Privacy Protection in PKIs: A Separation-of-Authority Approach

Due to the growing number of privacy infringement problems, there are increasing demands for privacy enhancing techniques on the Internet. In the PKIs, authorized entities such as CA and RA may become, from the privacy concerns, a big brother even unintentionally since they can always trace the registered users with regard to the public key certificates. In this paper, we investigate a practical method for privacy protection in the existing PKIs by separating the authorities, one for verifying ownership and the other for validating contents, in a blinded manner. The proposed scheme allows both anonymous and pseudonymous certificates to be issued and used in the existing infrastructures in the way that provides conditional traceability and revocability based on the threshold cryptography and selective credential show by exploiting the extension fields of X.509 certificate version 3.

[1]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[2]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[3]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[4]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[5]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[6]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[7]  Robert H. Deng,et al.  Public Key Cryptography – PKC 2004 , 2004, Lecture Notes in Computer Science.

[8]  Rüdiger Grimm,et al.  Privacy protection for signed media files: a separation-of-duty approach to the lightweight DRM (LWDRM) system , 2004, MM&Sec '04.

[9]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[10]  X Itu,et al.  Information technology-open systems interconnection-the directory: Public-key and attribute certific , 2000 .

[11]  Chengqi Zhang,et al.  Distributed Artificial Intelligence Architecture and Modelling , 1995, Lecture Notes in Computer Science.

[12]  Bernhard Plattner,et al.  An architecture for pseudonymous e-commerce , 2001 .

[13]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[14]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[15]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[16]  Birgit Pfitzmann,et al.  ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead , 1991, Kommunikation in Verteilten Systemen.

[17]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[18]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[19]  E. Friedman,et al.  The Social Cost of Cheap Pseudonyms , 2001 .

[20]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[21]  Ed Dawson,et al.  Cryptography: Policy and Algorithms , 1996, Lecture Notes in Computer Science.

[22]  Hannes Federrath Designing Privacy Enhancing Technologies , 2001, Lecture Notes in Computer Science.

[23]  David Chaum,et al.  A Secure and Privacy-protecting Protocol for Transmitting Personal Information Between Organizations , 1986, CRYPTO.

[24]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[25]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[26]  Lidong Chen Access with Pseudonyms , 1995, Cryptography: Policy and Algorithms.

[27]  Stefan A. Brands,et al.  A Technical Overview of Digital Credentials , 2002 .

[28]  Eric R. Verheul,et al.  Self-Blindable Credential Certificates from the Weil Pairing , 2001, ASIACRYPT.

[29]  Ivan Damgård,et al.  Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals , 1988, CRYPTO.

[30]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[31]  David Chaum,et al.  Security without Identification: Card Computers to make Big Brother Obsolete , 1985 .

[32]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[33]  Tuomas Sandholm,et al.  Automated negotiation , 1999, CACM.

[34]  José M. Troya,et al.  A First Approach to Provide Anonymity in Attribute Certificates , 2004, Public Key Cryptography.

[35]  Jeroen Van,et al.  Reflecting on X . 509 and LDAP , or How separating identity and attributes could simplify a PKI , 2004 .

[36]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[37]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[38]  David Chaum,et al.  Blind Signature System , 1983, CRYPTO.

[39]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[40]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[41]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[42]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.