skip to main content
10.1145/3098954.3104056acmotherconferencesArticle/Chapter ViewAbstractPublication PagesaresConference Proceedingsconference-collections
research-article

NEXTLEAP: Decentralizing Identity with Privacy for Secure Messaging

Published: 29 August 2017 Publication History

Abstract

Identity systems today link users to all of their actions and serve as centralized points of control and data collection. NEXTLEAP proposes an alternative decentralized and privacy-enhanced architecture. First, NEXTLEAP is building privacy-enhanced federated identity systems, using blind signatures based on Algebraic MACs to improve OpenID Connect. Second, secure messaging applications ranging from Signal to WhatsApp may deliver the content in an encrypted form, but they do not protect the metadata of the message and they rely on centralized servers. The EC Project NEXTLEAP is focussed on fixing these two problems by decentralizing traditional identities onto a privacy-enhanced based blockchain that can then be used to build access control lists in a decentralized manner, similar to SDSI. Furthermore, we improve on secure messaging by then using this notion of decentralized identity to build in group messaging, allowing messaging between different servers. NEXTLEAP is also working with the PANORAMIX EC project to use a generic mix networking infrastructure to hide the metadata of the messages themselves and plans to add privacy-enhanced data analytics that work in a decentralized manner.

References

[1]
Adam Back, Ulf Möller, and Anton Stiglic. 2001. Traffic analysis attacks and trade-offs in anonymity providing systems. In Information Hiding. Springer, 245--257.
[2]
Dan Bogdanov, Sven Laur, and Jan Willemson. 2008. Sharemind: A framework for fast privacy-preserving computations. In Computer Security-ESORICS 2008. Springer, 192--206.
[3]
Nikita Borisov, George Danezis, and Ian Goldberg. 2015. DP5: A private presence service. Proceedings on Privacy Enhancing Technologies 2015, 2 (2015), 4--24.
[4]
Nikita Borisov, Ian Goldberg, and Eric A. Brewer. 2004. Off-the-record communication, or, why not to use PGP. In WPES, Vijay Atluri, Paul F. Syverson, and Sabrina De Capitani di Vimercati (Eds.). ACM, 77--84.
[5]
Jan Camenisch and Els Van Herreweghen. 2002. Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM conference on Computer and communications security. ACM, 21--30.
[6]
Germano Caronni. 2000. Walking the web of trust. In Enabling Technologies: Infrastructure for Collaborative Enterprises, 2000. (WET ICE 2000). Proeedings. IEEE 9th International Workshops on. IEEE, 153--158.
[7]
Melissa Chase, Sarah Meiklejohn, and Greg Zaverucha. 2014. Algebraic MACs and keyed-verification anonymous credentials. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 1205--1216.
[8]
Dwaine Clarke, Jean-Emile Elien, Carl Ellison, Matt Fredette, Alexander Morcos, and Ronald L Rivest. 2001. Certificate chain discovery in SPKI/SDSI. Journal of Computer Security 9, 4 (2001), 285--322.
[9]
Ivan Damgård, Marcel Keller, Enrique Larraia, Valerio Pastro, Peter Scholl, and Nigel P Smart. 2013. Practical covertly secure MPC for dishonest majority--or: Breaking the SPDZ limits. In Computer Security--ESORICS 2013. Springer, 1--18.
[10]
George Danezis, Claudia Diaz, Carmela Troncoso, and Ben Laurie. 2010. Drac: An Architecture for Anonymous Low-Volume Communications. In Privacy Enhancing Technologies, Mikhail Atallah and Nicholas Hopper (Eds.). Lecture Notes in Computer Science, Vol. 6205. Springer Berlin / Heidelberg, 202--219.
[11]
George Danezis, Bogdan Kulynych, Carmela Troncoso, and Marios Isaakides. 2016. ClaimChains: A Decentralized Identity System based on hash chains. (2016).
[12]
George Danezis and Prateek Mittal. 2009. SybilInfer: Detecting Sybil Nodes using Social Networks. In NDSS. San Diego, CA.
[13]
George Danezis and Andrei Serjantov. 2004. Statistical Disclosure or Intersection Attacks on Anonymity Systems. In 6th International Workshop on Information Hiding (Lecture Notes in Computer Science), Jessica J. Fridrich (Ed.), Vol. 3200. Springer, 293--308.
[14]
Whitfield Diffie and Martin E Hellman. 1976. New directions in cryptography. Information Theory, IEEE Transactions on 22, 6 (1976), 644--654.
[15]
