Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS
DATA SHARING WITH FORWARD SECURITY
CONTENT
Introduction
Problem statements
Literature Review
Existing system
Proposed system
Application
Conclusion
Future work
MOTIVATIONS
Cloud Computing is ceaseless growing latest technology in IT industry,
academia and business. Main features of cloud computing is that on-demand
capabilities, broad network access, resource pooling, rapid elasticity ,measured
service scalability and provides shared services to user on demand basis in
distributed environment.
Data sharing :One of the government officials wants to leak a secret to the
public, however he wants to remain anonymous. On the other hand, he wants
the public to be convinced that the secret is actually leaked from one of the
many officers and is thus reliable.
So, we want a signature scheme to have the properties of correctness,
unforgeabilitiy, and anonymous.
INTRODUCTION
The popularity and widespread use of “CLOUD” have brought great
convenience for data sharing and collaboration .
Example: Smart Grid
Taking energy usage data sharing in Smart Grid as an example, there are
several security goals a practical system must meet, including:
1. Data Authenticity.
2. Anonymity
3. Efficiency.
PROBLEM AND SOLUTION STATEMENTS
Problem :
Data sharing has never been easier with the advances of cloud computing as data is
always deployed in a hostile environment and vulnerable to a number of security threats.
Yet the costly certificate verification and validation in the traditional public key
infrastructure (PKI) setting becomes a bottleneck for data sharing solution to be scalable
Solution :
Ring signature is a promising candidate to construct an anonymous and authentic data
sharing system. It allows a data owner to anonymously authenticate his data which can be
put into the cloud for storage or analysis purpose.
Identity-based (ID-based) ring signature, which eliminates the process of certificate
verification, can be used instead of traditional public key infrastructure (PKI).
LITERATURE REVIEW
Hui Wang. Privacy-preserving Data Sharing In Cloud Computing. Journal Of
Computer Science AndTechnology 25(3): 401–414 May 2010.
Considered two kinds of privacy leakage, presence leakage, which is to identify an
individual in (or not in) the dataset, and association leakage, which is to identify
whether an individual is associated with some sensitive information, e.g., a specific
disease. Author defined α- presence and β-association to address these two kinds of
privacy leakage in a unified framework. Author developed a novel technique,
Ambiguity, that protects both presence privacy and association privacy.
CONT…
Sherman S.M. Chow, S.M. Yiu, and Lucas C.K. Hui Department of Computer
Science The University of Hong Kong Pokfulam, Hong Kong “Efficient
Identity Based Ring Signature ” International Association for Cryptologic
Research 2014
For ring signature schemes to be practical, system need to eliminate the need for
validity checking of the certificates and the need for registering for a certificate
before getting the public key. ID-based solutions can provide these two features.
CONT…
Forward-Secure Digital Signature Scheme MihirBellare and Sara K. Miner ”A Forward-
Secure Digital Signature Scheme” Dept. of Computer Science, & Engineering University
of California at San Diego, 9500 Gilman Drive La Jolla, CA 92093, USA
Digital signature scheme in which the public key is fine-tuned but the secret signing
key is updated at customary intervals so as to provide forward security property:
compromise of the current secret key does not enable an adversary to forge
signatures pertaining to the past. This can be utilizable to mitigate the damage
caused by key exposure without requiring distribution of keys.
“ Past signature remain secure even if expose the current secret key.”
EXISTING SYSTEM
Identity-based Cryptography
In 1984, Adi Shamir, of RSA notoriety, introduced the concept of identity-based
cryptography. which eliminated the need for verifying the validity of public key
certificates, the management of which is both time and cost consuming.
In an ID-based cryptosystem, the public key of each user is publicly known identity
(e.g., an email address, a residential address, etc.). And then private key generator
(PKG) then computes private keys from its master secret for users.
Problem Inherent key escrow : Escrow systems are somewhat risky because a third
party is involved in marinating and issuing of private key
CONT…
Ring Signatures
Ring signatures were invented by Ron Rivest, Adi Shamir, and Yael Tauman. Ring
Signature is type of digital signature that can be performed by any member of a
group having key . Therefore, a message signed with a ring signature, is signed by
someone in a particular group of people. However it is computationally infeasible to
determine which of the group members' keys was used to produce the signature.
ID-BASED RING SIGNATURE
ALGORITHM
ID-based ring signature is more preferable in the setting with a large number of users such as
energy data sharing in smart grid:
Step 1: The energy data owner (say, Bob) first setups a ring by choosing a group of users.
This phase only needs the public identity information of ring members, such as residential
addresses, and Bob does not need the collaboration (or the consent) from any ring
members.
Step 2: Bob uploads his personal data of electronic usage, together with a ring signature
and the identity information of all ring members.
