Mechanism for the prevention of password reuse through Anonymized Hashes

Ali, Junade

doi:10.7287/peerj.preprints.3322v1

Cited by 3 publications

(4 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The key issue to solve here is allowing for users to compute the Rolling Proximity Identifiers of users they may have come into contact with without leaking the information of all affected users. Developers of contact tracing apps [9] have sought guidance on implementing our original k-Anonymity communication protocol [10] to mitigate this effect (a protocol originally devised for compromised credential checking).…”

Section: Related Workmentioning

confidence: 99%

“…We seek to allow a user to query CCIs whilst minimising the privacy loss both on the server and for the client. Fortunately, this is a well explored problem in [10], [12], [13].…”

Section: B Efficient Rolling Proximity Identifier Searchmentioning

confidence: 99%

“…When a user's Temporary Exposure Key is uploaded to a server, the CCIs are computed for the period of exposure. They are then stored in k-Anonymous buckets described in [10]. The client simply needs to truncate the CCI hash to a desired number of bits such to grant anonymity (we provide both formal definitions and empirical analysis for applying k-Anonymity to hash based data sets in [15]).…”

Section: B Efficient Rolling Proximity Identifier Searchmentioning

confidence: 99%

“…During a k-Anonymous search protocol, this means the client discloses a partial hash as the search partition and then both parties are able to determine if the content of the clients search is in that partition without needing to disclosure any further information. Unlike the approach detailed in [10], this provides further cryptographic shielding of the hashes held by the server.…”

Section: B Efficient Rolling Proximity Identifier Searchmentioning

confidence: 99%

See 3 more Smart Citations

Cross Hashing: Anonymizing encounters in Decentralised Contact Tracing Protocols

Ali

Dyo

2021

2021 International Conference on Information Networking (ICOIN)

Self Cite

View full text Add to dashboard Cite

During the COVID-19 (SARS-CoV-2) epidemic, Contact Tracing emerged as an essential tool for managing the epidemic. App-based solutions have emerged for Contact Tracing, including a protocol designed by Apple and Google (influenced by an open-source protocol known as DP3T). This protocol contains two well-documented de-anonymisation attacks. Firstly that when someone is marked as having tested positive and their keys are made public, they can be tracked over a large geographic area for 24 hours at a time. Secondly, whilst the app requires a minimum exposure duration to register a contact, there is no cryptographic guarantee for this property. This means an adversary can scan Bluetooth networks and retrospectively find who is infected. We propose a novel "cross hashing" approach to cryptographically guarantee minimum exposure durations. We further mitigate the 24-hour data exposure of infected individuals and reduce computational time for identifying if a user has been exposed using k-Anonymous buckets of hashes and Private Set Intersection. We empirically demonstrate that this modified protocol can offer like-for-like efficacy to the existing protocol.

show abstract

Section: Related Workmentioning

confidence: 99%

“…We seek to allow a user to query CCIs whilst minimising the privacy loss both on the server and for the client. Fortunately, this is a well explored problem in [10], [12], [13].…”

Section: B Efficient Rolling Proximity Identifier Searchmentioning

confidence: 99%

Section: B Efficient Rolling Proximity Identifier Searchmentioning

confidence: 99%

Section: B Efficient Rolling Proximity Identifier Searchmentioning

confidence: 99%

See 2 more Smart Citations

Cross Hashing: Anonymizing encounters in Decentralised Contact Tracing Protocols

Ali

Dyo

2021

2021 International Conference on Information Networking (ICOIN)

Self Cite

View full text Add to dashboard Cite

show abstract

Towards Privacy-anomaly Detection: Discovering Correlation between Privacy and Security-anomalies

Khan

Foley

O’Sullivan

2020

Procedia Computer Science

View full text Add to dashboard Cite

Practical Hash-based Anonymity for MAC Addresses

Ali¹,

Dyo

2020

Proceedings of the 17th International Joint Conference on E-Business and Telecommunications

View full text Add to dashboard Cite

Given that a MAC address can uniquely identify a person or a vehicle, continuous tracking over a large geographical scale has raised serious privacy concerns amongst governments and the general public. Prior work has demonstrated that simple hash-based approaches to anonymization can be easily inverted due to the small search space of MAC addresses. In particular, it is possible to represent the entire allocated MAC address space in 39 bits and that frequency-based attacks allow for 50% of MAC addresses to be enumerated in 31 bits. We present a practical approach to MAC address anonymization using both computationally expensive hash functions and truncating the resulting hashes to allow for k-anonymity. We provide an expression for computing the percentage of expected collisions, demonstrating that for digests of 24 bits it is possible to store up to 168, 617 MAC addresses with the rate of collisions less than 1%. We experimentally demonstrate that a rate of collision of 1% or less can be achieved by storing data sets of 100 MAC addresses in 13 bits, 1, 000 MAC addresses in 17 bits and 10, 000 MAC addresses in 20 bits. a https://orcid.

show abstract

Mechanism for the prevention of password reuse through Anonymized Hashes

Cited by 3 publications

References 0 publications

Cross Hashing: Anonymizing encounters in Decentralised Contact Tracing Protocols

Cross Hashing: Anonymizing encounters in Decentralised Contact Tracing Protocols

Towards Privacy-anomaly Detection: Discovering Correlation between Privacy and Security-anomalies

Practical Hash-based Anonymity for MAC Addresses

Contact Info

Product

Resources

About