1 / 26

Optionally Identifiable Private Handshakes

Optionally Identifiable Private Handshakes. Yanjiang Yang. Agenda. Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion. Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion. Secret handshakes.

Download Presentation

Optionally Identifiable Private Handshakes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Optionally Identifiable Private Handshakes Yanjiang Yang

  2. Agenda • Introduction • Review of Related Work • Optionally Identifiable Private Handshakes • Conclusion

  3. Introduction • Review of Related Work • Optionally Identifiable Private Handshakes • Conclusion

  4. Secret handshakes • Users are increasingly concerned about individual privacy in cyberspace • Privacy-preserving techniques are expected play a key part • Secret handshakes • non-members learn nothing on the handshake between the two users • A non-member cannot impersonate a member

  5. Unlinkable secret handshakes • Secret handshakes are linkable • Unlinkable secret handshakes provides unlinkability • Traceability is a feature of unlinkable secret handshakes • Differences between unlinkable secret handshakes and anonymous credentials

  6. Private handshakes Project Summary - why should it be done? • Traceability may not be always desired • Hoepman proposed the concept of private handshakes • No traceability whatsoever in private handshakes

  7. Optionally identifiable private handshakes • Secret handshakes/private handshakes each have own applications • A primitive optionally between them is more flexible • We proposed the concept of optionally identifiable private handshakes

  8. Nutshell Private handshakes (linkable) Secret handshakes No identifiability identifiability Optionally identifiable private handshakes Unlinkable secret handshakes

  9. Introduction • Review of Related Work • Optionally Identifiable Private Handshakes • Conclusion

  10. Secret handshakes • Balfanz et al. first formulated the notion of secret handshakes (S&P’03) • Castelluccia et al. proposed secret handshake protocols, with security under computational Diffie-Hellman assumption (Asiacrypt’04)

  11. Secret handshakes - continued • Jarecki et al. (CT-RSA’07) and Vergnaud et al. (coding and cryptography’05) proposed RSA-based secret handshakes

  12. Unlinkable secret handshakes • Xu et al. proposed k-anonymous secret handshakes (CCS’04) • Tsudik et al. proposed (full) unlinkable secret handshakes, but all members from the same group are required to share a group secret • Jarecki et al.’s scheme does not sharing of group secret (ACNS’07) • Ateniese et al. proposed fuzzy unlinkable secret handnhakes (NDSS’07)

  13. Private handshakes • Hoepma proposed private handshakes (security and privacy in Ad Hoc and sensor networks’07)

  14. Introduction • Review of Related Work • Optionally Identifiable Private Handshakes • Conclusion

  15. Model Project Summary - why should it be done? • Entities • a set of users • a set of groups • a set of group administrators who create groups and enrol users in groups. • a user may or may not be affiliated to a group • if a user belongs to a group, then he is a member of that group; otherwise, he is non-member of that group.

  16. Model - continued • Algorithms • CreateGroup(1k) • EnrolUser(G, u) • HandShake(u1, u2, b) • RevokeUser(G, u)

  17. Details of algorithms Project Summary - why should it be done? • Parameters • e(G1, G1) G2 • H0, H1,H2 • Enc().

  18. Details of algorithms - continued Project Summary - why should it be done? • CreateGroup(1k) • Group administrator selects sG • EnrolUser(G, u) • Group administrator issues u a credential xu = sGH0(u),

  19. u1 u1 u2 u2 xu1=sGH0(u1) xu1=sGH0(u1) xu2=sGH0(u2) xu2=sGH0(u2) R1, b R2, V2 Details of algorithms - continued Project Summary - why should it be done? • Handshake(u1, u2, b) R1=r1H0(u1) R2=r2H0(u2) V2 = H1(e(R1,r2xu2), b)

  20. u1 u2 xu1=sGH0(u1) xu2=sGH0(u1) Details of algorithms - continued H1(e(r1xu1, r2), b) =? V2 V1 = H1(b, e(r1xu1, R2)) sk1 = H2(e(r1xu1, R2), R1, R2) V1 H1(b, e(R1, r2xu2)) =? V1 sk2 = H2(e(r2xu2, R1), R1, R2) So far, private handshake is completed!

  21. u1 u2 xu1=sGH0(u1) xu2=sGH0(u1) Details of algorithms - continued C1 = Enc(sku1, r1, u1) C1 (r1’, u1’) = Enc(sku2, C1) R1 =? r1’H0(u1’) C2 = Enc(sku2, r2, u2) sku2 = … C2 …

  22. Future Work • User Revocation

  23. Security • Impersonation resistance • Membership detection resistance • Unlinkability of private handshake • Unlinkability to eavesdropper

  24. Introduction • Review of Related Work • Optionally Identifiable Private Handshakes • Conclusion

  25. Conclusion • We proposed the concept of private handshakes with optional identifiability, interpolating between private handshakes and secret handshakes, representing a more flexible primitive • A concrete scheme was presented, and its security was defined and proved.

  26. Q & A Project Summary - why should it be done? THANK YOU!

More Related