Step 3: By verifying the ring signature, one can be assured that the data is indeed given out
by a valid resident (from the ring members) while cannot figure out who the resident is.
Hence the anonymity of the data provider is ensured together with data authenticity.
KEY EXPOSURE PROBLEM
Problem :Key Exposure Problem in Id-based Ring signature:
If the private key of a signer is compromised , all signatures of that signer
become worthless: future signatures are invalidated and no previously issued
signatures can be trusted.
Solution : ID-based Forward Secure Ring Signature
The notion of forward secure signature was proposed to preserve the validity of
past signatures even if the current secret key is compromised.
The idea is dividing the total time of the validity of a public key into T time
periods, and a key compromise of the current time slot does not enable an
adversary to produce valid signatures pertaining to past time slots.
PROPOSED SYSTEM :ID-BASED FORWARD
SECURE RING SIGNATURE (IDFSRS)
ID-based forward secure ring signature scheme are designed in following ways. The
identities and user secret keys are valid into T periods and makes the time intervals
public and also set the message space M= { 0,1 }.
It is in ID-based setting.
The size of a secret key is just one integer.
Key update process only requires an exponentiation.
IDFSRS do not require any pairing in any stage.
ALGORITHM
A (1,n) ID-based forward secure ring signature (IDFSRS) scheme is a tuple of probabilistic polynomial-time
(PPT) algorithms:
Setup. On input an unary string 1λ where λ is a security parameter, the algorithm outputs a master secret
key msk for the third party private key generator and a list of system parameters param that includes λ and
the description of a user secret key space D, a message space M as well as a signature space ψ.
Extract. On input a list param of system parameters, an identity IDi ϵ {0,1}* for a user and master secret
key ski,0 ϵ D such that the secret key is valid for time t=0. In this algorithm we denote IDi corresponds to
user secret key ski,0 or vice versa, we mean the pair (IDi , ski,0) is an input-output pair of Extract with
respect to param and mask.
o Update. On input a user secret key ski,t for a time period t, the algorithm outputs a new user secret key
ski,t+1 for the time period t+1.
Sign. On input a list param of system parameters, a time period t, a group size n of length polynomial in λ, a set L={IDi ϵ {0,1}*|i ϵ [1,n]} of n user identities, a message m ϵ M, and a secret key skπ,t ϵ D, π ϵ [1,n] for
time period t, the algorithm outputs a signature σ ϵ ψ.
Verify. On input a list param of system parameters, a time period t, a group size n of length polynomial in
λ, a set L={IDi ϵ {0,1}*|i ϵ [1,n]} of n user identities, a message m ϵ M, a signature σ ϵ ψ , it output either
valid or invalid.
APPLICATIONS OF FORWARD SECURE ID-BASED
RING SIGNATURES
WHISTLE BLOWING
ONLINE BANKING
MAIL BOX.
CONCLUSION
IDFSRS allows an ID-based ring signature scheme to have forward security
and can be proven forward-secure unforgeable in the random oracle model ,
assuming RSA problem is hard.
IDFSRS is very efficient and does not require any pairing operations. The size
of user secret key is just one integer, while the key update process only
requires an exponentiation.
IDFSRS scheme will be very useful in many other practical applications,
especially to those require user privacy and authentication, such as ad-hoc
network, e-commerce activities and smart grid.
FUTURE WORK
Our current scheme relies on the random oracle assumption to prove its
security. We consider a provably secure scheme with the same features in the
standard model as an open problem and our future research work.
REFERENCES
[1]. Abe, M. Ohkubo, and K. Suzuki, “1-out-of-n signatures from a variety of keys,” in Proc.
8th Int. Conf. Theory Appl. Cryptol. Inform. Security: Adv. Cryptol., 2002, vol. 2501, pp. 415–
432.
[2] R. Anderson, “Two remarks on public-key cryptology,” Manuscript,Sep. 2000. (Relevant
material presented by the author in an invited lecture at the Fourth ACM Conference on
Computer and Communications Security, 1997.)
[3] G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik, “A practical and provably secure
coalition-resistant group signature scheme,” in Proc. 20th Annu. Int. Cryptol. Conf. Adv.
Cryptol., 2000, vol. 1880, pp. 255–270.
[4] M. H. Au, J. K. Liu, T. H. Yuen, and D. S. Wong, “ID-based ring signature scheme secure in
the standard model,” in Proc. 1st Int.Workshop Security Adv. Inform. Comput. Security,
2006, vol. 4266,pp. 1–16.
[5] A. K. Awasthi and S. Lal, “Id-based ring signature and proxy ring signature schemes from
bilinear pairings,” CoRR, vol. abs/cs/0504097, 2005.
Thank you