Protean Signature Schemes

Authors

Stephan Krenn (AIT), Henrich C. Pöhls (UNI PASSAU), Kai Samelin (IBM Research Zurich), Daniel Slamanig (AIT)

Abstract

tba

Venue

Cryptology and Network Security - CANS 2018  (http://cans2018.na.icar.cnr.it/)

Place and Date

Naples, Italy, Sep 30 - Oct 3, 2018

Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Qualitative Study of Perspectives by Medical Professionals and Patients

Authors

Alaqra AS, Fischer-Hübner S, Framner E

Abstract

Background: Patients’ privacy is regarded as essential for the patient-doctor relationship. One example of a privacy-enhancing technology for user-controlled data minimization on content level is a redactable signature. It enables users to redact personal information from signed documents while preserving the validity of the signature, and thus the authenticity of the document. In this study, we present end users’ evaluations of a Cloud-based selective authentic electronic health record (EHR) exchange service (SAE-service) in an electronic health use case. In the use case scenario, patients were given control to redact specified information fields in their EHR, which were signed by their doctors with a redactable signature and transferred to them into a Cloud platform. They can then selectively disclose the remaining information in the EHR, which still bears the valid digital signature, to third parties of their choice.

Objective: This study aimed to explore the perceptions, attitudes, and mental models concerning the SAE-service of 2 user roles: signers (medical professionals) and redactors (patients with different technical knowledge) in Germany and Sweden. Another objective was to elicit usability requirements for this service based on the analysis of our investigation.

Methods: We chose empirical qualitative methods to address our research objective. Designs of mock-ups for the service were used as part of our user-centered design approach in our studies with test participants from Germany and Sweden. A total of 13 individual walk-throughs or interviews were conducted with medical staff to investigate the EHR signers’ perspectives. Moreover, 5 group walk-throughs in focus groups sessions with (N=32) prospective patients with different technical knowledge to investigate redactor’s perspective of EHR data redaction control were used.

Results: We found that our study participants had correct mental models with regard to the redaction process. Users with some technical models lacked trust in the validity of the doctor’s signature on the redacted documents. Main results to be considered are the requirements concerning the accountability of the patients’ redactions and the design of redaction templates for guidance and control.

Conclusions: For the SAE-service to be means for enhancing patient control and privacy, the diverse usability and trust factors of different user groups should be considered.

Venue

Journal of  Medical Internet Research 2018;20(12):e10954

[Download]

CEA

Executive Summary

PRISMACLOUD aims at bringing novel cryptographic concepts and methods to practical application to improve the security and privacy of cloud based services and makes them usable for providers and users.
This document is a report on the security analysis performed on the prototype device demonstrating the hardware secure implementation of crypto primitives that was performed during task T6.4. The prototype device implements a redactable signature scheme such as described in deliverable D4.4 [1] that is robust to attacks with quantum computers. Deliverable D6.7 [2] explains the choice of Keccak and BLISS as cryptographic primitives. Deliverable D6.8 [3] describes the hardware itself.
The hardware implementation of these primitives aims at providing more performance on speed and security. Hardware implementation generally offer tamper resistance to a wide variety of attacks including side channel attacks, provided that the right counter measures are implemented. It is the purpose of Task 6.4 to evaluate the robustness of the cryptographic primitives.
A short risk analysis allows to focus the evaluation on the signing algorithm (BLISS). An analysis of the algorithm shows a vulnerability in the sparse multiplication that could be used to gain access to the key. The hardware has been slightly modified to ease the characterisation of the vulnerability, and a characterisation has been conducted, showing a path to an attack of the sparse multiplication. The masking property of the scalar product used in Greedy Scale makes it impossible to build an equation system to retrieve the coefficients of the key directly. But another property of the key coefficients allows to overcome that difficulty. The secret key coefficients are elements of a cyclotomic ring which has convenient multiplication properties. Within the trace we should always find the trace of a coefficient and its opposite. Thanks to this property a simple algorithm to retrieve the coefficient has been designed and the keys retrieved. With knowledge of this attack, it is possible to describe some countermeasures that would harden the sparse multiplication and make the attack impossible.

