Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka 2011.2.10

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Public Key Infrastructure and Applications
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.
Smart Cards Our Inevitable Future Mark Shippy. What are smart cards? Credit card sized plastic card with an embedded chip. Credit card sized plastic card.
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
By Md Emran Mazumder Ottawa University Student no:
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
FIT3105 Smart card based authentication and identity management Lecture 4.
Cryptography Basic (cont)
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Chapter 8 Web Security.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
ASYMMETRIC CIPHERS.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Chapter 10: Authentication Guide to Computer Network Security.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Secure Electronic Transaction (SET)
Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.
How can the SMART card help in new channels?
The Cryptographic Sensor FTO Libor Dostálek, Václav Novák.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Chapter 21 Distributed System Security Copyright © 2008.
Chapter 4 Application Level Security in Cellular Networks.
28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
DIGITAL SIGNATURE.
Azam Supervisor : Prof. Raj Jain
1 Thuy, Le Huu | Pentalog VN Web Services Security.
1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Use or disclosure of the contents of this page is restricted by the terms on the notice page Intel Strategy for Post Quantum Crypto Ernie Brickell Presentation.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Security of the Internet of Things: perspectives and challenges
Electronic Banking & Security Electronic Banking & Security.
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
The Italian Academic Community’s Electronic Voting System
e-Security Solutions Penki Kontinentai Vladas Lapinskas
Presentation transcript:

Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka

NEC Confidential © NEC Corporation 2008( ) Page 2 Group Signatures ▐Generating a single authentication data which provides two levels of verification Authorized Group Group SIg. Zero Knowledge Proof Encrypted ID Authority Server ID ? Group OK! ID O K! Level 2 Level 1 Digital Sig. ID O K! Verify Group attribute Cannot Identify User Only the authority with a secret key can identify the user Group Public Key Anyone can verify and identify the user Ordinary PKI authentication data (signature) authentication data (signature)

NEC Confidential © NEC Corporation 2008( ) Page 3 Group Signatures ▐Generating a single authentication data which provides two levels of verification Authorized Group Group SIg. Zero Knowledge Proof Encrypted ID Authority Server ID ? Group OK! ID O K! Level 2 Level 1 Verify Group attribute Cannot Identify User Only the authority with a secret key can identify the user Group Public Key authentication data (signature) Authority is not unique for the group. Can be assingned by signer per authentication

NEC Confidential © NEC Corporation 2008( ) Page 4 Application of Group Signatures : Internet shopping web store User Credit Card Company Current scheme Proposed scheme Card No BILL web store User Credit Card Company BILL auth. data Card No No Card no. Breach threat Ensures Payment Level 2 Level 1

NEC Confidential © NEC Corporation 2008( ) Page 5 Application of Group Signatures : Outsourcing scenario Entrance Gate User Company Current scheme Proposed scheme Group, ID Entrance Gate User Company auth. data Group,ID ID No Card no. Breach threat Ensures Group Level 2 Level 1 Work Record

NEC Confidential © NEC Corporation 2008( ) Page 6 Some applications: Car to Car communication Car Current Proposed Vehicle ID Car Police Vehicle maker authN data Vehicle ID Authenticates message messages are broadcasted with Vehicle ID Traffic Jam! Makes it easy to trace cars Traffic Jam! Level 2 Level 1

NEC Confidential © NEC Corporation 2008( ) Page 7 Application example : Passports Hotels Supermarket s User Current Proposed Passport No User Japanese Embassy identification authN data Passport No No ID Leakage Ensures nationality Level 2 Level 1 Problem Hotels Supermarket s

NEC Confidential © NEC Corporation 2008( ) Page 8 What Group Signature brings… ▐Enhances user’s privacy by hiding user’s identity information until when it is needed ID-tag with a cover ▐Servers do not have to receive unnecessary information Need not to spend cost to prevent information breach ▐Enhances user’s privacy even when user is not a signer Issuer of certificates uses group signature to sign certificates Ex. Drivers License: Users can hide in which country he obtained the license. ▐Issue: computation is so heavy to be used in portable devices to ensure location privacy of users Portable devices: mobile phones, smart cards, other low-power embedded CPU Need for development of LSI for group signature computation

NEC Confidential © NEC Corporation 2008( ) Page 9 Implementation of LSI for group signature

NEC Confidential © NEC Corporation 2008( ) Page 10 Issues regarding implementation ▐High computational complexity. Algorithm based on RSA and DDH on Elliptic curves Isshiki,Mori,Sako,Teranishi,Yonezawa ‘Using Group Signature for Identity Management and its Implementation’ Workshop on Digital Identity Management (DIM2006) 10 times or more computation steps compared to conventional digital signature algorithms over RSA or ECC. Combination of different kinds of mathematical computations. Large integer computation Modular exponentiation and modular multiplication Scalar multiplication and point addition on elliptic curve Pseudo random number generation Hash computation Implementing 10 K lines of C codes in a single LSI is … unusual! ▐GOAL: good performance on low-power embedded CPUs.

NEC Confidential © NEC Corporation 2008( ) Page 11 The world’s first (to our knowledge) LSI for group signatures ▐Features Fast signature generation/verification speed. 0.1 seconds at 150MHz clock Same speed with S/W on 3GHz clock PC Low power consumption. Less than 0.6W at 150MHz clock 1/100 or less power compared to PC (60W or more) Usable not only as an independent LSI chip but as an IP core (2mm 2 ) ▐Development story 3 years efforts of exploring design strategy and H/W architecture. Achieved best trade-off balance of performance, circuit size and power consumption. RSA core ECC core INT core Parallel computation sequence HASH/PRNG core Computation controller temp. memory I/O interface

NEC Confidential © NEC Corporation 2008( ) Page 12 LSI for group signatures (2/2) ▐What helped us …NEC original HW synthesizer With the help of behavioral synthesizer, 10K lines of C code resulted in 800 K gates of group signature computation accelerator ▐Merits of H/W solution Low mass-production cost. Suitable for battery driven compact devices. High tamper resistance for critical security applications. ▐The same architecture can be used to accelerate other cryptographic protocols NEC’s original H/W synthesizer

NEC Confidential © NEC Corporation 2008( ) Page 13 Security and Privacy concerns Mr. Tanaka Tanaka passed Shibuya station at 13:19 Tanaka walked by Shibuya Station at 14:35 Tanaka bought glasses at Shibuya for 10,000yen Tanaka arrived office at 14:53 Like being supervised everywhere

NEC Confidential © NEC Corporation 2008( ) Page 14 Better world with anonymous digital signatures Mr. Tanaka Good Passholder passed Shibuya station at 13:19 Kawasaki Citizen walked by Shibuya Station at 14:35 Credit Card holder bought glasses at hibuya for 10,000yen Employee arrived office at 14:53 Enhanced Privacy with Minimum Disclosure

NEC Confidential © NEC Corporation 2008( ) Page 15 This work was partly supported by Ministry of Internal Affairs and Communications.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.