论文信息 - Restricted Identification Secure in the Extended Canetti-Krawczyk Model

Restricted Identification Secure in the Extended Canetti-Krawczyk Model

In this paper we consider restricted identification (RI) protocols which enable strong authentication and privacy protection for access control in an unlimited number of domains. A single secret key per user is used to authenticate and derive his identity within any domain, while the number of domains is unlimited and the scheme guarantees unlinkability between iden- tities of the same user in different domains. RI can be understood as an universal solution that may replace unreliable login and password mechanisms. It has to secure against adversaries that gather personal data by working on a global scale, e.g. by breaking into one service for getting passwords that a user frequently re-uses at different places. We consider security of an extended version of the Chip Authentication Restricted Identification (ChARI) protocol presented at the 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2012). We preserve the features of ChARI (avoiding the critical security problems of group keys in the RI solution deployed in the German personal identity cards), but provide security proof in the well-studied Canetti-Krawczyk model (such a proof has not been provided for ChARI). Our extension has similar computational complexity as the original ChARI protocol in terms of the number of modular exponentiations.

Miroslaw Kutylowski | Lucjan Hanzlik

[1] Hugo Krawczyk,et al. Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[2] Miroslaw Kutylowski,et al. Mutual Restricted Identification , 2013, EuroPKI.

[3] Hermann A. Maurer,et al. Levels of Anonymity , 1995, J. Univers. Comput. Sci..

[4] Özgür Dagdelen,et al. The cryptographic security of the German electronic identity card , 2013 .

[5] Kristin E. Lauter,et al. Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[6] Marc Fischlin,et al. Random Oracles with(out) Programmability , 2010, ASIACRYPT.

[7] Mihir Bellare,et al. Entity Authentication and Key Distribution , 1993, CRYPTO.

[8] Sven Türpe,et al. Electronic Identity Cards for User Authentication—Promise and Practice , 2012, IEEE Security & Privacy.

[9] Miroslaw Kutylowski,et al. Restricted Identification without Group Keys , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[10] Lucjan Hanzlik,et al. Cryptographic Protocols for Modern Identification Documents , 2015 .

[11] Norbert Pohlmann,et al. Security Analysis of OpenID, followed by a Reference Implementation of an nPA-based OpenID Provider , 2010, ISSE.