Interdisciplinary Research Group in Socio-technical Cybersecurity
Privacy-Preserving Verifiability: A Case for an Electronic Exam Protocol
Abstract:
We introduce the notion of privacy-preserving verifiability for security protocols. It holds when a protocol admits a verifiability test that does not reveal, to the verifier that runs it, more pieces of information about the protocol’s execution than those required to run the test. Our definition of privacy-preserving verifiability is general and applies to cryptographic protocols as well as to human security protocols. In this paper we exemplify it in the domain of e-exams. We prove that the notion is meaningful by studying an existing exam protocol that is verifiable but whose verifiability tests are not privacy-preserving. We prove that the notion is applicable: we review the protocol using functional encryption so that it admits a verifiability test that preserves privacy to our definition. We analyse, in ProVerif, that the verifiability holds despite malicious parties and that the new protocol maintains all the security properties of the original protocol, so proving that our privacy-preserving verifiability can be achieved starting from existing security.
Authors:
Rosario Giustolisi, Vincenzo Iovino, Gabriele Lenzini
Publication date:
2017
Published in:
14th Conf. on Security and Cryptography
Reference:
Giustolisi, R., Iovino, V., & Lenzini, G. (2017). Privacy-Preserving Verifiability-A Case for an Electronic Exam Protocol. In SECRYPT (pp. 139-150).
Get in touch with us
SnT – Interdisciplinary Centre for Security, Reliability and Trust
Maison du Nombre, 6, avenue de la Fonte L-4364 Esch-sur-Alzette
info-irisc-lab@uni.lu