Spelling suggestions: "subject:"fuzzy extractor"" "subject:"fuzzy extractos""
1 |
Cryptographic Credentials with Privacy-preserving Biometric BindingsBissessar, David 22 January 2013 (has links)
Cryptographic credentials allow user authorizations to be granted and verified. and have such applications as e-Passports, e-Commerce, and electronic cash. This thesis proposes a privacy protecting approach of binding biometrically derived keys to cryptographic credentials to prevent unauthorized lending. Our approach builds on the 2011 work of Adams, offering additional benefits of privacy protection of biometric information, generality on biometric modalities, and performance. Our protocol integrates into Brands’ Digital Credential scheme, and the Anonymous Credentials scheme of Camenisch and Lysyanskaya. We describe a detailed integration with the Digital Credential Scheme and sketch the integration into the Anonymous Credentials scheme. Security proofs for non-transferability, correctness of ownership, and unlinkability are provided for the protocol’s instantiation into Digital Credentials.
Our approach uses specialized biometric devices in both the issue and show protocols. These devices are configured with our proposed primitive, the fuzzy ex-tractor indistinguishability adaptor which uses a traditional fuzzy extractor to create and regenerate cryptographic keys from biometric data and IND-CCA2 secure en-cryption protect the generated public data against multiplicity attacks. Pedersen commitments are used to hold the key at issue and show time, and A zero-knowledge proof of knowledge is used to ensure correspondence of key created at issue-time and regenerated at show-time. The above is done in a manner which preserves biometric privacy, as and delivers non-transferability of digital credentials.
The biometric itself is not stored or divulged to any of the parties involved in the protocol. Privacy protection in multiple enrollments scenarios is achieved by the fuzzy extractor indistinguishability adapter. The zero knowledge proof of knowledge is used in the showing protocol to prove knowledge of values without divulging them.
|
2 |
Cryptographic Credentials with Privacy-preserving Biometric BindingsBissessar, David 22 January 2013 (has links)
Cryptographic credentials allow user authorizations to be granted and verified. and have such applications as e-Passports, e-Commerce, and electronic cash. This thesis proposes a privacy protecting approach of binding biometrically derived keys to cryptographic credentials to prevent unauthorized lending. Our approach builds on the 2011 work of Adams, offering additional benefits of privacy protection of biometric information, generality on biometric modalities, and performance. Our protocol integrates into Brands’ Digital Credential scheme, and the Anonymous Credentials scheme of Camenisch and Lysyanskaya. We describe a detailed integration with the Digital Credential Scheme and sketch the integration into the Anonymous Credentials scheme. Security proofs for non-transferability, correctness of ownership, and unlinkability are provided for the protocol’s instantiation into Digital Credentials.
Our approach uses specialized biometric devices in both the issue and show protocols. These devices are configured with our proposed primitive, the fuzzy ex-tractor indistinguishability adaptor which uses a traditional fuzzy extractor to create and regenerate cryptographic keys from biometric data and IND-CCA2 secure en-cryption protect the generated public data against multiplicity attacks. Pedersen commitments are used to hold the key at issue and show time, and A zero-knowledge proof of knowledge is used to ensure correspondence of key created at issue-time and regenerated at show-time. The above is done in a manner which preserves biometric privacy, as and delivers non-transferability of digital credentials.
The biometric itself is not stored or divulged to any of the parties involved in the protocol. Privacy protection in multiple enrollments scenarios is achieved by the fuzzy extractor indistinguishability adapter. The zero knowledge proof of knowledge is used in the showing protocol to prove knowledge of values without divulging them.
|
3 |
Cryptographic Credentials with Privacy-preserving Biometric BindingsBissessar, David January 2013 (has links)
Cryptographic credentials allow user authorizations to be granted and verified. and have such applications as e-Passports, e-Commerce, and electronic cash. This thesis proposes a privacy protecting approach of binding biometrically derived keys to cryptographic credentials to prevent unauthorized lending. Our approach builds on the 2011 work of Adams, offering additional benefits of privacy protection of biometric information, generality on biometric modalities, and performance. Our protocol integrates into Brands’ Digital Credential scheme, and the Anonymous Credentials scheme of Camenisch and Lysyanskaya. We describe a detailed integration with the Digital Credential Scheme and sketch the integration into the Anonymous Credentials scheme. Security proofs for non-transferability, correctness of ownership, and unlinkability are provided for the protocol’s instantiation into Digital Credentials.
