Transcript 下載/瀏覽

多媒體網路安全實驗室
Private Information Retrieval
Scheme Combined with EPayment in Querying Valuable
Information
Date：2010.01.02
Reporter: Chien-Wen Huang
出處:Innovative Computing, Information and Control (ICICIC), 2009
Fourth International Conference on
多媒體網路安全實驗室
Outline
1
Introduction
2
Electronic Cash Approach
3
The Proposed Scheme
4
35
The Security Analysis of the Proposed Scheme
Conclusions
2
多媒體網路安全實驗室
Introduction
Formally, private information retrieval (PIR) was
a general problem of private retrieval of the iitem out of an n item database stored at the
server.
SC(a temper-proof device):It prevents
information from revealing to anyone or
administrator of the server and makes every
legal user of the server have their own privacy.
3
多媒體網路安全實驗室
Electronic Cash Approach
Untraceable e-CASH payment system
presented by Chaum is designed according to
RSA public-key system.
A.Initializing
 the bank announces (e, n) and one-way hash
function H(), but regards p, q, d as a secret.
 Suppose the electronic cash issued by bank is w
dollars.
 both the customers and the merchants taking part in
e-CASH payment system must have accounts in
the bank.
4
多媒體網路安全實驗室
B. Withdrawing
 The customer wants to withdraw money w dollars
from the bank account.
e


r
 H (m) is delivered to the bank for signing.

 the bank will withdraw w dollars from customer’s
account,and sign α to get blinded cash t to customer.
t   d  r  H (m) d
 After receiving the blinded cash, the customer
computes c  r 1  t  H (m) d mod n
 (c, m) is the available e-CASH.
5
多媒體網路安全實驗室
C. Ordering
 Before the customer orders some products or has
electronic service from online merchant.
 the merchant will first verify customer’s ID and then
give a bill to the customer asking for his signature to
confirm the transaction.(makes sure the transaction
is valid)
6
多媒體網路安全實驗室
D. Paying
 When database server charges money to
customers, they can pay withdrawn e-CASH (c, m)
to the merchant.
 After receiving e-CASH from customers, the
merchant will verify the validity of e-CASH and
execute double-spending checking.
7
多媒體網路安全實驗室
THE PROPOSED SCHEME
8
多媒體網路安全實驗室
Database 1:stores the roster,ID and personal
information of all membership.
Database 2 is a special database (patent or
pharmaceutical database) and stores their
integrated information(Bi) and price.
Database 3: stores encrypted customers’
identification (ID'), e-cash paid by customers,
buying information (Bi) and the encrypted
buying information (C').
9
多媒體網路安全實驗室
the following notation is used in the description
-PKSC: the public key of SC
-SKSC: the secret key of SC
-PKC: the public key of the customer
-SKC: the secret key of the customer
-ID: the customer’s identification
-ID': the encrypted customer’s identification(by
Hash function)
10
多媒體網路安全實驗室
-M: the secure message of customer’s
identification and buying information
-M': the secure message of customer’s
identification and buying price created by SC.
-C: the secure message of payment created by
customers
-C': customers pay for the encrypted patent Bi
11
多媒體網路安全實驗室
-Bi: the information of customer’s buying
-B: the entire information database
-D: the digest of Bi
-Price: the price of customer’s buying Bi
-e-Cash: electronic cash based on blind signature
12
多媒體網路安全實驗室
A. Initialization Phase
1. Customers previously skim over the digest and
price of buying information database B.
2. The customer produces a pair of keys (PKC,SKC)
and SC produces a pair of keys (PKSC,SKSC).
B. Authentication and Purchase Phase
1. The customer uses public keyM  E PK (ID, D, P K C )
2. The customer delivers encrypted M to SC.
3. SC receives M,and ID || Bi || PKC  DSK SC ( M )
SC
 DSK SC (E PKSC ( ID, Bi , PKC ))
13
多媒體網路安全實驗室
4. SC verifies the customer’s ID from Database 1,
collates the ID of all the membership and
temporarily stores the qualified customers’ID.
5. SC computes Hash function operationID '  Hash ( ID)
6. SC gets the buying information and price from
Database 2. The qualified B and price will
temporarily store in SC.
'
'
M

E
(ID
, Pr ice) to customer.
7. SC:
PKSC
8. Customer: ID ' || Pr ice  DSK ( M ' )
i
C
 DSK C (E PKC ( ID ' , Pr ice))
14
多媒體網路安全實驗室
C. Payment Phase
1. Customer: uses the public key PKSC of SC to
encrypt C  E PKSC (ID ' ,eCASH, PKC )
2. The customer delivers C to SC
3. The SC receives and decrypts C
ID' || eCASH || PKC  DSKSC (C)  DSKSC (E PKSC ( ID' , eCASH, PKC ))
4. SC will check its validity and whether it is
doublespending to the bank.If the eCASH is no
problem,the payment phase is finished.
15
多媒體網路安全實驗室
D. End Phase
1. SC: C '  E PKSC (ID ' ,Bi )
2. SC transfers C' to the customer and saves(ID', C',
eCASH) of the customer in Database 3.
3. the customer obtains C’ and decrypts it .
ID ' || Bi  DSK C (C ' )  DSK C (E PKC ( ID ' , Bi ))
4. Then the deal of buying information is over.
16
多媒體網路安全實驗室
THE SECURITY ANALYSIS OF THE PROPOSED
SCHEME
A. The Analysis in the Authentication Phase
 The information which transfers between SC and
the customer is encrypted by the public-key
cryptography.
 Because the identity authentication process of the
customer is processed in SC,it can protect the user
privacy in the authentication phase.
 SC gets all the ID from Database 1 and compare to
the customer’s ID,Because all the ID of the legal
customers are caught into SC(no one including the
server knows which customer wants to buy
information.)
17
多媒體網路安全實驗室
B. The Analysis in the Purchase Phase
SC gets all the information in B and the price to
compare with Bi and Price.
 Then, keep the match information in SC
Because all information is caught into SC, no one
including the server knows what the customer buys.
18
多媒體網路安全實驗室
C. The Analysis in the Payment Phase
1. SC will check its validity and whether it is doublespending to the bank.The bank can only confirm
that the eCASH is approved by the bank or not.
2. For reaching the goal of non-repudiation in the
deal
 SC saves (ID', C', eCASH) into Database 3.
 the secret information C' is encrypted by PKC
 So,everyone including the server does not know Bi.
19
多媒體網路安全實驗室
CONCLUSIONS
The proposed scheme solves the flaw in the
previous PIR schemes which did not consider
the e-payment need.
To keep the privacy protection property of PIR
schemes, we choose an e-cash scheme using
a blind signature.
Let the customer choose a random number r as
a blinding factor for protecting his privacy.
20
多媒體網路安全實驗室