Techniques in Allowing Multi-Show in Digital Credentials

Fan, Jinnan

12 July 2019

Cryptographic credential systems provide some possible solutions to the problem of privacy leakage of users in the ``virtual'' world. This thesis presents a privacy-preserving method which can enable the cryptographic credentials to have the capability of anonymous multi-show. Our approach builds on the work of Brands from the year 2000 which proposed a Digital Credential system that can protect users' privacy. This system is efficient but not perfect, since the Digital Credentials in that system can only be shown once to avoid linkability. We propose the use of a malleable signature technique to transform Brands' Digital Credentials from single-show to multi-show capability. In this thesis, we describe our modified issuing and showing protocols and discuss the security properties of our proposed scheme. We have a basic implementation (proof of concept) to support our concept and analysis of timing results is also provided. In the end, we point out a number of future directions which can be used to complement or improve this approach.

Digital credentials

Malleable signatures

Privacy technology

PKI

Multi-show

Selective show

Cryptography

Engineering Ecosystems of Systems: UML Profile, Credential Design, and Risk-balanced Cellular Access Control

Bissessar, David

14 December 2021

This thesis proposes an Ecosystem perspective for the engineering of SoS and CPS and illustrates the impact of this perspective in three areas of contribution category First, from a conceptual and Systems Engineering perspective, a conceptual framework including the Ecosystems of System Unified Language Modeling (EoS-UML) profile, a set of Ecosystem Ensemble Diagrams, the Arms :Length Trust Model and the Cyber Physical Threat Model are provided. Second, having established this conceptual view of the ecosystem, we recognize unique role of the cryptographic credentials within it, towards enabling the ecosystem long-term value proposition and acting as a value transfer agent, implementing careful balance of properties meet stakeholder needs. Third, we propose that the ecosystem computers can be used as a distributed compute engine to run Collaborative Algorithms. To demonstrate, we define access control scheme, risk-balanced Cellular Access Control (rbCAC). The rbCAC algorithm defines access control within a cyber-physical environment in a manner which balances cost, risk, and net utility in a multi-authority setting. rbCAC is demonstrated it in an Air Travel and Border Services scenario. Other domains are also discussed included air traffic control threat prevention from drone identity attacks in protected airspaces. These contributions offer significant material for future development, ongoing credential and ecosystem design, including dynamic perimeters and continuous-time sampling, intelligent and self optimizing ecosystems, runtime collaborative platform design contracts and constraints, and analysis of APT attacks to SCADA systems using ecosystem approaches.

cryptography

digital credentials

biometrics

fuzzy extractors

ecosystems

systems engineering

UML

EoS-UML

digital credential design

rbCAC

SoS

Systems of Systems

CPS

Cyber-physical Systems

Distributed Computing

Collaborative Computing

Design by Contract

Design by Smart Contract

rbCAC

Ecosystem Ensemble Diagram

Confusion Matrix

Classifier Evaluation

Emergent Behavior

Ecosystems Enginering