privacy preserving protocols
play

Privacy Preserving Protocols Workshop on Cryptography for the - PowerPoint PPT Presentation

Jun 10, 2023 •430 likes •1.04k views

Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012 Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID Privacy

  1. Privacy Preserving Protocols Privacy Preserving Protocols Workshop on Cryptography for the Internet of Things Jens Hermans KU Leuven - COSIC 20 November 2012

  2. Privacy Preserving Protocols Introduction Cryptography in Daily Life RFID

  3. Privacy Preserving Protocols Introduction Cryptography in Daily Life Car Keys

  4. Privacy Preserving Protocols Introduction Cryptography in Daily Life Access Control

  5. Privacy Preserving Protocols Introduction Cryptography in Daily Life Product Tracking

  6. Privacy Preserving Protocols RFID Privacy 1 RFID Privacy Requirements 2 Privacy Models Protocol Analysis Provable Security (Privacy) Privacy Model Insider Attacks Requirements 3 Lightweight Cryptography 4 Existing Protocols 5 Protocol Design Design Performance 6 Conclusions and Future Perspectives

  7. Privacy Preserving Protocols RFID Privacy Why? Industrial espionage

  8. Privacy Preserving Protocols RFID Privacy Why? User privacy

  9. Privacy Preserving Protocols RFID Privacy Why? Das Kapital Insulin pump Underwear Membership implant User privacy

  10. Privacy Preserving Protocols RFID Privacy Why? Wireless Gun

  11. Privacy Preserving Protocols RFID Privacy RFID Privacy: goals ... ID = u0012345, S = ... { (ID=u0012345, ID = ? P=...) , ...}

  12. Privacy Preserving Protocols RFID Privacy RFID Privacy: goals ID = u0012345, S = ... Link? #T ags? ID = u7654321, S = ...

  13. Privacy Preserving Protocols RFID Privacy Corrupting Tags

  14. Privacy Preserving Protocols RFID Privacy Requirements Different Privacy Solutions Protocol Level Privacy Kill Command Destroy Tag Shielding (Read Range Reduction) ...

  15. Privacy Preserving Protocols RFID Privacy Requirements Threat Analysis / Requirements Privacy Low High Low Security Supply Chain Public Transport Payments Car Keys Access Control High Passports

  16. Privacy Preserving Protocols Privacy Models 1 RFID Privacy Requirements 2 Privacy Models Protocol Analysis Provable Security (Privacy) Privacy Model Insider Attacks Requirements 3 Lightweight Cryptography 4 Existing Protocols 5 Protocol Design Design Performance 6 Conclusions and Future Perspectives

  17. Privacy Preserving Protocols Privacy Models Protocol Analysis Protocol Analysis ... ID = u0012345, S = ... { (ID=u0012345, ID = ? P=...) , ...} Properties: Security Privacy: untraceability Allow corruption

  18. Privacy Preserving Protocols Privacy Models Protocol Analysis Protocol Analysis ... ID = u0012345, S = ... { (ID=u0012345, ID = ? P=...) , ...} Results Many published protocols broken: ⇒ Lack of formal proofs!

  19. Privacy Preserving Protocols Privacy Models Provable Security (Privacy) Provable Security (Privacy)

  20. Privacy Preserving Protocols Privacy Models Provable Security (Privacy) Provable Security (Privacy) System Adversary Adversary wins if ...

  21. Privacy Preserving Protocols Privacy Models Privacy Model Juels-Weis model (2005) System Adversary A B A or B Adversary wins if output is correct tag.

  22. Privacy Preserving Protocols Privacy Models Privacy Model Vaudenay model (2007) System Adversary (Blinded) B Adversary wins if output is true and not trivial

  23. Privacy Preserving Protocols Privacy Models Privacy Model Privacy Model Hermans et al. (2011) Design goals: Strong adversary: can always corrupt Solve issues with wide strong privacy Model ‘reality’ Easy to use

  24. Privacy Preserving Protocols Privacy Models Privacy Model Privacy Model Hermans et al. (2011) System Adversary A B A C

  25. Privacy Preserving Protocols Privacy Models Privacy Model Privacy Model Hermans et al. (2011) System Adversary A B A C Adversary wins if random bit is guessed correctly.

