cryptography for trust and data services
play

cryptography for trust and data services Sbastien Canard Orange - PowerPoint PPT Presentation

Aug 28, 2023 •6 likes •406 views

cryptography for trust and data services Sbastien Canard Orange Labs Applied Crypto Group December, 4th SDTA 2014 let me introduce you Alice she has a smartphone she works for a small company she makes use of public

  1. cryptography for trust and data services Sébastien Canard Orange Labs – Applied Crypto Group December, 4th SDTA 2014

  2. let me introduce you Alice… � she has a smartphone � she works for a small company � she makes use of public transportations � she likes cinema and theatre � she lives in a place where cultural activities are well funding � she likes using new technologies… but not at any price 2 SDTA 2014 – cryptography and trust public Orange

  3. two modern services Alice can use contactless services cloud computing � in France(*) � in France(**) – more than 3 millions of – 29% of companies connected users use cloud computing � transportation (several – 5000 M€ in 2014 experimentations in France) (+100% in 2 years) � IaaS, PaaS, SaaS services � payment (some bank cards, Orange Cash, Apple Pay, …) � storage and/or compute � loyalty cards, tag reading, … can Alice make use these services in trust? ( * ) source AFSCM 3 SDTA 2014 – cryptography and trust public Orange ( ** ) source http://www.cloudindex.fr/

  4. confidentiality of her companies’ data � to protect and preserve the confidentiality of information means to ensure that it is not made available or disclosed to unauthorized entities � these services need to manipulate sensitive data – administrative documents – sensitive data related to competitiveness � what a service provider can do to give confidence? – do they have access to the data… – …while ensuring a good and appropriate service? 4 SDTA 2014 – cryptography and trust public Orange

  5. protection of her privacy � in France, these services should work in accordance to the “loi informatique et liberté” – transparency of the data gathering – use of the data should be clear – relevant data gathering – data precision – right to oblivion � what a service provider can do to give confidence? – verify the sensitivity of data, supervise data transfer – provide solutions to protect the privacy of customers – how to protect the privacy of customers… – … while offering them the best possible service? 5 SDTA 2014 – cryptography and trust public Orange

  6. can cryptography be useful? � historical objectives – confidentiality – (data) authentication – integrity – non repudiation � new objectives – provide tools to obtain conflicting properties – including data protection 6 SDTA 2014 – cryptography and trust public Orange

  7. cryptography and trust in new services contactless services cloud computing � minimization of the data � encryption of the stored data collected by services providers – confidentiality – some kind of anonymity – user privacy � but authorization to access the � but still accessing services service – manipulation of the stored data provide anonymity make computation and accountability on encrypted data 7 SDTA 2014 – cryptography and trust public Orange

  8. anonymity and accountability 8 titre de la présentation public Orange

  9. � having 2 distinct � having one communication log communication logs � infeasibility to link such � infeasibility to know whether communication with an both communications are identity related to the same identity same ID ?? ID ?? 9 SDTA 2014 – cryptography and trust public Orange

  10. accountability � anonymity is a good point for privacy – permits data minimization – “I belong to the group of authorized users” � but anonymity should not lead to more fraud – money laundering, anonymity of terrorists, etc. � we also need accountability – the user should be authorized – necessity to revoke the anonymity in case of fraud – by whom? when? – it depends on the use case and on legal restrictions – be careful on false accusations 10 SDTA 2014 – cryptography and trust public Orange

  11. standardized cryptographic solutions � ISO/IEC SC27 WG2 � group signatures – ISO/IEC 20009 Part 2 – each group member can sign messages on behalf of the group – each signature is anonymous, except for a designated opening manager � blind signatures – ISO/IEC 20009 (future Part 3) – a signer can sign documents that he does not know – the user who obtain the signature of his choice is anonymous in the group of users having obtain a signature from this signer – the user is authenticated by the signer when he obtains the signature 11 SDTA 2014 – cryptography and trust public Orange

  12. actors in a group signature scheme � issuer – manage the group – permits addition and deletion of group members � group members – need interaction with the group manager – able to sign on behalf of the group � opener – can revoke the anonymity of a signature � anybody else – can verify the correctness of a group signature – does not obtain the identity of the signer 12 SDTA 2014 – cryptography and trust public Orange

