Showing 1–6 of 6 results for author: Grierson, S

A Framework for the Security and Privacy of Biometric System Constructions under Defined Computational Assumptions

Authors: Sam Grierson, William J Buchanan, Craig Thomson, Baraq Galeb, Chris Eckl

Abstract: Biometric systems, while offering convenient authentication, often fall short in providing rigorous security assurances. A primary reason is the ad-hoc design of protocols and components, which hinders the establishment of comprehensive security proofs. This paper introduces a formal framework for constructing secure and privacy-preserving biometric systems. By leveraging the principles of univers… ▽ More Biometric systems, while offering convenient authentication, often fall short in providing rigorous security assurances. A primary reason is the ad-hoc design of protocols and components, which hinders the establishment of comprehensive security proofs. This paper introduces a formal framework for constructing secure and privacy-preserving biometric systems. By leveraging the principles of universal composability, we enable the modular analysis and verification of individual system components. This approach allows us to derive strong security and privacy properties for the entire system, grounded in well-defined computational assumptions. △ Less

Submitted 26 November, 2024; originally announced November 2024.

DID:RING: Ring Signatures using Decentralised Identifiers For Privacy-Aware Identity

Authors: Dimitrios Kasimatis, Sam Grierson, William J. Buchanan, Chris Eckl, Pavlos Papadopoulos, Nikolaos Pitropakis, Craig Thomson, Baraq Ghaleb

Abstract: Decentralised identifiers have become a standardised element of digital identity architecture, with supra-national organisations such as the European Union adopting them as a key component for a unified European digital identity ledger. This paper delves into enhancing security and privacy features within decentralised identifiers by integrating ring signatures as an alternative verification metho… ▽ More Decentralised identifiers have become a standardised element of digital identity architecture, with supra-national organisations such as the European Union adopting them as a key component for a unified European digital identity ledger. This paper delves into enhancing security and privacy features within decentralised identifiers by integrating ring signatures as an alternative verification method. This allows users to identify themselves through digital signatures without revealing which public key they used. To this end, the study proposed a novel decentralised identity method showcased in a decentralised identifier-based architectural framework. Additionally, the investigation assesses the repercussions of employing this new method in the verification process, focusing specifically on privacy and security aspects. Although ring signatures are an established asset of cryptographic protocols, this paper seeks to leverage their capabilities in the evolving domain of digital identities. △ Less

Submitted 11 March, 2024; v1 submitted 8 March, 2024; originally announced March 2024.

Privacy-Aware Single-Nucleotide Polymorphisms (SNPs) using Bilinear Group Accumulators in Batch Mode

Authors: William J Buchanan, Sam Grierson, Daniel Uribe

Abstract: Biometric data is often highly sensitive, and a leak of this data can lead to serious privacy breaches. Some of the most sensitive of this type of data relates to the usage of DNA data on individuals. A leak of this type of data without consent could lead to privacy breaches of data protection laws. Along with this, there have been several recent data breaches related to the leak of DNA informatio… ▽ More Biometric data is often highly sensitive, and a leak of this data can lead to serious privacy breaches. Some of the most sensitive of this type of data relates to the usage of DNA data on individuals. A leak of this type of data without consent could lead to privacy breaches of data protection laws. Along with this, there have been several recent data breaches related to the leak of DNA information, including from 23andMe and Ancestry. It is thus fundamental that a citizen should have the right to know if their DNA data is contained within a DNA database and ask for it to be removed if they are concerned about its usage. This paper outlines a method of hashing the core information contained within the data stores - known as Single-Nucleotide Polymorphisms (SNPs) - into a bilinear group accumulator in batch mode, which can then be searched by a trusted entity for matches. The time to create the witness proof and to verify were measured at 0.86 ms and 10.90 ms, respectively. △ Less

Submitted 15 January, 2024; originally announced January 2024.

