Harpocrates: Privacy-Preserving and Immutable Audit Log for Sensitive Data Operations

Thazhath, Mohit Bhasi

10 June 2022

The immutability, validity and confidentiality of an audit log is crucial when operating over sensitive data to comply to standard data regulations (e.g., HIPAA). Despite its critical needs, state-of-the-art privacy-preserving audit log schemes (e.g., Ghostor (NSDI '20), Calypso (VLDB '19)) do not fully obtain a high level of privacy, integrity, and immutability simultaneously, in which certain information (e.g., user identities) is still leaked in the log. In this work, we propose Harpocrates, a new privacy-preserving and immutable audit log scheme. Harpocrates permits data store, share, and access operations to be recorded in the audit log without leaking sensitive information (e.g., data identifier, user identity), while permitting the validity of data operations to be publicly verifiable. Harpocrates makes use of blockchain techniques to achieve immutability and avoid a single point of failure, while cryptographic zero-knowledge proofs are harnessed for confidentiality and public verifiability. We analyze the security of our proposed technique and prove that it achieves non-malleability and indistinguishability. We fully implemented Harpocrates and evaluated its performance on a real blockchain system (i.e., Hyperledger Fabric) deployed on a commodity platform (i.e., Amazon EC2). Experimental results demonstrated that Harpocrates is highly scalable and achieves practical performance. / Master of Science / Audit logs are an essential part of data storage systems as they allow to check if the system is working as intended. They are usually maintained on a server, a server with ill intentions can easily modify records of the log and make it appear that the system is working correctly. To store these records in an un-modifiable manner, prior works have leveraged special audit log storing mechanisms for e.g., blockchain due to its immutable nature. However, these works do not focus on the privacy of the records which is a crucial aspect for conforming to certain data regulations like HIPAA. In our work, we propose Harpocrates, an immutable and privacy-preserving audit log platform that supports recording operations (share/access) on sensitive data. Harpocrates leverages blockchain to achieve immutability of the audit log. Harpocrates use specific cryptographic primitives to achieve public verifiability and confidentiality of the audit log. Real world deployment of Harpocrates shows that it is practical and achieves strong security guarantees.

Blockchain

Zero-Knowledge Proofs

Immutable Logging

Record Anonymity

Elliptic curve cryptography, zero-knowledge proof, and Lamport's hash chain in a distributed authentication system

Chang, Simon Yi-Fan

January 2013

Thesis (M.S.C.S.) PLEASE NOTE: Boston University Libraries did not receive an Authorization To Manage form for this thesis or dissertation. It is therefore not openly accessible, though it may be available by request. If you are the author or principal advisor of this work and would like to request open access for it, please contact us at open-help@bu.edu. Thank you. / This paper proposes a novel distributed authentication system that uses robust alternatives in cryptographic algorithms to grant a third-party access to personal data without compromising a user's credentials. The paper examines briefly the concept of distributed authentication systems, and discusses how elliptic curve cryptography and Lamport's hash chain can operate in a zero-knowledge proof to establish and manage trust. The paper also discusses how this design avoids some of the most common flaws in distributed authentication systems. Finally, based on results from tests conducted with included source codes, the paper argues that increasing number of rounds of zero-knowledge proof yields substantially faster performance than increasing the modulus for elliptic curve calculations while maintaining comparable levels of security. / 2999-01-01

Computer science

Cryptography

Zero-knowledge proof

Cybersecurity

Distributed Authentication Systems

En studie av zero knowledge-identifikationsprotokoll för smarta kort / A study of zero knowledge identification protocols for smart cards

Mellström, Björn

January 2004

<p>Zero knowledge protocols is a lesser known type of protocol that can be used for identification. These protocols are especially designed not to reveal any information during an identification process that can be misused later on, neither by the one who should be convinced of the identity of the user, nor by anyone else that is eavesdropping. Many of these protocols are also especially designed for implementation in smart cards. The more common type of card with a magnetic stripe has during the last few years become more susceptible to attacks since they are easily copied. Smart cards combined with a secure identification protocol has been predicted to be the solution to this problem. Zero knowledge protocols are one of several types of protocols that can be used for this purpose. </p><p>In this thesis a number of zero knowledge protocols are examined that have been presented since the introduction of the concept in the 1980's. In addition to the protocol descriptions information is also given about how to choose parameter values, and what progress and discoveries have been made concerning the security of the protocols. Some assumptions that are easy to overlook in an implementation are also highlighted, and an evaluation of the protocol performances is made. </p><p>The conclusion is that zero knowledge protocols are both efficient and adaptable, while they at the same time provide high security. Because of this it may not be necessary to compromise between these properties even for simpler types of smart cards.</p>

Informationsteknik

Zero knowledge

identification

protocols

smart cards.