Roger Dingledine, Nick Mathewson, and Paul F. Syverson. 2004. Tor: The Second-Generation Onion Router. In Proceedings of the 13th USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA, Matt Blaze (Ed.). USENIX, 303--320.
[16]
John R. Douceur. 2002. The Sybil Attack. In IPTPS (Lecture Notes in Computer Science), Peter Druschel, M. Frans Kaashoek, and Antony I. T. Rowstron (Eds.), Vol. 2429. Springer, 251--260.
[17]
Cynthia Dwork. 2008. Differential privacy: A survey of results. In Theory and applications of models of computation. Springer, 1--19.
[18]
Tariq Elahi, George Danezis, and Ian Goldberg. 2014. Privex: Private collection of traffic statistics for anonymous communication networks. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1068--1079.
[19]
Marios Isaakidis, Harry Halpin, and George Danezis. 2016. UnlimitID: Privacy-Preserving Federated Identity Management using Algebraic MACs. In Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society. ACM, 139--142.
[20]
Leslie Lamport. 1978. Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21, 7 (1978).
[21]
Marcela S. Melara, Aaron Blankstein, Joseph Bonneau, Edward W. Felten, and Michael J. Freedman. 2015. CONIKS: Bringing Key Transparency to End Users. In 24th USENIX Security Symposium, USENIX Security 15, Jaeyeon Jung and Thorsten Holz (Eds.). USENIX Association, 383--398.
[22]
Wojciech Mostowski and Pim Vullers. 2011. Efficient U-Prove implementation for anonymous credentials on smart cards. In Security and Privacy in Communication Networks. Springer, 243--260.
[23]
Arvind Narayanan, Vincent Toubiana, Solon Barocas, Helen Nissenbaum, and Dan Boneh. 2012. A Critical Look at Decentralized Personal Data Architectures. CoRR abs/1202.4503 (2012).
[24]
Femi Olumofin and Ian Goldberg. 2010. Privacy-preserving queries over relational databases. In Privacy enhancing technologies. Springer, 75--92.
[25]
A. Pfitzmann and M. Kohntopp. 2001. Anonymity, unobservability, and pseudeonymity - a proposal for terminology. International workshop on Designing privacy enhancing technologies: design issues in anonymity and unobservability table of contents (2001), 1--9.
[26]
Benny Pinkas and Tzachy Reinman. 2010. Oblivious RAM revisited. In Advances in Cryptology--CRYPTO 2010. Springer, 502--519.
[27]
Blake Ramsdell. 2004. Secure/multipurpose internet mail extensions (S/MIME) version 3.1 message specification. (2004).
[28]
Ronald L Rivest and Butler Lampson. 1996. SDSI-A Simple Distributed Security Infrastructure. CRYPTO. http://people.csail.mit.edu/rivest/sdsi10.html.
[29]
Len Sassaman, Bram Cohen, and Nick Mathewson. 2005. The pynchon gate: A secure method of pseudonymous mail retrieval. In Proceedings of the 2005 ACM workshop on Privacy in the electronic society. ACM, 1--9.
[30]
Andrei Serjantov and George Danezis. 2002. Towards an Information Theoretic Metric for Anonymity. In Designing Privacy Enhancing Technologies, Proceedings of PET'02. Springer-Verlag, LNCS 2482, 41--53.
[31]
Elijah Sparrow, Harry Halpin, Kali Kaneko, and Ruben Pollan. 2016. LEAP: A next-generation client VPN and encrypted email provider. In International Conference on Cryptology and Network Security. Springer, 176--191.
[32]
Carmela Troncoso, George Danezis, Marios Isaakidis, and Harry Halpin. 2017. Systematizing Decentralization and Privacy: Lessons from 15 years of research and deployments. CoRR abs/1704.08065 (2017). http://arxiv.org/abs/1704.08065
[33]
Alma Whitten and J Doug Tygar. 1999. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In Usenix Security, Vol. 1999.
[34]
Karl Wst and Arthur Gervais. 2017. Do you need a Blockchain? Cryptology ePrint Archive, Report 2017/375. (2017). http://eprint.iacr.org/2017/375.
[35]
Haifeng Yu, Phillip B Gibbons, Michael Kaminsky, and Feng Xiao. 2008. Sybillimit: A near-optimal social network defense against sybil attacks. In Security and Privacy 2008. SP 2008. IEEE Symposium on. IEEE, 3--17.
[36]
Haifeng Yu, Michael Kaminsky, Phillip B Gibbons, and Abraham Flaxman. 2006. Sybilguard: defending against sybil attacks via social networks. ACM SIGCOMM Computer Communication Review 36, 4 (2006), 267--278.
[37]
Philip Zimmermann. 1995. Pretty good privacy: public key encryption for the masses. In Building in big brother. Springer-Verlag New York, Inc., 93--107.

