20 Hits in 0.6 sec

Multi-Shard Private Transactions for Permissioned Blockchains [article]

Elli Androulaki, Angelo De Caro, Kaoutar Elkhiyaoui, Christian Gorenflo, Alessandro Sorniotti, Marko Vukolic
2020 arXiv   pre-print
Traditionally, blockchain systems involve sharing transaction information across all blockchain network participants. Clearly, this introduces barriers to the adoption of the technology by the enterprise world, where preserving the privacy of the business data is a necessity. Previous efforts to bring privacy and blockchains together either still leak partial information, are restricted in their functionality or use costly mechanisms like zk-SNARKs. In this paper, we propose the Multi-Shard
more » ... ate Transaction (MSPT) protocol, a novel privacy-preserving protocol for permissioned blockchains, which relies only on simple cryptographic primitives and targeted dissemination of information to achieve atomicity and high performances.
arXiv:2010.08274v1 fatcat:jkkq3gew5rglvpjmbzw6vcif2m


Kaoutar Elkhiyaoui, Erik-Oliver Blass, Refik Molva
2012 Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks - WISEC '12  
Counterfeit detection in RFID-based supply chains aims at preventing adversaries from injecting fake products that do not meet quality standards. This paper introduces CHECKER, a new protocol for counterfeit detection in RFID-based supply chains through on-site checking. While RFID-equipped products travel through the supply chain, RFID readers can verify product genuineness by checking the validity of the product's path. CHECKER uses a polynomialbased encoding to represent paths in the supply
more » ... hain. Each tag T in CHECKER stores an IND-CCA encryption of T 's identifier ID and a signature of ID using the polynomial encoding of T 's path as secret key. CHECKER is provably secure and privacy preserving. An adversary can neither inject fake products into the supply chain nor trace products. Moreover, RFID tags in CHECKER can be cheap read/write only tags that do not perform any computation. Per tag, only 120 Bytes storage are required.
doi:10.1145/2185448.2185471 dblp:conf/wisec/ElkhiyaouiBM12 fatcat:zpr6tc2evrfonlvmbeqptxxd3q

PUDA – Privacy and Unforgeability for Data Aggregation [chapter]

Iraklis Leontiadis, Kaoutar Elkhiyaoui, Melek Önen, Refik Molva
2015 Lecture Notes in Computer Science  
Existing work on secure data collection and secure aggregation is mainly focused on confidentiality issues. That is, ensuring that the untrusted Aggregator learns only the aggregation result without divulging individual data inputs. In this paper however we consider a malicious Aggregator which is not only interested in compromising users' privacy but also is interested in providing bogus aggregate values. More concretely, we extend existing security models with the requirement of aggregate
more » ... rgeability. Moreover, we instantiate an efficient protocol for private and unforgeable data aggregation that allows the Aggregator to compute the sum of users' inputs without learning individual values and constructs a proof of correct computation that can be verified by any third party. The proposed protocol is provably secure and its communication and computation overhead is minimal.
doi:10.1007/978-3-319-26823-1_1 fatcat:44eef2ewzrg6vaerugv24ihn2e

ROTIV: RFID Ownership Transfer with Issuer Verification [chapter]

Kaoutar Elkhiyaoui, Erik-Oliver Blass, Refik Molva
2012 Lecture Notes in Computer Science  
doi:10.1007/978-3-642-25286-0_11 fatcat:g4n3pv42jzcbfghpni6o2thtz4

Multi-Issuer Anonymous Credentials Without a Root Authority [article]

