abcs in theory and practice
play

ABCs in Theory and Practice RFIDsec 2015, TUTORIAL Gergely Alpr - PowerPoint PPT Presentation

Oct 08, 2022 •274 likes •711 views

ABCs in Theory and Practice RFIDsec 2015, TUTORIAL Gergely Alpr Radboud, ICIS DS June 23, 2015 Page 1 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Currently we are here... Motivating Attribtues Attribute-based identity

  1. ABCs in Theory and Practice RFIDsec 2015, TUTORIAL Gergely Alpár Radboud, ICIS DS June 23, 2015 Page 1 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely

  2. Currently we are here... Motivating Attribtues Attribute-based identity management Crypto of ABCs

  3. “[By 2025 f]ew individuals will have the energy, interest, or resources to protect themselves from dataveillance ; privacy will become a luxury .” [Pew Research Center, December 2014] Page 2 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Motivating Attribtues

  4. Authentication Passwords I • “38% of adults sometimes think it would be easier to solve world peace than attempt to remember all their passwords” [Harris Interactive, 2012] Many accounts at service providers I Identity management I • Users • Identity provider(s) = Issuer • Service providers = Relying party = Verifier Page 3 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Motivating Attribtues

  5. Problems with Identity Management Security I • Single point of failure • Valuable target Privacy I • Can log in (often) • Linking all user activities • Profiling Page 4 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Motivating Attribtues

  6. Authorisation is necessarily identifying Page 5 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Motivating Attribtues

  7. Outline Motivating Attribtues Attribute-based identity management Crypto of ABCs Page 6 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Motivating Attribtues

  8. Currently we are here... Motivating Attribtues Attribute-based identity management Crypto of ABCs

  9. Identity and Attributes [FIDIS 2005] Page 7 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Attribute-based identity management

  10. Digital Identity Attributes I Partial identities I Identifying and non-identifying attributes I Typical authorisation: Username + authentication + lookup I Authorisation based on attributes I • Directly looking up relevant attributes • Identifying and non-identifying authorisation (DEMO: ≥ 18) Page 8 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Attribute-based identity management

  11. Identity Management Page 9 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Attribute-based identity management

  12. Attribute-Based Identity Management Page 10 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Attribute-based identity management

  13. Attribute-Based Credential Page 11 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Attribute-based identity management