Cited By

View all
  1. NEXTLEAP: Decentralizing Identity with Privacy for Secure Messaging

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security
      August 2017
      853 pages
      ISBN:9781450352574
      DOI:10.1145/3098954
      This work is licensed under a Creative Commons Attribution-ShareAlike International 4.0 License.

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 29 August 2017

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. anonymity
      2. decentralization
      3. identity
      4. privacy
      5. secure messaging

      Qualifiers

      • Research-article
      • Research
      • Refereed limited

      Conference

      ARES '17
      ARES '17: International Conference on Availability, Reliability and Security
      August 29 - September 1, 2017
      Reggio Calabria, Italy

      Acceptance Rates

      ARES '17 Paper Acceptance Rate 100 of 191 submissions, 52%;
      Overall Acceptance Rate 228 of 451 submissions, 51%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)18
      • Downloads (Last 6 weeks)2
      Reflects downloads up to 09 Jan 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2024)Blockchain-driven decentralized identity managementInformation and Management10.1016/j.im.2024.10402661:7Online publication date: 1-Nov-2024
      • (2024)A Bitcoin-Based Digital Identity Model for the Internet of ThingsInformation Security Theory and Practice10.1007/978-3-031-60391-4_9(128-145)Online publication date: 18-Jun-2024
      • (2024)Managing Multiple Identities of IoT Devices Using BlockchainSoft Computing and Its Engineering Applications10.1007/978-3-031-53728-8_11(137-147)Online publication date: 12-Feb-2024
      • (2021)EL PASSO: Efficient and Lightweight Privacy-preserving Single Sign OnProceedings on Privacy Enhancing Technologies10.2478/popets-2021-00182021:2(70-87)Online publication date: 29-Jan-2021
      • (2021)A novel framework for policy based on-chain governance of blockchain networksInformation Processing and Management: an International Journal10.1016/j.ipm.2021.10255658:4Online publication date: 1-Jul-2021
      • (2021)Survey: Research on Blockchain Consensus Mechanism in IoT SecurityAdvances in Artificial Intelligence and Security10.1007/978-3-030-78621-2_48(573-584)Online publication date: 29-Jun-2021
      • (2020)An overview of limitations and approaches in identity managementProceedings of the 15th International Conference on Availability, Reliability and Security10.1145/3407023.3407026(1-10)Online publication date: 25-Aug-2020
      • (2018)A Survey on Blockchain-Based Identity Management Systems for the Internet of Things2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)10.1109/Cybermatics_2018.2018.00263(1568-1573)Online publication date: Jul-2018

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Media

      Figures

      Other

      Tables

      Share

      Share

      Share this Publication link

      Share on social media