Showing papers on "Trusted third party published in 2008"

Private queries in location based services: anonymizers are not necessary

Abstract: Mobile devices equipped with positioning capabilities (e.g., GPS) can ask location-dependent queries to Location Based Services (LBS). To protect privacy, the user location must not be disclosed. Existing solutions utilize a trusted anonymizer between the users and the LBS. This approach has several drawbacks: (i) All users must trust the third party anonymizer, which is a single point of attack. (ii) A large number of cooperating, trustworthy users is needed. (iii) Privacy is guaranteed only for a single snapshot of user locations; users are not protected against correlation attacks (e.g., history of user movement).We propose a novel framework to support private location-dependent queries, based on the theoretical work on Private Information Retrieval (PIR). Our framework does not require a trusted third party, since privacy is achieved via cryptographic techniques. Compared to existing work, our approach achieves stronger privacy for snapshots of user locations; moreover, it is the first to provide provable privacy guarantees against correlation attacks. We use our framework to implement approximate and exact algorithms for nearest-neighbor search. We optimize query execution by employing data mining techniques, which identify redundant computations. Contrary to common belief, the experimental results suggest that PIR approaches incur reasonable overhead and are applicable in practice.

On the Energy Cost of Communication and Cryptography in Wireless Sensor Networks

Abstract: Energy is a central concern in the deployment of wireless sensor networks. In this paper, we investigate the energy cost of cryptographic protocols, both from a communication and a computation point of view, based on practical measurements on the MICAz and TelosB sensors. We focus on the cost of two key agreement protocols: Kerberos and the elliptic curve Diffie-Hellman key exchange with authentication provided by the elliptic curve digital signature algorithm (ECDH-ECDSA). We find that, in our context, Kerberos is around one order of magnitude less costly than the ECDH-ECDSA key exchange and confirm that it should be preferred in situations where a trusted third party is available. We also observe that the power dedicated to communications can become a central concern when the nodes need to stay in listen mode, e.g. between the protocol rounds, even when reduced using a low power listening (LPL) protocol. Therefore, listening should be considered when assessing the cost of cryptographic protocols on sensor nodes.

A lambic : a privacy-preserving recommender system for electronic commerce

Abstract: Recommender systems enable merchants to assist customers in finding products that best satisfy their needs. Unfortunately, current recommender systems suffer from various privacy-protection vulnerabilities. Customers should be able to keep private their personal information, including their buying preferences, and they should not be tracked against their will. The commercial interests of merchants should also be protected by allowing them to make accurate recommendations without revealing legitimately compiled valuable information to third parties. We introduce a theoretical approach for a system called Alambic, which achieves the above privacy-protection objectives in a hybrid recommender system that combines content-based, demographic and collaborative filtering techniques. Our system splits customer data between the merchant and a semi-trusted third party, so that neither can derive sensitive information from their share alone. Therefore, the system could only be subverted by a coalition between these two parties.

Trusted third party authentication and notarization for email

Abstract: A system and method for providing trustworthy processing of electronic messages applies the digital signature of a trusted third party to a message en route from the sender to a recipient The signature is preferably applied, so that it is compliant with the S/MIME standard The use of a trusted third party applying the digital signature allows for simplified timestamping of the message and reduces the complexity of verification of the authenticity of an archived message

Type-Based Proxy Re-encryption and Its Construction

Abstract: Recently, the concept of proxy re-encryption has been shown very useful in a number of applications, especially in enforcing access control policies. In existing proxy re-encryption schemes, the delegatee can decrypt all ciphertexts for the delegator after re-encryption by the proxy. Consequently, in order to implement fine-grained access control policies, the delegator needs to either use multiple key pairs or trust the proxy to behave honestly. In this paper, we extend this concept and propose type-based proxy re-encryption, which enables the delegator to selectively delegate his decryption right to the delegatee while only needs one key pair. As a result, type-based proxy re-encryption enables the delegator to implement fine-grained policies with one key pair without any additional trust on the proxy. We provide a security model for our concept and provide formal definitions for semantic security and ciphertext privacy which is a valuable attribute in privacy-sensitive contexts. We propose two type-based proxy re-encryption schemes: one is CPA secure with ciphertext privacy while the other is CCA secure without ciphertext privacy.

