Cryptographic Credentials with Privacy-preserving Biometric Bindings

Bissessar, David

22 January 2013

Cryptographic credentials allow user authorizations to be granted and verified. and have such applications as e-Passports, e-Commerce, and electronic cash. This thesis proposes a privacy protecting approach of binding biometrically derived keys to cryptographic credentials to prevent unauthorized lending. Our approach builds on the 2011 work of Adams, offering additional benefits of privacy protection of biometric information, generality on biometric modalities, and performance. Our protocol integrates into Brands’ Digital Credential scheme, and the Anonymous Credentials scheme of Camenisch and Lysyanskaya. We describe a detailed integration with the Digital Credential Scheme and sketch the integration into the Anonymous Credentials scheme. Security proofs for non-transferability, correctness of ownership, and unlinkability are provided for the protocol’s instantiation into Digital Credentials. Our approach uses specialized biometric devices in both the issue and show protocols. These devices are configured with our proposed primitive, the fuzzy ex-tractor indistinguishability adaptor which uses a traditional fuzzy extractor to create and regenerate cryptographic keys from biometric data and IND-CCA2 secure en-cryption protect the generated public data against multiplicity attacks. Pedersen commitments are used to hold the key at issue and show time, and A zero-knowledge proof of knowledge is used to ensure correspondence of key created at issue-time and regenerated at show-time. The above is done in a manner which preserves biometric privacy, as and delivers non-transferability of digital credentials. The biometric itself is not stored or divulged to any of the parties involved in the protocol. Privacy protection in multiple enrollments scenarios is achieved by the fuzzy extractor indistinguishability adapter. The zero knowledge proof of knowledge is used in the showing protocol to prove knowledge of values without divulging them.

Cryptography

Privacy Enhancing Techniques

Biometrics

Fuzzy Extractors

MAC Constructions: Security Bounds and Distinguishing Attacks

Mandal, Avradip

17 May 2007

We provide a simple and improved security analysis of PMAC, a Parallelizable MAC (Message Authentication Code) defined over arbitrary messages. A similar kind of result was shown by Bellare, Pietrzak and Rogaway at Crypto 2005, where they have provided an improved bound for CBC (Cipher Block Chaining) MAC, which was introduced by Bellare, Killan and Rogaway at Crypto 1994. Our analysis idea is much more simpler to understand and is borrowed from the work by Nandi for proving Indistinguishability at Indocrypt 2005 and work by Bernstein. It shows that the advantage for any distinguishing attack for n-bit PMAC based on a random function is bounded by O(σq / 2^n), where σ is the total number of blocks in all q queries made by the attacker. In the original paper by Black and Rogaway at Eurocrypt 2002 where PMAC was introduced, the bound is O(σ^2 / 2^n). We also compute the collision probability of CBC MAC for suitably chosen messages. We show that the probability is Ω( lq^2 / N) where l is the number of message blocks, N is the size of the domain and q is the total number of queries. For random oracles the probability is O(q^2 / N). This improved collision probability will help us to have an efficient distinguishing attack and MAC-forgery attack. We also show that the collision probability for PMAC is Ω(q^2 / N) (strictly greater than the birthday bound). We have used a purely combinatorial approach to obtain this bound. Similar analysis can be made for other CBC MAC extensions like XCBC, TMAC and OMAC.

Cryptography

MAC

Security

Distinguishing Attack

Combinatorics and Optimization

Digital Signcryption

Smith, Clayton D.

January 2005

Signcryption is a new cryptographic primitive which simultaneously provides both confidentiality and authenticity. Previously, these two goals had been considered separately, with encryption schemes providing confidentiality and signature schemes providing authenticity. In cases where both were required, the encryption and signature operations were simply sequentially composed. In 1997, Zheng demonstrated that by combining both goals into a single primitive, it is possible to achieve significant savings both in computational and communication overhead. Since then, a wide variety of signcryption schemes have been proposed. In this thesis, we present a number of the proposed signcryption schemes in terms of a common framework. For the most part, the material has been previously presented in various research papers, but some previously omitted proofs have been filled in here. We begin by giving a formal definition of the signcryption primitive, complete with a security model. Then we look at some of the various proposed signcryption schemes, and consider their relative advantages and disadvantages. Finally, we look ahead at what future progress might be made in the field.