Informationsteknik

Information technology

Informationsteknik

A study of perfect zero-knowledge proofs

Malka, Lior

27 August 2008

Perfect zero-knowledge proofs enable one party (the prover) to prove an assertion to another party (the verifier) but without revealing anything but the truth of the assertion. The class of problems admitting such proofs is rich, including Graph Isomorphism, Quadratic Residuousity, and other problems that play a key role in cryptography and complexity theory. Due to their strong privacy guarantee, perfect zero-knowledge proofs are very difficult to study. Despite extensive research since the 1980s, especially in the area of statistical zero-knowledge proofs, many fundamental questions about them remain open, and it is not even clear how to address these questions. This thesis initiates a general investigation of perfect zero-knowledge proofs. Our main results are as follows. 1. We prove that all the known problems admitting perfect zero-knowledge PZK proofs can be characterized as non-interactive instance-dependent commitment schemes, and use this result to generalize and strengthen previous results, as well as to prove new results about PZK problems. 2. We give a new error shifting technique that allows us to overcome barriers in the study of PZK. Using this technique we present the first complete problem for the class of problems admitting non-interactive perfect zero-knowledge proofs (NIPZK), and the first hard problem for the class of problems admitting public-coin PZK proofs. 3. We make the first investigation into one of the most important questions in the field, namely, whether the number of rounds in PZK proofs can be collapsed to a constant. We give the first perfectly hiding commitment scheme, and prove that obtaining such a scheme that is also constant round is equivalent to collapsing the rounds in PZK proofs to a constant.

Cryptography

Zero-Knowledge

En studie av zero knowledge-identifikationsprotokoll för smarta kort / A study of zero knowledge identification protocols for smart cards

Mellström, Björn

January 2004

Zero knowledge protocols is a lesser known type of protocol that can be used for identification. These protocols are especially designed not to reveal any information during an identification process that can be misused later on, neither by the one who should be convinced of the identity of the user, nor by anyone else that is eavesdropping. Many of these protocols are also especially designed for implementation in smart cards. The more common type of card with a magnetic stripe has during the last few years become more susceptible to attacks since they are easily copied. Smart cards combined with a secure identification protocol has been predicted to be the solution to this problem. Zero knowledge protocols are one of several types of protocols that can be used for this purpose. In this thesis a number of zero knowledge protocols are examined that have been presented since the introduction of the concept in the 1980's. In addition to the protocol descriptions information is also given about how to choose parameter values, and what progress and discoveries have been made concerning the security of the protocols. Some assumptions that are easy to overlook in an implementation are also highlighted, and an evaluation of the protocol performances is made. The conclusion is that zero knowledge protocols are both efficient and adaptable, while they at the same time provide high security. Because of this it may not be necessary to compromise between these properties even for simpler types of smart cards.

Informationsteknik

Zero knowledge

identification

protocols

smart cards.

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap

Zero-Knowledge Agent Trained for the Game of Risk

Bethdavid, Simon

January 2020

Recent developments in deep reinforcement learning applied to abstract strategy games such as Go, chess and Hex have sparked an interest within military planning. This Master thesis explores if it is possible to implement an algorithm similar to Expert Iteration and AlphaZero to wargames. The studied wargame is Risk, which is a turn-based multiplayer game played on a simplified political map of the world. The algorithms consist of an expert, in the form of a Monte Carlo tree search algorithm, and an apprentice, implemented through a neural network. The neural network is trained by imitation learning, trained to mimic expert decisions generated from self-play reinforcement learning. The apprentice is then used as heuristics in forthcoming tree searches. The results demonstrated that a Monte Carlo tree search algorithm could, to some degree, be employed on a strategy game as Risk, dominating a random playing agent. The neural network, fed with a state representation in the form of a vector, had difficulty in learning expert decisions and could not beat a random playing agent. This led to a halt in the expert/apprentice learning process. However, possible solutions are provided as future work.

