PRACTICAL TRACEABLE ANONYMOUS IDENTIFICATION

Daniel Slamanig, Christian Stingl, Peter Schartner

Abstract

Internet privacy is of increasing interest, since online services are getting more and more ubiquitous and cover many aspects of one’s daily life. Hence users leave information tracks and disclose information during usage of services which can be compiled by third parties to infer users behavior, preferences etc. and thus may violate user’s privacy. In this paper we propose a practical method for traceable anonymous identification which can be used for online services in order to protect user’s privacy. It enables users to authenticate themselves to a service provider, whereas the service provider is not able to identify authenticating users. However, the service provider can be sure that only authorized users are able to authenticate. Since absolute anonymity may open the door for dishonest behavior, our protocol incorporates traceability, which enables a service provider to identify authenticating users in cooperation with an offline trusted third party. The proposed method is fully compatible with real world scenarios, i.e. public key infrastructures based on X.509 certificates, and can be easily deployed using state of the art smart cards. Furthermore, the proposed method is very efficient and we give a performance analysis as well as a security analysis of the introduced protocols.

References

  1. Ateniese, G., Camenisch, J., Joye, M., and Tsudik, G. (2000). A Practical and Provably Secure Coalition-
  2. 3: The malicious SP A SP is given all public keys PK1, . . . , PKn and user ui is given SKi.
  3. 4: The TRA protocol is executed between A SP and ui, whereas A SP has access to an encryption oracle O E (m, j), which encrypts a message m with the public key PKj, 1 = j = n.
  4. 5: At the end of the experiment, A SP outputs an index i', 1 = i' = n. A SP has succeeded in the experiment, if and only if i' = i, which is denoted as anon ExptT RA,A SP,n(k) = 1.
  5. 1: G generates PK1, . . . , PKn.
  6. 2: The SP and the malicious non authorized user A NA are both given all public keys PK1, . . . , PKn.
  7. 3: The TRA protocol is executed between SP and A NA, whereas A NA has access to an encryption oracle O E (m, j), which encrypts a message m with the public key PKj, 1 = j = n.
  8. 4: At the end of the experiment, A NA has succeeded in the experiment, if and only if SP accepts the TRA protocol, which is denoted as unf ExptT RA,A NA,n(k) = 1.
Download


Paper Citation


in Harvard Style

Slamanig D., Schartner P. and Stingl C. (2009). PRACTICAL TRACEABLE ANONYMOUS IDENTIFICATION . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 225-232. DOI: 10.5220/0002217502250232


in Bibtex Style

@conference{secrypt09,
author={Daniel Slamanig and Peter Schartner and Christian Stingl},
title={PRACTICAL TRACEABLE ANONYMOUS IDENTIFICATION},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={225-232},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002217502250232},
isbn={978-989-674-005-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - PRACTICAL TRACEABLE ANONYMOUS IDENTIFICATION
SN - 978-989-674-005-4
AU - Slamanig D.
AU - Schartner P.
AU - Stingl C.
PY - 2009
SP - 225
EP - 232
DO - 10.5220/0002217502250232