how to construct state registries matching
play

How to Construct State Registries Matching State registry Na ve - PowerPoint PPT Presentation

Jan 19, 2023 •134 likes •330 views

Secure registries M. Kutyowski How to Construct State Registries Matching State registry Na ve solution Undeniability with Public Security Our solution Mirosaw Kutyowski joint work with Przemysaw Kubiak and Jun Shao

  1. Secure registries M. Kutyłowski How to Construct State Registries Matching State registry Na¨ ıve solution Undeniability with Public Security Our solution Mirosław Kutyłowski joint work with Przemysław Kubiak and Jun Shao ∗ Wrocław University of Technology Pennsylvania State University ∗ ACIIDS-2010, Hue, 24.03.2010

  2. State Registry for Personal Information purpose Secure registries M. Kutyłowski Reference database for e-ID State registry 1 official source of basic personal data (birth date, Na¨ ıve solution parents, citizenship, issued ID documents) Our solution 2 accessible online for checking validity of these data Purpose 1 high quality reference data that can be assumed to be true in the legal sense, 2 source of necessary data for other e-government systems,

  3. Security Requirements Secure registries M. Kutyłowski State registry Requirements Na¨ ıve solution 1 each single (digital) record must be authenticated in a Our solution strong way 2 adding new records possible only through appending them to the database 3 corrections of old records only by adding correcting records

  4. Cryptographic tools Hash functions, chains Secure registries M. Kutyłowski State registry Cryptographic hash function H Na¨ ıve solution Our solution computing H ( x ) for a given x is easy finding an x such that H ( x ) = y for a given y is infeasible finding x 1 � = x 2 such that H ( x 1 ) = H ( x 2 ) is infeasible Examples: SHA-256, RIPEMD, ...

  5. Cryptographic tools Hash functions, chains Secure Cryptographic hash function H registries M. Kutyłowski finding x 1 � = x 2 such that H ( x 1 ) = H ( x 2 ) is infeasible State registry Na¨ ıve solution Hash chain Our solution given records m 1 , m 2 , . . . , m k to be linked we compute the values H i according to the formula H i + 1 = H ( H i , m i + 1 ) for i < k so we construct: H 1 := H ( IV , m 1 ) , H 2 := H ( H 1 , m 2 ) , H 3 := H ( H 2 , m 3 ) , ... it is impossible to remove, add or modify a record without changing H k

  6. Cryptographic tools Merkle tree Secure registries Merkle tree M. Kutyłowski 1 a labeled tree State registry 2 the leaves are labeled with data items m 1 , . . . , m k Na¨ ıve solution 3 label L ( a ) of a node a having children b , c in the tree is Our solution computed as � � L ( a ) := H L ( a ) , L ( b ) 4 label of the root is a fingerprint of all values in the leaves 5 for proving that a label is in some leaf of a tree with label h in the root: it is enough to show some hashes from the tree (an easy reconstruction)

  7. Architecture based on Merkle trees Secure System architecture registries M. Kutyłowski 1 form a Merkle tree from the records of one day 2 keep linking the roots of the Merkle trees in a single State registry Na¨ ıve solution hash chain Our solution 3 leave physical traces: print, sign (traditionally) and store safely the root values, publish the root values each day in a newspaper Features 1 a digital evidence for existence in the database: data for reconstructing the values on the path from a leaf to the root of some Merkle tree, 2 the trees need not to be published, only their roots! (automatic personal data protection)

  8. Problems Secure registries The security requirements are in fact different: M. Kutyłowski 1 in certain situations it is necessary to create in the past State registry some records of the registry Na¨ ıve solution Our solution 2 creation of new identities for: witness protection programs creating identities for agents of security authorities . . . Merkle trees are not well suited: 1 strong properties of the tree prevents creation of ID’s by security agencies 2 agent ID’s would have to be created in advance.

