abcs in theory and practice
play

ABCs in Theory and Practice RFIDsec 2015, TUTORIAL Gergely Alpr - PowerPoint PPT Presentation

Oct 08, 2022 •274 likes •711 views

ABCs in Theory and Practice RFIDsec 2015, TUTORIAL Gergely Alpr Radboud, ICIS DS June 23, 2015 Page 1 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Currently we are here... Motivating Attribtues Attribute-based identity

  1. ABCs in Theory and Practice RFIDsec 2015, TUTORIAL Gergely Alpár Radboud, ICIS DS June 23, 2015 Page 1 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely

  2. Currently we are here... Motivating Attribtues Attribute-based identity management Crypto of ABCs

  3. “[By 2025 f]ew individuals will have the energy, interest, or resources to protect themselves from dataveillance ; privacy will become a luxury .” [Pew Research Center, December 2014] Page 2 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Motivating Attribtues

  4. Authentication Passwords I • “38% of adults sometimes think it would be easier to solve world peace than attempt to remember all their passwords” [Harris Interactive, 2012] Many accounts at service providers I Identity management I • Users • Identity provider(s) = Issuer • Service providers = Relying party = Verifier Page 3 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Motivating Attribtues

  5. Problems with Identity Management Security I • Single point of failure • Valuable target Privacy I • Can log in (often) • Linking all user activities • Profiling Page 4 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Motivating Attribtues

  6. Authorisation is necessarily identifying Page 5 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Motivating Attribtues

  7. Outline Motivating Attribtues Attribute-based identity management Crypto of ABCs Page 6 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Motivating Attribtues

  8. Currently we are here... Motivating Attribtues Attribute-based identity management Crypto of ABCs

  9. Identity and Attributes [FIDIS 2005] Page 7 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Attribute-based identity management

  10. Digital Identity Attributes I Partial identities I Identifying and non-identifying attributes I Typical authorisation: Username + authentication + lookup I Authorisation based on attributes I • Directly looking up relevant attributes • Identifying and non-identifying authorisation (DEMO: ≥ 18) Page 8 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Attribute-based identity management

  11. Identity Management Page 9 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Attribute-based identity management

  12. Attribute-Based Identity Management Page 10 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Attribute-based identity management

  13. Attribute-Based Credential Page 11 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Attribute-based identity management

