In the near future, privacy-preserving authentication methods will flood the market, and they will be based on Zero-Knowledge Proofs. IBM and Microsoft invested in these solutions many years ago.
Decarbonising Buildings: Making a net-zero built environment a reality
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledge Proofs
1. Privacy-Preserving Authentication: Another
Reason to Care about
Zero-Knowledge Proofs
Clare Nelson, CISSP, CIPP/E
@Safe_SaaS
OWASP Austin
August 29, 2017
clare.nelson@allclearid.com
Posted on SlideShare:
https://www.slideshare.net/eralcnoslen/privacypreserving-
authentication-another-reason-to-care-about-zeroknowledge-proofs
2. Clare Nelson, @Safe_SaaS
Any sufficiently advanced
technology is indistinguishable
from magic
—Arthur C. Clarke
Graphic: https://www.shutterstock.com/video/search/loop-ready-file/?ref_context=keyword
4. Clare Nelson, @Safe_SaaS
Scope
In Scope
• Digital User Authentication
Not in Scope
• Other Authentication Use Cases
IoT, Services, Devices
• E-Voting
• Digital Watermarks
• Sealed Auctions
• Cryptocurrency
Zcash
Biometrics
Blockchain, Digital Ledger Technology
Graphic: http://www.itproportal.com/2016/04/07/the-role-of-biometric-authentication-techniques-in-security/
5. Problem #1, Passwords are Broken
2017
936 Breaches
19,001,935 Records Exposed
Source: http://www.idtheftcenter.org/images/breach/2017Breaches/DataBreachReport_2017.pdf
Graphic: https://www.youtube.com/watch?v=rtMztv0foU4
6. Data breaches support, enable other crimes
• Human and drug trafficking
• Terrorist activities
• Child exploitation
• Ransom, prove to company breach occurred
• Other illicit activities
Connecting the Dots
Source: https://www.ncfta.net/Home/News
Weak or stolen
passwords
Data
breaches
Crime
7. Clare Nelson, @Safe_SaaS
Problem #2, Lack of Privacy for Some
Microsoft Privacy Strategy
• Provide customers more
control over collection and use
of their personal information
• Enable people to prove things
about themselves without
revealing their identity
Source: https://privacy.microsoft.com/en-us/privacystatement
Source: https://blogs.technet.microsoft.com/privacyimperative/2008/03/06/microsoft-acquires-credenticas-u-prove-technology/
Graphic: http://www.flowmarq.com/single-post/2015/05/18/IDENTITY-Clarifying-Motivations
8. Clare Nelson, @Safe_SaaS
007 Wants to Read the News
Source: Credit to Anna Lysyanskaya for the 007 metaphor
Graphic: http://www.007.com/characters/the-bonds/
I can tell you.
But then I’ll have to kill you.
www.telegraph.co.uk
Today’s news?
Today’snews?Who are you?
Do you have a subscription?
9. Clare Nelson, @Safe_SaaS
007 Reads the News, Uses Subscription and Reveals PII
My subscription is #4309115
www.telegraph.co.uk
Today’s news?
Today’snews?Who are you?
Do you have a subscription?
www.telegraph.co.uk knows this is 007, it learns 007’s PII including:
- Zip code when he looks up the weather
- Date of birth when he reads his horoscope
- Gender when he browses the personal ads
Source: Credit to Anna Lysyanskaya for the 007 metaphor
Graphic: http://www.007.com/characters/the-bonds/
10. Clare Nelson, @Safe_SaaS
007 Reads the News, Remains Anonymous
Here is a Zero-Knowledge Proof
www.telegraph.co.uk
Today’s news?
Today’snews?Who are you?
Do you have a subscription?
Source: Credit to Anna Lysyanskaya for the 007 metaphor
Graphic: http://www.007.com/characters/the-bonds/
11. Clare Nelson, @Safe_SaaS
Zero-Knowledge Proof (ZKP)
Source: J. Chou, SC700 A2 Internet Information Protocols (2001)
I can’t tell you my secret,
but I can prove to you
that I know the secret
12. Clare Nelson, @Safe_SaaS
Zero-Knowledge Proof (ZKP)
Source: J. Chou, SC700 A2 Internet Information Protocols (2001)
Zero-Knowledge Proofs are convincing,
yet they yield nothing beyond the validity
of the assertion being proven
—Alon Rosen, Author of Concurrent Zero-Knowledge,
Associate Professor IDC Herzliya
14. Clare Nelson, @Safe_SaaS
Definitions: Authentication, Privacy
Authentication (User)
• Process of verifying the identity, attributes of a user
• Two or more of something you know, something you have, or
something you are
Privacy (Individual)
• A state in which one is not observed or disturbed by other
people or entities
• European Union: privacy is a fundamental human right (GDPR)
• Ability of individuals to seclude themselves, or information
about themselves, and thereby express themselves selectively
Source: https://niccs.us-cert.gov/glossary
Source: https://en.oxforddictionaries.com/definition/privacy
Source: https://en.wikipedia.org/wiki/Privacy
Source: http://www.madisonaveinsights.com/2014/06/ghostery-assuages-privacy-concerns-through-transparency-and-control/
Source: https://www.thinglink.com/scene/711605013062877186
Know Have Are
15. Clare Nelson, @Safe_SaaS
Definition of Zero-Knowledge Proof (ZKP), 1 of 2
Proof System
• Proof does not mean math proof, it refers to proof system
Zero-Knowledge Proof
Enables a prover to convince a verifier of the truth of a
statement without leaking any other information
• Zero-knowledge proofs yield nothing beyond the
validity of the assertion
• ZKP supports anonymous, verifiable transaction
identities
• Interactive, requires back and forth, exchange of
messages, between prover and verifier
• Randomness is used
• ZKP is probabilistic, does not provide absolute
certainty
Source: http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf
Source: http://www.austinmohr.com/work/files/zkp.pdf
Source: http://www.wisdom.weizmann.ac.il/~oded/zk-tut02.html
Source: https://www.sedicii.com/2015/07/30/zero-knowledge-authentication/
Prover Verifier
Proof of a
statement
16. Clare Nelson, @Safe_SaaS
Definition of Zero-Knowledge Proof (ZKP), 2 of 2
Source: http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf
Source: http://www.austinmohr.com/work/files/zkp.pdf
Source: http://www.wisdom.weizmann.ac.il/~oded/zk-tut02.html
Source: https://www.sedicii.com/2015/07/30/zero-knowledge-authentication/
Source: http://mentalfloss.com/article/64108/15-things-you-should-know-about-dogs-playing-poker
ZKP requirements:
• Zero-Knowledge: Reveal no additional
information beyond the statement’s
validity
• Completeness: If statement is true,
honest verifier (follows the protocol)
will be able to prove statement is true
every time
• Soundness: If the statement is false, a
cheating prover cannot convince the
honest verifier that it is true, except
with very small probability
17. Clare Nelson, @Safe_SaaS
Soundness
Source: Credit to Anna Lysyanskaya for the 007 metaphor
Graphic: https://www.google.com/search?biw=1600&bih=765&tbm=isch&q=daniel+craig+james+bond&sa=X&ved=0ahUKEwiaiLWN9s3VAhXI64MKHY7TDHUQhyYIKw#imgrc=Am84tWm-iK_ayM:
It’s Bond. James Bond.
www.telegraph.co.uk
Today’s news?
