Anonymous Identification in Ad Hoc Groups New York, NY, USAApril 6 th, 2004 Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup

Slides:

Advertisements

Similar presentations

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Advertisements

Secure Multiparty Computations on Bitcoin

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

Optionally Identifiable Private Handshakes Yanjiang Yang.

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Rennes, 23/10/2014 Cristina Onete Commitment Schemes and Identification/Authentication.

11 Provable Security. 22 Given a ciphertext, find the corresponding plaintext.

Digital Signatures and Hash Functions. Digital Signatures.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Key Exchange Using Passwords and Long Keys Vladimir Kolesnikov Charles Rackoff Comp. Sci. University of Toronto.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

PROVIDING ROBUST AND UBIQUITOUS SECURITY SUPPORT FOR MOBILE AD- HOC NETWORKS Georgios Georgiadis 6/5/2008.

1 Vipul Goyal Abhishek Jain Rafail Ostrovsky Silas Richelson Ivan Visconti Microsoft Research India MIT and BU UCLA University of Salerno, Italy Constant.

Serverless Search and Authentication Protocols for RFID Chiu C. Tan, Bo Sheng and Qun Li Department of Computer Science College of William and Mary.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Improving Privacy and Security in Multi- Authority Attribute-Based Encryption Advanced Information Security April 6, 2010 Presenter: Semin Kim.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

Certificateless Authenticated Two-Party Key Agreement Protocols

Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.

Introduction to Modern Cryptography, Lecture 7/6/07 Zero Knowledge and Applications.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

Key Distribution CS 470 Introduction to Applied Cryptography

Privacy-Preserving Transaction Escrow Stas Jarecki Pat Lincoln Vitaly Shmatikov UC Irvine SRI International.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Introduction to Public Key Cryptography

By Jyh-haw Yeh Boise State University ICIKM 2013.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

Chapter 4: Intermediate Protocols

Issues in Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.

September 20 th, 2006 U-Prove crypto overview Copyright © 2006, Quebec Inc. Proprietary and Confidential.

An Ad Hoc Group Signature Scheme for Accountable and Anonymous Access to Outsourced Data Chuang Wang a,b and Wensheng Zhang a a Department of Computer.

Lecture 11: Strong Passwords

Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.

Secure two-party computation: a visual way by Paolo D’Arco and Roberto De Prisco.

Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.

Security protocols and their verification Mark Ryan University of Birmingham Midlands Graduate School University of Birmingham April 2005 Steve Kremer.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.

PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.

Introduction to Quantum Key Distribution

Digital Signatures, Message Digest and Authentication Week-9.

Copyright 1999 S.D. Personick. All Rights Reserved. Telecommunications Networking II Lecture 41b Cryptography and Its Applications.

WISTP’08 ©LAM /05/2008 A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup Christer Andersson Markulf Kohlweiss.

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.

A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Computer and Network Security - Message Digests, Kerberos, PKI –

EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.

ICICS2002, Singapore 1 A Group Signature Scheme Committing the Group Toru Nakanishi, Masayuki Tao, and Yuji Sugiyama Dept. of Communication Network Engineering.

Key Generation Protocol in IBC Author ： Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.

 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.

Bit Commitment, Fair Coin Flips, and One-Way Accumulators Matt Ashoff 11/9/2004 Cryptographic Protocols.

Cryptography Reference: Network Security

Cryptography Reference: Network Security

CS480 Cryptography and Information Security

CSC 774 Advanced Network Security

Presentation transcript:

Anonymous Identification in Ad Hoc Groups New York, NY, USAApril 6 th, 2004 Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup New York University Aggelos Kiayias University of Connecticut

April 6, 2004Antonio Nicolosi — NYU2 Enabling Privacy-Aware Access Control Want to control access to many objects –Each with its own set of authorized users For privacy concerns, users won’t reveal their identity when accessing an object Solution: –Have one ad hoc group for each object –To access an object, users anonymously identify as members of corresponding group

April 6, 2004Antonio Nicolosi — NYU3 Example: Access-controlled Blog Alice is keeping a cool blog about her poems Since she’s shy, she only wants her friends to access it But her friends are shy, too: Maybe one of them is making too much reading …  Solution: Ad Hoc Anonymous Identification scheme

April 6, 2004Antonio Nicolosi — NYU4 Identification Schemes

April 6, 2004Antonio Nicolosi — NYU5 Anonymous Identification

April 6, 2004Antonio Nicolosi — NYU6 Anonymous Identification (cont’d) Alice cannot tell whom she is talking to –Even in the case of two sessions with the same user (unlinkability)

April 6, 2004Antonio Nicolosi — NYU7 Ad Hoc Groups “Structured” Groups vs. E.g. organizations Group Manager Users need a different key per group Ad Hoc Groups E.g. poetry clubs No central authority Can use same key for multiple groups

April 6, 2004Antonio Nicolosi — NYU8 Ad Hoc Anonymous ID: Syntax Setup: system-wide initialization phase Register: per-user initialization –Each user picks a secret key/public key pair –Run only once, regardless of # groups user joins Make-GPK: combines a set of PKs into one GPK Make-GSK: combines a user’s SK with a set of PKs, yielding a single GSK Anon-ID: protocol between a group member (holding GSK) and a verifier (holding GPK)

April 6, 2004Antonio Nicolosi — NYU9 Ad Hoc Anonymous ID: Syntax (cont’d) Make-GPK (running time / to group size) Make-GSK (running time / to group size) Anon-ID (constant running time)

April 6, 2004Antonio Nicolosi — NYU10 Background: One-Way Functions At the core of all modern Cryptography –Several instances are widely accepted … –… but nobody knows if they exist (in particular, cannot exist if P = NP) Family of functions easy to compute, but very hard to invert at a random point xf(x) easy HARD

April 6, 2004Antonio Nicolosi — NYU11 Background: Accumulators Intuition: Secure Dictionary ADT –Element Insertion/Membership Testing Element Insertion –Adding to a set yields a different, larger set –Adding to an accumulator yields a different value of the same size + a witness

April 6, 2004Antonio Nicolosi — NYU12 Background: Accumulators (cont’d) Membership Testing –Sets are transparent: anybody can inspect their content … unless the proper witness is known –Accumulators are opaque: Infeasible to check for membership … Hard to compute “fake witness’’

April 6, 2004Antonio Nicolosi — NYU13 Constructing Ad Hoc Anonymous ID Make-GPK combines PKs by inserting them all into the accumulator Make-GSK runs as Make-GPK, but also keeps track of SK and of the witness for PK In the Anon-ID protocol, the user proves that 1.he knows the SK corresponding to some PK 2.PK has been added in the accumulator Register sets SK=random, PK= f( SK )

April 6, 2004Antonio Nicolosi — NYU14 Ad Hoc Anonymous ID: Variations Identity Escrow –To prevent abuse of anonymity, possible to amend the scheme so that user identity can be recovered by a trusted party Supporting large ad hoc groups –If group changes, need to build new value of GPK from scratch with Make-GPK –But if changes are just user additions, can compute new GPK (and GSK) efficiently

April 6, 2004Antonio Nicolosi — NYU15 Summary We propose a novel cryptographic functionality (Ad Hoc Anonymous ID) enabling flexible, privacy-aware access control We discuss possible variations to handle identity escrow and growing ad hoc groups We design an instance based on a new tool (One-Way Accumulators), efficiently constructible based on standard assumptions

April 6, 2004Antonio Nicolosi — NYU16 Any questions? Thank you!