In the last 30 years, an array of cryptographic protocols have been offered to fix secure and safe communication problems even in the presence of adversaries. The plethora of this work differs from developing basic security primitives offering confidentiality and authenticity to handling more complicated, application-specific problems. However, when these types of protocols are implemented in practice, a major problem is to make sure not just security but also privacy throughout these protocols’ lifetime. As computer-based devices are extensively used and the Internet is more globally accessible, different types of applications and unique forms of privacy threats are being unveiled. Furthermore, user privacy (or equivalently, key privacy) is more likely to be compromised in large-scale distributed applications since the lack of a central authority complicates control over these applications. Within this report, we look at 3 relevant cryptographic protocols facing user privacy threats…
Contents: Enhancing Privacy in Cryptographic Protocols
1 Introduction
1.1 A New Privacy-Enhanced Matchmaking Protocol
1.1.1 Our Contributions
1.2 Enhancing Password Privacy of Password-Based Authenticated Key Exchange in the Real World
1.2.1 Our Contributions
1.3 Retaining Non-tightly Reduced Privacy Properties of Secure Encryption Schemes in the Real-World
1.3.1 Our Contributions
1.4 Thesis Organization
2 Preliminaries
2.1 Notations
2.2 The Adversarial Model
2.3 Basic Primitives
2.4 Password-based Authenticated Key Exchange (PAKE)
2.4.1 Previous Works
2.4.2 Efficiency of PAKE
3 A New Privacy-Enhanced Matchmaking Protocol
3.1 Outline of the Chapter
3.2 Related Work
3.3 Preliminaries and Assumptions
3.4 Security of Privacy-Enhanced Matchmaking
3.4.1 Security Properties that Counter On-line Adversaries
3.4.2 Security Properties that Counter Off-line Adversaries
3.5 Protocol Design
3.5.1 Relevant PAKE Security Properties
3.5.2 Generalizing Passwords as Low-entropy Secrets and Adding Perfect Blindness
3.5.3 Final Step of Building a Privacy-enhanced Matchmaking Pro-tocol
3.6 PAKE security implies forward security
4 Enhancing Password Privacy of Password-Based Authenticated Key Exchange in the Real World
4.1 Outline of the Chapter
4.2 Background of Our Attacks
4.3 Delay-Based Attacks
4.3.1 Counting Attack Queries: Login Requests or Failed Logins?
4.3.2 Timeout-Delay Attack
4.3.3 Synchronization-Delay Attack
4.3.4 Multi-Domain Attacks
4.4 Security Definitions for PAKE Protocols
4.4.1 The Formal Definition
4.4.2 A Concrete Security Definition
4.5 Analysis of the Delay-Based Attacks and Recommendations
4.5.1 Timeout-based Attacks
4.5.2 Representation of Synchronization-based Attacks
4.5.3 Recommendations for Existing PAKE Protocols
4.5.3.1 Enhancement 1
4.5.3.2 Enhancement 2
4.5.3.3 Fully Concurrent PAKE in TLS
4.6 Conclusion
4.7 Simple Experiments with Delay-Based Attacks
5 Retaining Non-tightly Reduced Privacy Properties of Secure Encryption Schemes in the Real-World
5.1 Outline of the Chapter
5.2 Security Properties of Encryption Schemes
5.2.1 Non-tight Reductions
5.2.2 Security Properties Obtained by Tight and Non-Tight Reductions
5.3 Attacks against Secure Encryption Schemes….
Source: University of Maryland