Kaoutar Elkhiyaoui, Angelo De Caro, Elli Androulaki
2021 IACR Cryptology ePrint Archive  
The rise of blockchain technology has boosted interest in privacy-enhancing technologies, in particular, anonymous transaction authentication. Permissionless blockchains realize transaction anonymity through one-time pseudonyms, whereas permissioned blockchains leverage anonymous credentials. Earlier solutions of anonymous credentials assume a single issuer; as a result, these solutions hide the identity of users but still reveal the identity of the issuer. A countermeasure is delegatable
more » ... tials, which supports multiple issuers as long as a root authority exists. Assuming a root authority however, is unsuitable for blockchain technology and decentralized applications. This paper introduces a solution for anonymous credentials that guarantees user anonymity, even without a root authority. The proposed solution is secure in the universal composability framework and allows users to produce anonymous signatures that are logarithmic in the number of issuers and constant in the number of user attributes.
dblp:journals/iacr/ElkhiyaouiCA21 fatcat:hky4dfgzrnd43lshabd64366bm

StealthGuard: Proofs of Retrievability with Hidden Watchdogs [chapter]

Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Önen
2014 Lecture Notes in Computer Science  
doi:10.1007/978-3-319-11203-9_14 fatcat:vbjoimsgg5b4znkidh7dm3tugm

Anonymous Transactions with Revocation and Auditing in Hyperledger Fabric [article]

Dmytro Bogatov, Angelo De Caro, Kaoutar Elkhiyaoui, Björn Tackmann
2019 IACR Cryptology ePrint Archive  
In permissioned blockchain systems, participants are admitted to the network by receiving a credential from a certification authority. Each transaction processed by the network is required to be authorized by a valid participant who authenticates via her credential. Use case settings where privacy is a concern thus require proper privacy-preserving authentication and authorization mechanisms. Anonymous credential schemes allow a user to authenticate while showing only those attributes necessary
more » ... in a given setting. This makes them a great tool for authorizing transactions in permissioned blockchain systems based on the user's attributes. As in most setups of such systems where there is one distinct certification authority for each organization in the network, the use of plain anonymous credential schemes still leaks the association of a user to her issuing organization. Camenisch, Drijvers and Dubovitskaya (CCS 2017) therefore suggest the use of a delegatable anonymous credential scheme to also hide that remaining piece of information. In this paper we improve the Camenisch et al. scheme and extend it with revocation and auditability; two functionalities that are necessary for real-world adoption. We present a complete protocol and provide its production-grade open-source implementation including the scheme and the proposed extensions, ready to be integrated with Hyperledger Fabric. Our distributedsetting performance measurements show that the integration of the scheme with Hyperledger Fabric, while incurring an overhead in comparison to the less privacy-preserving solutions, is practical for settings with stringent privacy requirements.
dblp:journals/iacr/BogatovCET19 fatcat:ovru6e4ygbhfvlqmfsvr3zq2tq

A-PPL: An Accountability Policy Language [chapter]

Monir Azraoui, Kaoutar Elkhiyaoui, Melek Önen, Karin Bernsmed, Anderson Santana De Oliveira, Jakub Sendor
2015 Lecture Notes in Computer Science  
Cloud Computing raises various security and privacy challenges due to the customers' inherent lack of control over their outsourced data. One approach to encourage customers to take advantage of the cloud is the design of new accountability solutions which improve the degree of transparency with respect to data processing. In this paper, we focus on accountability policies and propose A-PPL, an accountability policy language that represents machine-readable accountability policies. A-PPL
more » ... the PPL language by allowing customers to define additional rules on data retention, data location, logging and notification. The use of A-PPL is illustrated with a use case where medical sensors collect personal data which are then stored and processed in the cloud. We define accountability obligations related to this use case and translate them into A-PPL policies as a proof of concept of our proposal.
doi:10.1007/978-3-319-17016-9_21 fatcat:nx7gcdaiuneefkdwjuj3ajvoa4

Private and Dynamic Time-Series Data Aggregation with Trust Relaxation [chapter]