New constructions for UC secure computation using tamper-proof hardware

Abstract: The Universal Composability framework was introduced by Canetti to study the security of protocols which are concurrently executed with other protocols in a network environment. Unfortunately it was shown that in the so called plain model, a large class of functionalities cannot be securely realized. These severe impossibility results motivated the study of other models involving some sort of setup assumptions, where general positive results can be obtained. Until recently, all the setup assumptions which were proposed required some trusted third party (or parties). Katz recently proposed using a physical setup to avoid such trusted setup assumptions. In his model, the physical setup phase includes the parties exchanging tamper proof hardware tokens implementing some functionality. The tamper proof hardware is modeled so as to assume that the receiver of the token can do nothing more than observe its input/output characteristics. It is further assumed that the sender knows the program code of the hardware token which it distributed. Based on the DDH assumption, Katz gave general positive results for universally composable multi-party computation tolerating any number of dishonest parties making this model quite attractive. In this paper, we present new constructions for UC secure computation using tamper proof hardware (in a stronger model). Our results represent an improvement over the results of Katz in several directions using substantially different techniques. Interestingly, our security proofs do not rely on being able to rewind the hardware tokens created by malicious parties. This means that we are able to relax the assumptions that the parties know the code of the hardware token which they distributed. This allows us to model real life attacks where, for example, a party may simply pass on the token obtained from one party to the other without actually knowing its functionality. Furthermore, our construction models the interaction with the tamper-resistant hardware as a simple request-reply protocol. Thus, we show that the hardware tokens used in our construction can be resettable. In fact, it suffices to use token which are completely stateless (and thus cannot execute a multiround protocol). Our protocol is also based on general assumptions (namely enhanced trapdoor permutations).

Property-Based Attestation without a Trusted Third Party

Abstract: The Trusted Computing Group (TCG) has proposed the binary attestation mechanism that enables a computing platform with a dedicated security chip, the Trusted Platform Module (TPM), to report its state to remote parties. The concept of property-based attestation (PBA) improves the binary attestation and compensates for some of its main deficiencies. In particular, PBA enhances user privacy by allowing the trusted platform to prove to a remote entity that it has certain properties without revealing its own configuration. The existing PBA solutions, however, require a Trusted Third Party (TTP) to provide a reliable link of configurations to properties, e.g., by means of certificates. We present a new privacy-preserving PBA approach that avoids such a TTP. We define a formal model, propose an efficient protocol based on the ideas of ring signatures, and prove its security. The cryptographic technique deployed in our protocol is of independent interest, as it shows how ring signatures can be used to efficiently prove the knowledge of an element in a list without disclosing it.

Method and system for authenticating a party to a transaction

Abstract: One embodiment of the invention is directed to a method including receiving an alias identifier associated with an account associated with a presenter, determining an associated trusted party using the alias identifier, sending a verification request message to the trusted party after determining the associated trusted party, and receiving a verification response message.

Practical Anonymous Divisible E-Cash from Bounded Accumulators

Abstract: We present an efficient off-line divisible e-cash scheme which is truly anonymouswithout a trusted third party. This is the second scheme in the literature which achieves full unlinkability and anonymity, after the seminal work proposed by Canard and Gouget. The main trick of our scheme is the use of a bounded accumulator in combination with the classical binary tree approach. The aims of this paper are twofold. Firstly, we analyze Canard and Gouget's seminal work on the efficient off-line divisible e-cash. We point out some subtleties on the parameters generation of their scheme. Moreover, spending a coin of small value requires computation of several hundreds of multi-based exponentiations, which is very costly. In short, although this seminal work provides a new approach of achieving a truly anonymous divisible e-cash, unfortunately it is rather impractical. Secondly, we present our scheme that uses a novel approach of incorporating a bounded accumulator. In terms of time and space complexities, our scheme is 50 to 100 times more efficient than Canard and Gouget's work in the spend protocol at the cost of an 10 to 500 (the large range is due to whether pre-processing is taken into account and the probabilistic nature of our withdrawal protocol) times less efficient withdrawal protocol. We believe this trade-off between the withdrawal protocol and the spend protocol is reasonable as the former protocol is to be executed much less frequent than the latter. Nonetheless, while their scheme provides an affirmative answer to whether divisible e-cash can be truly anonymous, our result puts it a step further and we show that truly anonymous divisible e-cash can be practical.

