Description
Users increasingly rely on the ``social cloud'' for storing and sharing personal information, for establishing new contacts, and for interacting with their friends and colleagues. Even though social media platforms may differ in the target audience, in the nature of collected and disseminated information, and in services offered to the users, there are several building blocks that enable user's social interactions and are deployed by the majority of these platforms. Designing these building blocks in a secure and privacy-preserving way is of utmost importance, should potential damage from the misuse of user-provided content in the existing ``social cloud'' be averted.<br/> Due to the absence of appropriate models and security/privacy definitions it is, so far, impossible to judge, whether a proposed protection mechanism is suitable or not, whether it can be applied in general, or is tailored to a specific social media platform. Instead of using ``ad-hoc'' and ``best practice'' solutions with questionable guarantees, it is advisable to strive for a more formal treatment of the underlying building blocks by providing sophisticated security/privacy definitions and designing solutions amenable to formal reasoning and security proofs.<br/> In the first part of my talk I will focus on the management of personal user profiles. User profiles serve as a main building block for most social media platforms. I will introduce a formal cryptographic model for \emph{private} user profiles, supporting generation of the digital content owned by the user and its controlled disclosure to other users of the social community. I will present formal definitions of security and privacy that reflect the natural expectations on private profiles. I will further describe two general solutions based on different encryption techniques and highlight their trade-offs from the security/privacy and complexity point of view. These solutions do not require any specific network infrastructure or any trusted third parties. The provided analysis takes into account statistics of several real-world social media platforms. The second part of my talk will address the problem of discovery of common social contacts, for which I will introduce the first privacy-friendly practical solution that lets two users, on input their respective contact lists, learn their common contacts (if any), and nothing else. The proposed protocol prevents arbitrary list manipulation by means of contact certification, and guarantees user authentication and revocability. I will explain why current approaches such as private set intersection or anonymous credentials, although being related, do not provide an appropriate solution to this problem. I will discuss the modeling of contact-hiding security that private contact discovery should provide. I will also highlight efficiency considerations for the proposed protocol that does not require involvement of any trusted third parties and can be deployed in resource-constraint environments.<br/> The content of this talk is based on the recent results from FC 2011/RLCSP, ASIACCS 2011, and ACNS 2011.
Prochains exposés
-
Dual attacks in code-based (and lattice-based) cryptography
Orateur : Charles Meyer-Hilfiger - Inria Rennes
The hardness of the decoding problem and its generalization, the learning with errors problem, are respectively at the heart of the security of the Post-Quantum code-based scheme HQC and the lattice-based scheme Kyber. Both schemes are to be/now NIST standards. These problems have been actively studied for decades, and the complexity of the state-of-the-art algorithms to solve them is crucially[…]-
Cryptography
-
-
Présentations des nouveaux doctorants Capsule
Orateur : Alisée Lafontaine et Mathias Boucher - INRIA Rennes
2 nouveaux doctorants arrivent dans l'équipe Capsule et présenteront leurs thématiques de recherche. Alisée Lafontaine, encadrée par André Schrottenloher, présentera son stage de M2: "Quantum rebound attacks on double-block length hash functions" Mathias Boucher, encadré par Yixin Shen, parlera des algorithmes quantiques et des réseaux euclidiens. -
Design of fast AES-based Universal Hash Functions and MACs
Orateur : Augustin Bariant - ANSSI
Ultra-fast AES round-based software cryptographic authentication/encryption primitives have recently seen important developments, fuelled by the authenticated encryption competition CAESAR and the prospect of future high-profile applications such as post-5G telecommunication technology security standards. In particular, Universal Hash Functions (UHF) are crucial primitives used as core components[…]-
Cryptography
-
-
Lie algebras and the security of cryptosystems based on classical varieties in disguise
Orateur : Mingjie Chen - KU Leuven
In 2006, de Graaf et al. proposed a strategy based on Lie algebras for finding a linear transformation in the projective linear group that connects two linearly equivalent projective varieties defined over the rational numbers. Their method succeeds for several families of “classical” varieties, such as Veronese varieties, which are known to have large automorphism groups. In this talk, we[…]-
Cryptography
-
-
Some applications of linear programming to Dilithium
Orateur : Paco AZEVEDO OLIVEIRA - Thales & UVSQ
Dilithium is a signature algorithm, considered post-quantum, and recently standardized under the name ML-DSA by NIST. Due to its security and performance, it is recommended in most use cases. During this presentation, I will outline the main ideas behind two studies, conducted in collaboration with Andersson Calle-Vierra, Benoît Cogliati, and Louis Goubin, which provide a better understanding of[…]