Today’snews?Who are you?
Do you have a subscription?
(M fails because she can’t prove to Telegraph)
18. Clare Nelson, @Safe_SaaS
Zero-Knowledge Proof (ZKP) Advantages
Source: https://www.slideshare.net/arunta007/elliptic-curve-cryptography-and-zero-knowledge-proof-27914533?next_slideshow=1
• Privacy-preserving
• Zero knowledge is transferred
between prover and verifier
• Verifier accepts or rejects proof after
multiple challenges and responses
• No degradation of protocol
• Based on problems like discrete
logarithms and integer factorization
• Probabilistic proof protocol
• Computational efficiency, no
encryption
19. Clare Nelson, @Safe_SaaS
Evolution from Interactive to Non-Interactive ZKP (NIZKP)
Source: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4732108/
• Interactive, multiple
challenge/response messages
• Requires stable, continuous
communication channel
ZKP
• Non-Interactive, one message
• Takes less time
• More efficient
• Optimized for IoT
NIZKP
20. Clare Nelson, @Safe_SaaS
Disadvantages: Deployment and Correct Usage
Source: https://www.slideshare.net/arunta007/elliptic-curve-cryptography-and-zero-knowledge-proof-27914533?next_slideshow=1
Source: https://www.youtube.com/watch?v=CKncw6mIMJQ&list=PLpr-xdpM8wG8DPozMmcbwBjFn15RtC75N
Source: http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf
ZKP
• Limited – Secret must be numerical, translation may be needed
• Lengthy – Many computations, each requires run time
• Stable, continuous connection – Support multiple challenges and
responses between prover and verifier
• Imperfect – An attacker can still intercept the transmission
NIZKP
• More efficient, but in some cases still not succinct
enough
• May not preserve deniability
zk-SNARK
• Still need one-time setup phase
• Tradeoff for having shorter proofs and faster
verification times is stronger assumptions
• zk-SNARK proofs are publicly verifiable, uses Diffie-
Hellman shared secret key variation (too early to
tell disadvantages)
21. Clare Nelson, @Safe_SaaS
Attack Resilience: Academia, not Real World
Source: http://repository.ust.hk/ir/bitstream/1783.1-6277/1/pseudo.pdf
Attack Description Mitigation
Impersonation A malicious impersonator, for either party Need secret, completeness
and soundness
Replay Attack Malicious peer or attacker collects
previous proofs, and resends these
Challenge message required
Man in the
Middle (MITM)
Intruder is able to access and modify
messages between prover and verifier
(without them knowing)
It depends, implementation
specific
Collaborated
Attack
Subverted nodes collaborate to enact
identity fraud, or co-conspirator
It depends, requires
reputation auditing design
Denial of
Service (Dos)
Renders networks, hosts, and other
systems unusable by consuming
bandwidth or deluging with huge number
of requests to overload systems
Could happen during
authentication setup
22. Clare Nelson, @Safe_SaaS
Zero-Knowledge Proof for Authentication, Timeline
1985
- Goldwasser,
Micali, Rackoff
paper (MIT
Research)
2008
- Microsoft
acquired
Credentica,
basis for
Microsoft U-
Prove
2014
- Two Factor
Zero-
Knowledge
Proof
Authentication
System
2013
- Sedicci
founded, no
transmission
of private user
data
2015
- IBM Identity
Mixer
announced
2016
- MIRACL
announced
Zero-Factor
Authentication
- Sovrin
founded
Source: https://courses.csail.mit.edu/6.857/2014/files/16-nguyen-rudoy-srinivasan-two-factor-zkp.pdf
Includes variations, some combine classical systems with ZKP systems
23. Clare Nelson, @Safe_SaaS
Zero-Knowledge Proof (ZKP)
Zero-Knowledge Proofs are one of
the most powerful tools
cryptographers have ever devised.
But unfortunately they’re also
relatively poorly understood.
Source: https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/
—Matthew Green, cryptographer and
professor at Johns Hopkins University,
creator of Zcash
∀ x ∈ L, z ∈ {0, 1} ∗, ViewV∗ [P(x) ↔ V∗ (x, z)] = S(x, z)
24. Clare Nelson, @Safe_SaaS
Zero-Knowledge Proof Illustration
Horizon Telecom Company
• Cell towers
• 11 vertices
• Connected by lines, or edges
• Avoid overlap
• Use 1 of 3 signals
Source: https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/
25. Clare Nelson, @Safe_SaaS
Zero-Knowledge Proof Illustration
Source: https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/
Instance of 3-Color Graph
Problem
• Use colors to represent
frequency bands
• Avoid overlap
• Use 1 of 3 signals
• Easy to solve for 11 vertices
• Hard to solve for larger
numbers, e.g. 900
• Outsource problem, need big
compute
26. Clare Nelson, @Safe_SaaS
Zero-Knowledge Proof Illustration
Source: https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/
Proof of Solution
• Indoor basketball court
• Spread pieces of paper on floor,
each piece is a vertex
• Pick 3 different-colored crayons
at random
• Color the paper to represent
the solution
• Put hats over the paper to hide
the solution
27. Clare Nelson, @Safe_SaaS
Zero-Knowledge Proof Illustration
Source: https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/
Source: http://www.automatedtesting.com/Product%20Roadmap.html
Proof of Solution
• Remove two hats
• See vertices are different colors
___________________________
Repeat this process
Lay out new pieces of paper on
floor
Pick 3 crayons at random
Color the paper
Place hats over paper
Invite Verifier
Remove two hats
Prove have solution without
revealing it
Each time the process is repeated,
confidence goes up that a valid solution
was found
29. Clare Nelson, @Safe_SaaS
Zero-Knowledge Proof (ZKP), Discrete Logarithm Example
Source: http://slideplayer.com/slide/8235130/
b = gx (mod n)
Step Description Prover (P) Verifier (V)
0 Setup g, b, n, x g, b, n
1 Prover generates random r r
2 P sends h = gr mod n to V h h
3 V flips a coin, c = H or T c c
4 If c = H, P sends r to V r, check gr = h
5 If c = T, P sends m = x + r m m, check gm = bh
6 Repeat steps 1-5 until Verifier is convinced that Prover knows x (with
probability 1-2-k, for k iterations)
34. The Future
Source: https://eprint.iacr.org/2010/212.pdf
Graphic:: https://www.scientificamerican.com/article/quantum-computers-compete-for-supremacy/
With that notation, hP(x, w), V ∗ (Z)i is the same as
com ← P1(x, w), ch ← V ∗ 1 (com, Z), resp ← P2(x, w, ch), V
∗ 2 (resp, Z).
