Elliptic curve cryptography, zero-knowledge proof, and Lamport's hash chain in a distributed authentication system

Chang, Simon Yi-Fan

January 2013

Thesis (M.S.C.S.) PLEASE NOTE: Boston University Libraries did not receive an Authorization To Manage form for this thesis or dissertation. It is therefore not openly accessible, though it may be available by request. If you are the author or principal advisor of this work and would like to request open access for it, please contact us at open-help@bu.edu. Thank you. / This paper proposes a novel distributed authentication system that uses robust alternatives in cryptographic algorithms to grant a third-party access to personal data without compromising a user's credentials. The paper examines briefly the concept of distributed authentication systems, and discusses how elliptic curve cryptography and Lamport's hash chain can operate in a zero-knowledge proof to establish and manage trust. The paper also discusses how this design avoids some of the most common flaws in distributed authentication systems. Finally, based on results from tests conducted with included source codes, the paper argues that increasing number of rounds of zero-knowledge proof yields substantially faster performance than increasing the modulus for elliptic curve calculations while maintaining comparable levels of security. / 2999-01-01

Computer science

Cryptography

Zero-knowledge proof

Cybersecurity

Distributed Authentication Systems

An Empirical Investigation of Factors Affecting Resistance to Using Multi-Method Authentication Systems in Public-Access Environments

Marnell, Joseph

01 January 2016

Over the course of history, different means of object and person identification as well as verification have evolved for user authentication. In recent years, a new concern has emerged regarding the accuracy of verifiable authentication and protection of personal identifying information (PII), because previous misuses have resulted in significant financial loss. Such losses have escalated more noticeably because of human identity-theft incidents due to breaches of PII within multiple public-access environments. Although the use of various biometric and radio frequency identification (RFID) technologies is expanding, resistance to using these technologies for user authentication remains an issue. This study addressed the effect of individuals’ perceptions on their resistance to using multi-method authentication systems (RMS) in public-access environments and uncovered key constructs that may significantly contribute to such resistance. This study was a predictive study to assess the contributions of individuals’ perceptions of the importance of organizational protection of their PII, noted as Perceived Value of Organizational Protection of PII (PVOP), authentication complexity (AC), and invasion of privacy (IOP) on their resistance to using multi-method authentication systems (RMS) in public-access environments. Moreover, this study also investigated if there were any significant differences on the aforementioned constructs based on age, gender, prior experience with identity theft, and acquaintance experience with identity theft. As part of this study, a rollout project was implemented of multi-factor biometric and RFID technologies for system authentication prior to electronic-commerce (e-commerce) use in public-access environments. The experimental group experienced the multi-factor authentication and also was trained on its use. Computer users (faculty & students) from a small, private university participated in the study to determine their level of PVOP, IOP, and AC on their resistance to using the technology in public-access environments. Multiple Linear Regression (MLR) was used to formulate a model and test predictive power along with the significance of the contribution of the aforementioned constructs on RMS. The results show that all construct measures demonstrated very high reliability. The results also indicate that the experimental group of the multi-factor authentication had lower resistance than the control group that didn’t use the technology. The mean increases indicate an overall statistically significant difference between the experimental and control groups overall. The results also demonstrate that students and participants’ increased levels of education indicate an overall statistically significant decrease in resistance. The findings demonstrate that overall computer authentication training do provide added value in the context of measuring resistance to using newer multi-method authentication technology.

biometrics

invasion of privacy

multi-method authentication systems

personal identifying information

radio frequency

resistance

Information technology

Computer Sciences

Computer Security

Databases and Information Systems

Protocolo para autenticação quântica de mensagens clássicas. / Protocol for quantum authentication of classic messages.

MEDEIROS, Rex Antonio da Costa.

01 August 2018

Submitted by Johnny Rodrigues (johnnyrodrigues@ufcg.edu.br) on 2018-08-01T20:10:46Z No. of bitstreams: 1 REX ANTONIO COSTA MEDEIROS - DISSERTAÇÃO PPGEE 2004..pdf: 14601327 bytes, checksum: 5e8b5fae1a59cd77236adc8cc0655c17 (MD5) / Made available in DSpace on 2018-08-01T20:10:46Z (GMT). No. of bitstreams: 1 REX ANTONIO COSTA MEDEIROS - DISSERTAÇÃO PPGEE 2004..pdf: 14601327 bytes, checksum: 5e8b5fae1a59cd77236adc8cc0655c17 (MD5) Previous issue date: 2004-06-22 / CNPq / Nos dias atuais, os sistemas de criptografia e autenticação desempenham um papel fundamental em aplicações que envolvem a manipulação de informações sigilosas, tais como movimentações financeiras, comércio eletrônico, aplicações militares e proteção de arquivos digitais. A popularização do uso dos sistemas de criptografia e autenticação se deve, em grande parte, a descrição de esquema de criptografia por chave pública. A segurança de tais sistemas é baseada na intratabilidade computacional (clássica) de problemas da teoria dos números, como a fatoração em produtos de primos e o problema do logaritmo discreto. A partir da formulação da Mecânica Quântica, foram demonstrados algoritmos que, executados em um computador quântico e consumindo tempo e recursos polinomiais, são capazes de resolver tais problemas. A construção de um computador quântico inviabilizaria, portanto, o uso de sistemas de criptografia e autenticação por chave pública. Nesta dissertação é discutido o problema da autenticação quântica de mensagens clássicas. É proposto um protocolo híbrido que alcança segurança incondicional, mesmo que um criptoanalista disponha de recursos computacionais infinitos, sejam eles clássicos ou quânticos. Através de uma prova matemática formal, é mostrado que o nível de segurança pode ser feito tão alto quanto desejado. Tal segurança é-garantida pelos princípios fundamentais da mecânica quântica. / Nowadays, cryptography and authentication play a central role in applications that manipulates confidential information, like financial transactions, e-commerce, military applications and digital data protection. The explosive growth of cryptosystems is mostly due to the discovery of the so-called public-kcy cryptosystems. The security of such systcms is based on the intractability of some problems from number theory, like factorization and the discrete logarithm problem. After the formulation of the quantum mechanics, several protocols wcre described in order to solve these problems in time and resources polynomials in their argumente. So, one can conclude that public-key cryptosystems are not secure in a scenario where an eavesdropper makes use of quantum computers. In this work it is discussed the problem of quantum authenticating classical messages. It is proposed a non-interactive hybrid protocol reaching information-theoretical security, even when an eavesdropper possesses both infinite quantum and classical computei- power. It is presented a mathematical proof that it is always possible to reach a desirable levei of security. This security is due to the quantum mechanics proprieties of non-orthogonal quantum states.

Engenharia Elétrica.

Ciência da Computação.

Autenticação quântica de mensagens

Sistemas de criptografia

Sistemas de autenticação de mensagens

Intratabilidade computacional

Problema do logaritmo discreto

Mecânica quântica

Computador quântico

Segurança da informação digital

Quantum mechanics

Quantum message authentication

Quantum computer

Message authentication systems

Encryption systems