  14. Issuing and Showing Page 12 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Attribute-based identity management

  15. Currently we are here... Motivating Attribtues Attribute-based identity management Crypto of ABCs

  16. Plan for Crypto Commitment I Zero-knowledge proof I Attribute-based credential (ABC) I Selective disclosure I Page 13 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  17. Commitment (Temporary) secret in a box with a padlock I . . . and a key. I Phases: I • Commit • Opening Examples (related to the DL problem) – secret value x : I h = g x ( mod p ) . Commit: h , g , p ; Opening: x . • h = g r · g x • 1 ( mod p ) . Commit: h , g , g 1 , p ; Opening: r , x . Computational hiding and perfect binding. I OR Perfect hiding and computational binding. [Damgård 99] I Problem 3 The exponents of 23 modulo 29 (the order is q = 7): 0 1 2 3 4 5 6 7 ... 1 23 7 16 20 25 24 1 ... Page 14 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  18. Where’s Waldo? – Zero-Knowledge Proof Page 15 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  19. Where’s Waldo? – Zero-Knowledge Proof [Naor et al. 99] Page 16 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  20. Where’s Waldo? Page 17 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  21. Ali Baba – Zero-Knowledge Proof [Quisquater et al. 89] Page 18 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  22. Ali Baba – Zero-Knowledge Proof Commitment and Challenge Page 19 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  23. Ali Baba – Zero-Knowledge Proof Response and Verification Problems 1, 2 Page 20 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  24. A “Too Simple” Proof Let us work in G of order q I Discrete logarithm: “I know the discrete logarithm x = log g h .” I G , g , q , h = g x Prover Verifier Secret: x x − − − − − − − − → ? = g x h “Now you also know the discrete logarithm log g h .” / I Page 21 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  25. Schnorr’s Proof of Knowledge [Schnorr 91] Let us work in G of order q I Discrete logarithm: “I know the discrete logarithm x = log g h .” I PK { χ | h = g χ } — P roof of K nowledge I Interactive I G , g , q , h = g x Prover Verifier Secret: x (1) w ∈ R Z q a a := g w − − − − − − − − → c (2) c ∈ R { 0 , 1 } ← − − − − − − − − = g r · h � c ? r (3) r := c · x + w ( mod q ) a − − − − − − − − → (1) Commitment (2) Challenge (3) Response Page 22 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  26. Simulated Communication Let us work in G of order q I “I seem to know the discrete logarithm log g h .” , I Simulated conversation: transcript I Choose c ∈ R { 0 , 1 } , r ∈ R Z ⇤ I q a := g r · h � c Transcript and verification: = g r · h � c ? ( a , c , r ) a Page 23 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  27. Schnorr’s Proof of Knowledge [Schnorr 91] Let us work in G of order q I Discrete logarithm: “I know the discrete logarithm log g h .” I PK { χ | h = g χ } — P roof of K nowledge I Interactive I G , g , q , h = g x Prover Verifier Secret: x (1) w ∈ R Z q a a := g w − − − − − − − − → c c ∈ R [ 0 , 2 128 − 1 ] (2) ← − − − − − − − − = g r · h � c ? r (3) r := c · x + w ( mod q ) a − − − − − − − − → (1) Commitment (2) Challenge (3) Response Page 24 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  28. Schnorr Signature, i.e. Schnorr with Fiat–Shamir [FS 86] Discrete logarithm: “I know the discrete logarithm log g h .” I Non-interactive: SPK { χ | h = g χ } ( n ) I • Challenge c is generated by a hash H H : { 0 , 1 } ⇤ → [ 0 , 2 128 − 1 ] (128-bit output) • G , g , q , h = g x , H Prover Verifier Secret: x n n ∈ R Z q ← − − − − − − − − w ∈ R Z q a := g w c := H ( a , n ) a , r = g r · h � H ( a , n ) ? r := c · x + w ( mod q ) a − − − − − − − − − → Page 25 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  29. How to Design ABCs? – In Three Simple Steps Take a commitment scheme Step 1 Step 2 Generalise it to multiple values Step 3 Sign the extended commitment Step +1 Apply here and there zero-knowledge proofs Page 26 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  30. Example: Idemix Page 27 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  31. Hard Problems Discrete logarithm RSA Strong RSA Page 28 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  32. Idemix ABC – Based on CL Signature Camenisch–Lysyanskaya (CL) signature [CL 01, CL 02] I Strong RSA assumption [BP 97, FO 97] I • RSA ( n = pq ) = ⇒ Taking the e th root is hard • Strong = ⇒ DL is hard Group QR n : I p , q are safe primes ( p = 2 p 0 + 1 , q = 2 q 0 + 1 s.t. p 0 , q 0 primes) • • Quadratic residues in Z ⇤ n • QR n is a subgroup of order ϕ ( n ) / 4 Notation: I • Some group elements that you’ll see: A , Z , S , R , R 1 , R 2 , R 3 , . . . • Some further integers (exponents): e , v , a , . . . Let’s “design” Idemix’s ABCs I Page 29 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  33. Step 1: Commitment Take a commitment scheme – Pedersen on a 1 R a · R a 1 where a is random. 1 Page 30 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  34. Step 2: Generalisation Extend it to multiple values – generalise Pedersen on ( a 1 , . . . , a L ) R a · R a 1 1 · . . . · R a L L | {z } ai Q L i = 1 R i where a is random. Page 31 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  35. Step 3: Signature Sign the extended commitment – CL on attributes: a 1 , . . . , a L ! 1 / e Z A := ( mod n ) S v · R a · Q L i = 1 R a i i where ( a ) , v , e are random. Page 32 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

  36. Step 3: Signature Sign the extended commitment – CL on attributes: a 1 , . . . , a L ! 1 / e Z A := ( mod n ) S v · R a · Q L i = 1 R a i i where ( a ) , v , e are random. Page 33 of 40 June 23 ABC Tutorial http://www.cs.ru.nl/~gergely Crypto of ABCs

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Theory or Practice? Theory : Without theory, practice is but routine born out of habit.