Σ is SHVZK 〚HVZK〛. Hence there is a quantum-
polynomial-time simulator SΣ such that for any 〚quantum-
polynomial-time〛 DΣ: Pr[b = 1 : com ← P1(x, w), ch R ←
Cηx, resp ← P2(x, w, ch), b ← DΣ(|Ψi, com, ch, resp)] − Pr[b
= 1 : (com, ch, resp) ← SΣ(x), b ← DΣ(|Ψi, com, ch, resp)] ≤
εD
where εD = εD(η) is a negligible function depending on DΣ.
Let [ch = ch∗ ] := 1 iff ch = ch∗ .
Then: Pr[succ = 1 ∧ b = 1 : ZE ← |Ψi,hP(x, w), V ∗ (Z)i, b ←
D(Z, E), ch∗ R ← Cηx, succ := [ch = ch∗ ]] (3) = Pr[succ = 1 ∧ b
= 1 : ZE ← |Ψi, com ← P1(x, w), ch ← V ∗ 1 (com, Z), resp ←
P2(x, w, ch), V ∗ 2 (resp, Z), b ← D(Z, E), ch∗ R ← Cηx, succ :=
[ch = ch∗ ]] (∗) = Pr[succ = 1 ∧ b = 1 : com ← P1(x, w), ch∗ R
← Cηx, resp ← P2(x, w, ch∗ ), ZE ← |Ψi, ch ← V ∗ 1 (com, Z),
succ := [ch = ch∗ ], V ∗ 2 (resp, Z), b ← D(Z, E)] ε ≈ Pr[succ = 1
∧ b = 1 : (com, ch∗ , resp) ← SΣ(x), ZE ← |Ψi, ch ← V ∗ 1
(com, Z), succ := [ch = ch∗ ], V ∗ 2 (resp, Z), b ← D(Z, E)] =
Pr[succ = 1 ∧ b = 1 : ZE ← |Ψi, Y, C ← |0i, S1(x, CZY ), succ ←
M(C), b ← D(Z, E)]
35. Clare Nelson, @Safe_SaaSGraphic: http://www.trustev.com/
Alternative for Privacy-Invasive, Continuous, Risk-Based Authentication
36. Trusted Platform Module (TPM)
• TPM 1.2 uses ZKP
• TPM 2.0 takes another path
• 2017 Paper from IBM, Intel, Infineon
Solution, minimal changes to
current TPM 2.0
Source: https://www.cryptomathic.com/news-events/blog/the-trusted-platform-module-explained
Source: http://ieeexplore.ieee.org/document/7958616/
Source: https://eprint.iacr.org/2017/639
Breaking News in the ZKP World
May 2017 conference
YouTube meeting presentation: https://www.youtube.com/watch?v=8tzLOA4YGhc
37. Clare Nelson, @Safe_SaaS
Source: https://www.youtube.com/watch?v=1fXLJBN-KfI
Source: https://arxiv.org/pdf/1604.02804.pdf
Source: https://simons.berkeley.edu/sites/default/files/docs/1328/slidesunruh.pdf
Source: https://eprint.iacr.org/2010/212.pdf
Graphic: https://www.newscientist.com/article/mg23130894-000-revealed-googles-plan-for-quantum-computer-supremacy/
Zero-Knowledge Proof in a Quantum World?
Station Q
• Worldwide consortium for the advancement of
topological quantum computation
• Zero-knowledge proof systems for QMA
QMA = Quantum Merlin Arthur (Merlin
Arthur from computational complexity)
Dominique Unruh
• New challenges in quantum case
• Quantum proofs of knowledge
• There are zero-knowledge quantum proofs of
knowledge for all languages in NP (2015)
38. Clare Nelson, @Safe_SaaS
We Stand on the Shoulders of Giants
Source: https://www.csail.mit.edu/user/733
Source: http://researcher.watson.ibm.com/researcher/view.php?person=zurich-jca
Source: http://www.idtrail.org/content/view/55/43/index.html
Source: https://z.cash/team.html
Shafi Goldwasser
Jan Camenisch
Stefan Brands
Matthew Green
39. Clare Nelson, @Safe_SaaS
@Safe_SaaS
clare.nelson@allclearid.com
Slides posted on SlideShare:
https://www.slideshare.net/eralcnoslen/pri
vacypreserving-authentication-another-
reason-to-care-about-zeroknowledge-proofs
Questions?
Recommended Reading
1. Data and Goliath, Bruce Schneier (2015)
2. Matthew Green, cryptography blog, Professor Johns Hopkins
3. One TPM to Bind Them All, TPM 2.0 paper by Jan Camenisch,
et al. (2017)
40. Clare Nelson, @Safe_SaaS
Source: https://www.symantec.com/connect/blogs/you-can-t-have-privacy-without-security
Source: https://www.microsoft.com/en-us/research/research-area/security-privacy-cryptography/
You can have security
without privacy,
but you can’t have privacy
without security.
— Carolyn Herzog, EVP and General Counsel, ARM
42. Clare Nelson, @Safe_SaaS
References, 1 of 3
• Attribute-based Credentials for Trust (ABC4Trust) Project, https://abc4trust.eu/ (2017).
• AU2EU Project, Authentication and Authorization for Entrusted Unions, http://www.au2eu.eu/ (2017).
• Baldimsti, Foteini; Lysanskaya, Anna. Anonymous Credentials Light. http://cs.brown.edu/~anna/papers/bl13a.pdf (2013).
• Ben Sasson, Eli; Chiesa, Alessandro; Garman, Christina, et al. Zerocash: Decentralized Anonymous Payments from Bitcoin, http://zerocash-
project.org/media/pdf/zerocash-extended-20140518.pdf (May 2014).
• Bitansky, Nir; Weizman, Zvika Brakerski; Kalai, Yael. 3-Message Zero Knowledge Against Human Ignorance,
https://eprint.iacr.org/2016/213.pdf (September 2016).
• Brands, Stefan. Rethinking Public Key Infrastructures and Digital Certificates. The MIT Press,
http://www.credentica.com/the_mit_pressbook.html (2000).
