Papers by Anna Lauks-Dutka
GDPR – Challenges for Reconciling Legal Rules with Technical Reality
Lecture Notes in Computer Science, 2020
The main real impact of the GDPR regulation of the EU should be improving the protection of data ... more The main real impact of the GDPR regulation of the EU should be improving the protection of data concerning physical persons. The sharp GDPR rules have to create a controllable information environment, and to prevent misuse of personal data. The general legal norms of GDPR may, indeed, be regarded as justified and well motivated by the existing threats, however, substantial problems emerge when we attempt to implement GDPR in a real information processing systems setting.
Challenges for Electronic Identity Documents
Springer eBooks, 2011
ABSTRACT A personal ID card is a certified copy of some personal data which proves the authentici... more ABSTRACT A personal ID card is a certified copy of some personal data which proves the authenticity of the data in an offline setting. Majority of countries either plan or already are running projects aiming to deploy personal identity cards equipped with an electronic chip. Apart from a more reliable protection against forgery, this should give an opportunity to enable electronic services implementing the idea of e-government. In this scenario, personal identity cards have to serve as secure devices for running cryptographic protocols such as authentication, proof of presence, signing electronic documents, etc. In practice, there is a no universally accepted and clear concept of how to use electronic identity cards. Moreover, decisions are often based on myths (e.g. concerning security of smart cards) and tradition (e.g. the concept of qualified signatures) rather than on technical facts and feasibility. This lack of concept resulted so far in numerous strategic mistakes, concerning both the technical layer and business model.
GDPR – Challenges for Reconciling Legal Rules with Technical Reality
Computer Security – ESORICS 2020, 2020
The main real impact of the GDPR regulation of the EU should be improving the protection of data ... more The main real impact of the GDPR regulation of the EU should be improving the protection of data concerning physical persons. The sharp GDPR rules have to create a controllable information environment, and to prevent misuse of personal data. The general legal norms of GDPR may, indeed, be regarded as justified and well motivated by the existing threats, however, substantial problems emerge when we attempt to implement GDPR in a real information processing systems setting.
Chaum's Visual Voting is a scheme in which a voter obtains a paper receipt from a voting mach... more Chaum's Visual Voting is a scheme in which a voter obtains a paper receipt from a voting machine. This receipt can be used to verify that his vote was counted in the final tally, but cannot be used for vote selling - i.e., the voter cannot prove that he voted for a certain party. The Chaum's system requires special purpose printers and application of ran- domized partial checking (RPC) method. RPC provides provable anonymity, but requires quite many tallying authorities. In this paper we propose a complete design of a voting system that preserves advantages of the Chaum's scheme, but eliminates the use of special printers and RPC. It seems that in our scheme it is easier to convince an average voter that a voting machine has prepared correctly his ballot and that his vote has been counted. We also show how to achieve scalability of the system.
Lecture Notes in Computer Science, 2010
In this paper, we present a new class of attacks against an anonymous communication protocol, ori... more In this paper, we present a new class of attacks against an anonymous communication protocol, originally presented in ACNS 2008. The protocol itself was proposed as an improved version of ModOnions, which uses universal re-encryption in order to avoid replay attacks. However, ModOnions allowed the detour attack, introduced by Danezis to reroute ModOnions to attackers in such a way that the entire path is revealed. The ACNS 2008 proposal addressed this by using a more complicated key management scheme. The revised protocol is immune to detour attacks. We show, however, that the ModOnion construction is highly malleable and this property can be exploited in order to redirect ModOnions. Our attacks require detailed probing and are less efficient than the detour attack, but they can nevertheless recover the full onion path while avoiding detection and investigation. Motivated by this, we present a new modification to the ModOnion protocol that dramatically reduces the malleability of the encryption primitive. It addresses the class of attacks we present and it makes other attacks difficult to formulate.