Theory or Practice? Theory : Without theory, practice is but routine born out of habit.

Theory or Practice? Theory : Without theory, practice is but routine born out of habit. Theory alone can bring forth and develop the spirit of inventions Louis Pasteur, 1822-1895 Practice : It is a capital mistake to theorize before

548 views • 42 slides
practice theory for social change practice theory is not for social change in itself it has no

practice theory for social change practice theory is not for social change in itself it has no

practice theory for social change practice theory is not for social change in itself it has no internal normative content practice theory for understanding social change well demonstrated as enabling distinctive insight into change

536 views • 24 slides
University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs

University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs

(Or Living Between a Rock and a Hard Place) Nigel Smart University Of Bristol 1 What to talk about? 2 What to talk about? Theory vs Practice vs Theory and Practice A key problem is someones theory is someone elses practice,

1.66k views • 68 slides
From practice to theory and back again Tools for algorithms and programs In theory there is no

From practice to theory and back again Tools for algorithms and programs In theory there is no

From practice to theory and back again Tools for algorithms and programs In theory there is no difference between theory and practice, but We can time different methods, but how to compare timings? not in practice Different on different

450 views • 7 slides
Agriculture Dr.A.K.Gogoi, ADG(Agro) ICAR, New Delhi- 12 What are ABCs Atmospheric Brown Clouds

Agriculture Dr.A.K.Gogoi, ADG(Agro) ICAR, New Delhi- 12 What are ABCs Atmospheric Brown Clouds

Impact of Atmoshpheric Brown Clouds (ABCs) on Agriculture Dr.A.K.Gogoi, ADG(Agro) ICAR, New Delhi- 12 What are ABCs Atmospheric Brown Clouds (ABCs ) are regional scale slums of air pollution that consists of copious amounts of ting

931 views • 33 slides
The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International

The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International

The Ecology of Language Learning Practice to Theory - Theory to Practice DILIT - International House, Rome April 17-18, 2010 Leo van Lier Monterey Institute of International Studies lvanlier@miis.edu 1 1 The ecology has spoken! 2 2 All

421 views • 29 slides
The ABCs of MLT Aptitude vs. Achievement Who has music aptitude? An Introduction to Gordons

The ABCs of MLT Aptitude vs. Achievement Who has music aptitude? An Introduction to Gordons

Music Aptitude The ABCs of MLT Aptitude vs. Achievement Who has music aptitude? An Introduction to Gordons EVERYONE! Music Learning Theory Multiple dimensions Normally distributed among population Heather N. Shouldice, PhD Innate AND

180 views • 3 slides
XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web

XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web

XML Retrieval XML Retrieval XML Retrieval XML Retrieval DB/IR in DB/IR in Theory Theory Web in Web in Practice Practice Sihem Amer-Yahia Mariano Consens Yahoo! Research University of Toronto In collaboration with: Ricardo Baeza-Yates

1.06k views • 59 slides
One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in

One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in

One-Pass Streaming Algorithms Complaints and Grievances Theory and Practice about theory in practice Disclaimer Experiences with Gigascope. A practitioners perspective. Will be using my own implementations, rather than

849 views • 46 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2004 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or

579 views • 15 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or {

560 views • 15 slides
Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005

Compression: Information Theory Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Coding Theory Encoder Input: a message over some finite alphabet such as { 0 , 1 } or

162 views • 15 slides
How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch

How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch

How can practice theory inform interventions into the domestic nexus? Dr. Daniel Welch Sustainable Consumption Institute, University of Manchester Three contributions of contemporary practice theory A way of understanding the organisation

451 views • 15 slides
Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed

Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed

Sensor Networks Where Theory Meets Practice Roger Wattenhofer ETH Zurich Distributed Computing www.disco.ethz.ch Theory Meets Practice SenSys OSDI HotNets Multimedia Ubicomp PODC STOC Mobicom FOCS SIGCOMM ICALP SPAA SODA EC

950 views • 67 slides
How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA

How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA

How our Current Theory of Economics and Practice of Finance have Unsustainability built in QCEA Brussels November 2013 Outline Introduction/Background Neo-classical theory Flaws in the theory Myths about growth Financial

