|
|
Privacy-Enhancing Technologies and Privacy-Enhancing Cryptography for Wearables
Casanova-Marqués, Raúl ; Pendo,, Cristiano Gonçalves (oponent) ; PhD, Lukasz Michal Chmielewski, (oponent) ; Hajný, Jan (vedoucí práce)
The increasing concern surrounding privacy and the safeguarding of digital identities has emphasized the pressing necessity of establishing secure and confidential communication channels. This concern has led to the development of cryptographic mechanisms aimed at facilitating impervious information exchange. Nevertheless, traditional cryptographic approaches are proving insufficient in dynamic and resource-constrained environments, such as wearable devices. As a result, attribute-based credential schemes have emerged as a promising solution, offering fine-grained access control to digital services based on user-specific attributes. This doctoral thesis examines the efficacy and scalability of attribute-based anonymous credential schemes in ensuring the authenticity and security of users within dynamic architectures of wearable devices. It also explores enhancements to these schemes, with a primary focus on incorporating user revocation while maintaining privacy. Additionally, the thesis presents devised mechanisms to enable attribute-based authentication protocols on smart cards with limited support for elliptic curve cryptography. It addresses specific challenges associated with the usability of smart cards. Moreover, the thesis investigates the integration of anonymous authentication schemes in collaborative indoor positioning systems, aiming to provide privacy and security. Lastly, it explores the implementation of attribute-based authentication schemes in resource-constrained environments, with an emphasis on Internet of Things devices, and evaluates their feasibility within the dynamic architectures of wearable devices. The first contribution of this thesis introduces a purposefully designed protocol for anonymous authentication on smart cards. This protocol combines attribute-based credentials and user revocation while ensuring computational efficiency. To facilitate effective implementation and evaluation, the thesis employs smart cards equipped with the MULTOS operating system. The second contribution focuses on optimizing the capabilities of smart cards using Java Card technology for the implementation of attribute-based credential schemes. These smart cards are presented as a more accessible alternative for a wider consumer base. To overcome limitations in their application programming interface, the thesis devises strategies to augment the constrained support for elliptic curve cryptography and effectively implement such schemes. The third contribution presents the Privacy-Enhancing Authentication System, a robust solution compatible with smart cards, smartphones, and smartwatches. This system addresses the functional challenges associated with smart cards, including the absence of a graphical interface and limited user control over attribute disclosure. Consequently, it offers a practical and deployable solution for real-world scenarios. Finally, the thesis proposes a groundbreaking scheme to safeguard collaborative indoor positioning systems by addressing both privacy and security concerns. This scheme ensures the preservation of privacy and security by eliminating centralized architectures and employing encryption techniques for positioning information. The thesis includes comprehensive details such as protocol use cases, implementation specifics, execution benchmarks, and a comparative analysis with existing protocols.
|
|
|
Decentralized communication tool with anonymity guarantee
Legéň, Michal ; Burget, Radim (oponent) ; Malý, Jan (vedoucí práce)
Anonymity on the internet is becoming a actuall issue nowadays. There are several tools, that can be used to monitor user's activity and it can lead to lose privacy of users. The aim of this master's thesis is to describe different ways of working anonymous systems, especially the method called Onion Routing. The introduction of this work is devoted to the description of this method together with asymmetric cryptosystem RSA. The second part belongs to basics of socket programming and to the implementation of anonymous system in programming language C++. The final part is focussed on analysis of system in terms of security and time complexity. The conditions of anonymity and decentralization are accomplished. There is no presence of central server in the system and the management is handled by signalling messages.
|
|
|
Sběr metadat uživatelů a zařízení z Darkwebu
Gula, Ján ; Matoušek, Petr (oponent) ; Veselý, Vladimír (vedoucí práce)
Táto bakalárska práca rieši problém anonymizácie na Internete, ktorá sa vo veľkej miere využiva na obchodovanie s nelegálnymi substanciami. Tento problém núti zákonodarné zložky zaujímať sa o stránky predstavujúce trhy so zakázaným obsahom skryté za anonymizačnými sieťami. Mojím cieľom je zameriať sa na najväčšie obchody s podobným obsahom a získanie čo najväčšieho množstvá informácií o osobách, ktoré na trhoch figurujú či už ako predajcovia alebo nákupujúci. Daný problém som vyriešil tak, že som na základe počtu uživateľov vybral najvýznamnejšie tržiská stal sa jedným z ich uživateľov, a následne aplikoval algoritmy na vyškriabávanie dát z web stránok na to, aby som informácie zo stránok dostal do štrukturovanej podoby vhodnej na hlbšiu analýzu. Výsledky tejto práce umožnia orgánom činným v trestnom konaní jednoduchšiu analýzu metadat uživateľov dopúšťajúcich sa nelegálnej činnosti nakoľko nebudú musieť manuálne prechádzať jednotlivé nelegálne tržiská, ale všetky prístupné data budú zrhnuté v štruktúrovanej forme v databáze. Zjednotenie dát do štruktúrovanej formy pomôže urýchliť vyšetrovanie a určiť najväčších predajcov drog.
