Research On Practical Private Data Aggregation And Secure Authentication Protocols

In recent years,with the development of social information,various behaviors in human work and life are gradually recorded digitally,which leads to the explosive growth of data.The value contained in data is increasingly evident,making it one of the main factors of production that drives the development of the entire world.The core value of data is circulation and sharing,creating new value and enabling new scenarios.The globalization of data resources has become an important trend of global development.However,there are two common problems in the process of data sharing: first,a large amount of data is distributed in different institutions,systems,and devices that are not connected,forming ”data islands”;Second,in recent years,there have been frequent breaches of private data.Data owners distrust each other and are increasingly reluctant to share data.The emergence of private computation provides technical support for data globalization to solve the above two problems.With the rapid commercialization of hardware technology and cryptography,some problems are gradually exposed in this area.Firstly,many privacy computation schemes use a trusted execution environment to protect the privacy of data execution.However,resource limitations and host attacks are still obstacles to its practical application.Secondly,some schemes using cryptographic privacy computation technology require frequent interactions and complex calculations between participants,which hinders the process of their practical application.Finally,while ensuring privacy and practicality,we should also consider the possibility of malicious attackers,which will pose a more serious threat to data privacy in the system.Given the trust boundary pollution problems of the trusted execution environment,we employ the trusted execution environment to achieve practical multi-party collaborative computing,using lightweight cryptography operations to protect data,which reduces the computational cost of the system.Through the trusted execution environment of the key distribution center,we implement simple key management.In addition,we propose a credential-assisted function authorization and a verification mechanism to solve the host attack problem effectively.The online/offline mode relieves the online computing pressure of the system,and the constant online communication and computing costs are also suitable for resource-constrained environments.For the problem that the schemes based on cryptographic technologies are not practical,we present a biometric-authenticated key exchange framework in the end-to-end secure communication scenario.The main idea is to convert a biometric characteristic into a biometric secret key to implement biometric authentication.We propose a new asymmetric fuzzy encapsulation mechanism to implement a single-round communication protocol between two parties.Each party generates a biometric public key based on a corresponding biometric secret key,and encapsulates a secret value with the biometric public key to negotiate a secure session key.Only a party with a secret key that is very similar to the target secret key can decapsulate the message.Finally,we use the shared secret values to generate a secure session key.We use realistic biometrics(iris and fingerprint)databases to instantiate our framework.The security analysis and experimental results prove that the proposed scheme is practical and advanced.To solve the problem of malicious attackers,we proposed an updatable fingerprintbased authentication key agreement protocol in client/server secure communication scenarios.We consider that malicious attackers may obtain user credentials by corrupting the server to disguise their identity.In this paper,we design a fingerprint-based blind credential authentication scheme,which hides a fingerprint template into a blind fingerprint credential.When the server’s credential database is compromised,the server can update the credential database independently to invalidate the lost credentials,thus effectively avoiding subsequent attacks.In addition,we use lightweight private computation technologies in designing this protocol,which only needs single-round interaction and linear computing complexity.We focus on the difficult problems of two different private computation techniques in this paper,i.e.,the trusted execution environment and cryptographic techniques.This paper designs low-interaction,low-computation,and low-storage secure protocols in three promising practical scenarios,i.e.,the privacy-preserving data aggregation scenario,the end-to-end secure communication scenario,and the Client/Server secure communication scenario.We show the security and practicability of the designed protocols by giving rigorous secure analysis and conducting prototype experiments.Although this paper cannot cover all aspects of private computation,it will enrich the security protocol design theory.In addition,it provides a new perspective for privacy-preserving data aggregation and secure authentication research,and provides technical support for the long-term sustainable development of privacy computation.