Iraklis Leontiadis, Kaoutar Elkhiyaoui, Refik Molva
2014 Lecture Notes in Computer Science  
With the advent of networking applications collecting user data on a massive scale, the privacy of individual users appears to be a major concern. The main challenge is the design of a solution that allows the data analyzer to compute global statistics over the set of individual inputs that are protected by some confidentiality mechanism. Joye et al. [8] recently suggested a solution that allows a centralized party to compute the sum of encrypted inputs collected through a smart metering
more » ... . The main shortcomings of this solution are its reliance on a trusted dealer for key distribution and the need for frequent key updates. In this paper we introduce a secure protocol for aggregation of timeseries data that is based on the Joye et al. [8] scheme and in which the main shortcomings of the latter, namely, the requirement for key updates and for the trusted dealer are eliminated. Moreover our scheme supports a dynamic group management, whereby as opposed to Joye et al. [8] leave and join operations do not trigger a key update at the users.
doi:10.1007/978-3-319-12280-9_20 fatcat:6xruhghwvbbwrdxzpdzc457zfe

T-Match: Privacy-Preserving Item Matching for Storage-Only RFID Tags [chapter]

Kaoutar Elkhiyaoui, Erik-Oliver Blass, Refik Molva
2013 Lecture Notes in Computer Science  
RFID-based tag matching allows a reader R k to determine whether two tags Ti and Tj store some attributes that jointly fulfill a boolean constraint. The challenge in designing a matching mechanism is tag privacy. While cheap tags are unable to perform any computation, matching has to be achieved without revealing the tags' attributes. In this paper, we present T-MATCH, a protocol for secure and privacy preserving RFID tag matching. T-MATCH involves a pair of tags Ti and Tj, a reader R k , and a
more » ... backend server S. To ensure tag privacy against R k and S, T-MATCH employs a new technique based on secure two-party computation that prevents R k and S from disclosing tag attributes. For tag privacy against eavesdroppers, each tag Ti in T-MATCH stores an IND-CPA encryption of its attribute. Such an encryption allows R k to update the state of Ti by merely re-encrypting Ti's ciphertext. T-MATCH targets cheap tags that cannot perform any computation, but are only required to store 150 bytes.
doi:10.1007/978-3-642-36140-1_6 fatcat:qjfoo4vzmbho3kmsgafadmi67a


Erik-Oliver Blass, Kaoutar Elkhiyaoui, Refik Molva, Olivier Savry, Cédric Vérhilac
2011 Proceedings of the 18th ACM conference on Computer and communications security - CCS '11  
In this demo, we present the realization and evaluation of a wireless hardware prototype of the previously proposed RFID authentication protocol "F f ". The motivation has been to get as close as possible to the (expensive) construction of a wafer and to analyze and demonstrate F f 's realworld feasibility and functional correctness in the field. Besides showing F f 's feasibility, our objective is to show implications of embedding authentication into an industry RFID communication standard.
more » ... rt from the documentation at hand, the demonstrator comprises the F f RFID tag and reader prototypes and a standard EPC tag and reader. The hardware is connected to a laptop controlling the hardware and simulating attacks against authentication.
doi:10.1145/2046707.2093481 fatcat:bqw3icr3w5fppjqdqjwctl7p2m

Privacy Preserving Delegated Word Search in the Cloud

Kaoutar Elkhiyaoui, Melek Önen, Refik Molva
2014 Proceedings of the 11th International Conference on Security and Cryptography  
In this paper, we address the problem of privacy preserving delegated word search in the cloud. We consider a scenario where a data owner outsources its data to a cloud server and delegates the search capabilities to a set of third party users. In the face of semi-honest cloud servers, the data owner does not want to disclose any information about the outsourced data; yet it still wants to benefit from the highly parallel cloud environment. In addition, the data owner wants to ensure that
more » ... ting the search functionality to third parties does not allow these third parties to jeopardize the confidentiality of the outsourced data, neither does it prevent the data owner from efficiently revoking the access of these authorized parties. To these ends, we propose a word search protocol that builds upon techniques of keyed hash functions, oblivious pseudo-random functions and Cuckoo hashing to construct a searchable index for the outsourced data, and uses private information retrieval of short information to guarantee that word search queries do not reveal any information about the data to the cloud server. Moreover, we combine attribute-based encryption and oblivious pseudo-random functions to achieve an efficient revocation of authorized third parties. The proposed scheme is suitable for the cloud as it can be easily parallelized.
doi:10.5220/0005054001370150 dblp:conf/secrypt/ElkhiyaouiOM14 fatcat:embluh4hdnbbzem3tgqrr2oxve