|
|
|
Systém anonymního sběru dat
Troják, David ; Malina, Lukáš (oponent) ; Dzurenda, Petr (vedoucí práce)
V rámci práce jsou analyzovány moderní přístupy k zajištění vyšší ochrany soukromí uživatelů. Zaměřuje se hlavně na skupinové digitální podpisy. V praktické části byl navržen a implementován PS umožňující anonymní sběr informací o síle signálu z mobilního zařízení. Aplikace byla navržena v souladu se základními kryptografickými požadavky jako je autentičnost a integrita přenášených dat. Anonymita uživatelů je zaručena jak na aplikační vrstvě (skupinový podpis) tak na síťové vrstvě (Tor).
|
|
|
ID - IDENTITY (UN) KNOWN (time specific in-cognito in-stant id - entity)
Janečková, Zuzana ; Babák, Petr (oponent) ; Rozbořil, Blahoslav (oponent) ; Chamonikolasová, Kaliopi (oponent) ; Ruller, Tomáš (vedoucí práce)
This dissertation focuses on va-rious strategies of presenting identity in contemporary art and the current trend of forming its mutations and mystifications. It deals with approaches such as when the name of an artist is absent from his performance, various forms of concealment, and the subsequent detection of an artist. The term “anonymity” is not examined as its mere literal definition, but it subsequently forks into other related meanings. The introduction points at our daily meetings with anonymity, the condensation of information stemming from all spheres including the sphere of visual arts. The subject of the dissertation is explored though the influence of media operating at a given time (time-specific) and a given place (site-specific): here and now. The text primarily deals with the phenomenon of being “anonymous”. While examining this topic, the period starting with the 1990s is discussed and supplemented by examples from the history of Slovak, Czech, and international visual art with extensions to literature, music and film. It closely focuses on the following four bi-polar forms of anonymity: celebrity / anonymous artist, art groups / collective exhibitions, street art / net art, signature art / untitled art. These terms are defined and organized into dictionary entries (containing both names of artists and definitions of terms). Comprising of over two hundred words, a hybrid thematic dictionary has been produced. It consists of already existing definitions taken from the Slovak and Czech mutations of Wikipedia which are quoted with consistence with each entry. The collaboration with Wikipedia is based on subsequent addition of the author’s definitions and thus supplements it with missing information from the sphere of visual arts. The text also deals with a current trend of renaming as a symbol of a hegemonic tool of power. The terms a.k.a., name, monogram, nick, and pseudonym are explored.
|
|
|
Implementace kryptografických protokolů na čipové karty
Moravanský, Michal ; Hajný, Jan (oponent) ; Dzurenda, Petr (vedoucí práce)
Bakalářská práce je zaměřena na kryptografická schémata využívající atributová pověření, která se snaží minimalizovat negativní dopady na ochranu soukromí uživatelů při používání autentizačních systémů. Cílem bakalářské práce byla implementace dvou zadaných schémat na čipové karty jakožto zařízení s omezeným výkonem. Schémata se liší pouze ve schopnosti revokovat uživatele. Praktická část práce obsahuje analýzu a výběr platformy čipových karet a kryptografických knihoven v závislosti na výkonnosti. Práce dále popisuje architekturu obou schémat a jednotlivé protokoly včetně probíhající komunikace. Implementace atributového schématu byla provedena na programovatelnou čipovou kartu Multos (strana uživatele) a Raspberry Pi 2 (strana vydavatele a ověřovatele). Je také porovnávána časová náročnost vybraných algoritmů. V závěru jsou formulovány závislosti mající vliv na výslednou efektivitu a rychlost protokolu.