Our approach uses specialized biometric devices in both the issue and show protocols. These devices are configured with our proposed primitive, the fuzzy ex-tractor indistinguishability adaptor which uses a traditional fuzzy extractor to create and regenerate cryptographic keys from biometric data and IND-CCA2 secure en-cryption protect the generated public data against multiplicity attacks. Pedersen commitments are used to hold the key at issue and show time, and A zero-knowledge proof of knowledge is used to ensure correspondence of key created at issue-time and regenerated at show-time. The above is done in a manner which preserves biometric privacy, as and delivers non-transferability of digital credentials.
The biometric itself is not stored or divulged to any of the parties involved in the protocol. Privacy protection in multiple enrollments scenarios is achieved by the fuzzy extractor indistinguishability adapter. The zero knowledge proof of knowledge is used in the showing protocol to prove knowledge of values without divulging them.
|
4 |
Remote Integrity Checking using Multiple PUF based Component IdentifiersMandadi, Harsha 14 June 2017 (has links)
Modern Printed Circuit Boards (PCB) contain sophisticated and valuable electronic components, and this makes them a prime target for counterfeiting. In this thesis, we consider a method to test if a PCB is genuine. One high-level solution is to use a secret identifier of the board, together with a cryptographic authentication protocol. We describe a mechanism that authenticates all major components of PCB as part of attesting the PCB. Our authentication protocol constructs the fingerprint of PCB by extracting hardware fingerprint from the components on PCB and cryptographically combining the fingerprints. Fingerprints from each component on PCB are developed using Physical Unclonable Functions (PUF).
In this thesis, we present a PUF based authentication protocol for remote integrity checking using multiple PUF component level identifiers. We address the design on 3 different abstraction levels. 1)Hardware Level, 2)Hardware Integration level, 3)Protocol level. On the hardware level, we propose an approach to develop PUF from flash memory component on the device. At the hardware Integration level, we discuss a hardware solution for implementing a trustworthy PUF based authentication. We present a prototype of the PUF based authentication protocol on an FPGA board via network sockets. / Master of Science / Electronic devices have become ubiquitous, from being used in day to day applications to device critical applications (defense, medical). These devices have valuable electronic components integrated on it. Because of its growing importance, they have attracted many counterfeiters. Counterfeiters replace a genuine component with a substandard component. In this thesis, we discuss a method to identify if an electronic device, a Printed Circuit Board in this case, is genuine.
We present a solution to remotely verify authenticity of the board by extracting fingerprints from all the major components on the board. Fingerprints from each major component on the board are extracted using Physical Uncloanable Functions (PUF). These fingerprints are crypographically combined to develop an unique fingerprint for the board.
Our design is addressed in 3 different abstraction levels 1) Hardware level 2) Hardware Integration level 3) Protocol level. In the Hardware level, we discuss an approach to extract fingerprints from flash memory component. In the Hardware Integration level, we discuss a hadware approach for trustworthy PUF based solution . In the Protocol level, we present a prototype of our design on FPGA using network sockets.
|
5 |
Strong key derivation from noisy sourcesFuller, Benjamin Woodbury 12 March 2016 (has links)
A shared cryptographic key enables strong authentication. Candidate sources for creating such a shared key include biometrics and physically unclonable functions. However, these sources come with a substantial problem: noise in repeated readings.
A fuzzy extractor produces a stable key from a noisy source. It consists of two stages. At enrollment time, the generate algorithm produces a key from an initial reading of the source. At authentication time, the reproduce algorithm takes a repeated but noisy reading of the source, yielding the same key when the two readings are close. For many sources of practical importance, traditional fuzzy extractors provide no meaningful security guarantee.
This dissertation improves key derivation from noisy sources. These improvements stem from three observations about traditional fuzzy extractors.
First, the only property of a source that standard fuzzy extractors use is the entropy in the original reading. We observe that additional structural information about the source can facilitate key derivation.
Second, most fuzzy extractors work by first recovering the initial reading from the noisy reading (known as a secure sketch). This approach imposes harsh limitations on the length of the derived key. We observe that it is possible to produce a consistent key without recovering the original reading of the source.