  9. Our solution actors Secure registries M. Kutyłowski State registry Na¨ ıve solution Registrar Our solution 1. Registrar is an authorized public body 2. Registrar can create entries in the registry only in the “append” mode only 3. no entry can be removed or modified after insertion so that it remains undetected

  10. Our solution actors Secure registries Security Agency M. Kutyłowski 4. Security Agency has possibility to break the State registry rules 1-2 and insert additional entries with past Na¨ ıve solution date Our solution 5. it is impossible to distinguish the entries created according to rule 4 from the regular entries, even with private keys used to create the entries 6. another authority, called Supervisor, has extra private keys and using them may reveal if a given entry in the database has been created by Registrar or by Security Agency

  11. Cryptographic building blocks hash function Secure Trapdoor hash function registries M. Kutyłowski 1 H is one-way, collision resistant function: it is infeasible to find any ( x , s ) � = ( x ′ , s ′ ) such that H ( x , s ) = H ( x ′ , s ′ ) State registry 2 there is a secret trapdoor S , so that given ¯ z , ¯ s , and the Na¨ ıve solution trapdoor secret S one can find ¯ x such that H (¯ x , ¯ s ) = ¯ z Our solution Example Let E be encryption with a a public key. Let H ( x , s ) = E ( E ( x ) xor s ) with a decryption function and a signature s it is easy to find a value x such that H ( x , s ) = z inverting H would mean breaking E : given a ciphertext c , find x , s such that D ( c ) = E ( x ) xor s a collision for H would mean finding x ′ such that E ( x ) xor E ( x ′ ) = s xor s ′ . s and s ′ must be signatures, so one has to find a pair of plaintexts yielding a given difference of ciphertexts

  12. Cryptographic building blocks group signatures Secure registries M. Kutyłowski Requirements State registry 1 an upper bound on the number of group members (for Na¨ ıve solution instance 2) Our solution 2 the group manager cannot become a group member 3 the group manager can prove that a signature was created by a given person with a zero knowledge proof (so that it is not transferable) 4 a group member cannot prove to a third party that a given signature has been created by himself (or somebody else)

  13. Cryptographic building blocks Verifiable randomness Secure registries M. Kutyłowski State registry Verifying random strings for randomness Na¨ ıve solution Our solution If Alice wishes to determine a “random value”, then she chooses a random value x , she computes an undeniable signature ˜ s of x with designated verifier Bob. The underlying designated signature scheme should be non-delegateable.

  14. Creating Merkle tree by Registrar Registrar Secure registries M. Kutyłowski State registry Creating a Merkle tree by Registrar Na¨ ıve solution 1 for the entries m 1 , . . . , m k created during day t Our solution Registrar creates signatures s 1 , . . . , s k using the key K G 2 Registrar chooses x 1 , . . . , x k at random , then for i ≤ k computes y i = H ( x i , s i ) , the values x i , s i get stored together with m i in the database 3 for k < j ≤ L Registrar creates pseudo-random values y j using a key K U

  15. Creating Merkle tree by Registrar Registrar Secure registries Creating the Merkle tree by Registrar M. Kutyłowski 1 Registrar contacts Security Agency , then: State registry Registrar shows y k + 1 , . . . , y L and performs together with Na¨ ıve solution Security Agency the verification procedure, additionally, Our solution for each y i Registrar presents the hash proof p i , Registrar shows x 1 , . . . , x k and performs together with Security Agency verification procedure, additionally, Registrar also shows to Security Agency corresponding signatures s 1 , . . . , s k , to prove that x 1 , . . . , x k were really used to create leaves, 2 Registrar creates a hash tree with the leaves y 1 , . . . , y L 3 Registrar signs the root and archives it, 4 for each m i Registrar creates a hash tree proof p i and sends the authentication data to the entitled person(s),

  16. Creating entries by Security Agency Secure registries M. Kutyłowski State registry Inserting a fake record Na¨ ıve solution 1 Security Agency chooses some y that has been Our solution shown by Registrar and proved as pseudo-random value not corresponding to any real entry, 2 Security Agency creates a signature s of m using the key ¯ K G and the group signature scheme, 3 Security Agency uses the trapdoor K H to find x such that y = H ( x , s ) .