|
|
|
Cryptographic Protection of Digital Identity
Dzurenda, Petr ; Švenda,, Petr (oponent) ; Castella-Roca, Jordi (oponent) ; Hajný, Jan (vedoucí práce)
The doctoral thesis deals with privacy-preserving cryptographic schemes in access control and data collection areas. Currently, card-based physical access control systems are used by most people on a daily basis, for example, at work, in public transportation and at hotels. However, these systems have often very poor cryptographic protection. For instance, user identifiers and keys can be easily eavesdropped and counterfeited. Furthermore, privacy-preserving features are almost missing and, therefore, user’s movement and behavior can by easily tracked. Service providers (and even eavesdroppers) can profile users, know what they do, where they go, and what they are interested in. In order to improve this state, we propose four novel cryptographic schemes based on efficient zero-knowledge proofs and elliptic curve cryptography. In particular, the thesis presents three novel privacy-friendly authentication schemes for access control and one for data collection application scenarios. The first scheme supports distributed multi-device authentication with multiple Radio-Frequency IDentification (RFID) user’s devices. This feature is particularly important in applications for controlling access to dangerous areas where the presence of protective equipment is checked during each access control session. The other two presented schemes use attribute-based approach to protect user’s privacy, i.e. these schemes allow users to anonymously prove the ownership of their attributes, such as age, citizenship, and gender. While one of our scheme brings efficient revocation and identification mechanisms, the other one provides the fastest authentication phase among the current state of the art solutions. The last (fourth) proposed scheme is a novel short group signature scheme for data collection scenarios. Data collection schemes are used for secure and reliable data transfer from multiple remote nodes to a central unit. With the increasing importance of smart meters in energy distribution, smart house installations and various sensor networks, the need for secure data collection schemes becomes very urgent. Such schemes must provide standard security features, such as confidentiality and authenticity of transferred data, as well as novel features, such as strong protection of user’s privacy and identification of malicious users. The proposed schemes are provably secure and provide the full set of privacy-enhancing features, namely anonymity, untraceability and unlinkability of users. Besides the full cryptographic specification and security analysis, we also show the results of our implementations on devices commonly used in access control and data collection applications.
|
|
|
Authentication Protocols and Privacy Protection
Hajný, Jan ; Vozňák, Miroslav (oponent) ; Vaněk,, Tomáš (oponent) ; Burda, Karel (vedoucí práce)
This dissertation thesis deals with the cryptographic constructions for user authentication. Rather than classical authentication protocols which allow only the identity verification, the attribute authentication systems are the main topic of this thesis. The attribute authentication systems allow users to give proofs about the possession of personal attributes. These attributes can represent any personal information, for example age, nationality or birthplace. The attribute ownership can be proven anonymously and with the support of many features for digital identity protection. These features include, e.g., the unlinkability of verification sessions, untraceability, selective disclosure of attributes or efficient revocation. Currently, the attribute authentication systems are considered to be the successors of existing authentication systems by the official strategies of USA (NSTIC) and EU (ENISA). The necessary features are partially provided by existing cryptographic concepts like U-Prove and idemix. But at this moment, there is no system providing all privacy-enhancing features which is implementable on computationally restricted devices like smart-cards. Among all weaknesses of existing systems, the missing unlinkability of verification sessions and the absence of practical revocation are the most critical ones. Without these features, it is currently impossible to invalidate expired users, lost or stolen authentication cards and cards of malicious users. Therefore, a new cryptographic scheme is proposed in this thesis to fix the weaknesses of existing schemes. The resulting scheme, which is based on established primitives like $\Sigma$-protocols for proofs of knowledge, cryptographic commitments and verifiable encryption, supports all privacy-enhancing features. At the same time, the scheme is easily implementable on smart-cards. This thesis includes the full cryptographic specification, the formal verification of key properties, the mathematical model for functional verification in Mathematica software and the experimental implementation on .NET smart-cards. Although the scheme supports all privacy-enhancing features which are missing in related work, the computational complexity is the same or lower, thus the time of verification is shorter than in existing systems. With all these features and properties, the resulting scheme can significantly improve the privacy of users during their verification, especially when used in electronic ID systems, access systems or Internet services.
|
|
|
Webová prezentace projektu JShelter
Krčma, Jan ; Polčák, Libor (oponent) ; Bednář, Martin (vedoucí práce)
Tato práce se zaobírá tvorbou uživatelsky přívětivé webové prezentace projektu JShelter, ve které jsou vyzvednuty jeho výhody v ohledu bezpečnosti jeho uživatelů při pohybování se na webu tak, aby byla dostatečně zachována jejich anonymita a zároveň i funkčnost navštěvovaných stránek. Především zde bude představeno zabezpečení poskytované rozšířením JShelter proti sledování uživatele na základě odchylky jeho vnitřních hodin a také utvrzení ochrany same-origin policy.
|
|
|
Anonymní komunikace v prostředí Internetu
Pajtinová, Mária ; Malina, Lukáš (oponent) ; Hajný, Jan (vedoucí práce)
Diplomová práce se zaměřuje na možnosti, jak lze anonymně komunikovat přes Internet. Jsou zde popsány anonymizační programy TOR, JAP, I2P a CyberGhost, které umožňují uživateli ukrýt svou identitu za jinou IP adresu. Následně jsou provedeny měření z různých technologií pro výpočet přenosových rychlostí využitím programu TOR.
|
host ::
RSS.