729 views • 45 slides
Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism

Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism

Parallel Algorithms: Theory and Practice CS26 S260 Lecture cture 9* Yan n Gu Race Why is parallelism hard? Non-determinism!! Practice Theory 2 Why is parallelism hard? Non-determinism!! Sc Schedu duli ling ng is

466 views • 11 slides
BEAF: A Blockchain and Edge Assistant Framework with Data Sharing for IoT Networks Report :

BEAF: A Blockchain and Edge Assistant Framework with Data Sharing for IoT Networks Report :

NJUST BEAF: A Blockchain and Edge Assistant Framework with Data Sharing for IoT Networks Report : Yingxun Hu Email : hyx@njust.edu.cn Nanjing university of science and technology 01 / Introduction

585 views • 29 slides
Electron Lens Simulation Updates Valentina Previtali Vince Moens, Giulio Stancari, Alexander

Electron Lens Simulation Updates Valentina Previtali Vince Moens, Giulio Stancari, Alexander

Electron Lens Simulation Updates Valentina Previtali Vince Moens, Giulio Stancari, Alexander Valishev (FNAL, Chicago IL) Stefano Redaelli (CERN, Geneva CH) the e-lens: what is it and why is it interesting? The e-elens is a device generating

378 views • 36 slides
Enhancing State-Based Data with Federally-Available Data: Linking Massachusetts Hospital Discharge

Enhancing State-Based Data with Federally-Available Data: Linking Massachusetts Hospital Discharge

Enhancing State-Based Data with Federally-Available Data: Linking Massachusetts Hospital Discharge Data to ResDAC Zi Zhang, MD, MPH Catherine Nwachukwu, MPH Huong Trieu, PhD Mark Paskowsky, MPP NAHDO Annual Conference 2020 CENTER FOR HEALTH

476 views • 16 slides
Introducing the CAHPS Database Online Reporting System 2:00 pm - 3:30 pm ET Wednesday, April 22,

Introducing the CAHPS Database Online Reporting System 2:00 pm - 3:30 pm ET Wednesday, April 22,

Introducing the CAHPS Database Online Reporting System 2:00 pm - 3:30 pm ET Wednesday, April 22, 2009 Thursday, April 23, 2009 Audio Call-In Number: 866-469-3239 CAHPS Technical assistance: 888-808-7108 Email: ncbd1@ahrq.gov To Ask a

399 views • 19 slides
Upsilon production in STAR Pibero Djawotho for the STAR Collaboration Texas A&M University

Upsilon production in STAR Pibero Djawotho for the STAR Collaboration Texas A&M University

Upsilon production in STAR Pibero Djawotho for the STAR Collaboration Texas A&M University QWG 2010 FERMILAB May 18-21, 2010 Outline I. Physics motivation II. Experimental apparatus A. RHIC machine B. STAR detector STAR

420 views • 20 slides
PMF: Form Acquisition to Retention Shan-Hung Wu CS, NTHU Build Product after PS Fit Potential

PMF: Form Acquisition to Retention Shan-Hung Wu CS, NTHU Build Product after PS Fit Potential

PMF: Form Acquisition to Retention Shan-Hung Wu CS, NTHU Build Product after PS Fit Potential Customers Users 3. Scale (scalable business model) Your Goal Now 2. Product-Market fit (repeatable business model) 1. Problem-Solution fit

1.02k views • 38 slides
C a l i b r a t i o n o f a g r a v i t a t i o n a l w a v e d e

C a l i b r a t i o n o f a g r a v i t a t i o n a l w a v e d e

C a l i b r a t i o n o f a g r a v i t a t i o n a l w a v e d e t e c t o r D . E s t e v e z P h D S t u d e n t - L A P P D a u t r e p p e - 0 5 / 1 2 / 2 0 1 8

300 views • 17 slides
Space and Naval Warfare Systems Center Atlantic Executive Overview SSC Atlantic Small Business

Space and Naval Warfare Systems Center Atlantic Executive Overview SSC Atlantic Small Business

Space and Naval Warfare Systems Center Atlantic Executive Overview SSC Atlantic Small Business Outreach Mr. Steve Dunn SSC Atlantic Tidewater Association of Service Executive Director Contractors (TASC) 13 May 2015 Statement A: Approved

364 views • 13 slides

More recommend