Practical Traceable Anonymous Identification

Internet privacy is of increasing interest, since online services are ge ttin more and more ubiquitous and cover many aspects of one’s daily life. Hence users leave information tracks a nd disclose information during usage of services which can be compiled by third parties to infer users behavior , preferences etc. and thus may violate user’s privacy. In this paper we propose a practical method for trac eable anonymous identification which can be used for online services in order to protect user’s privacy. It en abl s users to authenticate themselves to a service provider, whereas the service provider is not able to identify au thenticating users. However, the service provider can be sure that only authorized users are able to authenticate. Sinc absolute anonymity may open the door for dishonest behavior, our protocol incorporates traceab ility, which enables a service provider to identify authenticating users in cooperation with an offline trusted third party. The proposed method is fully compatible with real world scenarios, i.e. public key infrastructures bas ed on X.509 certificates, and can be easily deployed using state of the art smart cards. Furthermore, the pr oposed method is very efficient and we give a performance analysis as well as a security analysis of the introdu ced protocols.

[1]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[2]  Moni Naor,et al.  Deniable Ring Authentication , 2002, CRYPTO.

[3]  Stuart E. Schechter,et al.  Anonymous Authentication of Membership in Dynamic Groups , 1999, Financial Cryptography.

[4]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[5]  Bart De Decker,et al.  A Practical System for Globally Revoking the Unlinkable Pseudonyms of Unknown Users , 2007, ACISP.

[6]  Sébastien Canard,et al.  Implementing Group Signature Schemes with Smart Cards , 2002, CARDIS.

[7]  Ivan Visconti,et al.  A secure and private system for subscription-based remote services , 2003, TSEC.

[8]  Morris J. Dworkin,et al.  SP 800-38D. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC , 2007 .

[9]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[10]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[11]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[12]  George Danezis,et al.  A Survey of Anonymous Communication Channels , 2008 .

[13]  Shouhuai Xu,et al.  Accountable Ring Signatures: A Smart Card Approach , 2004, CARDIS.

[14]  A. Froomkin The Death of Privacy? , 2000 .

[15]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[16]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.