• Camenisch, Jan and E. Van Herreweghen, Design and implementation of the IBM Idemix anonymous credential system, in Proceedings of the
9th ACM conference on Computer and communications security. ACM, 2002, pp. 21–30.
• Camenisch, Jan; Dubovitskaya, Maria; Enderlein, Robert; et al. Concepts and languages for privacy-preserving attribute-based
authentication, https://pdfs.semanticscholar.org/82e2/4078c9ba9fcaf6177a80b8496779676af114.pdf (2013).
• Cutler, Becky. The Feasibility and Application of Using Zero-Knowledge Protocol for Authentication Systems,
http://www.cs.tufts.edu/comp/116/archive/fall2015/bcutler.pdf (2015).
• Geraud, Rémi. Zero-Knowledge: More Secure than Passwords? https://blog.ingenico.com/posts/2017/07/zero-knowledge-proof-more-
secure-than-passwords.html (July 25, 2017).
• Geers, Marjo; Comparing Privacy in eID Schemes, http://www.id-world-magazine.com/?p=923 (2017).
• Goldreich, Oded. Zero-Knowledge: a tutorial by Oded Goldreich, http://www.wisdom.weizmann.ac.il/~oded/zk-tut02.html has extensive
reference list (2010).
43. Clare Nelson, @Safe_SaaS
References, 2 of 3
• Goldreich, Oded; Yair, Oren. Definitions and Properties of Zero-Knowledge Proof Systems,
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.17.2901 (19940.
• Goldwasser, Micali, Rackoff, The Knowledge Complexity of Interactive Proof-Systems, ACM 0-89791-151-2/85/005/02911 (1985).
• Green, Matthew. Zero Knowledge Proofs: An Illustrated Primer, https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-
proofs-illustrated-primer/ (November 2014).
• Groth, Jens; Lu, Steve. “A Non-Interactive Shuffle with Pairing Based Verifiability,”
http://www0.cs.ucl.ac.uk/staff/J.Groth/AsiacryptPairingShuffle.pdf (2006).
• Groth, Jens. Short Pairing-Based Non-Interactive Zero-Knowledge Arguments, http://www0.cs.ucl.ac.uk/staff/J.Groth/ShortNIZK.pdf (2010).
• Guillou, Quisqater, “How to Explain Zero-Knowledge Protocols to Your Children,” http://pages.cs.wisc.edu/~mkowalcz/628.pdf (1998).
• Gupta, Anuj Das; Delight, Ankur. Zero-Knowledge Proof of Balance: A Friendly ZKP Demo, http://blog.stratumn.com/zero-knowledge-proof-
of-balance-demo/ (June 2017).
• Hardjono, Thomas; Pentland, Alex “Sandy”; MIT Connection Science & Engineering; Core Identities for Future Transaction Systems,
https://static1.squarespace.com/static/55f6b5e0e4b0974cf2b69410/t/57f7a1653e00be2c09eb96e7/1475846503159/Core-Identity-
Whitepaper-v08.pdf (October 7, 2016). [TBD: check back, right now it is a DRAFT, do not cite]
• ISO/IEC Information technology — Security techniques — Entity authentication — Part 5: Mechanisms using zero-knowledge techniques,
https://www.iso.org/standard/50456.html (2015).
• Johnstone, Mike; Why we need privacy-preserving authentication in the Facebook age,
http://www.iaria.org/conferences2015/filesICSNC15/ICSNC_Keynote_v1.1a.pdf (November 2013).
• Kogta, Ronak. ZK-Snarks in English, https://www.slideshare.net/rixor786/zksnarks-in-english?qid=0e3be303-84fc-43d2-be96-
6db2085a28ff&v=&b=&from_search=3 (July 2017).
44. Clare Nelson, @Safe_SaaS
References, 3 of 3
• Lysyanskaya, Anna. How to Balance Privacy and Key Management in User Authentication,
http://csrc.nist.gov/groups/ST/key_mgmt/documents/Sept2012_Presentations/LYSYANSKAYA_nist12.pdf (2012).
• Martin-Fernandez, Francisco; Caballero-Gil, Pino; Caballero-Gil, Candido. Authentication Based on Non-Interactive Zero-Knowledge Proofs
for the Internet of Things. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4732108/ (January 2016).
• Mohr, Austin. A Survey of Zero-Knowledge Proofs with Applications to Cryptography, http://www.austinmohr.com/work/files/zkp.pdf.
• Montenegro, Jose.; Fischer, Michael; Lopez, Javier; et al. Secure Sealed-Bid Online Auctions Using Discreet Cryptographic Proof,
http://www.sciencedirect.com/science/article/pii/S0895717711004535?via%3Dihub (June 2013).
• Nguyen, Quan; Rudoy, Mikhail; Srinivasan, Arjun. Two Factor Zero Knowledge Proof Authentication System,
https://courses.csail.mit.edu/6.857/2014/files/16-nguyen-rudoy-srinivasan-two-factor-zkp.pdf (2014).
• Unruh, Dominique. Quantum Proofs of Knowledge, https://eprint.iacr.org/2010/212.pdf (February 2015).
• Wilcox, Zooko. Podcast, Zero Knowledge, The Future of Privacy. https://medium.com/blockchannel/episode-3-zero-knowledge-the-future-
of-privacy-ea18479295f4 (February 21, 2017).
• Wu, Huixin; Wang, Feng. A Survey of Noninteractive Zero Knowledge Proof System and its Applications.
https://www.hindawi.com/journals/tswj/2014/560484/ (May 2014).
46. Clare Nelson, @Safe_SaaS
Clare Nelson, CISSP, CIPP/E
Director, Office of the CTO at AllClear ID
Security, Privacy, and Identity
• Background
o Encrypted TCP/IP variants for NSA
o Product Management at DEC (HP), EMC2
o Director Global Alliances at Dell, Novell
o VP Business Development, TeaLeaf Technology (IBM), Mi3 Security
o CEO ClearMark Consulting, MFA Technology and Architecture
• 2001-2014 CEO ClearMark Consulting
• 2014 Co-founder C1ph3r_Qu33ns
• Publications include:
o 2010 August, ISSA Journal, Security Metrics: An Overview
o 2015 April, ISSA Journal, Multi-Factor Authentication: What to Look For
• Talks/Keynotes: Cloud Identity Summit 2017, InfraGard,
HackFormers; BSides Austin; LASCON; OWASP AppSec USA, ISSA
Austin; clients including Fortune 500 financial services, 2015 FTC
Panel
• B.S. Mathematics
Graphic: http://www.activistpost.com/2015/09/fbi-biometrics-programs-surveillance-database.html
48. Clare Nelson, @Safe_SaaS
Many Types of Zero-Knowledge Proof
Source: https://www.sedicii.com/2015/07/30/zero-knowledge-authentication/
Source: https://blog.cryptographyengineering.com/2014/11/27/zero-knowledge-proofs-illustrated-primer/
Acronym Description Notes
ZKP Interactive Zero-Knowledge Proof First invention, multiple
messages between
prover and verifier
NIZKP Non-Interactive Zero-Knowledge Proof
Common Reference String model
• In 2003, Rafael Pass showed that in the common
reference string model non-interactive zero-
knowledge protocols do not preserve all of the
properties of interactive zero-knowledge
protocols; e.g., they do not preserve deniability
Less interaction
required between
prover and verifier
n/a Fiat-Shamir
zk-SNARK zero-knowledge Succinct Non-interactive ARgument of
Knowledge
Zcash
49. Clare Nelson, @Safe_SaaS
The views presented herein,
expressed in any form, represent
my personal views, and do not
necessarily reflect the views of
my employer.
