Flexible fair and collusion resistant pseudonym providing system

In service providing systems, user authentication is required for different purposes such as billing, restricting unauthorized access, etc., to protect the privacy of users, their real identities should not be linked to the services that they use during authentication. A good solution is to use pseudonyms as temporary identities. On the other hand, it may also be required to have a backdoor in pseudonym systems for identity revealing that can be used by law enforcement agencies for legal reasons. Existing systems that retain a backdoor are either punitive (full user anonymity is revealed), or they are restrictive by revealing only current pseudonym identity of. In addition to that, existing systems are designed for a particular service and may not fit into others. In this paper, we address this gap and we propose a novel pseudonym providing and management system. Our system is flexible and can be tuned to fit into services for different service providers. The system is privacy-preserving and guarantees a level of anonymity for a particular number of users. Trust in our system is distributed among all system entities instead of centralizing it into a single trusted third party. More importantly, our system is highly resistant to collusions among the trusted entities. Our system also has the ability to reveal user identity fairly in case of a request by law enforcement. Analytical and simulation based performance evaluation showed that Collusion Resistant Pseudonym Providing System (CoRPPS) provides high level of anonymity with strong resistance against collusion attacks.

[1]  Matthias Gerlach,et al.  Privacy in VANETs using Changing Pseudonyms - Ideal and Real , 2007, 2007 IEEE 65th Vehicular Technology Conference - VTC2007-Spring.

[2]  Dawn Song,et al.  Quasi-Efficient Revocation of Group Signatures , 2003 .

[3]  Rui L. Aguiar,et al.  Support of Anonymity in VANETs - Putting Pseudonymity into Practice , 2007, 2007 IEEE Wireless Communications and Networking Conference.

[4]  J. Horrigan,et al.  Trust and privacy online: Why Americans want to rewrite the rules , 2000 .

[5]  Sebastian Clauß,et al.  Identity management and its support of multilateral security , 2001, Comput. Networks.

[6]  Levente Buttyán,et al.  On the Effectiveness of Changing Pseudonyms to Provide Location Privacy in VANETs , 2007, ESAS.

[7]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[8]  Sean W. Smith,et al.  PEREA: towards practical TTP-free revocation in anonymous authentication , 2008, CCS.

[9]  Hovav Shacham,et al.  Group signatures with verifier-local revocation , 2004, CCS '04.

[10]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[11]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[12]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[13]  Jiangtao Li,et al.  Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities , 2012, IEEE Trans. Dependable Secur. Comput..

[14]  Nicholas Hopper,et al.  Jack: scalable accumulator-based nymble system , 2010, WPES '10.

[15]  Hannes Federrath,et al.  Revocable Anonymity , 2006, Emerging Trends in Information and Communication Security.

[16]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[17]  Nicholas Hopper,et al.  BNymble: More Anonymous Blacklisting at Almost No Cost (A Short Paper) , 2011, Financial Cryptography.

[18]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[19]  Jonathan M. McCune,et al.  A Contractual Anonymity System , 2010 .

[20]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[21]  Ryan Henry,et al.  Nymbler: Privacy-enhanced Protection from Abuses of Anonymity , 2011 .

[22]  Panagiotis Papadimitratos,et al.  Efficient and robust pseudonymous authentication in VANET , 2007, VANET '07.

[23]  Sean W. Smith,et al.  Blacklistable anonymous credentials: blocking misbehaving users without ttps , 2007, CCS '07.

[24]  David Chaum,et al.  A Secure and Privacy-protecting Protocol for Transmitting Personal Information Between Organizations , 1986, CRYPTO.

[25]  Yücel Saygin,et al.  CoRPPS: Collusion Resistant Pseudonym Providing System , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[26]  Sean W. Smith,et al.  Nymble: Anonymous IP-Address Blocking , 2007, Privacy Enhancing Technologies.

[27]  Gihwan Cho,et al.  Lightweight anti-censorship online network for anonymity and privacy in middle eastern countries , 2015, Int. Arab J. Inf. Technol..