The SPARTA Pseudonym and Authorization System

This paper deals with privacy-preserving (pseudonymized) access to a service resource. In such a scenario, two opposite needs seem to emerge. On one side, the service provider may want to control in first place the user accessing its resources, i.e., without being forced to delegate the management of access permissions to third parties to meet privacy requirements. On the other side, it should be technically possible to trace back the real identity of an user upon dishonest behavior, and of course this must be necessary accomplished by an external authority distinct from the provider itself. The framework described in this paper aims at coping with these two opposite needs. This is accomplished through i) a distributed third-party-based instrastructure devised to assign and manage pseudonym certificates, decoupled from ii) a two-party procedure, devised to bind an authorization permission to a pseudonym certificate with no third-party involvement. The latter procedure is based on a novel blind signature approach which allows the provider to blindly verify, at registration time, that the user possesses the private key of the still undisclosed pseudonym certificate, thus avoiding transferability of the authorization permission.

[1]  C. Andersson,et al.  Trust in PRIME , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[2]  Joseph K. Liu,et al.  A Suite of Non-pairing ID-Based Threshold Ring Signature Schemes with Different Levels of Anonymity (Extended Abstract) , 2010, ProvSec.

[3]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[4]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[5]  J. K. Gibson Discrete logarithm hash function that is collision free and one way , 1991 .

[6]  Amos Fiat,et al.  Zero Knowledge Proofs of Identity , 1987, STOC.

[7]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[8]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[9]  José M. Troya,et al.  A First Approach to Provide Anonymity in Attribute Certificates , 2004, Public Key Cryptography.

[10]  Joe Kilian,et al.  Identity Escrow , 1998, CRYPTO.

[11]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[12]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[13]  Aggelos Kiayias,et al.  Anonymous Identification in Ad Hoc Groups , 2004, EUROCRYPT.

[14]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[15]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[16]  Martin Nemzow,et al.  Rethinking Public Key Infrastructures and Digital Certificates and Privacy , 2001 .

[17]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[18]  Jan Camenisch,et al.  An Identity Escrow Scheme with Appointed Verifiers , 2001, CRYPTO.

[19]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[20]  Stefan Brands,et al.  Digital Identity Management based on Digital Credentials , 2002, GI Jahrestagung.

[21]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[22]  Jan Camenisch,et al.  Fair Blind Signatures , 1995, EUROCRYPT.

[23]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[24]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[25]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[26]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[27]  Victor Fajardo,et al.  Diameter Base Protocol , 2003, RFC.

[28]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[29]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.