  17. Summary Secure Properties registries M. Kutyłowski 1 a strong cryptographic proof that a record is in the registry State registry Na¨ ıve solution 2 only append operation Our solution 3 also insert operation for special user 4 a supervisor can check who created a given record... 5 but the proof is non-transferable the technique can be extended Current work implementation as a “proof of concept” choice of cryptographic primitives - fine tuning the algorithms to specific needs

  18. Secure registries M. Kutyłowski State registry Thanks for your attention! Na¨ ıve solution Our solution Contact data 1 Miroslaw.Kutylowski@pwr.wroc.pl 2 http://kutylowski.im.pwr.wroc.pl 3 +48 71 3202109, fax: +48 71 320 2105

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Haemophilia Registries quantity versus quality The current situation in Europe Christine Keipert

Haemophilia Registries quantity versus quality The current situation in Europe Christine Keipert

www.pei.de Haemophilia Registries quantity versus quality The current situation in Europe Christine Keipert Workshop on Haemophilia Registries July 1 st , 2015 Topics From local to global: The current state of haemophilia registries

503 views • 25 slides
The future of registries Jay Daley Dec 2006 1 The future of registries Only the start of the

The future of registries Jay Daley Dec 2006 1 The future of registries Only the start of the

The future of registries Jay Daley Dec 2006 1 The future of registries Only the start of the journey Change is coming New technologies all the time Always a registry opportunity Some will embrace this Some will be left

344 views • 23 slides
June 28, 2010 Hankje Escher USA registries European registries Longterm registry

June 28, 2010 Hankje Escher USA registries European registries Longterm registry

June 28, 2010 Hankje Escher USA registries European registries Longterm registry (Centocor) Pediatric IBD consortium (Heyman) Start 2000: prevalent and incident cases, 1600 patients 6 sites: San Francisco,

439 views • 17 slides
Registries and Trial Readiness Hanns Lochmller Patient Registries Standardized genetic and

Registries and Trial Readiness Hanns Lochmller Patient Registries Standardized genetic and

Registries and Trial Readiness Hanns Lochmller Patient Registries Standardized genetic and clinical data necessary for trial recruitment Many benefits to registered patients Feedback on standards of care and new research

581 views • 17 slides
Patien Patient-managed managed registries registries How How can we can we get high qualit

Patien Patient-managed managed registries registries How How can we can we get high qualit

Patien Patient-managed managed registries registries How How can we can we get high qualit get high quality y data from pat data from patients ients for precis for precision ion medicine? medicine? Elizabeth Vroom Julian Isla

327 views • 14 slides
7.5 Bipartite Matching Matching Matching. Input: undirected graph G = (V, E). M E

7.5 Bipartite Matching Matching Matching. Input: undirected graph G = (V, E). M E

7.5 Bipartite Matching Matching Matching. Input: undirected graph G = (V, E). M E is a matching if each node appears in at most edge in M. Max matching: find a max cardinality matching. 3 Bipartite Matching Bipartite matching.

542 views • 37 slides
The GDPR and clinical registries Is it really that bad ? MedLawconsult Autumn Conference on

The GDPR and clinical registries Is it really that bad ? MedLawconsult Autumn Conference on

The GDPR and clinical registries Is it really that bad ? MedLawconsult Autumn Conference on European State Aid Law 2012 It very much depends Def. of personal data Informed consent, when Derogations 81 for health and clinical

600 views • 11 slides
Concurrent Pattern Matching: combining discovery, privacy and symmetry using pattern matching

Concurrent Pattern Matching: combining discovery, privacy and symmetry using pattern matching

Introduction Background Deliverables &amp; Methodology State of research Concurrent Pattern Matching: combining discovery, privacy and symmetry using pattern matching Thomas Given-Wilson, University of Technology, Sydney Supervisor:

559 views • 21 slides
Webinar #3 Strengthening Cancer Registries and Use of Data through National Cancer Control

Webinar #3 Strengthening Cancer Registries and Use of Data through National Cancer Control

Webinar #3 Strengthening Cancer Registries and Use of Data through National Cancer Control Efforts Betsy Kohler, North American Association of Central Cancer Registries Les Mery, International Agency for Research on Cancer Outline

963 views • 49 slides
Improving Cancer Registries through Enhanced Stakeholder Buy-in Whats in it for them?

Improving Cancer Registries through Enhanced Stakeholder Buy-in Whats in it for them?

Improving Cancer Registries through Enhanced Stakeholder Buy-in Whats in it for them? Outline 1. Why cancer registries are important and how they relate to cancer control plans 2. Important stakeholders to engage and how to motivate them

414 views • 39 slides
FY2020 E-Rate State Matching Grant Technical Assistance Webinar Illinois State Board of

FY2020 E-Rate State Matching Grant Technical Assistance Webinar Illinois State Board of

FY2020 E-Rate State Matching Grant Technical Assistance Webinar Illinois State Board of Education April 16, 2020 1 Agenda Welcome and Introductions NOFO/RFP Overview Eligibility The Application Process Districts Next

349 views • 34 slides
How to construct a highway to Health Knowledge ? How to construct a new capital: Braslia ? x

How to construct a highway to Health Knowledge ? How to construct a new capital: Braslia ? x

The Brazilian Telemedicine University Network RUTE And its eHealth relations with Regional Academic Networks How to construct a highway to Health Knowledge ? How to construct a new capital: Braslia ? x a new health approach: Telemedicine ?

482 views • 25 slides
ISTH and EAHAD perspective on Haemophilia Registries Flora Peyvandi Angelo Bianchi Bonomi

ISTH and EAHAD perspective on Haemophilia Registries Flora Peyvandi Angelo Bianchi Bonomi

ISTH and EAHAD perspective on Haemophilia Registries Flora Peyvandi Angelo Bianchi Bonomi Hemophilia and Thrombosis center Fondazione IRCCS C Granda Ospedale Maggiore University of Milan Workshop on Haemophilia Registries 1 st July 2015 London

276 views • 15 slides
X u a u a a matching. 3 3 3 0 0 1 dashed means matched. Algorithm No augmenting path

X u a u a a matching. 3 3 3 0 0 1 dashed means matched. Algorithm No augmenting path

Comments on last lecture. Today Matching/Weighted Vertex Cover Maximum Weight Matching. Given a bipartite graph, G = ( U , V , E ) , with edge weights w : E R , find a maximum weight matching. Easy to come up with several Nash for

181 views • 4 slides
CS 126 Lecture T1: Pattern Matching Outline Introduction Pattern matching in Unix

CS 126 Lecture T1: Pattern Matching Outline Introduction Pattern matching in Unix

CS 126 Lecture T1: Pattern Matching Outline Introduction Pattern matching in Unix Regular expressions in Unix Regular expressions as formal languages Finite State Automata Conclusions CS126 14-1 Randy Wang Introduction

431 views • 41 slides
Construct 2 A game engine without the programming. The Code Liberation Foundation Lecture 3:

Construct 2 A game engine without the programming. The Code Liberation Foundation Lecture 3:

The Code Liberation Foundation Lecture 3: Construct 2 Construct 2 A game engine without the programming. The Code Liberation Foundation Lecture 3: Construct 2 Construct 2 is a powerful tool Started as a prototyping program, but is now

966 views • 39 slides
Performance Tuning an Algorithm for Compressing Relational Tables Authors Jyrki Katajainen and

Performance Tuning an Algorithm for Compressing Relational Tables Authors Jyrki Katajainen and

Performance Tuning an Algorithm for Compressing Relational Tables Authors Jyrki Katajainen and Jeppe Nejsum Madsen Speaker Jeppe Nejsum Madsen July 5th, SWAT2002 p.1/ ?? Relations A relation consists of a scheme and an

386 views • 21 slides
Elementary Data Structures Biostatistics 615/815 Lecture 7: . . 1 / 34 . Tree List Recap .

