ABSTRACT
Establishing authentic channels has become a common operation on the Internet and electronic commerce would not be possible without it. Because traditionally authentication is based on identifying users, the success of electronic commerce causes rapid erosion of their privacy. Privacy-friendly authentication, such as group signatures or anonymous credential systems, could mitigate this issue minimizing the information released during an authentication operation. Unfortunately, privacy-friendly authentication systems are not yet deployed. One reason is their sophistication and feature richness, which is complicating their understanding. By providing a calculus for analyzing and comparing the requirements and goals of privacy-friendly authentication systems, we contribute to a better understanding of such technologies. Our calculus extends the one by Maurer and Schmid [18], by introducing: (1) pseudonyms to enable pseudonymous authentication, (2) a pseudonym annotation function denoting the information an entity reveals about itself, and (3) event-based channel conditions to model conditional release of information used for privacy-friendly accountability.
- G. Ateniese. Efficient verifiable encryption (and fair exchange) of digital signatures. Proc. 6th ACM CCS, p.138--146. Nov. 1999. Google ScholarDigital Library
- M. Backes, J. Camenisch, and D. Sommer. Anonymous yet accountable access control. Proceedings of ACM WPES 2005, November 2005. Google ScholarDigital Library
- M. Backes, M. Maffei, and D. Unruh. Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. IEEE Symposium on Security and Privacy, p. 202--215, 2008. Google ScholarDigital Library
- P. Bichsel, J. Camenisch, G. Neven, N. P. Smart, and B. Warinschi. Get shorty via group signatures without encryption. SCN '10, v.6280 of LNCS, p. 381--398. Sept. 2010. Google ScholarDigital Library
- D. Boneh, X. Boyen, and H. Shacham. Short group signatures. CRYPTO '04, v. 3152 of LNCS, p. 41--55. 2004.Google ScholarCross Ref
- S. Brands. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, 2000. Google ScholarDigital Library
- S. Brands and C. Paquin. U-prove cryptographic specification v1.0, Mar. 2010.Google Scholar
- J. Camenisch and A. Lysyanskaya. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. EUROCRYPT '01, v. 2045 of LNCS, p. 93--118. 2001. Google ScholarDigital Library
- J. Camenisch, S. Mödersheim, G. Neven, F.-S. Preiss, and D. Sommer. A card requirements language enabling privacy-preserving access control. Proceedings of SACMAT 2010, p. 119--128, 2010. Google ScholarDigital Library
- J. Camenisch, S. Mödersheim, and D. Sommer. A formal model of identity mixer. FMICS 2010, LNCS. 2010. Google ScholarDigital Library
- J. Camenisch and V. Shoup. Practical verifiable encryption and decryption of discrete logarithms. CRYPTO '03, v. 2729 of LNCS, p. 126--144, 2003.Google ScholarCross Ref
- D. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Comm. of the ACM, 24(2):84--88, Feb. 1981. Google ScholarDigital Library
- D. Chaum and E. van Heyst. Group signatures. EUROCRYPT '91, v. 547 of LNCS, p. 257--265. 1991. Google ScholarDigital Library
- D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard), May 2008.Google Scholar
- B. Ives, K. R. Walsh, and H. Schneider. The domino effect of password reuse. Comm. of the ACM, 47:75--78, Apr. 2004. Google ScholarDigital Library
- U. Maurer. Constructive cryptography - a new paradigm for security definitions and proofs. Theory of Security and Applications (TOSCA 2011), v. 6993 of LNCS, p. 33--56. Apr. 2011. Google ScholarDigital Library
- U. Maurer, A. Rüedlinger, and B. Tackmann. Confidentiality and integrity: A constructive perspective. Theory of Cryptography - TCC 2012, LNCS. 2012. Google ScholarDigital Library
- U. Maurer and P. Schmid. A calculus for security bootstrapping in distributed systems. Journal of Computer Security, 4(1):55--80, 1996.Google ScholarDigital Library
- U. M. Maurer and P. E. Schmid. A calculus for secure channel establishment in open networks. ESORICS '94, v. 875 of LNCS, p. 173--192. Nov. 1994. Google ScholarDigital Library
- S. Mödersheim and L. Viganò. Secure pseudonymous channels. Proceedings of Esorics'09, number 5789 in LNCS, p. 337--354. 2009. Google ScholarDigital Library
- Security Team, IBM Research Zurich. Specification of the identity mixer cryptographic library. IBM Research Report RZ 3730, IBM Research Division, Apr. 2010.Google Scholar
- D. Sommer. Architecture. Digital Privacy: PRIME - Privacy and Identity Management for Europe, LNCS Volume 6545. 2011. Google ScholarDigital Library
- J. Yan, A. Blackwell, R. Anderson, and A. Grant. Password memorability and security: Empirical results. IEEE Security and Privacy, 2:25--31, Sept. 2004. Google ScholarDigital Library
Recommendations
Design and implementation of the idemix anonymous credential system
CCS '02: Proceedings of the 9th ACM conference on Computer and communications securityAnonymous credential systems [8, 9, 12, 24] allow anonymous yet authenticated and accountable transactions between users and service providers. As such, they represent a powerful technique for protecting users' privacy when conducting Internet ...
Direct anonymous attestation
CCS '04: Proceedings of the 11th ACM conference on Computer and communications securityThis paper describes the direct anonymous attestation scheme (DAA). This scheme was adopted by the Trusted Computing Group (TCG) as the method for remote authentication of a hardware module, called Trusted Platform Module (TPM), while preserving the ...
Comments