  13. main procedures 13 SDTA 2014 – cryptography and trust public Orange

  14. security properties � correctness – it pertains to signatures generated by honest group members – the signature should be valid – the opening algorithm should correctly identify the signer – the proof returned by the opening algorithm should be accepted � traceability – the attacker is unable to produce a signature such that – either the honest opener declares itself unable to identify the origin of the signature, or, – the honest opener believes it has identified the origin but is unable to produce a correct proof of its claim 14 SDTA 2014 – cryptography and trust public Orange

  15. security properties � anonymity – the attacker is unable to recover the identity of a signer from signatures – with messages of its choice – between two group members of its choice � non-frameability – the attacker is unable to create a judge-accepted proof that – an honest user produced a certain valid signature – unless this user really did produce this signature 15 SDTA 2014 – cryptography and trust public Orange

  16. suitable for many use cases anonymous access control • authorization to access the Alice’s Alice’s place or the service transportation payments • anonymity within the group of authorized entities • case of transportation e-vote systems e-cash systems • a voter is a member of the • a coin is a member of a group of authorized voters group of authorized coins • anonymity of the votes • each spending corresponds to a group signature • (without anonymity revocation) • double spending detection 16 SDTA 2014 – cryptography and trust public Orange

  17. how can it be done in practice? � how to ensure membership? – each group member obtains a signature s s =S IGN ( x , isk ) – on a secret value x – by the Issuer � how to ensure anonymity? – the secret value x and the signature s are not revealed during the group signature process – based on the zero-knowledge paradigm � how to revoke the anonymity? – additional encryption of a component of the signature s SDTA 2014 – cryptography and trust 17 public Orange

  18. management of user attributes � case of static attributes… – identity card: name, address, birthdate, etc. – student card: name, student identification number, University, studies, etc. � …and non traceability in proximity services… – transportation, cinema, access control, etc. – refunds, advantages, etc. � … in a digital world � we can use anonymous credential systems 18 SDTA 2014 – cryptography and trust public Orange

  19. general principle � objective = minimization of the personal data that are given to third parties � certification of the attributes by an authorized entity – identity card by the local city hall – student card by the University � disclosure of all or part of the certificate when accessing a service – « I’m a student in Caen », « I’m under 25 » card number – similar to group signature schemes name gender birth date address nationality 19 SDTA 2014 – cryptography and trust public Orange

  20. how to use a credential hide all attributes reveal all attributes card number card number name name sexe, gender birthdate birth date address address nationality nationality reveal some attributes prove some statements and hide others on an attribute card number card number name name sexe, sexe, proof birthdate birthdate address address nationality nationality 20 SDTA 2014 – cryptography and trust public Orange

  21. what kind of proof � an attribute is greater or lower than a public value – « I’m more than 65 » � an attribute is in a public interval – « I’m between 18 and 25 » � an attribute has a public size � two certificates contain the same attribute – « I’m a student and under 25 » – using both student and identity cards 21 SDTA 2014 – cryptography and trust public Orange

  22. other problems � the attributes should not be all revealed request after request � how to prove that this my identity card? – we can use a photo � efficiency of an implementation in a smart card or a mobile phone – equivalent to a dozen of RSA signatures – can it be implemented practically? – can we improve efficiency? 22 SDTA 2014 – cryptography and trust public Orange

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Public Hearings for Data Services Market Inquiry Dr David Harrison CEO The DG Murray Trust 17

Public Hearings for Data Services Market Inquiry Dr David Harrison CEO The DG Murray Trust 17

Public Hearings for Data Services Market Inquiry Dr David Harrison CEO The DG Murray Trust 17 October 2018 Contents 1. Introduction to The DG Murray Trust 2. Structural barriers continue to choke national development 3. Mobile technology

497 views • 21 slides
Public Hearings for Data Services Market Inquiry Dr David Harrison CEO, the DG Murray Trust 17

Public Hearings for Data Services Market Inquiry Dr David Harrison CEO, the DG Murray Trust 17

Presentation to the Public Hearings for Data Services Market Inquiry Dr David Harrison CEO, the DG Murray Trust 17 October 2018 Outline 1. Introduction to The DG Murray Trust 2. Structural barriers continue to choke national development 3.