PPS: Privacy-preserving statistics using RFID tags

Erik-Oliver Blass, Kaoutar Elkhiyaoui, Refik Molva
2012 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM)  
As RFID applications are entering our daily life, many new security and privacy challenges arise. However, current research in RFID security focuses mainly on simple authentication and privacy-preserving identification. In this paper, we discuss the possibility of widening the scope of RFID security and privacy by introducing a new application scenario. The suggested application consists of computing statistics on private properties of individuals stored in RFID tags. The main requirement is to
more » ... compute global statistics while preserving the privacy of individual readings. PPS assures the privacy of properties stored in each tag through the combination of homomorphic encryption and aggregation at the readers. Re-encryption is used to prevent tracking of users. The readers scan tags and forward the aggregate of their encrypted readings to the back-end server. The back-end server then decrypts the aggregates it receives and updates the global statistics accordingly. PPS is provably privacypreserving. Moreover, tags can be very simple as they are not required to perform any computation, but only to store data.
doi:10.1109/wowmom.2012.6263773 dblp:conf/wowmom/BlassEM12 fatcat:pus3yc7jqbefhikkvbhysh2vue

Efficient Techniques for Publicly Verifiable Delegation of Computation

Kaoutar Elkhiyaoui, Melek Önen, Monir Azraoui, Refik Molva
2016 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16  
With the advent of cloud computing, individuals and companies alike are looking for opportunities to leverage cloud resources not only for storage but also for computation. Nevertheless, the reliance on the cloud to perform computation raises the unavoidable challenge of how to assure the correctness of the delegated computation. In this regard, we introduce two cryptographic protocols for publicly verifiable computation that allow a lightweight client to securely outsource to a cloud server
more » ... evaluation of highdegree univariate polynomials and the multiplication of large matrices. Similarly to existing work, our protocols follow the amortized verifiable computation approach. Furthermore, by exploiting the mathematical properties of polynomials and matrices, they are more efficient and give way to public delegatability. Finally, besides their efficiency, our protocols are provably secure under wellstudied assumptions.
doi:10.1145/2897845.2897910 dblp:conf/ccs/ElkhiyaouiOAM16 fatcat:cojfma7oabb3rhtv2e2ouw343m

A scalable interest-oriented peer-to-peer pub/sub network

Daishi Kato, Kaoutar Elkhiyaoui, Kazuo Kunieda, Keiji Yamada, Pietro Michiardi
2010 Peer-to-Peer Networking and Applications  
Publish/subscribe represents a new paradigm for distributed content delivery. It provides an alternative to address-based communication due to its ability to decouple communication between the source and the destination. However, it has remained a challenge to devise a scalable overlay supporting expressive content-filtering while satisfying the desirable requirements large distributed systems should fulfill. Our goal is to build an efficient P2P publish/subscribe network where only interested
more » ... odes are involved in event dissemination, and the amount of overhead generated by network discovery and membership management is small. In order to do so, we use a Bloom filter based mapping scheme to map IDs to nodes' interests, in addition to a new interest proximity metric to forward events and to build nodes' routing tables. As for network discovery we propose a new approach we call "shared interest approach". Our scheme ensures an upper bound of routing tables size that only depends on the size of the ID digest. To evaluate the algorithms proposed in this work we conducted simulations in both static and dynamic settings.
doi:10.1007/s12083-010-0073-3 fatcat:ymris7pbajfwpf7u7yp2qe6dyq
« Previous Showing results 1 — 15 out of 20 results