Optionally Identifiable Private Handshakes - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

Optionally Identifiable Private Handshakes

Description:

Optionally Identifiable Private Handshakes Yanjiang Yang Agenda Introduction Review of Related Work Optionally Identifiable Private Handshakes Conclusion Introduction ... – PowerPoint PPT presentation

Number of Views:89
Avg rating:3.0/5.0
Slides: 27
Provided by: tllim
Category:

less

Transcript and Presenter's Notes

Title: Optionally Identifiable Private Handshakes


1
Optionally Identifiable Private Handshakes
Yanjiang Yang
2
Agenda
  • Introduction
  • Review of Related Work
  • Optionally Identifiable Private Handshakes
  • Conclusion

3
  • Introduction
  • Review of Related Work
  • Optionally Identifiable Private Handshakes
  • Conclusion

4
Secret handshakes
  • Users are increasingly concerned about individual
    privacy in cyberspace
  • Privacy-preserving techniques are expected play a
    key part
  • Secret handshakes
  • non-members learn nothing on the handshake
    between the two users
  • A non-member cannot impersonate a member

5
Unlinkable secret handshakes
  • Secret handshakes are linkable
  • Unlinkable secret handshakes provides
    unlinkability
  • Traceability is a feature of unlinkable secret
    handshakes
  • Differences between unlinkable secret handshakes
    and anonymous credentials

6
Private handshakes
Project Summary - why should it be done?
  • Traceability may not be always desired
  • Hoepman proposed the concept of private
    handshakes
  • No traceability whatsoever in private handshakes

7
Optionally identifiable private handshakes
  • Secret handshakes/private handshakes each have
    own applications
  • A primitive optionally between them is more
    flexible
  • We proposed the concept of optionally
    identifiable private handshakes

8
Nutshell
(linkable) Secret handshakes
  • Private handshakes

No identifiability
identifiability
Optionally identifiable private handshakes
Unlinkable secret handshakes
9
  • Introduction
  • Review of Related Work
  • Optionally Identifiable Private Handshakes
  • Conclusion

10
Secret handshakes
  • Balfanz et al. first formulated the notion of
    secret handshakes (SP03)
  • Castelluccia et al. proposed secret handshake
    protocols, with security under computational
    Diffie-Hellman assumption (Asiacrypt04)

11
Secret handshakes - continued
  • Jarecki et al. (CT-RSA07) and Vergnaud et al.
    (coding and cryptography05) proposed RSA-based
    secret handshakes

12
Unlinkable secret handshakes
  • Xu et al. proposed k-anonymous secret handshakes
    (CCS04)
  • Tsudik et al. proposed (full) unlinkable secret
    handshakes, but all members from the same group
    are required to share a group secret
  • Jarecki et al.s scheme does not sharing of group
    secret (ACNS07)
  • Ateniese et al. proposed fuzzy unlinkable secret
    handnhakes (NDSS07)

13
Private handshakes
  • Hoepma proposed private handshakes (security and
    privacy in Ad Hoc and sensor networks07)

14
  • Introduction
  • Review of Related Work
  • Optionally Identifiable Private Handshakes
  • Conclusion

15
Model
Project Summary - why should it be done?
  • Entities
  • a set of users
  • a set of groups
  • a set of group administrators who create groups
    and enrol users in groups.
  • a user may or may not be affiliated to a group
  • if a user belongs to a group, then he is a member
    of that group otherwise, he is non-member of
    that group.

16
Model - continued
  • Algorithms
  • CreateGroup(1k)
  • EnrolUser(G, u)
  • HandShake(u1, u2, b)
  • RevokeUser(G, u)

17
Details of algorithms
Project Summary - why should it be done?
  • Parameters
  • e(G1, G1) ?G2
  • H0, H1,H2
  • Enc().

18
Details of algorithms - continued
Project Summary - why should it be done?
  • CreateGroup(1k)
  • Group administrator selects sG
  • EnrolUser(G, u)
  • Group administrator issues u a credential xu
    sGH0(u),

19
Details of algorithms - continued
Project Summary - why should it be done?
  • Handshake(u1, u2, b)

R1r1H0(u1)
R2r2H0(u2) V2 H1(e(R1,r2xu2), b)
20
Details of algorithms - continued
H1(e(r1xu1, r2), b) ? V2 V1 H1(b, e(r1xu1,
R2)) sk1 H2(e(r1xu1, R2), R1, R2)
V1
H1(b, e(R1, r2xu2)) ? V1 sk2 H2(e(r2xu2, R1),
R1, R2)
So far, private handshake is completed!
21
Details of algorithms - continued
C1 Enc(sku1, r1, u1)
C1
(r1, u1) Enc(sku2, C1) R1 ? r1H0(u1) C2
Enc(sku2, r2, u2) sku2
C2

22
Future Work
  • User Revocation

23
Security
  • Impersonation resistance
  • Membership detection resistance
  • Unlinkability of private handshake
  • Unlinkability to eavesdropper

24
  • Introduction
  • Review of Related Work
  • Optionally Identifiable Private Handshakes
  • Conclusion

25
Conclusion
  • We proposed the concept of private handshakes
    with optional identifiability, interpolating
    between private handshakes and secret handshakes,
    representing a more flexible primitive
  • A concrete scheme was presented, and its security
    was defined and proved.

26
Q A
Project Summary - why should it be done?
THANK YOU!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Optionally Identifiable Private Handshakes" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!