367 views • 18 slides
Electronic Identification, Privacy and Trust in eGovernment Services: the e-SENS Project Lefteris

Electronic Identification, Privacy and Trust in eGovernment Services: the e-SENS Project Lefteris

e-SENS Electronic Simple European Networked Services Trust in the Digital World Track 12: Trusted Personal Data Management Vienna, April 8 th , 2014 Electronic Identification, Privacy and Trust in eGovernment Services: the e-SENS Project

417 views • 9 slides
Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Objectives Goals of Cryptography Security Services Security Mechanisms Relationship

Overview on Modern Cryptography Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Goals of Cryptography Security Services

658 views • 16 slides
Lecture 8: Cryptography Trust No One. 1 / 20 Cryptography: Basic Set Up Alice Bob Eve Goal:

Lecture 8: Cryptography Trust No One. 1 / 20 Cryptography: Basic Set Up Alice Bob Eve Goal:

Lecture 8: Cryptography Trust No One. 1 / 20 Cryptography: Basic Set Up Alice Bob Eve Goal: system st Bob gets the message, Eve doesnt 2 / 20 Cryptography: Basic Set Up Alice Bob Eve Goal: system st Bob gets the message, Eve

1.32k views • 90 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
Introduction to Cryptography Slide 1 Definition process data into unintelligible form,

Introduction to Cryptography Slide 1 Definition process data into unintelligible form,

1 Introduction to Cryptography Slide 1 Definition process data into unintelligible form, reversibly, without data loss typically digitally usually one-to-one in size $ compression analog cryptography: voice changers, shredder

331 views • 10 slides
Introduction to Cryptography 2 Definition process data into unintelligible form, reversibly,

Introduction to Cryptography 2 Definition process data into unintelligible form, reversibly,

1 Introduction to Cryptography 2 Definition process data into unintelligible form, reversibly, without data loss typically digitally usually one-to-one in size $ compression analog cryptography: voice changers, shredder other

483 views • 19 slides
Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir

Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir

Fundamentals of Cryptography: Algorithms, and Security Services Professor Guevara Noubir Northeastern University noubir@ccs.neu.edu Cryptography: Theory and Practice, Douglas Stinson, Chapman & Hall/CRC Network Security: Private

711 views • 56 slides
CRYPTOGRAPHY What is Cryptography? Sending/receiving information privately Changing around

CRYPTOGRAPHY What is Cryptography? Sending/receiving information privately Changing around

CRYPTOGRAPHY What is Cryptography? Sending/receiving information privately Changing around a message so that no one else can understand it except for you and your recipient Keep personal info and sensitive data safe History First

561 views • 27 slides
Mr Ian Kent Director of Local Services West London Mental Health Trust About the Trust Whole

Mr Ian Kent Director of Local Services West London Mental Health Trust About the Trust Whole

Mr Ian Kent Director of Local Services West London Mental Health Trust About the Trust Whole spectrum of mental health services One of only three including a high secure hospital Around 30 sites spread across 45 miles Plan to

278 views • 15 slides
Data Encryption Standard Simplified-DES Details of DES DES in OpenSSL Cryptography DES in

Data Encryption Standard Simplified-DES Details of DES DES in OpenSSL Cryptography DES in

Cryptography Data Encryption Standard Overview of the Data Encryption Standard (DES) Data Encryption Standard Simplified-DES Details of DES DES in OpenSSL Cryptography DES in Python School of Engineering and Technology CQUniversity

923 views • 30 slides
Data Encryption Standard Simplified-DES Details of DES DES in OpenSSL Cryptography DES in

Data Encryption Standard Simplified-DES Details of DES DES in OpenSSL Cryptography DES in

Cryptography Data Encryption Standard Overview of the Data Encryption Standard (DES) Data Encryption Standard Simplified-DES Details of DES DES in OpenSSL Cryptography DES in Python School of Engineering and Technology CQUniversity

594 views • 30 slides
NES COMMUNITY SERVICES ACQUISITION : PENNINE CARE FOUNDATION TRUST COMMUNITY SERVICES TO

NES COMMUNITY SERVICES ACQUISITION : PENNINE CARE FOUNDATION TRUST COMMUNITY SERVICES TO

NES COMMUNITY SERVICES ACQUISITION : PENNINE CARE FOUNDATION TRUST COMMUNITY SERVICES TO NORTHERN CARE ALLIANCE PAHT JHOSC 23 RD APRIL 2019 Background Pennine Care NHS Foundation Trust (PCFT) in the later part of 2018 announced its

199 views • 6 slides
Prioritizing Data and Purpose of Data Points What data do I have? What data do I trust? What

Prioritizing Data and Purpose of Data Points What data do I have? What data do I trust? What

Prioritizing Data and Purpose of Data Points What data do I have? What data do I trust? What data do I use most? Session Target: After todays session, you will be able to: 1. Insert/include data opportunities into PL models. 2.

