Privacy enhanced authentication using homomorphic encryption

With the increasing prevalence of digital technologies in our lives, authentication systems have been rapidly gaining traction as a way to grant access to valuable data only to those users who are allowed to. In order to increase security, some authentication systems require knowledge about a user?s...

Descripción completa

Detalles Bibliográficos
Autor: Ferraté I Cuartero, Albert
Tipo de recurso: tesis de maestría
Fecha de publicación:2022
País:España
Institución:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglés
OAI Identifier:oai:upcommons.upc.edu:2117/368113
Acceso en línea:https://hdl.handle.net/2117/368113
Access Level:acceso abierto
Palabra clave:Computer security
Data encryption (Computer science)
homomorphic encryption
HE
risk based authentication
RBA
privacy
privacy enhanced computation
privacy enhanced technologies
privacy by design
Seguretat informàtica
Xifratge (Informàtica)
Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica
Descripción
Sumario:With the increasing prevalence of digital technologies in our lives, authentication systems have been rapidly gaining traction as a way to grant access to valuable data only to those users who are allowed to. In order to increase security, some authentication systems require knowledge about a user?s personal information, such as its geolocation. Even though these authentication systems have proven to be remarkably secure and versatile, they can also pose a serious threat to users? privacy. More specifically, in the area of geolocation-based authentication systems, sharing this data can potentially expose the user to targeted marketing and undesired profiling. In this Master thesis, we leverage an emerging encryption technology called homomorphic encryption for enhancing privacy during an authentication process. This type of encryption allows computations over encrypted data without any previous decryption process, which ensures data integrity and privacy by design. This thesis embraces a generic homomorphic encryption scheme and proposes an authentication protocol which obtains information about the user?s geolocation without ever having knowledge of it. The work is accompanied by a rigorous background research, along with a set of tests and experiments that justify the design choices of the project. The evaluation results show that our proposed system is fully-functional and enables the use of encrypted geolocation data to underpin an authentication decision. On the other hand, the system adds a significant temporal overhead when compared to traditional authentication systems, which is the reason why we believe our system, albeit very promising, is not ready for a production environment.