UNIL, UNI PASSAU, AIT

Executive Summary

The standardisation activity, which spanned over the entire duration of the project, started with one year of analysis, planning, and preparation. A standardisation plan was developed (D9.5, M12) and its implementation decided by the project plenary. In course of the imple-mentation, we established liaisons with two working groups of the ISO/IEC JTC1 SC 27 “IT Security”1: WG2 "Cryptography and Security Mechanisms" for activities concerning low level cryptographic primitives, and WG4 "Security Controls and Services” for activities on a service level; and participated for one year (March 2017 – Feb. 2018) in the specialist task force ETSI TC CYBER STF5292 which produced a Technical Specification in the field of attribute based credentials.
In the ISO, we attended four of ISO/IEC’s semi-annual meetings around the world and also participated in standardisation work between the meetings. Detailed intermediate reporting can be found in D9.6 (M24) and D9.3 (M30). To secure our impact, three project partners also sought accreditation through the mirror committees of SC27 of two European national bodies (of Germany and Austria). Through the national bodies we were able to contribute about 90 comments for the standard ISO/IEC 19086-4 “Cloud computing Service Level Agreement (SLA) framework - Part 4: Security and privacy” of WG4, which defines objec-tives to be negotiated between cloud providers and customers in a cloud SLA. Through the leverage of our national bodies’ voting rights, we were able to add several objectives to the standard for the kinds of services and tools that we developed in the project. In more detail: objectives for integrity protection of data in motion, for anonymous and pseudonymous au-thentication support and for data minimisation cryptographic controls. We also contributed a complete overhaul of a “Cryptography Component”, which is central to the standard, by systematically extending its scope to confidentiality and integrity protection not only “in motion” (as previously proposed), but also “at rest” and “during computation”.
In WG2 we carried out an operation through three of the ISO meetings: We proposed and organized a “study period” on the potential instantiation of a new standard for redactable signatures, being one of the core technologies proposed in PRISMACLOUD. Based on positive evaluation and feedback, we proposed a new “work item” (i.e. to develop a new stand-ard) and finally found the support of five other national bodies to officially start the new standard ISO/IEC 23264 “Information technology – Security techniques – Redaction of au-thentic data”. ISO/IEC 23264 will be a standard, proposed and shaped by a H2020 project3. A first “working draft” version (of 15 pages) was prepared by project partners UNI PAS-SAU, AIT—and was just by the time of this writing (19 June, 2018) sent out by ISO on its world-wide list with a call for contribution (See Appendix for this version).
A critical assessment of our activities confirms that we could achieve actual dissemination of project results into standards even during the relatively short (for standardisation processes) project duration of 3.5 years. We were certainly also lucky to encounter standards in project stages suitable for our contribution—and to receive within the ISO context the support of colleagues from research, industry, and administration for our plans. But we also could se-cure the continuation of the standardisation activity beyond project end—with AIT and UNI PASSAU having declared to remain active in cloud security and privacy standardisation in ISO SC27 and to continue to drive the standardisation activities that sprung off the PRISMACLOUD project.

TUDA, AIT, TUGRAZ, UNEW

Executive Summary

PRISMACLOUD aims at bringing novel cryptographic concepts and methods to practical application, to improve the security and privacy of cloud based services, and make them usable for providers and users. The purpose of this deliverable is to present research results developed within PRISMACLOUD that focuses on authenticators providing long term security. In particular we show novel authenticators providing everlasting privacy that can be used within the VERIDAP tool. This tool relies on verifiable computing schemes allowing for verifiable data processing by means of performing verifiable computations on data stored in the cloud. It was described in detail in Deliverable D5.10. In Deliverable D5.11 it was shown how to extend the tool to support operations on data stored in distributed fashion, i.e. stored as secret shares. Proactive secret sharing is known to provide long-term privacy with respect to the shareholders. In this deliverable we now present authenticators that provide long-term privacy with respect to the verifiers.
Proactive secret sharing often uses commitments to ensure the integrity of the shared data after share renewal. We present research results on share renewal, that preserves information theoretic privacy.
We additionally present research results on the topic of post-quantum unforgeable authenticators. Here the long-term security focus is on the unforgeability of authenticators in particular signatures in the future against the presence of quantum adversaries.
Finally we will present our work on zero-knowledge proofs, that can be used in our TOPOCERT tool, as detailed in Deliverable D5.7. Here the sensitive information is also private with respect to verifiers in an information theoretic sense, thus achieving long-term privacy.