710 views • 12 slides
2018 Risk-Limiting Audit Pilots Orange County Registrar of Voters Profile of Orange County

2018 Risk-Limiting Audit Pilots Orange County Registrar of Voters Profile of Orange County

2018 Risk-Limiting Audit Pilots Orange County Registrar of Voters Profile of Orange County 3 million+ residents Approx. 1.6 million voters 948 square miles 34 cities 26 special districts 32 school districts

123 views • 11 slides
Control Flow Integrity Lujo Bauer 18-732 Spring 2015 Control Hijacking Arms Race Control

Control Flow Integrity Lujo Bauer 18-732 Spring 2015 Control Hijacking Arms Race Control

Control Flow Integrity Lujo Bauer 18-732 Spring 2015 Control Hijacking Arms Race Control Control Flow Flow Integrity Integrity Attacks Attacks 2 http://propercourse.blogspot.com/2010/05/i-believe-in-duct-tape.html CFI: Goal Provably

744 views • 41 slides
Dynamic address durations in RIPE Atlas probes Ramakrishna Padmanabhan, Emile Aben, Amogh

Dynamic address durations in RIPE Atlas probes Ramakrishna Padmanabhan, Emile Aben, Amogh

Dynamic address durations in RIPE Atlas probes Ramakrishna Padmanabhan, Emile Aben, Amogh Dhamdhere, kc claffy, Neil Spring 1 Dynamic address: 1.2.3.4 How long does a public dynamic address last on a device? 2 How long does a public

518 views • 47 slides
Offloading data plane functions to the multi-tenant cloud infrastructure using P4 Tomasz Osiski

Offloading data plane functions to the multi-tenant cloud infrastructure using P4 Tomasz Osiski

Offloading data plane functions to the multi-tenant cloud infrastructure using P4 Tomasz Osiski / Orange, WUT Mateusz Kossakowski / Orange, WUT Halina Tarasiuk / WUT Roland Picard / Orange 1 Orange Confidential

529 views • 16 slides
Unsupervised Neural Hidden Markov Models Ke Tran 1 , Yonatan Bisk , Ashish Vaswani 2 , Daniel

Unsupervised Neural Hidden Markov Models Ke Tran 1 , Yonatan Bisk , Ashish Vaswani 2 , Daniel

Unsupervised Neural Hidden Markov Models Ke Tran 1 , Yonatan Bisk , Ashish Vaswani 2 , Daniel Marcu and Kevin Knight USC Information Sciences Institute 1 Univ of Amsterdam, 2 Google Brain I am not Ke Tran https://github.com/ketranm/neuralHMM

300 views • 27 slides
MAGNETISM Concept tests Leon Abelmann A THE EUROPEAN SCHOOL ON MAGNETISM The H field

MAGNETISM Concept tests Leon Abelmann A THE EUROPEAN SCHOOL ON MAGNETISM The H field

THE EUROPEAN SCHOOL ON MAGNETISM Concept tests Leon Abelmann A THE EUROPEAN SCHOOL ON MAGNETISM The H field Spontaneous magnetisation Direct exchange Leon Abelmann 2 To increase the field far away from a permanent magnet I

457 views • 11 slides
Anella Cientfica: Optical core at 100 Gbps Mara Isabel Ganda Carriedo 2nd TERENA Network

Anella Cientfica: Optical core at 100 Gbps Mara Isabel Ganda Carriedo 2nd TERENA Network

Anella Cientfica: Optical core at 100 Gbps Mara Isabel Ganda Carriedo 2nd TERENA Network Architects Workshop, Prague, 13-11-2013 About Anella Cientfica Anella Cientfica is the research and education network in Catalonia Managed by

109 views • 7 slides
Recursive Descent Parsing and CYK ANLP: Lecture 13 Shay Cohen 14 October 2019 1 / 1 Last Class

Recursive Descent Parsing and CYK ANLP: Lecture 13 Shay Cohen 14 October 2019 1 / 1 Last Class

Recursive Descent Parsing and CYK ANLP: Lecture 13 Shay Cohen 14 October 2019 1 / 1 Last Class Chomsky normal form grammars English syntax Agreement phenomena and the way to model them with CFGs 2 / 1 Recap: Syntax Two reasons to care

1.41k views • 108 slides

More recommend