Graphic: http://rununcensored.com/wp-content/uploads/2013/06/disclaimer.jpg
50. Some consumers want control of their
identity
• See where their identity resides
• See what data is collected
• Manage and curate it
• Request deletion
• If the data is old, update or leave as is
Source: https://www.sedicii.com/about-us/
Future of Identity and Privacy
51. Clare Nelson, @Safe_SaaS
Additional Research
• Libsnark (on GitHub)
Zero knowledge: the verifier learns nothing from the proof beside the
truth of the statement (i.e., the value qux, in the above examples,
remains secret).
Succinctness: the proof is short and easy to verify.
Non-interactivity: the proof is a string (i.e. it does not require back-
and-forth interaction between the prover and the verifier).
Soundness: the proof is computationally sound (i.e., it is infeasible to
fake a proof of a false NP statement). Such a proof system is also called
an argument.
Proof of knowledge: the proof attests not just that the NP statement is
true, but also that the prover knows why (e.g., knows a valid qux).
• Pinocchio (Nearly Practical Verifiable Computation
Microsoft Research and IBM Research
https://eprint.iacr.org/2013/279.pdf
Source: https://github.com/scipr-lab/libsnark
Source: https://github.com/akosba/jsnark
52. Clare Nelson, @Safe_SaaS
Schnorr NIZK (IETF Draft)
The Schnorr NIZK proof is obtained from
the interactive Schnorr identification
scheme through a Fiat-Shamir
transformation
• This transformation involves using a
secure cryptographic hash function to
issue the challenge instead.
Source: https://tools.ietf.org/html/draft-hao-schnorr-01
Source: http://www.art.com/products/p15063445373-sa-i6847848/sidney-harris-i-think-you-should-be-more-explicit-here-in-step-two-cartoon.htm
53. Clare Nelson, @Safe_SaaS
ISO/IEC 9798-5 Zero-Knowledge Techniques (2009)
1. Providing unilateral authentication
Identities
Integer factorization
Discrete logarithms with respect to
numbers that are either prime or
composite
Discrete logarithms on elliptic curves
2. Providing unilateral or mutual
authentication
Asymmetric encryption systems
Source: https://www.iso.org/standard/50456.html
Asymmetric cryptography
• Remove potential threat
• Verifier cannot use Claimant
as an Oracle
• Get information about
private key
Entity authentication using zero-knowledge techniques
54. Clare Nelson, @Safe_SaaS
ISO/IEC 9798-5:2009
Compliance with ISO/IEC 9798-5 may involve the use of the following
patents and their counterparts in other countries.
Source: https://www.iso.org/standard/50456.html
Patent Title Inventor Filing
Date
US 4 995 082 Method for identifying subscribers and for
generating and verifying electronic signatures
in a data exchange system
C.P. Schnorr 1990
US 5 140 634 Method and apparatus for authenticating
accreditations and for authenticating and
signing messages
L.C. Guillou
and J-J.
Quisquater
1991
EP 0 311 470 Methods and systems to authenticate
authorizations and messages with a zero
knowledge-proof system and to provide
messages with a signature
L.C. Guillou
and J-J.
Quisquater
1998
EP 0 666 664 Method for performing a double-signature
secure electronic transaction
M. Girault 1995
55. Clare Nelson, @Safe_SaaS
Source: https://www.wsj.com/articles/hbos-hack-hollywood-is-under-siege-1502443802
Data, data everywhere. Jeremiah
Grossman, chief of security strategy
for cybersecurity company Sentinel
One, tells the WSJ that Hollywood TV
and movie companies are vulnerable
because they work with so many
partners that “their data is all over
the place.”
56. Clare Nelson, @Safe_SaaS
Evolution of Cryptography
Source: http://zerado.com/en/news/a-perfect-tool-for-secret-payments-from-bitcoin-with-zero-knowledge-proof-the-impact-of-z-cash/
57. Clare Nelson, @Safe_SaaS
More Authentication Examples
Company(s) Name Description
Gemalto,
Microsoft
U-Prove Gemalto integrated smart card technology with Microsoft U-Prove.
• U-Prove has been instrumental guiding minimal disclosure security.
• With Gemalto smart card technology is continuing to push this form of
online authentication forward (February 2017).
Source: http://www.id-world-magazine.com/?p=923
Source: https://blog.gemalto.com/corporate/2011/02/15/what-you-can-expect-to-see-from-us-at-the-rsa-conference/
58. Clare Nelson, @Safe_SaaS
Is Identity Theft Getting Worse or Better?
Changing Nature of Identity Theft
• Past: Financial- or credit-related identity theft
• Today: Malicious actors use stolen PII to:
Seek employment
Travel across international borders
Obtain prescription drugs
Receive medical treatment
Claim benefits
File false tax returns
Aid in other criminal activities
Synthetic Identity Theft
Occurs when a malicious actor constructs a new
identity
• Composite of multiple individuals' legitimate
information
• Plus fabricated information
Source: https://iapp.org/media/pdf/resource_center/m-17-12.pdf
2017 OMB Memo
• Preparing for and Responding to a
Breach of Personally Identifiable
Information
59. Clare Nelson, @Safe_SaaS
Computational Complexity and Cryptography
Source: http://slideplayer.com/slide/4951940/
Complexity Theory
• Study the resources required
to solve computational tasks
Time
Space (memory)
• Understand relations
between complexity
phenomena
• Provide new perspective on
various concepts
Cryptography
• Specify security
requirements of systems
• Use the computational
infeasibility of problems to
obtain security
• Almost any cryptographic
task requires using these
ideas
Connected
60. Clare Nelson, @Safe_SaaS
Concepts and languages for privacy-preserving attribute-based
authentication (2014)
Online Identity Providers
• Use SAML, OpenID, or WS-Federation
• The Identity Provider can impersonate its users, track and monitor
user online behavior
Privacy-preserving authentication solutions aim to prevent that
Source: http://www.sciencedirect.com/science/article/pii/S2214212614000167
Price is $31.50
Published in this journal
61. Clare Nelson, @Safe_SaaS
The Privacy Conundrum
If authentication concerns what a Relying Party needs to know about
you, then privacy is all about what they don’t need to know.