ATOS, ETRA, LISPA

Executive Summary

This report is the second deliverable of the task T7.1 Security and Privacy by design. This task defines the translation of privacy principles as outlined in data protection legal frameworks into privacy targets which could then be ranked and categorized to determine the design priorities. During the previous phases of this task a complete Privacy and Security report, result of the appliance of the PRIPARE Methodology Handbook1, was delivered. The D7.1 Progress report for security and privacy by design guidelines covers the whole process of the software production, from the earliest stages of the development: requirements elicitation, until the latest ones, such as: release, maintenance and decommission.
Then this deliverable evaluates if the final pilots implemented on PRISMALCOUD project complies with the recommendations given on the previous deliverable of this task, D7.1 Progress report for security and privacy by design guidelines.
In order to do so, a detailed analysis of the compliance of the privacy principles (legal and functional) have been studied. The study verifies that the final components of each use case achieve successfully the compliance of the different privacy and security controls.
This document is designed to be read by privacy and security managers, privacy and security operations managers, privacy and security engineers and, last but not least, the developers. It defines the essentials to verify that all privacy and security controls and measurements have been applied correctly.

KAU, UNIL, AIT, XITRUST

Executive Summary

This deliverable summarises the main findings of the Human Computer Interaction (HCI) research work within the PRISMACLOUD project.
The focus of our work has been on researching HCI aspects and providing HCI guidelines for the Selective Authentic Exchange Service in eHealth and for the Archistar service used in PRISMACLOUD’s eGovernment use case. These two services posed several interesting and practically relevant research challenges that we addressed using a human-centred design approach involving different types of relevant stakeholders. In particular, we conducted user studies via interviews, focus groups, cognitive walkthroughs and inspections for eliciting and refining HCI requirements and for evaluating user interface concepts with the help of user interface mockups.
As a result of our user studies, we present guidelines for making the services usable, accepted, trusted, which will also in the end help to make them well deployable.
These HCI guidelines for usable user interfaces for the Selective Authentic Exchange Service in eHealth and Archistar, or related privacy-enhancing solutions based on malleable signatures or secret sharing, are provided in the form of five HCI patterns. They form the core for this deliverable. The HCI pattern approach has enabled us capturing, sharing and structuring user interface knowledge not only within but also beyond the PRISMACLOUD project.
In particular, this deliverable include the following HCI pattern collection:
* HCI.PR1 Digital Signature Visualization
* HCI.PR2 Stencil for Digital Document Redaction
* HCI.PN3 Locking-in Fields in Redactable Digital Documents
* HCI.PN4 Archistar Configuration Split View
* HCI.PR5 Data-Centric Settings for automated Archistar Configuration
HCI.PR1 and HCR.PR2 are updated versions of patterns that we published in a conference article and presented at HCII 2018.
Moreover, details of the research results are presented in two appended research articles titled “Enhancing Privacy Controls for Patients via a Selective Authentic EHR Exchange Service – Perspectives by Medical Professionals and Patients” (Appendix A) and “Usable Configuration Management for Secure Multi-cloud Storage Applications” (Appendix B).

