Retour au site du LAAS-CNRS

Abstract

In this paper, we propose to replace the national identity card, currently used in many countries, by a personal device that allows its user to prove some binary statements about himself while minimiz- ing personal information leakage. The privacy of the user is protected through the use of anonymous credentials which allows him to prove bi- nary statements about himself to another entity without having to dis- close his identity or any unnecessary information. The proposed scheme also prevents the possibility of tracing the user, even if he proves sev- eral times the same statement (unlinkability property). A tamper-proof smartcard is used to store the personal information of the user thus pro- tecting his privacy and preventing the risks of forgery at the same time. The user identifies himself to the card via biometrics thus forbidding an unauthorized use in the situation where the card is stolen or lost. Two practical implementations of the privacy-preserving identity card are described and discussed.

Abstract

Current systems providing anonymous interactive communication [15, 22] are based on networks of anonymity-providing relays called MIXes. An important issue with such systems is that a MIX is able to betray its users, and thus it is necessary to use several MIXes sequentially for each communication, which distributes the trust among them. This increases the complexity of the protocols as well as the latency. On the other side, such distributed systems are resilient and scalable, and they provide good enough performance for web browsing. An ideal relay should be unable to betray its users (we will say in this case that the relay is trustable). In such a setting, using multiple relays to distribute trust is not necessary, which simplifies design and reduces costs. Superposed sending provides an approach to construct trustable relays, the DC-net relays. Straightforward usage of classic protocols leads to other approaches and recently we proposed a set of trustable relays, based on Private Information Retrieval protocols, that provide new alternatives. Independently of their practical applications, these relays are interesting from a theoretic point of view. In this paper, we present a survey that gathers the different trustable relays we have been able to identify and gives a unified view of their construction.

Résumé

Cet article est consacré à la protection de la sécurité d'un noyau de système d'exploitation. Nous proposons une caractérisation des actions malveillantes pouvant corrompre ce noyau, basée sur la façon dont elles accèdent au noyau tout d'abord et dont elles corrompent l'espace d'adressage ensuite. Puis nous discutons des mesures de sécurité permettant de contrer de telles attaques. Enfin, nous exposons notre approche basée sur un hyperviseur matériel, qui est partiellement ilmplémenté dans notre démonstrateur Hytux. Celui-ci est inspiré de bluepill, un malware qui s'installe en tant qu'hyperviseur léger -- sur un CPU possédant le technique de virtualisation matérielle -- et installe un système opératoire Microsoft Windows dans une machine virtuelle. À la différence de bluepill, Hytux est un hyperviseur léger qui implémente des mécanismes de protection dans un mode plus privilégié que le noyau Linux.

Mots-Clés / Keywords