Disseminating targeted location-based content to mobile device users

Abstract: A trusted third party information arbiter for facilitating third party information sources, such as advertisers or data processing services, to accurately target communications to mobile device users. Illustratively, the mobile device users can control target communications through the utilization of discretion requests/permissions processed by the third party information arbiter. Furthermore, the mobile device users may further interact with the trusted third party information arbiter to provide/release additional personal information. For example, a mobile device user may be provided an increasingly rich rewards or payments that may be provisioned by discount, coupons or offers associated with existing or new product advertisements or promotional information messages.

Method and apparatus for managing messages in a messaging session

Abstract: A method, apparatus, and computer instructions for managing messages. In response to a request by an invitee to add a third party to a messaging session with a number of parties, a stealth invite is sent to the third party. If the stealth invite is accepted, messages sent to and received from the parties are sent to the third party without the number of parties knowing of a presence of the third party in the messaging session. The addition of the third party is not announced or indicated to the other parties. The third party also is unable to send messages to the other parties, but may in some cases send messages to the invitee. A recording feature allows a party to automatically record all messages that the party can see. This feature is initiated at the beginning of a messaging session and can be set as a default.

Privacy-preserving location tracking of lost or stolen devices: cryptographic techniques and replacing trusted third parties with DHTs

Abstract: We tackle the problem of building privacy-preserving device-tracking systems--or private methods to assist in the recovery of lost or stolen Internet-connected mobile devices. The main goals of such systems are seemingly contradictory: to hide the device's legitimately-visited locations from third-party services and other parties (location privacy) while simultaneously using those same services to help recover the device's location(s) after it goes missing (device-tracking). We propose a system, named Adeona, that nevertheless meets both goals. It provides strong guarantees of location privacy while preserving the ability to efficiently track missing devices. We build a version of Adeona that uses OpenDHT as the third party service, resulting in an immediately deployable system that does not rely on any single trusted third party. We describe numerous extensions for the basic design that increase Adeona's suitability for particular deployment environments.

Active control and digital rights management of integrated circuit IP cores

Abstract: We introduce the first approach that can actively control multiple hardware intellectual property (IP) cores used in an integrated circuit (IC). The IP rights owner(s) can remotely monitor, control, enable, or disable each individual IP on each chip. The approach introduces a paradigm shift in the microelectronic business model, nurturing smaller businesses, and supporting the design-reuse paradigm. The IPs can be controlled by the original designer or by the designers who reuse them. Each IP has a built-in functional lock that pertains to the unique unclonable ID of the chip. A control structure that coordinates the locking and unlocking of the IPs is embedded within the IC. We introduce a trusted third party approach for issuing certificates of authenticity, in case it is required for the applications. We present methods for safeguarding the approach against two attack sources: the foundry (fab), and the reuser. Experimental results show that our approach can be implemented with low area, power, and delay overheads making it suitable for embedded systems. The introduced control method is also low overhead in terms of the added steps to the current design and manufacturing flow.

Self-certified Sybil-free pseudonyms

Abstract: Accurate and trusted identifiers are a centerpiece for any security architecture. Protecting against Sybil attacks in a privacy-friendly manner is a non-trivial problem in wireless infrastructureless networks, such as mobile ad hoc networks. In this paper, we introduce self-certified Sybil-free pseudonyms as a means to provide privacy-friendly Sybil-freeness without requiring continuous online availability of a trusted third party. These pseudonyms are self-certified and computed by the users themselves from their cryptographic long term identities. Contrary to identity certificates, we preserve location privacy and improve protection against some notorious attacks on anonymous communication systems.

Experimental Demonstration of a Hybrid Privacy-Preserving Recommender System

Abstract: Recommender systems enable merchants to assist customers in finding products that best satisfy their needs. Unfortunately, current recommender systems suffer from various privacy-protection vulnerabilities. We report on the first experimental realization of a theoretical framework called ALAMBIC, which we had previously put forth to protect the privacy of customers and the commercial interests of merchants. Our system is a hybrid recommender that combines content-based, demographic and collaborative filtering techniques. The originality of our approach is to split customer data between the merchant and a semi- trusted third party, so that neither can derive sensitive information from their share alone. Therefore, the system can only be subverted by a coalition between these two parties. Experimental results confirm that the performance and user-friendliness of the application need not suffer from the adoption of such privacy-protection solutions. Furthermore, user testing of our prototype show that users react positively to the privacy model proposed.

