Anonymous Tokens with Private Metadata Bit

Kreuter, Ben; Lepoint, Tancrède; Orrù, Michele; Raykova, Mariana

doi:10.1007/978-3-030-56784-2_11

Cited by 17 publications

(21 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The generator can add further metadata to add more transparency to privacy protection applications and guide the service provider about the received data (e.g., the type of data modification). We can set different access control settings as 'metadata' for every token entry, thus defining a set of requirements that must be met for access to be granted (e.g., for multi-users/shared environments) [57]. At the cloud side, a combined input of data and the input validity received, where inauthentic or invalid inputs may be prevented from being sent at the edge device.…”

Section: Stage 4: Streaming Vector Generationmentioning

confidence: 99%

Locally Authenticated Privacy-preserving Voice Input

Aloufi¹,

Nautsch²,

Haddadi³

et al. 2022

Preprint

View full text Add to dashboard Cite

Increasing use of our biometrics (e.g., fingerprints, faces, or voices) to unlock access to and interact with online services raises concerns about the trade-offs between convenience, privacy, and security. Service providers must authenticate their users, although individuals may wish to maintain privacy and limit the disclosure of sensitive attributes beyond the authentication step, e.g., when interacting with Voice User Interfaces (VUIs). Preserving privacy while performing authentication is challenging, particularly where adversaries can use biometric data to train transformation tools (e.g., 'deepfaked' speech) and use the faked output to defeat existing authentication systems. In this paper, we take a step towards understanding security and privacy requirements to establish the threat and defense boundaries. We introduce a secure, flexible privacypreserving system to capture and store an on-device fingerprint of the users' raw signals (i.e., voice) for authentication instead of sending/sharing the raw biometric signals. We then analyze this fingerprint using different predictors, each evaluating its legitimacy from a different perspective (e.g., target identity claim, spoofing attempt, and liveness). We fuse multiple predictors' decisions to make a final decision on whether the user input is legitimate or not. Validating legitimate users yields an accuracy rate of 98.68% after cross-validation using our verification technique. The pipeline runs in tens of milliseconds when tested on a CPU and a single-core ARM processor, without specialized hardware.

show abstract

Section: Stage 4: Streaming Vector Generationmentioning

confidence: 99%

Locally Authenticated Privacy-preserving Voice Input

Aloufi¹,

Nautsch²,

Haddadi³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…19 In their protocol, users computed their full private keys (user-based key generation) and prepared data for the Using a verifiable oblivious pseudorandom function. 41,42 Security. Efficiency.…”

Section: Related Workmentioning

confidence: 99%

Zero‐knowledge‐based distributed auditing protocol

Far

Asaar

Haghbin

2022

Security and Privacy

View full text Add to dashboard Cite

Blockchain-based data outsourcing has attracted a huge deal of attention in recent years. However, key management and reliance on pre-defined or randomly-selected third-party auditors (TPAs) are still challenging owing to refusing to collaborate or break auditing policies. Additionally, it is impossible to store secrets in smart contracts (SCs) for signing or auditing. Thus, in the present study, a zero-knowledge (ZK)-based distributed auditing protocol (DAP) is provided. In this protocol, a user-based key generation mechanism offers users security against curious authorities based on no TPA causing them to reveal no knowledge about under-auditing data. Based on Pointcheval's and Sanders's signature scheme, as a ZK-based randomizable signature applied in an SC to handle the auditing process, the proposed DAP provides confidential transactions and user accountability. Evaluation indicates that the proposed ZK-based DAP is efficient for the user side and it is the fastest DAP in the blockchain.

show abstract

“…Specifically, we require that the PPOPRF scheme produces outputs of the form RO(x, τ, f (msk, x, τ)). Fortunately, many well-known OPRF primitives adhere to this requirement [17,28,33,38], including the scheme detailed in Section 5.…”

Section: Securitymentioning

confidence: 99%

“…The correctness of a ppoprf scheme primarily relates to OPRF-specific algorithms of (req, eval, finalize, blindeval), and showing that unblinded evaluation is consistent with blinded evaluation. This correctness condition originates from prior works that provide prior constructions of similar OPRFs [2,10,17,27,28,33,38]. The only change we make is to specify that correctness should only hold on unpunctured metadata tags.…”

Section: B1 Requirementsmentioning

confidence: 99%