Scalable Multi-domain Trust Infrastructures for Segmented Networks

Authors: Sam Grierson, William J Buchanan, Craig Thomson, Baraq Ghaleb, Leandros Maglaras, Chris Eckl

Abstract: Within a trust infrastructure, a private key is often used to digitally sign a transaction, which can be verified with an associated public key. Using PKI (Public Key Infrastructure), a trusted entity can produce a digital signature, verifying the authenticity of the public key. However, what happens when external entities are not trusted to verify the public key or in cases where there is no Inte… ▽ More Within a trust infrastructure, a private key is often used to digitally sign a transaction, which can be verified with an associated public key. Using PKI (Public Key Infrastructure), a trusted entity can produce a digital signature, verifying the authenticity of the public key. However, what happens when external entities are not trusted to verify the public key or in cases where there is no Internet connection within an isolated or autonomously acting collection of devices? For this, a trusted entity can be elected to generate a key pair and then split the private key amongst trusted devices. Each node can then sign part of the transaction using their split of the shared secret. The aggregated signature can then define agreement on a consensus within the infrastructure. Unfortunately, this process has two significant problems. The first is when no trusted node can act as a dealer of the shares. The second is the difficulty of scaling the digital signature scheme. This paper outlines a method of creating a leaderless approach to defining trust domains to overcome weaknesses in the scaling of the elliptic curve digital signature algorithm. Instead, it proposes the usage of the Edwards curve digital signature algorithm for the definition of multiple trust zones. The paper shows that the computational overhead of the distributed key generation phase increases with the number of nodes in the trust domain but that the distributed signing has a relatively constant computational overhead. △ Less

Submitted 10 October, 2023; v1 submitted 7 October, 2023; originally announced October 2023.

Double Public Key Signing Function Oracle Attack on EdDSA Software Implementations

Authors: Sam Grierson, Konstantinos Chalkias, William J Buchanan, Leandros Maglaras

Abstract: EdDSA is a standardised elliptic curve digital signature scheme introduced to overcome some of the issues prevalent in the more established ECDSA standard. Due to the EdDSA standard specifying that the EdDSA signature be deterministic, if the signing function were to be used as a public key signing oracle for the attacker, the unforgeability notion of security of the scheme can be broken. This pap… ▽ More EdDSA is a standardised elliptic curve digital signature scheme introduced to overcome some of the issues prevalent in the more established ECDSA standard. Due to the EdDSA standard specifying that the EdDSA signature be deterministic, if the signing function were to be used as a public key signing oracle for the attacker, the unforgeability notion of security of the scheme can be broken. This paper describes an attack against some of the most popular EdDSA implementations, which results in an adversary recovering the private key used during signing. With this recovered secret key, an adversary can sign arbitrary messages that would be seen as valid by the EdDSA verification function. A list of libraries with vulnerable APIs at the time of publication is provided. Furthermore, this paper provides two suggestions for securing EdDSA signing APIs against this vulnerability while it additionally discusses failed attempts to solve the issue. △ Less

Submitted 10 October, 2023; v1 submitted 29 August, 2023; originally announced August 2023.

NetEvo: A computational framework for the evolution of dynamical complex networks

Authors: Thomas E. Gorochowski, Mario di Bernardo, Claire S. Grierson

Abstract: NetEvo is a computational framework designed to help understand the evolution of dynamical complex networks. It provides flexible tools for the simulation of dynamical processes on networks and methods for the evolution of underlying topological structures. The concept of a supervisor is used to bring together both these aspects in a coherent way. It is the job of the supervisor to rewire the ne… ▽ More NetEvo is a computational framework designed to help understand the evolution of dynamical complex networks. It provides flexible tools for the simulation of dynamical processes on networks and methods for the evolution of underlying topological structures. The concept of a supervisor is used to bring together both these aspects in a coherent way. It is the job of the supervisor to rewire the network topology and alter model parameters such that a user specified performance measure is minimised. This performance measure can make use of current topological information and simulated dynamical output from the system. Such an abstraction provides a suitable basis in which to study many outstanding questions related to complex system design and evolution. △ Less

Submitted 17 December, 2009; originally announced December 2009.

ACM Class: D.0