Deep Reinforcement Learning

Zero-Knowledge Agent

AlphaZero

Expert Iteration

Risk

Engineering and Technology

Teknik och teknologier

A Study of Non-Interactive Zero-Knowledge Proof Systems in a Black-Box Framework / 非対話ゼロ知識証明のブラックボックス構成に関する研究

Yamashita, Kyousuke

23 March 2021

京都大学 / 新制・課程博士 / 博士(情報学) / 甲第23317号 / 情博第753号 / 新制||情||129(附属図書館) / 京都大学大学院情報学研究科社会情報学専攻 / (主査)教授 神田 崇行, 教授 吉川 正俊, 教授 岡部 寿男 / 学位規則第4条第1項該当 / Doctor of Informatics / Kyoto University / DFAM

cryptography

blabk-box construction

security

007

Návrh zero-knowledge protokolů / Design of Zero-Knowledge Protocols

Šafář, Jan

January 2010

Thesis introduces automated methods of protocol design and their usability for zero knowledge protocol design or protocols, where ZK protocols are used as subprotocols. Especially composition method is described more in depth. Thesis shows also a sample implementation of this method.

A Security Study for Non-Internet Connected Managed Software

Galassi De Orchi, Tommaso

January 2012

This master thesis project aims to improve the security of managed software developed at SCANIA's research and development group NEVE. The thesis will present several security schemes that can be effective against tampering, theft, and reverse engineering of application. The schemes presented were selected to ensure confidentiality, integrity, authenticity, and authentication of applications. NEVE’s software will be analyzed and compared against state of the art solutions. A theoretical threat analysis will be presented, corroborated by empirical reverse engineering attacks. The final part of this thesis introduces a new security scheme for C# .NET programs operating without requiring an internet connection. / Denna uppsats försöker förbättra säkerheten av [managed software] utvecklad hos SCANIAS forsknings- och utvecklingsgrupp NEVE. Den visar på flera säkerhetslösningar som kan vara effektiva mot manipulation, stöld och omvänd ingenjörskonst av applikationer. De säkerhetslösningar som presenteras valdes för att säkerställa sekretess, integritet, äkthet och autentisering hos applikationer. NEVEs mjukvara kommer att analyseras och ställs mot de allra senaste lösningarna. En teoretisk hotanalys kommer att presenteras, förstärkt med attacker baserat empiriskt omvänd ingenjörskonst. Den sista delen av denna uppsats introducerar en ny säkerhetslösning. Den riktar sig mot program skrivna i C# .NET som inte kräver en uppkoppling mot internet.

.Net Security

Reverse Engineering

Cryptography

C#

Information Security

zero-knowledge

Communication Systems

Kommunikationssystem

Dopad COVID-19 na bezpečnostní politiku států v oblasti kybernetické bezpečnosti / Impact of COVID-19 on Security Policies of States in the Area of Cyber Security

Rieger, Anastasiya

January 2022

CHARLES UNIVERSITY FACULTY OF SOCIAL SCIENCES Master of International Security Systems Anastasiya Neskoromna/Rieger Impact of COVID 19 on Security Policies of States in the Area of Cyber Security Abstract Prague 2022 Author: Ms. Anastasiya Neskoromna/Rieger Supervisor: prof. David Erkomashvile, Ph.D. Academic Year: 2021/2022 Abstract The SARS-Cov-19 or in different wording the global Covid pandemic outburst have created an unprecedented scenario for various organizations, agencies and structures. The COVID-19 pandemic in 2020 has become an extraordinary and shocking event for the world community and the global economy. On the part of the authorities, the COVID-19 pandemic is accompanied by sometimes harsh and ambiguous decisions, the consequences of which are felt by people in many countries of the world: movement between countries was stopped, businesses and enterprises were closed, the restriction was created, those who were sick or at risk of infection were isolated. There was also no possible assumption regarding how long such a mode of life will last. Many factors as a consequential chain of reactions from the pandemic in the aggregate have created a pleasant environment for altering and modifying the cybercrime landscape. This work aims to analyze the factorial presence of modification in the sphere...