for Anonymous Password Authentication Yanjiang Yang, Jianying Zhou, Feng Bao Institute for Infocomm Research, Singapore Jian Weng Jinan.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.
From: Cryptographers’ Track of the RSA Conference 2008 Date:2011-11-29 Reporter: Yi-Chun Shih 1.

From: Cryptographers’ Track of the RSA Conference 2008 Date: Reporter: Yi-Chun Shih 1.
IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.
A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao Source: IEEE Comm. Letters 13 (5) (2009) Presenter: Yu-Chi Chen.

A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao Source: IEEE Comm. Letters 13 (5) (2009) Presenter: Yu-Chi Chen.
Secret Handshakes from CA-Oblivious Encryption Asiacrypt 2004, Jeju-do, Korea Claude Castelluccia, Stanisław Jarecki, Gene Tsudik UC Irvine.

Secret Handshakes from CA-Oblivious Encryption Asiacrypt 2004, Jeju-do, Korea Claude Castelluccia, Stanisław Jarecki, Gene Tsudik UC Irvine.
Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.

Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.
A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.

A lightweight mutual authentication protocol for RFID networks 2005 IEEE Authors : Zongwei Luo, Terry Chan, Jenny S. Li Date : 2006/3/21 Presented by Hung.
A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao (PR China) Source: IEEE Comm. Letters 13 (5) (2009) Presenter:

A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao (PR China) Source: IEEE Comm. Letters 13 (5) (2009) Presenter:
Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.

Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.
1 A few challenges in security & privacy in the context of ubiquitous computing Gene Tsudik SCONCE: Secure Computing and Networking Center UC Irvine

1 A few challenges in security & privacy in the context of ubiquitous computing Gene Tsudik SCONCE: Secure Computing and Networking Center UC Irvine
Buyer-Seller Watermarking (BSW) Protocols Geong Sen Poh 31 Oct 2006.

Buyer-Seller Watermarking (BSW) Protocols Geong Sen Poh 31 Oct 2006.

Similar presentations

Ads by Google