Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymous Identification in Ad Hoc Groups New York, NY, USAApril 6 th, 2004 Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup

Published byCharles Matthews Modified over 8 years ago

Similar presentations

Presentation on theme: "Anonymous Identification in Ad Hoc Groups New York, NY, USAApril 6 th, 2004 Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup"— Presentation transcript:

1 Anonymous Identification in Ad Hoc Groups New York, NY, USAApril 6 th, 2004 Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup {dodis,nicolosi,shoup}@cs.nyu.edu New York University Aggelos Kiayias aggelos@cse.uconn.edu University of Connecticut

2 April 6, 2004Antonio Nicolosi — NYU2 Enabling Privacy-Aware Access Control Want to control access to many objects –Each with its own set of authorized users For privacy concerns, users won’t reveal their identity when accessing an object Solution: –Have one ad hoc group for each object –To access an object, users anonymously identify as members of corresponding group

3 April 6, 2004Antonio Nicolosi — NYU3 Example: Access-controlled Blog Alice is keeping a cool blog about her poems Since she’s shy, she only wants her friends to access it But her friends are shy, too: Maybe one of them is making too much reading …  Solution: Ad Hoc Anonymous Identification scheme

4 April 6, 2004Antonio Nicolosi — NYU4 Identification Schemes

5 April 6, 2004Antonio Nicolosi — NYU5 Anonymous Identification

6 April 6, 2004Antonio Nicolosi — NYU6 Anonymous Identification (cont’d) Alice cannot tell whom she is talking to –Even in the case of two sessions with the same user (unlinkability)

7 April 6, 2004Antonio Nicolosi — NYU7 Ad Hoc Groups “Structured” Groups vs. E.g. organizations Group Manager Users need a different key per group Ad Hoc Groups E.g. poetry clubs No central authority Can use same key for multiple groups

8 April 6, 2004Antonio Nicolosi — NYU8 Ad Hoc Anonymous ID: Syntax Setup: system-wide initialization phase Register: per-user initialization –Each user picks a secret key/public key pair –Run only once, regardless of # groups user joins Make-GPK: combines a set of PKs into one GPK Make-GSK: combines a user’s SK with a set of PKs, yielding a single GSK Anon-ID: protocol between a group member (holding GSK) and a verifier (holding GPK)

9 April 6, 2004Antonio Nicolosi — NYU9 Ad Hoc Anonymous ID: Syntax (cont’d) Make-GPK (running time / to group size) Make-GSK (running time / to group size) Anon-ID (constant running time)

10 April 6, 2004Antonio Nicolosi — NYU10 Background: One-Way Functions At the core of all modern Cryptography –Several instances are widely accepted … –… but nobody knows if they exist (in particular, cannot exist if P = NP) Family of functions easy to compute, but very hard to invert at a random point xf(x) easy HARD

11 April 6, 2004Antonio Nicolosi — NYU11 Background: Accumulators Intuition: Secure Dictionary ADT –Element Insertion/Membership Testing Element Insertion –Adding to a set yields a different, larger set –Adding to an accumulator yields a different value of the same size + a witness

12 April 6, 2004Antonio Nicolosi — NYU12 Background: Accumulators (cont’d) Membership Testing –Sets are transparent: anybody can inspect their content … unless the proper witness is known –Accumulators are opaque: Infeasible to check for membership … Hard to compute “fake witness’’

13 April 6, 2004Antonio Nicolosi — NYU13 Constructing Ad Hoc Anonymous ID Make-GPK combines PKs by inserting them all into the accumulator Make-GSK runs as Make-GPK, but also keeps track of SK and of the witness for PK In the Anon-ID protocol, the user proves that 1.he knows the SK corresponding to some PK 2.PK has been added in the accumulator Register sets SK=random, PK= f( SK )

14 April 6, 2004Antonio Nicolosi — NYU14 Ad Hoc Anonymous ID: Variations Identity Escrow –To prevent abuse of anonymity, possible to amend the scheme so that user identity can be recovered by a trusted party Supporting large ad hoc groups –If group changes, need to build new value of GPK from scratch with Make-GPK –But if changes are just user additions, can compute new GPK (and GSK) efficiently

15 April 6, 2004Antonio Nicolosi — NYU15 Summary We propose a novel cryptographic functionality (Ad Hoc Anonymous ID) enabling flexible, privacy-aware access control We discuss possible variations to handle identity escrow and growing ad hoc groups We design an instance based on a new tool (One-Way Accumulators), efficiently constructible based on standard assumptions

16 April 6, 2004Antonio Nicolosi — NYU16 Any questions? Thank you!

Download ppt "Anonymous Identification in Ad Hoc Groups New York, NY, USAApril 6 th, 2004 Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup"

Similar presentations

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Optionally Identifiable Private Handshakes Yanjiang Yang.

Optionally Identifiable Private Handshakes Yanjiang Yang.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.

Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.
11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.

11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.

Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.

PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.
1 Vipul Goyal Abhishek Jain Rafail Ostrovsky Silas Richelson Ivan Visconti Microsoft Research India MIT and BU UCLA University of Salerno, Italy Constant.

1 Vipul Goyal Abhishek Jain Rafail Ostrovsky Silas Richelson Ivan Visconti Microsoft Research India MIT and BU UCLA University of Salerno, Italy Constant.
Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.

Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.
IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

Similar presentations

Ads by Google