Mathematics

signcryption

confidentiality

authenticity

encryption

signatures

cryptography

A Survey of Attacks on Multivariate Cryptosystems

Feldmann, Adam

January 2005

This thesis provides a survey of the attacks on multivariate cryptosystems. We begin by providing an outline of the general multivariate cryptosystem. Proceeding from there, we show that even with this level of detail, there are several attacks that are possible, including the method of Groebner bases, the XL method, and the recently announced method of Dixon resultants. Less general attack techniques also exist, such as MinRank attacks and differential analysis. These attacks lack the universality of the first three mentioned. In order to explore these less general attacks further, more details are required, so we present four different multivariate cryptosystems. Then, we attack them, using the less general attacks of MinRank, differential analysis and even an attack specific to one system. This concludes our study of the attacks themselves, and we move on to note that not all routes of attack are promising. Specifically, quantum computing does not seem to be helpful beyond the quadratic speed-up of Grover's algorithm. We also note that not all multivariate cryptosystems have been successfully attacked as of the writing of this thesis. We conclude with the fact that multivariate cryptography is gaining more and more active study.

Mathematics

multivariate

multivariate quadratic

cryptography

HFE

Distributed Approaches for Location Privacy

Zhong, Ge

January 2008

With the advance of location technologies, people can now determine their location in various ways, for instance, with GPS or based on nearby cellphone towers. These technologies have led to the introduction of location-based services, which allow people to get information relevant to their current location. Location privacy is of utmost concern for such location-based services, since knowing a person's location can reveal information about her activities or her interests. In this thesis, we first focus on location-based services that need to know only a person's location, but not her identity. We propose a solution using location cloaking based on k-anonymity, which requires neither a single trusted location broker, which is a central server that knows everybody's location, nor trust in all users of the system and that integrates nicely with existing infrastructures. We present two such protocols. The evaluation of our sample implementation demonstrates that one of the protocol is sufficiently fast to be practical, but the performance of the other protocol is not acceptable for its use in practice. In addition to the distributed k-anonymity protocol we then propose four protocols---Louis, Lester, Pierre and Wilfrid--- for a specific, identity required, location-based service: the nearby-friend application, where users (and their devices) can learn information about their friends' location if and only if their friends are actually nearby. Our solutions do not require any central trusted server or only require a semi-trusted third party that dose not learn any location information. Moreover, users of our protocol do not need to be members of the same cellphone provider, as in existing approaches. The evaluation on our implementation shows that all of the four protocols are efficient.

location privacy

cryptography

security

Computer Science

Establishing Confidence Level Measurements for Remote User Authentication in Privacy-Critical Systems

Robertson, Matthew

January 2009

User Authentication is the process of establishing confidence in the User identities presented to an information system. This thesis establishes a method of assigning a confidence level to the output of a user authentication process based on what attacks and threats it is vulnerable to. Additionally, this thesis describes the results of an analysis where the method was performed on several different authentication systems and the confidence level in the authentication process of these systems determined. Final conclusions found that most systems lack confidence in their ability to authenticate users as the systems were unable to operate in the face of compromised authenticating information. Final recommendations were to improve on this inadequacy, and thus improve the confidence in the output of the authentication process, through the verification of both static and dynamic attributes of authenticating information. A system that operates confidently in the face of compromised authenticating information that utilizes voice verification is described demonstrating the ability of an authentication system to have complete confidence in its ability to authenticate a user through submitted data.

