Anonymity and trust in the electronic world

Privacy has never been an explicit goal of authorization mechanisms. The traditional approach to authorisation relies on strong authentication of a stable identity using long term credentials. Audit is then linked to authorization via the same identity. Such an approach compels users to enter into a trust relationship with large parts of the system infrastructure, including entities in remote domains. In this dissertation we advance the view that this type of compulsive trust relationship is unnecessary and can have undesirable consequences. We examine in some detail the consequences which such undesirable trust relationships can have on individual privacy, and investigate the extent to which taking a unified approach to trust and anonymity can actually provide useful leverage to address threats to privacy without compromising the principal goals of authentication and audit. We conclude that many applications would benefit from mechanisms which enabled them to make authorization decisions without using long-term credentials. We next propose specific mechanisms to achieve this, introducing a novel notion of a short-lived electronic identity, which we call a surrogate. This approach allows a localisation of trust and entities are not compelled to transitively trust other entities in remote domains. In particular, resolution of stable identities needs only ever to be done locally to the entity named. Our surrogates allow delegation, enable role-based access control policies to be enforced across multiple domains, and permit the use of non-anonymous payment mechanisms, all without compromising the privacy of a user. The localisation of trust resulting from the approach proposed in this dissertation also has the potential to allow clients to control the risks to which they are exposed by bearing the cost of relevant countermeasures themselves, rather than forcing clients to trust the system infrastructure to protect them and to bear an equal share of the cost of all countermeasures whether or not effective for them. This consideration means that our surrogate-based approach and mechanisms are of interest even in Kerberos-like scenarios where anonymity is not a requirement, but the remote authentication mechanism is untrustworthy.

[1]  Curtis R. Taylor Private Demands and Demands for Privacy: Dynamic Pricing and the Market for Customer Information , 2002 .

[2]  Tal Rabin,et al.  Verifiable secret sharing and multiparty protocols with honest majority , 1989, STOC '89.

[3]  F. Heylighen Evolution, Selfishness and Cooperation , 1992 .

[4]  Bruce Christianson,et al.  Secure Sessions from Weak Secrets , 2003, Security Protocols Workshop.

[5]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[6]  Paul F. Syverson,et al.  Unlinkable serial transactions: protocols and applications , 1999, TSEC.

[7]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[8]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[9]  Maurice V. Wilkes,et al.  Time-sharing computer systems , 1968 .

[10]  Yang-hua Chu Trust management for the World Wide Web , 1997 .

[11]  Yolanta Beresnevichiene,et al.  A role and context based security model , 2003 .

[12]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[13]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[14]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System , 1998 .

[15]  Jan Camenisch,et al.  Design and implementation of theidemixanonymous credential system , 2002, CCS 2002.

[16]  Andrew S. Tanenbaum,et al.  A security architecture for object-based distributed systems , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[17]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[18]  Loren M. Kohnfelder,et al.  Towards a practical public-key cryptosystem. , 1978 .

[19]  David Chaum,et al.  Achieving Electronic Privacy , 1992 .

[20]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[21]  E. Friedman,et al.  The Social Cost of Cheap Pseudonyms , 2001 .

[22]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[23]  William Stallings,et al.  Cryptography and network security , 1998 .

[24]  Bruno Crispo Delegation of Responsibility (Transcript of Discussion) , 1998, Security Protocols Workshop.

[25]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[26]  Bruce Christianson,et al.  Anonymous Authentication , 2004, Security Protocols Workshop.

[27]  Alessandro Acquisti,et al.  Privacy in electronic commerce and the economics of immediate gratification , 2004, EC '04.

[28]  Martín Abadi,et al.  Private authentication , 2004, Theor. Comput. Sci..

[29]  U Moeller,et al.  Mixmaster Protocol Version 2 , 2004 .

[30]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[31]  Andrew M. Odlyzko,et al.  Privacy, economics, and price discrimination on the Internet , 2003, ICEC '03.

[32]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[33]  András Belokosztolszki,et al.  Role-based access control policy administration , 2004 .

[34]  Bruce Christianson,et al.  Why Isn't Trust Transitive? , 1996, Security Protocols Workshop.

[35]  Paul F. Syverson,et al.  Authentic Attributes with Fine-Grained Anonymity Protection , 2000, Financial Cryptography.

[36]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[37]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[38]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[39]  Andreas Pfitzmann,et al.  The Disadvantages of Free MIX Routes and how to Overcome Them , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[40]  Eric R. Verheul,et al.  Self-Blindable Credential Certificates from the Weil Pairing , 2001, ASIACRYPT.

[41]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[42]  Bruce Christianson,et al.  Binding Bit Patterns to Real World Entities , 1997, Security Protocols Workshop.

[43]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[44]  Bruce Schneier,et al.  Ten Risks of PKI , 2004 .

[45]  Joan Feigenbaum,et al.  Compliance Checking in the PolicyMaker Trust Management System , 1998, Financial Cryptography.

[46]  William Samuel Harbison Trusting in computer systems , 1997 .

[47]  Morrie Gasser,et al.  An architecture for practical delegation in a distributed system , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.