Elliptic curve cryptography, zero-knowledge proof, and Lamport's hash chain in a distributed authentication system

Chang, Simon Yi-Fan

January 2013

Thesis (M.S.C.S.) PLEASE NOTE: Boston University Libraries did not receive an Authorization To Manage form for this thesis or dissertation. It is therefore not openly accessible, though it may be available by request. If you are the author or principal advisor of this work and would like to request open access for it, please contact us at open-help@bu.edu. Thank you. / This paper proposes a novel distributed authentication system that uses robust alternatives in cryptographic algorithms to grant a third-party access to personal data without compromising a user's credentials. The paper examines briefly the concept of distributed authentication systems, and discusses how elliptic curve cryptography and Lamport's hash chain can operate in a zero-knowledge proof to establish and manage trust. The paper also discusses how this design avoids some of the most common flaws in distributed authentication systems. Finally, based on results from tests conducted with included source codes, the paper argues that increasing number of rounds of zero-knowledge proof yields substantially faster performance than increasing the modulus for elliptic curve calculations while maintaining comparable levels of security. / 2031-01-01

Computer science

Cryptography

Zero-knowledge proof

Cybersecurity

Distributed Authentication Systems

Privacy engineering for social networks

Anderson, Jonathan

January 2013

In this dissertation, I enumerate several privacy problems in online social networks (OSNs) and describe a system called Footlights that addresses them. Footlights is a platform for distributed social applications that allows users to control the sharing of private information. It is designed to compete with the performance of today's centralised OSNs, but it does not trust centralised infrastructure to enforce security properties. Based on several socio-technical scenarios, I extract concrete technical problems to be solved and show how the existing research literature does not solve them. Addressing these problems fully would fundamentally change users' interactions with OSNs, providing real control over online sharing. I also demonstrate that today's OSNs do not provide this control: both user data and the social graph are vulnerable to practical privacy attacks. Footlights' storage substrate provides private, scalable, sharable storage using untrusted servers. Under realistic assumptions, the direct cost of operating this storage system is less than one US dollar per user-year. It is the foundation for a practical shared filesystem, a perfectly unobservable communications channel and a distributed application platform. The Footlights application platform allows third-party developers to write social applications without direct access to users' private data. Applications run in a confined environment with a private-by-default security model: applications can only access user information with explicit user consent. I demonstrate that practical applications can be written on this platform. The security of Footlights user data is based on public-key cryptography, but users are able to log in to the system without carrying a private key on a hardware token. Instead, users authenticate to a set of authentication agents using a weak secret such as a user-chosen password or randomly-assigned 4-digit number. The protocol is designed to be secure even in the face of malicious authentication agents.

004

New authentication mechanism using certificates for big data analytic tools

Velthuis, Paul

January 2017

Companies analyse large amounts of sensitive data on clusters of machines, using a framework such as Apache Hadoop to handle inter-process communication, and big data analytic tools such as Apache Spark and Apache Flink to analyse the growing amounts of data. Big data analytic tools are mainly tested on performance and reliability. Security and authentication have not been enough considered and they lack behind. The goal of this research is to improve the authentication and security for data analytic tools.Currently, the aforementioned big data analytic tools are using Kerberos for authentication. Kerberos has difficulties in providing multi factor authentication. Attacks on Kerberos can abuse the authentication. To improve the authentication, an analysis of the authentication in Hadoop and the data analytic tools is performed. The research describes the characteristics to gain an overview of the security of Hadoop and the data analytic tools. One characteristic is that the usage of the transport layer security (TLS) for the security of data transportation. TLS usually establishes connections with certificates. Recently, certificates with a short time to live can be automatically handed out.This thesis develops new authentication mechanism using certificates for data analytic tools on clusters of machines, providing advantages over Kerberos. To evaluate the possibility to replace Kerberos, the mechanism is implemented in Spark. As a result, the new implementation provides several improvements. The certificates used for authentication are made valid with a short time to live and are thus less vulnerable to abuse. Further, the authentication mechanism solves new requirements coming from businesses, such as providing multi-factor authenticationand scalability.In this research a new authentication mechanism is developed, implemented and evaluated, giving better data protection by providing improved authentication.

Cloud Access Management

certificate on demand

Apache Spark

Apache Flink

Kerberos

transport security layer (TLS)

Authentication

Multi Factor Authentication

Authentication for data analytic tools

certificate based Spark authentication

public key encryption

distributed authentication

short valid authentication

Computer Sciences

Datavetenskap (datalogi)