A practical privacy-preserving public key repository

Warning The system is temporarily closed to updates for reporting purpose.

Armanfar, Ramin (2017) A practical privacy-preserving public key repository. [Thesis]

PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader

Official URL: http://risc01.sabanciuniv.edu/record=b1653899 (Table of Contents)


Internet and mobile users have been using financial institutions' alternative channels for their financial transactions with an increasing rate. In order to avoid frauds, the financial institutions make use of second factor authentication tokens such as one-time passwords sent to mobile phones as text. Another trend of such transaction verification is utilizing fully cryptographic protocols, in which the transactions are signed by the users. In the implementation of such an approach, in order to provide end-to-end security between the financial institution and its client, each client must have a public-private key pair. In some cases, especially for small-scale institutions, such a transaction verification system is fully outsourced as a Cloud service including clients' public keys. However, even in this outsourced model, the institutions need to access their clients' public keys for end-to-end security. In such a case, in order to provide privacy of the clients against the outsourced database, we need a privacy-preserving public key repository. In this thesis, we developed such a privacy-preserving public key repository based on Path ORAM mechanism. We have developed adaptation layers for Path ORAM so that the queries are performed via regular SQL queries and the data is stored in a regular relational database, rather than Path ORAM's non-standard data structure. In this way, the non-standard features are hidden from both the financial institutions and the Cloud provider. We analyzed the performance of our system under different database sizes, network connection models and query types. We conclude that such a Path ORAM based system is feasible to be used in a practical system since even with a regular computer used as a server, the computational overhead is at marginal level.

Item Type:Thesis
Subjects:T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK7800-8360 Electronics > TK7885-7895 Computer engineering. Computer hardware
ID Code:34539
Deposited By:IC-Cataloging
Deposited On:25 Apr 2018 16:27
Last Modified:25 Mar 2019 17:24

Repository Staff Only: item control page