Private Multi-Party Authentication and Key Exchange
Zusammenfassung der Projektergebnisse
Modern web and mobile applications such as social networks, instant messaging, cloud services, etc offer platforms connecting billions of people who can communicate, exchange data and work collaboratively with each other. The remote nature of such communication means gives authentication paramount importance while the ubiquity of connectivity and tremendous amounts of data traded online imposes high privacy risks. Combining the two contrasting goals — authentication and privacy — yet enabling secure communication amongst multiple participants has been in the focus of the PRIMAKE project over its duration of five years. The results obtained by the PRIMAKE project fall into the area of privacy-oriented cryptography that adopts modern cryptographic techniques to provide strong security and privacy guarantees for the users. The project explored new cryptographic protocols for privacy-preserving authentication, secure communication and data encryption, and delivered over 25 published outcomes advancing the areas of authentication and key exchange protocols (incl. for groups), affiliation-hiding authentication, and privacy protection in various types of encryption and signature schemes. The project introduced flexible group key exchange protocols for secure communication amongst groups with efficient on-demand computability of secrets keys for arbitrary subgroups of participants, significantly lowering the cost of key establishment in a group-based communication setting. The project proposed stronger privacy guarantees for affiliation-hiding authentication protocols and secret handshakes, protecting privacy of members from untrusted group authorities and designed highly efficient protocols in a multi-group setting where participants may have multiple affiliations which they wish to hide. Developed techniques were further applied in the design of new cryptographic solutions for privacy-preserving discovery of shared contacts in the context of social and mobile networking. PRIMAKE strengthened security and privacy of functional encryption schemes. The project proposed the first predicate encryption scheme with forward secrecy protection and hierarchical delegation of decrypting abilities, and defined new forms of privacy protection for predicate encryption schemes in presence of revocation mechanisms. The project looked into privacy properties for digital signatures and signcryption schemes. It introduced threshold blind signatures and explored relationships between different notions of privacy associated with traditional signatures and signcryption schemes. The project came up with a hierarchy of privacy goals and proposed appropriate constructions and general transformations achieving these goals. Towards the end of the project various contributions were made to strengthen cryptographic passwordbased authentication. This included new techniques for randomized password hashing and zero-knowledge proofs to enable registration of user-chosen passwords without revealing them to the servers yet proving their conformity to some password policy (e.g. minimal length, presence of different types of characters, etc). PRIMAKE designed new distributed password-based authentication protocols involving multiple servers to achieve stronger protection against compromised servers. The project also introduced efficient way for handling password trials in password-authenticated key exchange protocols reducing the amount of serverside computations and showed how these protocols can be bound to TLS channels removing the need for the users to validate server certificates and by this reducing the risks associated with phishing attacks. The outcomes of the PRIMAKE project suggest that privacy-oriented cryptographic mechanisms can greatly improve the protection of users in modern communications and applications and that their deployment in practice needs to be expanded. Designers and developers of modern group-based communication tools and applications need to address security and privacy risks and adopt appropriate protection mechanisms in early design stages.
Projektbezogene Publikationen (Auswahl)
-
“Cryptographic Treatment of Private User Profiles”. 15th International Conference on Financial Cryptography and Data Security (FC 2011), FC Workshops, LNCS 7126, pp.40-54, Springer
F. Günther, M. Manulis, T. Strufe
-
“Practical Affiliation-Hiding Authentication from Improved Polynomial Interpolation”. ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), pp. 286-295, ACM
M. Manulis, B. Poettering
-
“Fully Private Revocable Predicate Encryption”. 17th Australasian Conference on Information Security and Privacy (ACISP 2012), LNCS 7372, pp. 350-363, Springer, 2012
J.M. González Nieto, M. Manulis, D. Sun
-
“Sufficient Condition for Ephemeral Key-Leakage Resilient Tripartite Key Exchange”. 17th Australasian Conference on Information Security and Privacy (ACISP 2012), LNCS 7372, pp. 15-28, Springer
A. Fujioka, M. Manulis, K. Suzuki, B. Ustaoglu
-
Pseudorandom Signatures. ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), pp. 107-118, ACM
N. Fleischhacker, F. Günther, F. Kiefer, M. Manulis, B. Poettering
-
“Private Discovery of Common Social Contacts”. International Journal of Information Security (IJIS), 12(1):49-65, 2013, Springer
E. De Cristofaro, M. Manulis, B. Poettering
-
“Privacy-Enhanced Participatory Sensing with Collusion Resistance and Data Aggregation”. 13th International Conference on Cryptology and Network Security (CANS 2014), LNCS 8813, pp. 321-336, Springer, 2014
F. Günther, M. Manulis, A. Peter
-
“Zero-Knowledge Password Policy Checks and Verifier-Based PAKE”. 19th European Symposium on Research in Computer Security (ESORICS 2014), LNCS 8713, pp. 295-312, Springer, 2014
F. Kiefer, M. Manulis
-
“Oblivious PAKE: Efficient Handling of Password Trials”, Information Security Conference (ISC 2015), LNCS 9290, pp. 191-208, Springer
F. Kiefer, M. Manulis
-
“Public Key Encryption with Distributed Keyword Search”, 7th International Conference on Trustworthy Systems (InTrust 2015), LNCS 9565, pp. 62-83, Springer
V. Kuchta, M. Manulis