Elementary Data Structures Biostatistics 615/815 Lecture 7: . . 1 / 34 . Tree List Recap .

. Hash Tables September 25th, 2012 Biostatistics 615/815 - Lecture 7 Hyun Min Kang September 25th, 2012 Hyun Min Kang Elementary Data Structures Biostatistics 615/815 Lecture 7: . . 1 / 34 . Tree List Recap . . . . . . . . . . .

563 views • 45 slides
LUX Hash Function Ivica Nikoli c, Alex Biryukov, Dmitry Khovratovich University of Luxembourg

LUX Hash Function Ivica Nikoli c, Alex Biryukov, Dmitry Khovratovich University of Luxembourg

LUX Hash Function LUX Hash Function Ivica Nikoli c, Alex Biryukov, Dmitry Khovratovich University of Luxembourg LUX Hash Function Outline 1 Design 2 Security Analysis 3 Implementation 4 Advantages LUX Hash Function Design Design LUX Hash

539 views • 28 slides
Lecture 6 Cryptographic Hash Functions 1 Purpose One of the most important tools in

Lecture 6 Cryptographic Hash Functions 1 Purpose One of the most important tools in

Lecture 6 Cryptographic Hash Functions 1 Purpose One of the most important tools in modern cryptography and security In crypto, instantiates a Random Oracle In security, used in a variety of authentication and integrity

693 views • 20 slides
Scalable Content- Addressable Network Eireann Leverett How Torus We use a Torus because it is

Scalable Content- Addressable Network Eireann Leverett How Torus We use a Torus because it is

Scalable Content- Addressable Network Eireann Leverett How Torus We use a Torus because it is un- Dimensions ending in each Nodes dimension. It is a Hashing circle where the last Realities address neighbours Zone takeover the first,

922 views • 10 slides
Using OpenACC to parallelize irregular computation (Session:S7478) Sunita Chandrasekaran Arnov

Using OpenACC to parallelize irregular computation (Session:S7478) Sunita Chandrasekaran Arnov

Using OpenACC to parallelize irregular computation (Session:S7478) Sunita Chandrasekaran Arnov Sinha (arnov@udel.edu) (schandra@udel.edu) M.S. (Graduating Summer17) Assistant Professor University of Delaware, DE, USA May 10, GTC 2017,

436 views • 22 slides
Autoplacer : Scalable Self-Tuning Data Placement in Distributed Key-value Stores ICAC13 Jo

Autoplacer : Scalable Self-Tuning Data Placement in Distributed Key-value Stores ICAC13 Jo

Autoplacer : Scalable Self-Tuning Data Placement in Distributed Key-value Stores ICAC13 Jo ao Paiva , Pedro Ruivo, Paolo Romano, Lu s Rodrigues Instituto Superior T ecnico / Inesc-ID, Lisboa, Portugal June 27, 2013 Outline

605 views • 48 slides
NOT EXACTLY! APPROXIMATE ALGORITHMS FOR BIG DATA FANGJIN YANG DRUID COMMITTER METAMARKETS

NOT EXACTLY! APPROXIMATE ALGORITHMS FOR BIG DATA FANGJIN YANG DRUID COMMITTER METAMARKETS

NOT EXACTLY! APPROXIMATE ALGORITHMS FOR BIG DATA FANGJIN YANG DRUID COMMITTER METAMARKETS NELSON RAY QUANTITATIVE ANALYST GOOGLE OVERVIEW THE PROBLEM MANAGE DATA COST EFFICIENTLY THE DATA DEALING WITH EVENT STREAMS SIMPLIFYING

1.11k views • 64 slides

More recommend