Privacy amounts to information minimization; security professionals
know this all too well as the “Need to Know” principle.
Source: https://www.secureidnews.com/news-item/abandoning-identity-in-favor-of-attributes/
63. Clare Nelson, @Safe_SaaS
ISO/IEC 9798-5
Compliance may involve the use of the following patents
Source: https://www.iso.org/standard/50456.html
Patent Title Inventor Filing
Date
US 4 995 082 Method for identifying subscribers and for
generating and verifying electronic signatures in a
data exchange system
C.P. Schnorr 1990
US 5 140 634 Method and apparatus for authenticating
accreditations and for authenticating and signing
messages
L.C. Guillou and
J-J. Quisquater
1991
EP 0 311 470 Methods and systems to authenticate
authorizations and messages with a zero
knowledge-proof system and to provide
messages with a signature
L.C. Guillou and
J-J. Quisquater
1998
EP 0 666 664 Method for performing a double-signature secure
electronic transaction
M. Girault 1995
64. Clare Nelson, @Safe_SaaS
ZKP Authentication Examples in Real World
Company Product Description GitHub
IBM Identity
Mixer
Cryptographic algorithm which enables transactions to occur
without unwillingly sharing any personal data,
https://github.com/IBM-Bluemix/idemix-
issuer-verifier
Microsoft U-Prove Cryptographic technology that enables the issuance and
presentation of cryptographically protected statements in a
manner that provides what is known as “multi-party security:”
issuing organizations, users, and relying parties can protect
themselves not just against outsider attacks but also against
attacks originating from each other.
https://github.com/credentials/uprove_sdk
Sedicii Sediccii Patented zero-knowledge proof authentication service, use
cases:
- Call center authentication
- Website login
- Credit card authorization
- Identity hub
- Respond to negative social media feedback
None
MIRACL MIRACL
Trust ZFA
Multi-Factor Zero-Knowledge Authentication (ZFA) Protocol, https://github.com/miracl/milagro-mfa-
server/wiki/What-is-M-Pin-Core
Sovrin Self-
Sovereign
Identity
Non-profit, open source, Sovrin Identity Network establishes
trust through transparency, diffusion, and neutrality,
https://github.com/sovrin-foundation/sovrin
Source: https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/U-Prove20Technology20Overview20V1.120Revision202.pdf
65. Clare Nelson, @Safe_SaaS
Evolution from Interactive to Non-Interactive ZKP (NIZKP)
Source: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4732108/
ZKP defines a method to prove the knowledge of a
certain piece of information without revealing
anything about it
• Typical ZKPs are based on several challenges and
responses, involving a successive exchange of
messages, which implies the need to have a
stable and continuous connection between
nodes
• However, this assumption is impossible in a
volatile environment like IoT, where sometimes,
devices move at a high speed, such as, for
example, smart vehicles
• In these cases, a massive exchange of messages
to run a typical ZKP can be infeasible due to
possible connection failures during the protocol
• In order to deal with this problem, the idea of
non-interactive ZKP (NIZKP) has emerged
In NIZKP, all of the challenges of a typical ZKP are
condensed into a single package sent in a single
message
• Optimizes time necessary for the exchange of
messages
• Single message instead of many messages
• The single message can be sent as a beacon in
broadcast mode
• Research: transform an interactive protocol into a
non-interactive protocol, which can be applied to
turn interactive ZKPs into NIZKPs thanks to the
use of hash function.
• NIZKP for NP whose construction is based on one-
way permutations and certified trapdoor
permutations
66. Clare Nelson, @Safe_SaaS
Microsoft U-Prove
Cryptographic technology that enables the issuance
and presentation of cryptographically protected
statements in a manner that provides what is known as
“multi-party security”
• Issuing organizations, users, and relying parties can
protect themselves not just against outsider attacks
but also against attacks originating from each other
• Enables any desired degree of privacy (including
authenticated anonymity and pseudonymity)
without contravening multi-party security
• User-centric aspects make the U-Prove technology
suited to create the digital equivalent of paper-
based credentials and the plastic cards in one's
wallet
Source: https://www.microsoft.com/en-us/research/project/u-prove/
67. Clare Nelson, @Safe_SaaS
This little-known
mathematical concept
could eventually make
passwords and PIN
codes obsolete.
Source: https://blog.ingenico.com/posts/2017/07/zero-knowledge-proof-more-secure-than-passwords.html
Source: https://perezbox.com/category/security/
—Remi Geraud, cryptography and
security expert in the Advanced Research
team of Ingenico’s innovation lab
Promise of Zero-Knowledge Proof
68. Clare Nelson, @Safe_SaaS
Source: https://www.zurich.ibm.com/identity_mixer/
Graphic: http://www.sandybeachbungalows.com/
—Jan Camenisch, Cryptographer and Co-Inventor of IBM Identity Mixer
The Internet is like the lunar surface—it never
forgets a footprint.
With Identity Mixer, we can turn it into a sandy
beach that regularly washes everything away.
69. Clare Nelson, @Safe_SaaS
If your personal data is
never collected, it cannot
be stolen.
Source: https://www.zurich.ibm.com/identity_mixer/
Graphic: https://www.va.gov/identitytheft/
Graphic: https://www.quora.com/How-many-online-accounts-does-the-average-American-person-have
—Maria Dubovitskaya, Cryptographer,
Research Staff Member, IBM Zurich
Research Laboratory
70. Clare Nelson, @Safe_SaaS
Examples of Additional Applications, Beyond Authentication
Category Name Description
Cryptocurrency Zcash Open, permissionless cryptocurrency that can fully protect the privacy of
transactions using zero-knowledge cryptography
• The scientists, advisors and engineers of ZECC developed and launched
the Zcash protocol; this includes all of the authors of the Zerocash
protocol, most of the creators of the Zerocoin protocol, and leading
researchers of zk-SNARKs themselves
zk-SNARKs stands for zero-knowledge Succinct Non-interactive ARgument of
Knowledge, and it is the protocol for Zcash
Watermark Watermark
verification
• Show the presence of watermark without revealing information about it
• Prevents removal of the watermark and reselling duplicate copies
E-Voting Emerging Stay tuned for updates, watching Estonia i-voting system, may be used for
homomorphic tallying.
Auctions Sealed-Bid
Auction
Winning bid is determined without information about the losing bids
leaking to either the auctioneer or other bidders, Secure Multiparty
Computation (SMC).