Multiparty simultaneous quantum identity authentication with secret sharing

Abstract: Two multiparty simultaneous quantum identity authentication (MSQIA) protocols based on secret sharing are presented. All the users can be authenticated by a trusted third party (TTP) simultaneously. In the first protocol, the TTP shares a random key K with all the users using quantum secret sharing. The ith share acts as the authentication key of the ith user. When it is necessary to perform MSQIA, the TTP generates a random number R secretly and sends a sequence of single photons encoded with K and R to all the users. According to his share, each user performs the corresponding unitary operations on the single photon sequence sequentially. At last, the TTP can judge whether the impersonator exists. The second protocol is a modified version with a circular structure. The two protocols can be efficiently used for MSQIA in a network. They are feasible with current technology.

A multitheoretical approach for solving trust problems in B2C e-commerce

Abstract: Trust has been identified as a major barrier in online shopping, especially in the B2C e-commerce model. It has been studied for several years, but there is no indicator that a satisfactory solution for trust in online shopping has been achieved. A trust model is proposed in this paper in order to address this issue. It is uniquely based on five current issues (cybercrime, security, control, web interface, and a trusted third party) that impact trust, guided by four supportive theories: Semiotics, Trust in Signs, Simmelian Model of Trust and Trustworthiness. The research was accomplished with an online survey to collect data from online shoppers around the world. Structural Equation Modelling (SEM) was used to validate the trust model revealing that privacy and security of information are most important factors affecting trust in B2C e-commerce followed by web interface and control.

Methods and systems for proofing identities using a certificate authority

Abstract: A digital certificate is provided to a customer having an electronic account linked to the customer's physical address. Using the digital certificate, the customer performs electronic transactions with a third party. A proofing workstation receives a request from a third party to validate the digital certificate. The proofing workstation communicates with a proofing server that maintains a list of valid certificates and a list of revoked certificates. The proofing server sends a response to the proofing workstation, where it is received by the third party.

System and method for secure communications involving an intermediary

Abstract: A system and method for communicating information or a cryptographic key therefore between a first party and a second party, comprising the steps of receiving, by an intermediary, an identifier of desired information and accounting information for a transaction involving the information from the first party, transmitting an identifier of the first party to the second party, and negotiating, by the intermediary, a comprehension function for obscuring at least a portion of the information communicated between the first party and the second party The data transmission may be made secure with respect to the intermediary by providing an asymmetric key or direct key exchange for encryption of the communication between the first and second party The data transmission may be made secure with respect to the second party by maintaining the information in encrypted format at the second party, with the decryption key held only by the intermediary, and transmitting a secure composite of the decryption key and a new encryption key to the second party for transcoding of the data record, and providing the new decryption key to the first party, so that the information transmitted to the first party can be comprehended by it According to the present invention, asymmetric key encryption may be employed to provide the establishment of secure communications channels involving an intermediary, without making the intermediary privy to the decryption key or the message

A Browser-Based Kerberos Authentication Scheme

Abstract: When two players wish to share a security token (e.g., for the purpose of authentication and accounting), they call a trusted third party. This idea is the essence of Kerberos protocols, which are widely deployed in a large scale of computer networks. Browser-based Kerberos protocols are the derivates with the exception that the Kerberos client application is a commodity Web browser. Whereas the native Kerberos protocol has been repeatedly peer-reviewed without finding flaws, the history of browser-based Kerberos protocols is tarnished with negative results due to the fact that subtleties of browsers have been disregarded. We propose a browser-based Kerberos protocol based on client certificates and prove its security in the extended formal model for browser-based mutual authentication introduced at ACM ASIACCS'08.

Identity driven peer-to-peer (P2P) virtual private network (VPN)

Abstract: Techniques for identity-based Peer-to-Peer (P2P) Virtual Private Networks (VPN's) are provided. First and second principals authenticate to a trusted third party. The first principal subsequently requests a P2P VPN with the second principal. The second principal is contacted on behalf of the first principal and permission is acquired. The first and second principals are then sent commands to directly establish a P2P VPN communication session with one another.

