Privacy enhanced authentication using homomorphic encryption
With the increasing prevalence of digital technologies in our lives, authentication systems have been rapidly gaining traction as a way to grant access to valuable data only to those users who are allowed to. In order to increase security, some authentication systems require knowledge about a user?s...
| Autor: | |
|---|---|
| Tipo de recurso: | tesis de maestría |
| Fecha de publicación: | 2022 |
| País: | España |
| Institución: | Universitat Politècnica de Catalunya (UPC) |
| Repositorio: | UPCommons. Portal del coneixement obert de la UPC |
| Idioma: | inglés |
| OAI Identifier: | oai:upcommons.upc.edu:2117/368113 |
| Acceso en línea: | https://hdl.handle.net/2117/368113 |
| Access Level: | acceso abierto |
| Palabra clave: | Computer security Data encryption (Computer science) homomorphic encryption HE risk based authentication RBA privacy privacy enhanced computation privacy enhanced technologies privacy by design Seguretat informàtica Xifratge (Informàtica) Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica |
| Sumario: | With the increasing prevalence of digital technologies in our lives, authentication systems have been rapidly gaining traction as a way to grant access to valuable data only to those users who are allowed to. In order to increase security, some authentication systems require knowledge about a user?s personal information, such as its geolocation. Even though these authentication systems have proven to be remarkably secure and versatile, they can also pose a serious threat to users? privacy. More specifically, in the area of geolocation-based authentication systems, sharing this data can potentially expose the user to targeted marketing and undesired profiling. In this Master thesis, we leverage an emerging encryption technology called homomorphic encryption for enhancing privacy during an authentication process. This type of encryption allows computations over encrypted data without any previous decryption process, which ensures data integrity and privacy by design. This thesis embraces a generic homomorphic encryption scheme and proposes an authentication protocol which obtains information about the user?s geolocation without ever having knowledge of it. The work is accompanied by a rigorous background research, along with a set of tests and experiments that justify the design choices of the project. The evaluation results show that our proposed system is fully-functional and enables the use of encrypted geolocation data to underpin an authentication decision. On the other hand, the system adds a significant temporal overhead when compared to traditional authentication systems, which is the reason why we believe our system, albeit very promising, is not ready for a production environment. |
|---|