Cryptocurrency projects are fueling ZKP research and evolution
Source: https://www.slideshare.net/arunta007/elliptic-curve-cryptography-and-zero-knowledge-proof-27914533?next_slideshow=1
Source: https://www.nist.gov/publications/secure-sealed-bid-online-auctions-using-discreet-cryptographic-proofs
Source: https://eprint.iacr.org/2016/776.pdf
71. Clare Nelson, @Safe_SaaS
Is Identity Theft Getting Worse or Better? (Continued)
As the ways in which criminals can exploit PII have evolved, so too have
the ensuing types of harm to potentially affected individuals.
Identity theft can result in:
• Embarrassment
• Inconvenience
• Reputational harm
• Emotional harm
• Financial loss
• Unfairness
• In rare cases, risk to personal safety
Individuals can be:
• Arrested and charged for crimes they did not commit
• Professionals such as pharmacists and doctors can suffer irreparable
reputational harm
• Individuals can have benefits suspended or terminated
Source: https://iapp.org/media/pdf/resource_center/m-17-12.pdf
72. Clare Nelson, @Safe_SaaS
Open Source
Privacy-Preserving Attribute-Based Credential Engine
(p2abcengine)
• On GitHub:
https://github.com/p2abcengine/p2abcengine?cm_mc_u
id=33935528777214954828808&cm_mc_sid_50200000=
1502323851
• Interoperates with IBM Identity Mixer and Microsoft U-
Prove
• Developers can use Privacy-ABCs without having to
consider the specifics of the underlying cryptographic
algorithms
73. Clare Nelson, @Safe_SaaS
Open Source: Architecture
Parties of the privacy-preserving
Attribute-Based Credentials
(pABC) system:
• User
• Issuer
• Verifier
• Inspector
• Revocation Authority
Crypto Engines
Source: https://github.com/p2abcengine/p2abcengine/wiki/Architecture
Crypto Engine Crypto Engine
74. Clare Nelson, @Safe_SaaS
ABC4Trust EU Project
Source: https://www.abc4trust.eu/
EU-funded R&D project
Advancing the federation and interchangeability of
technologies supporting trustworthy, privacy-preserving
Attribute-Based Credentials (Privacy-ABCs)
75. Clare Nelson, @Safe_SaaS
Zero-Knowledge Proof, Formal Definition
Source: http://www.cs.cornell.edu/courses/cs6810/2009sp/scribe/lecture18.pdf
An interactive proof system (P, V) for a language L is zero-knowledge if
for any PPT verifier V∗ there exists an expected PPT simulator S such
that
∀ x ∈ L, z ∈ {0, 1} ∗, ViewV∗ [P(x) ↔ V∗ (x, z)] = S(x, z)
As usual, P has unlimited computation power (in practice, P must be a
randomized TM).
Intuitively, the definition states that an interactive proof system (P, V)
is zero-knowledge if for any verifier V∗ there exists an efficient
simulator S that can essentially produce a transcript of the
conversation that would have taken place between P and V∗ on any
given input.
77. Clare Nelson, @Safe_SaaS
Definition of Zero-Knowledge Proof (ZKP) Authentication Protocol
Zero Knowledge Proof (ZKP) Authentication Protocol
• Two parties involved
1. Prover
2. Verifier
• Enables the prover to show that they have the
credential (e.g., password), without having to give
the verifier the credential details
Source: https://en.wikipedia.org/wiki/Zero-knowledge_proof
Source: http://www.austinmohr.com/work/files/zkp.pdf
Source: http://www.wisdom.weizmann.ac.il/~oded/zk-tut02.html
Source: https://www.sedicii.com/2015/07/30/zero-knowledge-authentication/
No transmission or storage of
password/credential details
78. Clare Nelson, @Safe_SaaS
Source: https://www.wired.com/story/how-your-phone-number-became-the-only-username-that-matters/
Source: https://www.shutterstock.com/video/clip-4218796-stock-footage-girl-using-mobile-phone-smartphone.html
Identity, More Caution
How your phone number
became the only username
that matters
—David Pierce Gear, Wired
(August 2017)
79. Clare Nelson, @Safe_SaaS
Source: https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido-ecdaa-algorithm-v1.1-id-20170202.html
Graphic: https://www.laptopmag.com/articles/tpm-chip-faq
FIDO ECDAA Algorithm
FIDO Basic Attestation scheme alternative
• Direct Anonymous Attestation (DAA) scheme
based on elliptic curves and bilinear pairings
called ECDAA
• Direct Anonymous Attestation is a cryptographic
scheme combining privacy with security
• Basic building blocks for its implementation are
part of TPM 2.0
80. Clare Nelson, @Safe_SaaS
Market Forces have Stunted Privacy by Design, Privacy by Default
• Given the maturity and
growing acceptance of Privacy
by Design and Privacy by
Default, it is surprising that
there are so few Privacy-
Preserving MFA solutions on
the market today.
• The business of monetizing
your behavior and associated
identity attributes could be the
reason for the slow growth.
Source: http://www.azquotes.com/quote/763098
Hinweis der Redaktion
This presentation is posted on slideshare
80 slides, we’ll go through first two dozen today
How many of you are familiar with Zero-Knowledge Proofs, or the concept?
It seems like magic at first
Why? Get copy of TPM paper, I’ll give it to you at end of talk.
TPM, chip, surface mounted to motherboard, before BIOS
Root of Trust
Hardware base security solution for data protection and reliable authentication via TPM that stores key, passwords and digital certificates.
Great controversy in the world of TPM, and it centers around ZKP.
Make bitcoin anonymous
The budget for cryptocurrency research is far larger than the budget for user authentication.
This means user authentication solutions will benefit from the privacy-preserving research for cryptocurrrency.
Zero-Knowledge Proof has taken off because of its application in cryptocurrency.
Zero-Knowledge Proof has been applied to cryptocurrency, e-voting, sealed auctions, and many more applications
Today, you will learn about Zero-Knowledge Proof, and perhaps apply it to other applications, and support a privacy-preserving approach
OWASP Top 10: Broken Authentication and Session Management
We are numb to passwords broken
We are numb to breaches
Over 60-80% tied to weak or stolen passwords
USA
Year to date
Identity Theft Resource Center
Aug 22
June 1980, Comfortably Numb
We’re not just mitigating identity theft, and preserving privacy, we are fighting the nastiest crimes on earth.
National Cyber-Forensics Training & Alliance
What do criminals do with your stolen credentials, credit card number, driver’s license number, mobile number, SSN, address, date of birth?
Why haven’t we solved this? No single entity suffers sufficient economic damage to make it a significant business risk they need to address or mitigate.
