CIFRIS24 - an event by De Cifris
Venue: Banca d'Italia, Centro D. Menichella, Largo Guido Carli 1, Frascati (Roma)
Social dinner: September 25th, Satiricus, Via dei Corridori 58, Roma
September 25th, 26th, 27th 2024
CifrisCloud - Cryptography for the Cloud 2024
Organizers
Michela Iezzi (Bank of Italy, Italy)
Matteo Nardelli (Bank of Italy, Italy)
Marco Pedicini (Roma Tre University, Italy)
Description
The widespread use of wearable devices, IoT, smartphones, and sensors is driving the need to decentralize cloud computing to the network's edges. This new computing environment involves various devices exchanging data at unprecedented speeds, creating a pressing need for cryptographic data protection against interception and tampering. Key topics in cloud cryptography include data privacy and secure data sharing, as well as advanced cryptographic techniques such as homomorphic encryption, attribute-based encryption, functional encryption and federated learning.
Program
September 27th, workshop session
Room D, 11:40 - 13:00
Keynote speaker: Martina Palmucci, NTT Data (Italy)
| September 27th (morning) - Workshop Session | |
|---|---|
| 11:40 12:20 | Martina Palmucci, NTT Data (Italy) ANTI-fraud: ABE Solutions AbstractIn the modern financial landscape, with the rise of sophisticated fraudulent techniques, the approval of online transactions requires more than just a username and password. Financial institutions must consider various risk factors, such as device information, user behaviour, and transaction context, when authorizing transactions. This process forms an integral part of Risk-Based Authentication (RBA). Traditional RBA systems rely on hard-coded server-side policies, limiting flexibility, scalability, and ability to adapt to diverse user profiles. Addressing these limitations becomes even more challenging given regulatory requirements like the EU PSD2 directive, which mandates Strong Customer Authentication (SCA) and Dynamic Linking, requiring each transaction to have a unique authentication code linked to its specific details.To address these limitations and enhance anti-fraud systems, we propose the integration of Key-Policy Attribute-Based Encryption (KP-ABE) into RBA systems. KP-ABE enables dynamic and customized policy enforcement by embedding access control directly into cryptographic keys stored on the user’s device, rather than relying on static application-server logic. This allows for more flexible policy management, improving fraud prevention by supporting tailored policies that reduce false positives and negatives, while ensuring compliance with PSD2 regulations. Our Proof of Concept (PoC) demonstrates the feasibility of combining KP-ABE with a challenge-response mechanism to securely authorizing transactions. This method ensures that each transaction is uniquely authenticated and authorized, meeting PSD2’s Dynamic Linking requirements. By providing flexible, scalable, and secure policy management, this solution offers significant advancements in risk-based transaction authorization for high-risk banking operations. |
| 12:20 12:40 | Roberto La Scala, University of Bari (Italy) An introduction to Functional Encryption with multivariate algebra AbstractIn this talk, we introduce fundamental concepts behind the paradigm of Functional Encryption. Alongside Homomorphic Encryption, this protocol represents a primary tool for preserving data confidentiality during cloud-based processing. When the decrypted functions of the data are linear, this is referred to as Inner Product Functional Encryption. Finally, we present an IPFE protocol based on multivariate cryptography, specifically employing the Unbalanced Oil and Vinegar (UOV) digital signature scheme. |
| 12:40 13:00 | Daniele Friolo, University of Roma La Sapienza (Italy) Registered Functional encryption AbstractRegistered encryption tackles the key-escrow problem associated with identity-based encryption by replacing the private-key generator with a (much weaker) entity known as the key curator. The key curator holds no secret information, and is responsible to: (i) update the master public key whenever a new user registers; (ii) provide (helper decryption) keys to the users already registered, so they can decrypt after new users have joined. |