  14. Issuing and Showing Page 12 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Attribute-based identity management

  15. Currently we are here... Motivating Attribtues Attribute-based identity management Crypto of ABCs

  16. Plan for Crypto Commitment I Zero-knowledge proof I Attribute-based credential (ABC) I Selective disclosure I Page 13 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  17. Commitment (Temporary) secret in a box with a padlock I . . . and a key. I Phases: I • Commit • Opening Examples (related to the DL problem) – secret value x : I h = g x ( mod p ) . Commit: h , g , p ; Opening: x . • h = g r · g x • 1 ( mod p ) . Commit: h , g , g 1 , p ; Opening: r , x . Computational hiding and perfect binding. I OR Perfect hiding and computational binding. [Damgård 99] I Problem 3 The exponents of 23 modulo 29 (the order is q = 7): 0 1 2 3 4 5 6 7 ... 1 23 7 16 20 25 24 1 ... Page 14 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  18. Where’s Waldo? – Zero-Knowledge Proof Page 15 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  19. Where’s Waldo? – Zero-Knowledge Proof [Naor et al. 99] Page 16 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  20. Where’s Waldo? Page 17 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  21. Ali Baba – Zero-Knowledge Proof [Quisquater et al. 89] Page 18 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  22. Ali Baba – Zero-Knowledge Proof Commitment and Challenge Page 19 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  23. Ali Baba – Zero-Knowledge Proof Response and Verification Problems 1, 2 Page 20 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  24. A “Too Simple” Proof Let us work in G of order q I Discrete logarithm: “I know the discrete logarithm x = log g h .” I G , g , q , h = g x Prover Verifier Secret: x x − − − − − − − − → ? = g x h “Now you also know the discrete logarithm log g h .” / I Page 21 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  25. Schnorr’s Proof of Knowledge [Schnorr 91] Let us work in G of order q I Discrete logarithm: “I know the discrete logarithm x = log g h .” I PK { χ | h = g χ } — P roof of K nowledge I Interactive I G , g , q , h = g x Prover Verifier Secret: x (1) w ∈ R Z q a a := g w − − − − − − − − → c (2) c ∈ R { 0 , 1 } ← − − − − − − − − = g r · h � c ? r (3) r := c · x + w ( mod q ) a − − − − − − − − → (1) Commitment (2) Challenge (3) Response Page 22 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  26. Simulated Communication Let us work in G of order q I “I seem to know the discrete logarithm log g h .” , I Simulated conversation: transcript I Choose c ∈ R { 0 , 1 } , r ∈ R Z ⇤ I q a := g r · h � c Transcript and verification: = g r · h � c ? ( a , c , r ) a Page 23 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  27. Schnorr’s Proof of Knowledge [Schnorr 91] Let us work in G of order q I Discrete logarithm: “I know the discrete logarithm log g h .” I PK { χ | h = g χ } — P roof of K nowledge I Interactive I G , g , q , h = g x Prover Verifier Secret: x (1) w ∈ R Z q a a := g w − − − − − − − − → c c ∈ R [ 0 , 2 128 − 1 ] (2) ← − − − − − − − − = g r · h � c ? r (3) r := c · x + w ( mod q ) a − − − − − − − − → (1) Commitment (2) Challenge (3) Response Page 24 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  28. Schnorr Signature, i.e. Schnorr with Fiat–Shamir [FS 86] Discrete logarithm: “I know the discrete logarithm log g h .” I Non-interactive: SPK { χ | h = g χ } ( n ) I • Challenge c is generated by a hash H H : { 0 , 1 } ⇤ → [ 0 , 2 128 − 1 ] (128-bit output) • G , g , q , h = g x , H Prover Verifier Secret: x n n ∈ R Z q ← − − − − − − − − w ∈ R Z q a := g w c := H ( a , n ) a , r = g r · h � H ( a , n ) ? r := c · x + w ( mod q ) a − − − − − − − − − → Page 25 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  29. How to Design ABCs? – In Three Simple Steps Take a commitment scheme Step 1 Step 2 Generalise it to multiple values Step 3 Sign the extended commitment Step +1 Apply here and there zero-knowledge proofs Page 26 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  30. Example: Idemix Page 27 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  31. Hard Problems Discrete logarithm RSA Strong RSA Page 28 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  32. Idemix ABC – Based on CL Signature Camenisch–Lysyanskaya (CL) signature [CL 01, CL 02] I Strong RSA assumption [BP 97, FO 97] I • RSA ( n = pq ) = ⇒ Taking the e th root is hard • Strong = ⇒ DL is hard Group QR n : I p , q are safe primes ( p = 2 p 0 + 1 , q = 2 q 0 + 1 s.t. p 0 , q 0 primes) • • Quadratic residues in Z ⇤ n • QR n is a subgroup of order ϕ ( n ) / 4 Notation: I • Some group elements that you’ll see: A , Z , S , R , R 1 , R 2 , R 3 , . . . • Some further integers (exponents): e , v , a , . . . Let’s “design” Idemix’s ABCs I Page 29 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  33. Step 1: Commitment Take a commitment scheme – Pedersen on a 1 R a · R a 1 where a is random. 1 Page 30 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  34. Step 2: Generalisation Extend it to multiple values – generalise Pedersen on ( a 1 , . . . , a L ) R a · R a 1 1 · . . . · R a L L | {z } ai Q L i = 1 R i where a is random. Page 31 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  35. Step 3: Signature Sign the extended commitment – CL on attributes: a 1 , . . . , a L ! 1 / e Z A := ( mod n ) S v · R a · Q L i = 1 R a i i where ( a ) , v , e are random. Page 32 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  36. Step 3: Signature Sign the extended commitment – CL on attributes: a 1 , . . . , a L ! 1 / e Z A := ( mod n ) S v · R a · Q L i = 1 R a i i where ( a ) , v , e are random. Page 33 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

Recommend

Theory or Practice? Theory : Without theory, practice is but routine born out of habit.

Theory or Practice? Theory : Without theory, practice is but routine born out of habit.

Theory or Practice? Theory : Without theory, practice is but routine born out of habit. Theory alone can bring forth and develop the spirit of inventions Louis Pasteur, 1822-1895 Practice : It is a capital mistake to theorize before

548 views • 42 slides
practice theory for social change practice theory is not for social change in itself it has no

practice theory for social change practice theory is not for social change in itself it has no

practice theory for social change practice theory is not for social change in itself it has no internal normative content practice theory for understanding social change well demonstrated as enabling distinctive insight into change

536 views • 24 slides
University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs

University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs

(Or Living Between a Rock and a Hard Place) Nigel Smart University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs Theory and Practice A key problem is someones theory is someone elses practice,

1.66k views • 68 slides
From practice to theory and back again Tools for algorithms and programs In theory there is no

From practice to theory and back again Tools for algorithms and programs In theory there is no

From practice to theory and back again Tools for algorithms and programs In theory there is no difference between theory and practice, but We can time different methods, but how to compare timings? not in practice Different on different

450 views • 7 slides
Agriculture Dr.A.K.Gogoi, ADG(Agro) ICAR, New Delhi- 12 What are ABCs Atmospheric Brown Clouds

Agriculture Dr.A.K.Gogoi, ADG(Agro) ICAR, New Delhi- 12 What are ABCs Atmospheric Brown Clouds

Impact of Atmoshpheric Brown Clouds (ABCs) on Agriculture Dr.A.K.Gogoi, ADG(Agro) ICAR, New Delhi- 12 What are ABCs Atmospheric Brown Clouds (ABCs ) are regional scale slums of air pollution that consists of copious amounts of ting

931 views • 33 slides
The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International

The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International

The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International House, Rome April 17-18, 2010 Leo van Lier Monterey Institute of International Studies lvanlier@miis.edu 1 1 The ecology has spoken! 2 2 All