Digi.me and others: your data, bring it together in one place you own instead of being scattered across the web
Creating the CONSENT ECONOMY
Collection and use of personal information
Old enough to order a Margarita without showing your driver’s license, just a boolean yes or no that you are old enough
GDPR, existing EU Data Protection Directive
Recommendation 1 of 3: Data and Goliath, Bruce Schneier
Privacy-invasive pattern
Identity graph: consumer journey, one or many personal identifiers or emails, collect identifiers, browser cookies, purchase history, all actions
What Jan Camenisch of IBM Zurich calls Authentication without Identification
Secret, or difficult to solve problem
Nothing? Other crypto methods yield nothing right?
Nothing about a private key
Definitions
Two or more of something you know…
Dan Crowley stood here a few months ago
Definition of privacy is personal, depends on the context, depends on laws, cultural norms
High level
First curve ball
Proof system, interaction between a prover and a verifier
You can make the certainty as high as you want
Honest prover? Honest verifier? Literature has much more about cheating provers.
I have two brothers, they gave me the great gift of skepticism because they would cheat at Monopoly, cards, etc. They would not always follow the rules.
Challenge: make sure correctly implemented, prover and verifier are following the protocol
Imposters are foiled
Leave out: Discrete logarithms = integer k exponent solving the equation bk = g, where b and g are elements of a group
volatile environment like IoT, where sometimes, devices move at a high speed, such as, for example, smart vehicles
Interactive Zero-Knowledge Proof, could have many messages back and forth.
Non-Interactive use a single message instead of many.
Deployment and correct usage are problematic: need smart people, need smart developers, smart testers, etc.
zero-knowledge Succinct Non-interactive ARgument of Knowledge
Usain Bolt?
(i.e. messages to the Verifier or the Prover might be modified or destroyed)
Anonymous Peer-2-Peer Authentication System, Vulnerability
Hard to just do threat modeling with ZKP alone, need to put it into a system, Chinese Academy of Sciences
Example of ZKP combined with classical systems or constructs
When was Zero-Knowledge Proof invented? 1982
In the 1980s.
ZKP is only 35+ years old.
Hyperbole?
2nd of 3 recommended reading suggestions, look up Matthew Green’s blog
We have a choice, dive into math symbols like this, or use a metaphor
Vertex
The verifier is Horizon Telecom, probabilistic polynomial-time
The prover is the
2,000 zcoins
Keep in mind, this is a coarse metaphor for ZKP
3 cycles,
Prover = griff computing
Verifier is us, Horizon telecom
prover is all-powerful and possesses unlimited computational resources, but cannot be trusted
verifier has bounded computation power
Messages are sent between the verifier and prover until the verifier has an answer to the problem and has "convinced" itself that it is correct.
Digest, Signature, Public key, Timestamp
Modulo n
Prover knows x, the verifier does not
S: you have seen this scary math, what does it look like in real life?
ZFA = Multi-Factor Zero Knowledge Authentication
Real World Example. In the world of user authentication, when you give a demo, there is nothing to see.
Also have a browser version.
Success after enter PIN
Success after enter PIN
Authentication demo not worth much
What we really saw was the user experience
What is one of the fastest growing areas for customer authentication?
Combined with biometrics, behavavioral biometrics
Opt out, don’t give consent, ask for alternatives
Green is digital exhaust, digital presence
GDPR: need consent to process personal data
Outed: Chen and Li (2013)
https://trustedcomputinggroup.org/wp-content/uploads/INFOGRAPHIC-TCG-PR-Works-FINAL.pdf
“severe shortcomings” weakens security
Homework #2, read this paper, 20 pages
Weakens the security
Trusted Platform Module (TPM)
Microcontroller designed by Trusted Computing Group
Interfaces with standard hardware/software platform in order to allow it to be secured
Surface mounted chip
Research
Conference this year, Canada, China, and US presented paper on
Zero-knowledge proof systems for QMA
QMA = Quantum Merlin Arthur (Merlin Arthur from computational complexity)
Shafi is the recipient of numerous awards including the Turing Award, and Grace Hopper Award
Three more pages of references and recommended reading in the backup slides section
More diagrams: http://blog.stratumn.com/zero-knowledge-explained-part-1-use-cases/
OMB memo, we need better security
If you want privacy-preserving authentication, then you need better security
Open for debate
When did passwords start?
Where are we today? This grey area.
June, Cloud Identity Summit, “Financial Services are in a race to the bottom to reduce user friction during authentication”
Why do these arrows extend in time? Won’t we kill the password?
My profile is on LinkedIn
Earlier this year I got EU GDPR certification, highly recommend it
I live at the intersection of Security, Privacy and Identity
Usual suspects
Did research, surprised to see it in standards
Many others
Drop deniability, non-repudiation, what happens when you want to make a track bicycle go fast? You take off the breaks to reduce weight, you have also produced a more dangerous bicycle
- In cryptography, the common reference string (CRS) model captures the assumption that a trusted setup in which all involved parties get access to the same string crstaken from some distribution D exists.
Rob Leslie
This is a B2C play, why won’t B2B work initially in the US?
GDPR
178 Swiss francs = ~$185
1-4 = unilateral authentication
5 is either uni or mutual authentication
Entity Authentication what is entity?
This is a reference slide, just read the red font: single message instead of many: Goal to make it more efficient
Interactive Zero-Knowledge Proof, could have many messages back and forth.
Non-Interactive use a single message instead of many.
It’s going to get worse before it gets better
It’s not just a matter of privacy, it’s a matter of security
Question: how many are open source? All but Sedicii
All but Sedicii are open source, or partially open source
More information
Just focus on the yellow column, GitHub links, some or all is open source
Why aren’t there more privacy-preserving solutions on the market? Hard to implement, setup nontrivial.
ZKP is only one part of the authentication solution
Setup involves keys
Instead of PKI with centralized root certificate authority
Decentralized, distributed TAs, receive key shares to create the whole key
Zcash, protect the privacy of transactions
3 cycles,
prover is all-powerful and possesses unlimited computational resources, but cannot be trusted
verifier has bounded computation power
Messages are sent between the verifier and prover until the verifier has an answer to the problem and has "convinced" itself that it is correct.
Digest, Signature, Public key, Timestamp
Quote Dan Crowley something you forgot, lost, or were
Secure Technology Alliance, was Smart Card Alliance
Includes Location
Mobile Identity Authentication, one could argue it mitigates using the same channel for know, have, are, all on mobile device, typically smartphone
TPM
Attestation = One component of trusted computing that has attracted particular attention is remote attestation. Attestation allows a program to authenticate itself and remote attestation is a means for one system to make reliable statements about the software it is running to another system. The remote party can then make authorization decisions based on that information.
Source: https://courses.cs.washington.edu/courses/csep590/06wi/finalprojects/bare.pdf