User Authentication

Biometrics

Cryptography

Electrical and Computer Engineering

A Survey of Attacks on Multivariate Cryptosystems

Feldmann, Adam

January 2005

This thesis provides a survey of the attacks on multivariate cryptosystems. We begin by providing an outline of the general multivariate cryptosystem. Proceeding from there, we show that even with this level of detail, there are several attacks that are possible, including the method of Groebner bases, the XL method, and the recently announced method of Dixon resultants. Less general attack techniques also exist, such as MinRank attacks and differential analysis. These attacks lack the universality of the first three mentioned. In order to explore these less general attacks further, more details are required, so we present four different multivariate cryptosystems. Then, we attack them, using the less general attacks of MinRank, differential analysis and even an attack specific to one system. This concludes our study of the attacks themselves, and we move on to note that not all routes of attack are promising. Specifically, quantum computing does not seem to be helpful beyond the quadratic speed-up of Grover's algorithm. We also note that not all multivariate cryptosystems have been successfully attacked as of the writing of this thesis. We conclude with the fact that multivariate cryptography is gaining more and more active study.

Mathematics

multivariate

multivariate quadratic

cryptography

HFE

Digital Signcryption

Smith, Clayton D.

January 2005

Signcryption is a new cryptographic primitive which simultaneously provides both confidentiality and authenticity. Previously, these two goals had been considered separately, with encryption schemes providing confidentiality and signature schemes providing authenticity. In cases where both were required, the encryption and signature operations were simply sequentially composed. In 1997, Zheng demonstrated that by combining both goals into a single primitive, it is possible to achieve significant savings both in computational and communication overhead. Since then, a wide variety of signcryption schemes have been proposed. In this thesis, we present a number of the proposed signcryption schemes in terms of a common framework. For the most part, the material has been previously presented in various research papers, but some previously omitted proofs have been filled in here. We begin by giving a formal definition of the signcryption primitive, complete with a security model. Then we look at some of the various proposed signcryption schemes, and consider their relative advantages and disadvantages. Finally, we look ahead at what future progress might be made in the field.

Mathematics

signcryption

confidentiality

authenticity

encryption

signatures

cryptography

Design and Analysis of RC4-like Stream Ciphers

McKague, Matthew

January 2005

RC4 is one of the most widely used ciphers in practical software applications. In this thesis we examine security and design aspects of RC4. First we describe the functioning of RC4 and present previously published analyses. We then present a new cipher, Chameleon which uses a similar internal organization to RC4 but uses different methods. The remainder of the thesis uses ideas from both Chameleon and RC4 to develop design strategies for new ciphers. In particular, we develop a new cipher, RC4B, with the goal of greater security with an algorithm comparable in simplicity to RC4. We also present design strategies for ciphers and two new ciphers for 32-bit processors. Finally we present versions of Chameleon and RC4B that are implemented using playing-cards.

Mathematics

cryptography

rc4

symmetric cipher

cipher

Distributed Approaches for Location Privacy

Zhong, Ge

January 2008

With the advance of location technologies, people can now determine their location in various ways, for instance, with GPS or based on nearby cellphone towers. These technologies have led to the introduction of location-based services, which allow people to get information relevant to their current location. Location privacy is of utmost concern for such location-based services, since knowing a person's location can reveal information about her activities or her interests. In this thesis, we first focus on location-based services that need to know only a person's location, but not her identity. We propose a solution using location cloaking based on k-anonymity, which requires neither a single trusted location broker, which is a central server that knows everybody's location, nor trust in all users of the system and that integrates nicely with existing infrastructures. We present two such protocols. The evaluation of our sample implementation demonstrates that one of the protocol is sufficiently fast to be practical, but the performance of the other protocol is not acceptable for its use in practice. In addition to the distributed k-anonymity protocol we then propose four protocols---Louis, Lester, Pierre and Wilfrid--- for a specific, identity required, location-based service: the nearby-friend application, where users (and their devices) can learn information about their friends' location if and only if their friends are actually nearby. Our solutions do not require any central trusted server or only require a semi-trusted third party that dose not learn any location information. Moreover, users of our protocol do not need to be members of the same cellphone provider, as in existing approaches. The evaluation on our implementation shows that all of the four protocols are efficient.

location privacy

cryptography

security

Computer Science