A New Certificateless Electronic Cash Scheme with Multiple Banks Based on Group Signatures

Abstract: Most of the proposed E-cash systems require that the shop and customer belong to the same bank, which becomes the bottle-neck of E-cashpsilas wide application. Fangguo Zhang et al. proposed a model of electronic cash using multi-banks, but a trusted third party is needed in their system. To solve this problem, we propose a new electronic cash scheme based on group signature from bilinear pairings. In the new scheme, the shop and customer need not belong to the same bank, and a trusted third party is not needed. The identity based public key cryptosystem is used, the KGC (key generator center, or central bank) can only control partial private key of the customer, the customer known all private key of himself, so the private key escrow problem in the identity based public key cryptosystem is solved in the system. As the scheme is certificateless, the management and maintenance of the public key is much simplified.

The Marriage of Cryptography and Watermarking -- Beneficial and Challenging for Secure Watermarking and Detection

Abstract: Multimedia applications deploy various cryptographic and watermarking techniques to maintain security In this context, we survey the main work on two promising approaches for the secure embedding and detection of a watermark in an untrusted environment, and we point out some associated challenges In the former case we consider Zero-Knowledge Watermark Detection (ZKWMD) that allows a legitimate party to prove to a potentially untrusted verifying party that a watermark is detectable in certain content, without jeopardizing the security of the watermark ZKWMD protocols are useful primitives for direct proofs of authorship (ie, without online involvement of a trusted third party) and dispute resolving in distributed systems In the latter case we consider a Chameleon-like stream cipher that achieves simultaneous decryption and fingerprinting of data, and can serve as the second line of defense for tracing illegal distribution of broadcast messages, termed as Fingercasting

An optimistic fair exchange protocol and its security in the universal composability framework

Abstract: Fair exchange protocols allow both or neither of two parties to obtain the other's items, and this property is essential in e-commerce. In this paper, we construct an optimistic fair exchange protocol that is applicable to any digital signature by prescribing three forms of signatures, namely presignature, post-signature and notarised signature. We set an expiration date for presignature, and thus realise the timely termination of the protocol. Next, we define an ideal functionality of fair exchange protocols in the universal composability framework. Then, we construct an optimistic fair exchange protocol based on the above protocol, and prove its security in the universal composability framework.

Modeling and Analysis of Security Protocols Using Role Based Specifications and Petri Nets

Abstract: In this paper, we introduce a framework composed of a syntax and its compositional Petri net semantics, for the specification and verification of properties (like authentication) of security protocols. The protocol agents (e.g., an initiator, a responder, a server, a trusted third party, ...) are formalized as roles, each of them having a predefined behavior depending on their global and also local knowledge (including for instance public, private and shared keys), and may interact in a potentially hostile environment. The main characteristics of our framework, is that it makes explicit, structured and formal, the usually implicit information necessary to analyse the protocol, for instance the public and private contextof execution. The roles and the environment are expressed using SPL processes and compositionally translated into high-level Petri nets, while the context specifying the global and local knowledge of the participants in the protocol is used to generate the corresponding initial marking (with respect to the studied property). Finally, this representation is used to analyse the protocol properties, applying techniques of simulation and model-checking on Petri nets. The complete approach is illustrated on the case study of the Kao-Chow authentication protocol.

Concrete Security for Entity Recognition: The Jane Doe Protocol

Abstract: Entity recognition does not ask whether the message is from some entity X , just whether a message is from the same entity as a previous message. This turns turns out to be very useful for low-end devices. The current paper proposes a new protocol --- the "Jane Doe Protocol" ---, and provides a formal proof of its concrete security. The protocol neither employs asymmetric cryptography, nor a trusted third party, nor any key pre-distribution. It is suitable for light-weight cryptographic devices such as sensor network motes and RFID tags.

Trusted environment for communication between parties

Abstract: A method of establishing communication including providing a communication by a sending party to a receiving party, and verifying the sending party's identity by a trusted instrumentality. The trusted instrumentality can be at least the sending party communication controller and is usually both the sending and receiving parties' communication controllers. The communication controllers should be certified and preferably be certified by a mutually trusted communication controller certification authority. Also disclosed is a system for establishing communication.