  26. Privacy Preserving Protocols Privacy Models Privacy Model Privacy Model Hermans et al. (2011) New Features: Features (reused): corruption → on real tag Virtual tag handles wide strong privacy Indistinguishability based Single random bit for entire system

  27. Privacy Preserving Protocols Privacy Models Privacy Model Indistinguishability Encryption: Privacy-models: abc xyz RO Juels-Weis IND-CPA Vaudenay IND-CCA Hermans et al. IND-CCA2 ... #!$

  28. Privacy Preserving Protocols Privacy Models Privacy Model Indistinguishability Encryption: Privacy-models: A B RO Juels-Weis IND-CPA Vaudenay IND-CCA Hermans et al. IND-CCA2 ...

  29. Privacy Preserving Protocols Privacy Models Privacy Model Privacy Levels Strong Forward Weak Wide at end Narrow at end

  30. Privacy Preserving Protocols Privacy Models Privacy Model Privacy Requirements Privacy Level Application Narrow Weak Supply Chain Narrow Forward Smart Products Wide Weak Car Keys Payments Access Tokens Wide Forward Passports Public Transport

  31. Privacy Preserving Protocols Privacy Models Insider Attacks Insider Attacks System Adversary Insider T ag

  32. Privacy Preserving Protocols Privacy Models Requirements Privacy Requirements Privacy Level Application Narrow Weak Supply Chain Narrow Forward Smart Products Wide Weak Car Keys Payments Wide Forward + Insider Access Tokens Passports Public Transport

  33. Privacy Preserving Protocols Privacy Models Requirements Privacy Requirements Privacy Level Application Narrow Weak Supply Chain Narrow Forward Smart Products Wide Weak Car Keys Payments Wide Forward + Insider Access Tokens Currently: Wide Strong Passports Public Transport

  34. Privacy Preserving Protocols Lightweight Cryptography 1 RFID Privacy Requirements 2 Privacy Models Protocol Analysis Provable Security (Privacy) Privacy Model Insider Attacks Requirements 3 Lightweight Cryptography 4 Existing Protocols 5 Protocol Design Design Performance 6 Conclusions and Future Perspectives

  35. Privacy Preserving Protocols Lightweight Cryptography Lightweight Devices ↔

  36. Privacy Preserving Protocols Lightweight Cryptography Lightweight Cryptography? Limits: Area ( ➾➾➾ ) Time Power Energy

  37. Privacy Preserving Protocols Lightweight Cryptography Typical Ingredients for Protocols Primitive Status RNG OK? Key Update ??? Block Cipher OK Hash Function OK ECC OK � ???

  38. Privacy Preserving Protocols Lightweight Cryptography Lightweight Elliptic Curve Cryptography y Implementation [LBSV10]: Area (14.5 kGE) Q Time (85 ms) Power (13 . 8 ➭ W) x Energy (1 . 18 ➭ J) P R

  39. Privacy Preserving Protocols Existing Protocols 1 RFID Privacy Requirements 2 Privacy Models Protocol Analysis Provable Security (Privacy) Privacy Model Insider Attacks Requirements 3 Lightweight Cryptography 4 Existing Protocols 5 Protocol Design Design Performance 6 Conclusions and Future Perspectives

  40. Privacy Preserving Protocols Existing Protocols PRF (Block cipher) based [ISO/IEC 9798-2] State: x j Secrets: DB = { x j } Tag T Reader c ∈ R { 0, 1 } n c p ∈ R { 0, 1 } m r = F x ( c || p ) r , p Search x j ∈ DB s.t. F x j ( c || p ) = r Privacy Wide-Weak

  41. Privacy Preserving Protocols Existing Protocols Symmetric Key and Efficiency Damg˚ ard-Pedersen ’08: Independent keys: inefficient O ( n ) Correlated keys: efficient O (log( n )) privacy loss

  42. Privacy Preserving Protocols Existing Protocols Symmetric Key and Efficiency Damg˚ ard-Pedersen ’08: Independent keys: inefficient O ( n ) Correlated keys: efficient O (log( n )) privacy loss Key Updating Higher Privacy Level (narrow forward) Desynchronization Attacks / Efficiency Problems Implementation cost?

  43. Privacy Preserving Protocols Existing Protocols EC Schnorr Protocol State: x j , Y Secrets: y , DB = { X j } Tag T Reader r ∈ R Z ℓ R = rP R � = O ? e e � = 0? s = x + er s ˙ X = sP − eR ∈ DB ? Privacy None

  44. Privacy Preserving Protocols Existing Protocols Randomized Schnorr [BCI08] State: x j , Y Secrets: y , DB = { X j } Tag T Reader r 1 , r 2 ∈ R Z ℓ R 1 = r 1 P , R 2 = r 2 Y R 1 , R 2 � = O ? e s = ex + r 1 + r 2 s ˙ X = e − 1 ( sP − R 1 − y − 1 R 2 ) ∈ DB Privacy Narrow Strong

