Artwork

Content provided by Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Player FM - Aplicație Podcast
Treceți offline cu aplicația Player FM !

Dr. Andrew Lindell: Anonymous Authentication-Preserving Your Privacy Online

1:02:26
 
Distribuie
 

Manage episode 152212006 series 1053194
Content provided by Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Our right to privacy is under attack today. Actually, no one denies our right to privacy. However, in reality, this right is being eroded more and more as every minute passes. Some of this has to do with the war on terror, but much of it simply has to do with the fact that our online actions can and are being recorded in minute detail. In this presentation we describe some concrete dangers that arise out of this situation and show that the uncomfortable feeling we have when our privacy is compromised is the least of our problems. We also show that a full understanding of these concrete dangers is crucial for coming up with adequate privacy-preserving solutions.
Having argued that the erosion of our privacy is a real danger, we discuss solutions to preserving privacy online. Some of these solutions are merely technical, like anonymous web surfing, but solve only a small part of the problem. For example, anonymous web surfing does not help if a user has to authenticate herself in order to access an online service (consider the case of a newspaper or magazine that requires subscription, and sometimes even paid subscription). Furthermore, as we will show, simple solutions like pseudonyms do not actually solve the real problems. Fortunately, it is possible to use anonymous authentication. Despite the fact that this seems to be a contradiction in terms, it is actually possible to authenticate without revealing your identity. In this type of protocol, the only information learned by the authenticating server is that the user is authorized. In particular, the authenticating server learns nothing whatsoever about the identity of the specific user that now entered the system! Cryptographic solutions to this problem and exist and are often called "anonymous credentials". However, all known solutions are relatively complex and require non-standard asymmetric operations (i.e., operations that are not available on standard smartcards). Thus, the deployment of such solutions is complex. In this presentation, we present new solutions to this problem that are simple and can be implemented using standard smartcard technology (and even passwords, although this achieves a weaker security guarantee). We also suggest concrete applications where the use of this primitive is especially appropriate.
  continue reading

89 episoade

Artwork
iconDistribuie
 
Manage episode 152212006 series 1053194
Content provided by Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Black Hat Briefings, USA 2007 [Video] Presentations from the security conference. or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Our right to privacy is under attack today. Actually, no one denies our right to privacy. However, in reality, this right is being eroded more and more as every minute passes. Some of this has to do with the war on terror, but much of it simply has to do with the fact that our online actions can and are being recorded in minute detail. In this presentation we describe some concrete dangers that arise out of this situation and show that the uncomfortable feeling we have when our privacy is compromised is the least of our problems. We also show that a full understanding of these concrete dangers is crucial for coming up with adequate privacy-preserving solutions.
Having argued that the erosion of our privacy is a real danger, we discuss solutions to preserving privacy online. Some of these solutions are merely technical, like anonymous web surfing, but solve only a small part of the problem. For example, anonymous web surfing does not help if a user has to authenticate herself in order to access an online service (consider the case of a newspaper or magazine that requires subscription, and sometimes even paid subscription). Furthermore, as we will show, simple solutions like pseudonyms do not actually solve the real problems. Fortunately, it is possible to use anonymous authentication. Despite the fact that this seems to be a contradiction in terms, it is actually possible to authenticate without revealing your identity. In this type of protocol, the only information learned by the authenticating server is that the user is authorized. In particular, the authenticating server learns nothing whatsoever about the identity of the specific user that now entered the system! Cryptographic solutions to this problem and exist and are often called "anonymous credentials". However, all known solutions are relatively complex and require non-standard asymmetric operations (i.e., operations that are not available on standard smartcards). Thus, the deployment of such solutions is complex. In this presentation, we present new solutions to this problem that are simple and can be implemented using standard smartcard technology (and even passwords, although this achieves a weaker security guarantee). We also suggest concrete applications where the use of this primitive is especially appropriate.
  continue reading

89 episoade

Todos los episodios

×
 
Loading …

Bun venit la Player FM!

Player FM scanează web-ul pentru podcast-uri de înaltă calitate pentru a vă putea bucura acum. Este cea mai bună aplicație pentru podcast și funcționează pe Android, iPhone și pe web. Înscrieți-vă pentru a sincroniza abonamentele pe toate dispozitivele.

 

Ghid rapid de referință