HUT - TML - Studies - Tik-110.501 - Introduction of topics

TML / Studies / Tik-110.501 / Topics

Seminar on Network Security
Introduction of the topics and some material for the session of
Privacy Enhanced Public Key Cryptosystems and Mobile Applications
Tutored by Christian Wieczerkowski

Projects:
In public key systems trust is distributed by means of certificates which link public keys to identities aside of information about the identities (and the certs themselves). Today's certificates are
1) static: certs do not change until they expire
2) public: certs are broadcasted to the world
3) non-negotiable: certs are not negotiated when shown
4) all-or-nothing: when shown, certs reveal all their content
A new kind of certificates has been proposed recently by Stefan Brands, which are dynamic, personal, negotiable, and partially disclosable. They are a first glimpse of a more flexible kind of PKI that could come as a next step in the PKI evolution.
I propose to look at these things from the mobile point of view. I would like to invite you to choose inbetween the following three different projects:
Project I)
Mobile implementation of Brands' electronic cash

Electronic coins are anonymous credentials that you can spend much like ordinary coins. Brands has proposed an electronic cash protocol which improves on previous work by David Chaum and others. The improvements are among others:
a) Coins are minted using improved blind signatures. Brands has invented a kind of partial blind signatures called "restrictive blind issuing". The idea is that certain information of the holder of the coin cannot be blinded in the minting protocol. Thereby only those persons will receive coins who are priviledged thereto.
b) Brands coins are furthermore negotiable: when the holder pays with her coin, she can optionally reveal part of the attributes that where encoded in the minting. Ultimately, she can even reveal her identity.
c) Brands' coins are protected against double spending: when a coin is spent twice, the trusted third party can compute the identity of the owner.
The basic question is whether it is a good idea to implement Brands' e-cash on mobile phones. This project should focus on the technical implications: for instance, a theoretical study of the necessary communication load, message sizes, storage sizes, security of the protocol. Optimally, I would like to see an implementation of it on a system, where the mobile device is emulated. e-cash requires a tamperproof device. The natural candidate on phones is the SIM smartcard.

Project II)
Mobile voting system based on Brands' protocols

Device a protocol for electronic voting along the lines of Cramer, Gennaro, and Schoenmakers on top of Brands' blinding techniques. The basic idea is: does one get voting for free when one implements Brands' money?

Project III)
Review of secret key certificates.

This is a theoretical project. Secret key certificates are signatures on secret keys. Obviously, they cannot be used as public key certs. Instead, their useage is based on zero knowledge proofs of possession of a secret key. For instance, Brands' e-cash can be phrased in terms of secret key certs. The student should try to find concise answers to the following questions: What are secret key certificates? What is their security? What are they good for? What are their advantages?

Literature:
The following threads are meant as appetizers. Students will be obliged to make a literature search at the beginning.
1,2,3:
S. Brands, Rethinking Publik Key Infrastructures and Digital Certificates - Building in Privacy, MIT Press 2000
http://www.xs4all.nl/~brands/
1:
S. Brands, Electronic Cash on the Internet, Proceedings of the Internet Society 1995 Symposium on Network and Distributed Systems Security, San Diego
http://www.cs.hut.fi/~jsaarela/netsec/trade_16.html
2:
Ronald Cramer, Rosario Gennaro, and Berry Schoenmakers, A Secure and Optimally Efficient Multi-Authority Election Scheme, Eurocrypt '97.
http://www.win.tue.nl/math/dw/pp/berry/papers.html
A. Fujioka, T.Okamoto, K.Ohta, A practical voting scheme for large scale elections, Advances in Cryptology - AUSCRYPT 92
3:
S. Brands, Secret-Key Certificates, US Patent 5,606,617
http://www.mail-archive.com/cryptography%40c2.net/msg02309.html
Prerequisites:
1,2,3) Basic knowledge of public key cryptography
1) (implementation part) Java
1,2,3) fun with mathematics, good self-confidence, and patience because Brands' stuff is quite hard to read
Idea:
Subject 1) is both suited for single hand work or a team of two or even three students working together.

This page is maintained by Network Security teaching staff, E-mail: netsec@tml.hut.fi.
The page has been last updated on September 11, 2000
URL: http://www.tml.hut.fi/Opinnot/Tik-110.501/2000/intro/applications.html