  45. Privacy Preserving Protocols Existing Protocols Randomized Hash GPS [BCI09] State: x j , Y Secrets: y , DB = { X j } Tag T Reader r 1 , r 2 ∈ R Z ℓ R 1 = r 1 P , R 2 = r 2 Y z = H ( R 1 , R 2 ) R 1 , R 2 � = O ? e s = ex + r 1 + r 2 s , R 1 , R 2 Verify z ˙ X = e − 1 ( sP − R 1 − y − 1 R 2 ) ∈ DB Privacy Narrow Strong and Wide Forward

  46. Privacy Preserving Protocols Existing Protocols IND-CCA2 Encryption [Vau07] State: s j , ID PK: K P . Secrets: DB = { s j } Tag T Reader c ∈ R { 0, 1 } n c r = Enc K P ( ID || s j || c ) r ID || s j || c ← Dec K S ( r ) Search s j ∈ DB Privacy Wide Strong

  47. Privacy Preserving Protocols Existing Protocols Performance Protocol Privacy Ins. Ext. Snd. Operations Schnorr no no yes 1 EC mult Randomized Schnorr narrow-strong no yes 2 EC mult Rand. Hashed GPS narrow-strong no yes 2 EC mult wide-forward 1 hash

  48. Privacy Preserving Protocols Existing Protocols Performance Protocol Privacy Ins. Ext. Snd. Operations Schnorr no no yes 1 EC mult Randomized Schnorr narrow-strong no yes 2 EC mult Rand. Hashed GPS narrow-strong no yes 2 EC mult wide-forward 1 hash Vaudenay wide-strong yes no 2 EC mult + DHIES 1 hash 1 MAC 1 symm enc Hash ElGamal wide-strong yes no 2 EC mult 1 hash 1 MAC

Recommend

Privacy-Preserving Publish/Subscribe: Efficient Protocols in a

Privacy-Preserving Publish/Subscribe: Efficient Protocols in a

Privacy-Preserving Publish/Subscribe: Efficient Protocols in a Distributed Model Giovanni Di Crescenzo 1 Brian Coan 1 John Schultz 3 Simon Tsang 1 Rebecca N.

338 views • 14 slides
On Privacy-Preserving Protocols for Smart Metering Systems Defense - Verteidigung - Seminrio de

On Privacy-Preserving Protocols for Smart Metering Systems Defense - Verteidigung - Seminrio de

On Privacy-Preserving Protocols for Smart Metering Systems Defense - Verteidigung - Seminrio de Ps-Graduao Fbio Borges Laboratrio Nacional de Computao Cientfica (LNCC) Coordenao de Sistemas e Redes (CSR) Table of Contents

1.53k views • 115 slides
How to (not) Share a Password: Privacy preserving protocols for finding heavy vy hit itters

How to (not) Share a Password: Privacy preserving protocols for finding heavy vy hit itters

How to (not) Share a Password: Privacy preserving protocols for finding heavy vy hit itters with adversarial behavior Moni Naor Benny Pinkas Eyal Ronen Passwords First modern use in MIT's CTSS (1961) Passwords First

747 views • 60 slides
Lessons Learned from Implementing Privacy- Preserving Protocols for Smart Meters Benessa Defend

Lessons Learned from Implementing Privacy- Preserving Protocols for Smart Meters Benessa Defend

Lessons Learned from Implementing Privacy- Preserving Protocols for Smart Meters Benessa Defend Real World Crypto, London January 9, 2015 - Confidential - 1 In Collaboration with Klaus Kursawe George Danezis Markulf

570 views • 23 slides
Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro

Privacy-preserving Information Sharing: Crypto Tools and Applications Emiliano De Cristofaro University College London (UCL) https://emilianodc.com Privacy-preserving what ? Parties with limited mutual trust willing or required to share

1.1k views • 66 slides
New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of

New Directions in Privacy- preserving Machine Learning Kamalika Chaudhuri University of California, San Diego Sensitive Data Medical Records Genetic Data Search Logs AOL Violates Privacy AOL Violates Privacy Netflix Violates Privacy [NS08]

957 views • 92 slides
Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh

Privacy-Preserving Computation with Trusted Computing via Scramble-then-Compute Hung Dang, Anh Dinh, Ee-Chien Chang, Beng Chin Ooi School of Computing National University of Singapore PETS 2017 Privacy-Preserving Computation with Trusted