421 views • 29 slides
The ABCs of MLT Aptitude vs. Achievement Who has music aptitude? An Introduction to Gordons

The ABCs of MLT Aptitude vs. Achievement Who has music aptitude? An Introduction to Gordons

Music Aptitude The ABCs of MLT Aptitude vs. Achievement Who has music aptitude? An Introduction to Gordons EVERYONE! Music Learning Theory Multiple dimensions Normally distributed among population Heather N. Shouldice, PhD Innate AND

180 views • 3 slides
XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web

XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web

XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web in Web in Practice Practice Sihem Amer-Yahia Mariano Consens Yahoo! Research University of Toronto In collaboration with: Ricardo Baeza-Yates

1.06k views • 59 slides
One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in

One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in

One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in practice Disclaimer Experiences with Gigascope. A practitioners perspective. Will be using my own implementations, rather than

849 views • 46 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or

579 views • 15 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or {

560 views • 15 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or

162 views • 15 slides
How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch

How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch

How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch Sustainable Consumption Institute, University of Manchester Three contributions of contemporary practice theory A way of understanding the organisation

451 views • 15 slides
Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed

Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed

Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed Computing www.disco.ethz.ch Theory Meets Practice SenSys OSDI HotNets Multimedia Ubicomp PODC STOC Mobicom FOCS SIGCOMM ICALP SPAA SODA EC

950 views • 67 slides
How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA

How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA

How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA Brussels November 2013 Outline Introduction/Background Neo-classical theory Flaws in the theory Myths about growth Financial

729 views • 45 slides
Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism

Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism

Parallel Algorithms: Theory and Practice CS26 S260 Lecture cture 9* Yan n Gu Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism hard? Non-determinism!! Sc Schedu duli ling ng is

466 views • 11 slides
Kris Hermans 98 % A B Theory : easy Practice : every situation

Kris Hermans 98 % A B Theory : easy Practice : every situation

Kris Hermans 98 % A B Theory : easy Practice : every situation is different We create a template for an activity, We put into practice We share experiences Technical aspect of sport = secondary Use

172 views • 13 slides
W e l c o m e t o R o o m 2 0 5 The ABCs of Mrs. Kruses Classroom Mrs. Kruse

W e l c o m e t o R o o m 2 0 5 The ABCs of Mrs. Kruses Classroom Mrs. Kruse

W e l c o m e t o R o o m 2 0 5 The ABCs of Mrs. Kruses Classroom Mrs. Kruse University of Iowa Graduate Masters from Columbia and George Mason Universities 15th year of teaching Loves to experience and

447 views • 27 slides
Back

Back

Compliance Week: The ABCs Of SEC Probes: 20 Questions And Answers The ABCs Of SEC Probes: 20 Questions And Answers By Derek M. Meisner November 23, 2004 he Securities and Exchange Commission is funded to take action; its budget for enforcement

300 views • 8 slides
Refreshing our work with infants and toddlers: Mantras from theory, research and practice

Refreshing our work with infants and toddlers: Mantras from theory, research and practice

Refreshing our work with infants and toddlers: Mantras from theory, research and practice Professor Carmen Dalli Kaupapa/Plan 1. Mantras and teachers practical knowledge 2. Identifying mantras: rules of practice principles of practice

568 views • 29 slides
Theory and Practice Implicit Leadership Theory (ILT) Romance of Leadership (RoL) Implicit

Theory and Practice Implicit Leadership Theory (ILT) Romance of Leadership (RoL) Implicit

Critical leadership: Theory and Practice Implicit Leadership Theory (ILT) Romance of Leadership (RoL) Implicit Leadership Theories ILTs It is all in our heads `General ideas about what leaders are like and how they behave are called

887 views • 24 slides
New Developments In The Theory Of Clustering thats all very well in practice, but does it work

New Developments In The Theory Of Clustering thats all very well in practice, but does it work

New Developments In The Theory Of Clustering thats all very well in practice, but does it work in theory ? Sergei Vassilvitskii (Yahoo! Research) Suresh Venkatasubramanian (U. Utah) Sergei V . and Suresh V . Theory of Clustering Overview

2.3k views • 185 slides
THE ABCS OF TITLE CLAIMS IN FLORIDA Speech by Mark A. Brown before the Real Property

THE ABCS OF TITLE CLAIMS IN FLORIDA Speech by Mark A. Brown before the Real Property

THE ABCS OF TITLE CLAIMS IN FLORIDA Speech by Mark A. Brown before the Real Property Litigation Seminar November 20, 2002 TPA#1780435.1 1 THE ABCS OF TITLE CLAIMS IN FLORIDA A. Title Defects When a party to a real estate transaction

621 views • 15 slides
APNA Recovery Resilience Innovations ABCS of Resilience APNA Recovery Council Steering Committee

APNA Recovery Resilience Innovations ABCS of Resilience APNA Recovery Council Steering Committee

APNA 30th Annual Conference Session 2053: October 20, 2016 APNA Recovery Resilience Innovations ABCS of Resilience APNA Recovery Council Steering Committee Interactive Panel 2016 Learning Outcomes Explain the ABCS of the Chandler Resilience

337 views • 9 slides

More recommend