Lecture Notes in Business Information Processing, 2010
Lecture Notes in Computer Science, 2006
Lecture Notes in Computer Science, 2006
Lecture Notes in Computer Science
We propose a version of ring signatures for which the set of potential signers may be reduced: th... more We propose a version of ring signatures for which the set of potential signers may be reduced: the real signer can prove that he or she has created the signature, while every other member of the ring can prove not to be the signer. Possibility to run these protocols is triggered by publishing certain secret information. The proposed scheme is an intermediate solution between the classical ring and group signatures, and can be used for instance for e-auction schemes.
Challenges for Electronic Identity Documents
Lecture Notes in Business Information Processing, 2011
ABSTRACT A personal ID card is a certified copy of some personal data which proves the authentici... more ABSTRACT A personal ID card is a certified copy of some personal data which proves the authenticity of the data in an offline setting. Majority of countries either plan or already are running projects aiming to deploy personal identity cards equipped with an electronic chip. Apart from a more reliable protection against forgery, this should give an opportunity to enable electronic services implementing the idea of e-government. In this scenario, personal identity cards have to serve as secure devices for running cryptographic protocols such as authentication, proof of presence, signing electronic documents, etc. In practice, there is a no universally accepted and clear concept of how to use electronic identity cards. Moreover, decisions are often based on myths (e.g. concerning security of smart cards) and tradition (e.g. the concept of qualified signatures) rather than on technical facts and feasibility. This lack of concept resulted so far in numerous strategic mistakes, concerning both the technical layer and business model.
Lecture Notes in Computer Science, 2005
The contents of signed message had to be changed, the condition was expressed in a natural langua... more The contents of signed message had to be changed, the condition was expressed in a natural language. Example: To add a condition: "This document is valid only if a document M 2 with hash value 168291bgb3vgVIQ719 has been signed by Bob.
Lecture Notes in Computer Science, 2005
Extended Sanitizable Signatures
Information Security and Cryptology – ICISC 2006, 2006
Sanitizable signatures introduced by Ateniese et al. is a powerful and fairly practical tool that... more Sanitizable signatures introduced by Ateniese et al. is a powerful and fairly practical tool that enables an authorised party called the censor to modify designated parts of a signed message in an arbitrary way without interacting with the signer. In our paper we present several extensions of this paradigm that make sanitizable signatures even more useful. First of all we
Step-out group signatures
Computing, 2009
ABSTRACT Group signature schemes enable to create digital signatures such that the signers are hi... more ABSTRACT Group signature schemes enable to create digital signatures such that the signers are hidden in a group of potential signers. However, in a case of need it is possible to reveal the actual signer either by a group administrator or collectively by the group members. We design a new kind of signatures that we call step-out group signature where the situation is reversed: any member of the group except the signer may prove that he or she was not the signer. This is a dual solution that is useful in certain scenarios: in many cases it is unnecessary to find the signer, it suffices to eliminate some potential signers (e.g. during prosecutions and court procedures). Our solution is more convenient for implementing personal data protection rules: since the signer is not revealed, there is no need to protect this information. On the other hand, the traditional scheme may lead to serious legal problems: if the legal case is to find out whether Bob has created group signature s, it might be illegal to reveal that Alice has created s.
Anonymous communication protocols, very essential for preserving privacy of the parties communica... more Anonymous communication protocols, very essential for preserving privacy of the parties communicating, may lead to severe problems. A malicious server may use anonymous communication protocols for injecting unwelcome messages into the system so that their source can be hardly traced. So anonymity and privacy protection on one side and protection against such phenomena as spam are so far contradictory goals. We propose a mechanism that may be used to limit the mentioned side effects of privacy protection. During the protocol proposed each encrypted message admitted into the system is signed by a respective authority. Then, on its route through the network the encrypted message and the signature are re-encrypted universally. The purpose of universal re-encryption is to hide the routes of the messages from an observer monitoring the traffic. Despite re-encryption, signature of the authority remains valid. Depending on a particular application, verification of the signature is possible either off-line by anybody with the access to the ciphertext and the signature or requires contact with the authority that has issued the signature. Our work is an extension of recent works by Golle, Jakobsson, Juels and Syverson.
Uploads
Papers by Anna Lauks-Dutka