477 views • 34 slides
Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No

Preserving the Privacy of Sensitive Relationships in Graph Data Motivation Valuable Data! No privacy breaches! Public Data Anonymization Data representation? Privacy breach? Value of data? Data publisher Privacy Analyst Work by: Elena

80 views • 3 slides
Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes

Collaborative Privacy Preserving Data Mining in Vertically Partitioned Databases Ehud Gudes Ben-Gurion University, Israel This talk presents joint work with Boris Rozenberg Talk Outline Motivation for Privacy-Preserving Distributed Data

1.48k views • 68 slides
Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong

Privacy preserving data mining randomized response and association rule hiding Li Xiong CS573 Data Privacy and Anonymity Partial slides credit: W. Du, Syracuse University, Y. Gao, Peking University Privacy Preserving Data Mining

659 views • 39 slides
Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My

Privacy-preserving Biometrics in practice: diffjcult to sell Carmela Troncoso (Gradiant) My experience with biometrics and privacy Academic background on privacy Gradiants goal: transfer of knowledge to industry We bring state of

193 views • 6 slides
Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption With good encryption, data values not readable So whats the problem? Lecture 17 Page 1 CS 236 Online Traffic Analysis

532 views • 21 slides
On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph

On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph

On the Theory and Practice of Privacy-Preserving Bayesian Data Analysis James Foulds,* Joseph Geumlek,* Max Welling, + Kamalika Chaudhuri* + University of Amsterdam *University of California, San Diego Overview Bayesian Privacy-preserving

878 views • 75 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy:

DIMACS/PORTIA Workshop on Privacy Preserving Data Mining Data Mining & Information Privacy: New Problems and the Search for Solutions March 15 th , 2004 Tal Zarsky The Information Society Project, Yale Law School Introduction: Various

273 views • 25 slides
Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath,

Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath,

Privacy-Preserving DNS Analysis of Broadcast, Range Queries and Mixes Hannes Federrath, Karl-Peter Fuchs, Dominik Herrmann , Christopher Piosecny University of Hamburg (Germany) 1 Agenda Missing Privacy in DNS Characteristics of DNS Traffic

559 views • 24 slides
Privacy-preserving KYC on Ethereum Introduction A decentralized KYC-compliant identity Alex

Privacy-preserving KYC on Ethereum Introduction A decentralized KYC-compliant identity Alex

Privacy-preserving KYC on Ethereum Biryukov, Khovratovich, Tikhomirov Privacy-preserving KYC on Ethereum Introduction A decentralized KYC-compliant identity Alex Biryukov, Dmitry Khovratovich, Sergei Tikhomirov Conclusion and future work

828 views • 20 slides
P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant

P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant

P 4 PCN: Privacy-Preserving Path Probing for Ruozhou Yu , Yinxin Wan, Vishnu Teja Kilari, Guoliang Xue, Jian Tang, Dejun Yang Payment Channel Networks P 4 PCN: Privacy-Preserving Path Probing for Payment Channel Networks Ruozhou Yu, Assistant

197 views • 5 slides
DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM International Workshop on Data Privacy Management 2013 Georg Neugebauer 1 , Lucas Brutschy 1 , Ulrike Meyer 1 and Susanne Wetzel 2 UMIC LuFG IT-Security,

212 views • 17 slides
Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA),

Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA),

Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA), CNRS, France Tuesday, September 13th, 2016 Security protocols everywhere ! Cryptographic protocols small programs designed to secure

923 views • 56 slides
Privacy-Preserving Statistical Data Analysis on Federated Databases Dan Bogdanov Liina Kamm

Privacy-Preserving Statistical Data Analysis on Federated Databases Dan Bogdanov Liina Kamm

Privacy-Preserving Statistical Data Analysis on Federated Databases Dan Bogdanov Liina Kamm Sven Laur Pille Pruulmann-Vengerfeldt Riivo Talviste Jan Willemson Annual Privacy Forum Athens, Greece May 20, 2014 UaESMC Problem Statement

429 views • 17 slides
Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

CS573 Data Privacy and Security Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li Xiong Slides credit: Chris Clifton, Purdue University; Murat Kantarcioglu, UT Dallas Outline Overview Data

901 views • 42 slides
Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving

Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving

Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving Mechanisms Simon Oya, Carmela Troncoso, Fernando Prez-Gonzlez 1 Motivation. Obfuscation-Based Location Privacy. Location information is sensitive.

521 views • 20 slides
Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der

Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der

Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der Meulen seminar Leuven, December 2011 1 Outline Security with noisy data - biometrics & privacy - Physical Unclonable Functions (PUFs)

828 views • 39 slides

More recommend