UNIL, AIT, UNI PASSAU, ATOS, FCSR, IRT

Executive Summary

The PRISMACLOUD services are intended for use by people, companies, and organisa-tions who are rather experts for their own domains than for the complexities of highly distributed cloud applications and services, involving cryptography. The goal of this task (and finally this deliverable) is to communicate to these prospective end users the capabil-ities of the PRISMACLOUD services, and the context and consequences of their use. Based upon this information, sound and sustainable decisions regarding the deployment of storage and processing to the proposed cryptographically secured services shall be ena-bled. The idea is to provide a kind of "handbook" for the services, providing the infor-mation in a way accessible to the intended end users. We use cloud security and privacy patterns to describe the recurring security and privacy problems in the cloud that we ad-dress with the proposed solutions, and the assumptions, prerequisites, and consequences of their practical application.
Our strategy in the project was to closely participate in the development of the services, to monitor and understand the relevant aspects, and transcribe them into a more widely un-derstandable but nevertheless precise representation. We started with a set of nine pat-terns, which we developed in the first project year from the portfolio of the cryptographic technologies of the initial project plan (project proposal), and from initial considerations about security and privacy threats in currently available cloud services that need to be addressed. In the following, we presented our approach and the evolving patterns in sev-eral publications and presentations, e.g. at the ENISA Annual Privacy Forum 2016 in Frankfurt/Main1. In one specific publication, we identified the use of security and privacy patterns as promoter for a more widespread use of cryptography in the cloud.
But the work on the patterns also prove to be very practical within the project itself. We presented the patterns at the recurring project plenary meetings and thus supported the common understanding of the different services among the consortium. During a joint workshop among colleagues, where the four-tier structure of the PRISMACLOUD archi-tecture was developed (in M14), we used the patterns to guide the workshop participants and provide a basis for a common discussion among the experts from several domains. Consequently, we contributed single sections on our pattern approach to deliverables on the PRISMACLOUD architecture and our proper development methodology Crypto-graphic Software Design Life Cycle CryptSDLC (D7.5 and D7.6). Finally, we established the pattern approach as part of the CryptSDLC in a publication, which is probably the first publication of a software development life cycle, explicitly covering the integration of cryptographic engineering.
This document contains the final patterns, as well as considerations of aspects we re-searched while preparing the information for the end users. These parts (in the “context” section) are not yet published research. Other work that is published and available is not repeated in this document (but referenced by citation and internet link in section 2 “Task activity report” on p. 11).

AIT, UNIL, ATOS, UNI PASSAU, KAU

Executive Summary

PRISMACLOUD is a huge undertaking with various results, and an outside to the consortium advice and guidance is necessary to achieve outstanding results with high exploitation possibilities. At the project start we established an Advisory Board (AB) with experts coming from relevant to the project fields. We had frequent interactions with them where we received and integrated their feedback which helped to drive the PRISMACLOUD project success.
During the second and third reporting period we organised two dedicated AB workshops and one AB workshop during the 12th IFIP Summer School on Privacy and Identity Management 2017. In addition, except for the above mentioned workshops we often had the chance to meet and discuss with the AB members about the project in conferences and events.
The 1st AB Workshop took place immediately after the end of the project’s first year where we discussed about the project’s use cases and technologies as well as about possible collaborations, dissemination and exploitation opportunities. The AB feedback from this 1st workshop help us to develop the PRISMACLOUD Architecture, to refine the use cases and to receive useful guidance on standardization.
The 2nd AB Workshop took place in March 2017 where the consortium had already produced several outcomes and experts’ view was necessary to refine them. In this workshop we show the first demonstrators and we received positive feedback. We discussed a lot about the exploitation of the results and on how we can bring them to the market and After the workshop we worked intensively on our exploitation strategy and examined the possibilities of open source software.
During the IFIP Summer School on Privacy and Identity Management 2017 we co-organised together with the CREDENTIAL project a workshop to receive feedback on the demonstrators not only from our AB members but also from other experts in the field. The experts pointed out that the technologies must also be useable and understandable for IT experts and system architect who have not a deep knowledge of cryptography or security. The feedback received helped us to improve our solutions and make them more usable and understandable.
To sum up, the useful advice from the external experts helped us to shape the project and played a key role to the final project results.

AIT

Executive Summary

In summary, PRISMACLOUD was successfully executed as planned in the grant agree-ment without any delay. All core work packages of the current reporting period (WP3, WP7 and WP8) were in time and delivered as planned. Accompanying tasks in WP1 and WP9 have been also very active and supported the project with coordination, communication and dissemination activities and generated substantial visibility through participation in many events. Furthermore, the PRISMACLOUD consortium achieved interesting scientific results and published them in the proceedings of peer-reviewed conferences and journals, many of them in good venues as recommended by the reviewers (WP4, WP5). Also, the security testing of the hardware implementation led to new interesting side channel attacks (WP6).
During the last period, the PRISMACLOUD toolkit and the PRISMACLOUD services were integrated in the pilot applications and evaluated. The pilot was run in the piloting infrastruc-ture provided by partner IRT. Additionally, usability and HCI guidelines in form of patterns were developed to make the results more accessible for future use and speed up the adoption of the technologies.
To maximize the impact, an exploitation strategy was developed involving all partners hold-ing relevant IPRs in the project, as well as exploitation beyond the consortium was started (follow-up projects, commercialization of services). Additionally, the standardization strat-egy was successfully executed and efforts to finance the continuation of the work after the project were successful.