Third, traditional fuzzy extractors provide information-theoretic security. However, security against computationally bounded adversaries is sufficient. We observe fuzzy extractors providing computational security can overcome limitations of traditional approaches.
The above observations are supported by negative results and constructions. As an example, we combine all three observations to construct a fuzzy extractor achieving properties that have eluded prior approaches. The construction remains secure even when the initial enrollment phase is repeated multiple times with noisy readings. Furthermore, for many practical sources, reliability demands that the tolerated noise is larger than the entropy of the original reading. The construction provides security for sources of this type by utilizing additional source structure, producing a consistent key without recovering the original reading, and providing computational security.
|
6 |
Protocoles cryptographiques pour l’authentification numérique et le respect de la vie privée / Cryptographic protocols for digital authentication and privacyAlamelou, Quentin 09 May 2017 (has links)
Les croissances constantes de l’Internet et des services associés ont conduit à des problématiques naturellement liées au domaine de la cryptographie, parmi lesquelles l’authentification et le respect de la vie privée des utilisateurs. L’utilisation désormais commune d’appareils connectés (smartphone, tablette, montre, …) comme moyen d’authentification amène à considérer la génération et/ou la gestion de clés cryptographiques par de tels appareils pour répondre à ces besoins. Les résonances cryptographiques identifiées de ces deux cas d’étude sont respectivement le domaine des Fuzzy Extractors (« Extracteurs de Flous » en français) et les schémas de signature de groupe. D’une part, cette thèse présente alors le premier Fuzzy Extractror non basé sur la distance de Hamming à être réutilisable (dans le modèle de l’oracle aléatoire non programmable). Ce faisant, nous avons alors pu concevoir un module de génération de clés cryptographiques permettant d'authentifier un utilisateur à partir des ses appareils. D’autre part, deux schémas de signature de groupe basés sur la théorie des codes, respectivement en métrique de Hamming et en métrique rang sont également proposés. Ces deux schémas constituent des alternatives crédibles aux cryptosystèmes post-quantiques équivalents basés sur les réseaux euclidiens. / Internet constant growth has naturally led to cryptographic issues such as authentication and privacy concerns. The common usage of connected devices (smartphones, tablet, watch, …) as authentication means made us consider cryptographic keys generations and/or managements from such devices to address aforementioned needs. For such a purpose, we identified fuzzy extractors and group signature schemes. On the one hand, this thesis then presents the first reusable fuzzy extractor based on set difference metric (in the nonprogrammable random oracle). In so doing, we were able to design a key generation module performing authentication from users’ devices. On the other hand, we came up with two group signature schemes, respectively based on Hamming and rank metrics, that seriously compete with post-quantum concurrent schemes based on lattices.
|
7 |
Engineering Ecosystems of Systems: UML Profile, Credential Design, and Risk-balanced Cellular Access ControlBissessar, David 14 December 2021 (has links)
This thesis proposes an Ecosystem perspective for the engineering of SoS and CPS
and illustrates the impact of this perspective in three areas of contribution category
First, from a conceptual and Systems Engineering perspective, a conceptual framework
including the Ecosystems of System Unified Language Modeling (EoS-UML) profile, a
set of Ecosystem Ensemble Diagrams, the Arms :Length Trust Model and the Cyber
Physical Threat Model are provided. Second, having established this conceptual view of
the ecosystem, we recognize unique role of the cryptographic credentials within it,
towards enabling the ecosystem long-term value proposition and acting as a value
transfer agent, implementing careful balance of properties meet stakeholder needs.
Third, we propose that the ecosystem computers can be used as a distributed compute
engine to run Collaborative Algorithms. To demonstrate, we define access control
scheme, risk-balanced Cellular Access Control (rbCAC). The rbCAC algorithm defines
access control within a cyber-physical environment in a manner which balances cost,
risk, and net utility in a multi-authority setting. rbCAC is demonstrated it in an Air Travel
and Border Services scenario. Other domains are also discussed included air traffic
control threat prevention from drone identity attacks in protected airspaces.
These contributions offer significant material for future development, ongoing credential
and ecosystem design, including dynamic perimeters and continuous-time sampling,
intelligent and self optimizing ecosystems, runtime collaborative platform design
contracts and constraints, and analysis of APT attacks to SCADA systems using
ecosystem approaches.
|
Page generated in 0.0713 seconds