7,596 research outputs found
Anonymous Single-Sign-On for n designated services with traceability
Anonymous Single-Sign-On authentication schemes have been proposed to allow
users to access a service protected by a verifier without revealing their
identity which has become more important due to the introduction of strong
privacy regulations. In this paper we describe a new approach whereby anonymous
authentication to different verifiers is achieved via authorisation tags and
pseudonyms. The particular innovation of our scheme is authentication can only
occur between a user and its designated verifier for a service, and the
verification cannot be performed by any other verifier. The benefit of this
authentication approach is that it prevents information leakage of a user's
service access information, even if the verifiers for these services collude
which each other. Our scheme also supports a trusted third party who is
authorised to de-anonymise the user and reveal her whole services access
information if required. Furthermore, our scheme is lightweight because it does
not rely on attribute or policy-based signature schemes to enable access to
multiple services. The scheme's security model is given together with a
security proof, an implementation and a performance evaluation.Comment: 3
Anonymous deniable predicate authentication scheme with revocability
In authentication protocols, anonymity is for privacy, while deniability is for anti-forensics after completion of the protocols. We propose a syntax and security definitions of an anonymous deniable predicate authentication scheme with revocability (rADPA). This new cryptographic primitive is to attain revocation function and strong privacy guarantee with predicate authentication, where a predicate is a boolean function over attributes of participants. We also give a generic construction of our rADPA scheme. Our approach is to build-in the revocable attribute-based encryption scheme proposed by K.Yamada et al. (ESORICS2017) into the anonymous deniable predicate authentication scheme proposed by S.Yamada et al. (PKC2012). Finally, we discuss how our rADPA scheme can be instantiated by employing concrete building blocks in our generic construction
An attribute-based framework for secure communications in vehicular ad hoc networks
In this paper, we introduce an attribute-based framework to achieve secure communications in vehicular ad hoc networks (VANETs), which enjoys several advantageous features. The proposed framework employs attribute-based signature (ABS) to achieve message authentication and integrity and protect vehicle privacy, which greatly mitigates the overhead caused by pseudonym/private key change or update in the existing solutions for VANETs based on symmetric key, asymmetric key, and identity-based cryptography and group signature. In addition, we extend a standard ABS scheme with traceability and revocation mechanisms and seamlessly integrate them into the proposed framework to support vehicle traceability and revocation by a trusted authority, and thus, the resulting scheme for vehicular communications does not suffer from the anonymity misuse issue, which has been a challenge for anonymous credential-based vehicular protocols. Finally, we implement the proposed ABS scheme using a rapid prototyping tool called Charm to evaluate its performance
Accountable privacy preserving attribute based framework for authenticated encrypted access in clouds
In this paper, we propose an accountable privacy
preserving attribute-based framework, called Ins-PAbAC, that
combines attribute based encryption and attribute based signature techniques for securely sharing outsourced data contents via
public cloud servers. The proposed framework presents several
advantages. First, it provides an encrypted access control feature,
enforced at the data owner’s side, while providing the desired
expressiveness of access control policies. Second, Ins-PAbAC
preserves users’ privacy, relying on an anonymous authentication
mechanism, derived from a privacy preserving attribute based
signature scheme that hides the users’ identifying information.
Furthermore, our proposal introduces an accountable attribute
based signature that enables an inspection authority to reveal
the identity of the anonymously-authenticated user if needed.
Third, Ins-PAbAC is provably secure, as it is resistant to both
curious cloud providers and malicious users adversaries. Finally,
experimental results, built upon OpenStack Swift testbed, point
out the applicability of the proposed scheme in real world
scenarios
On the efficiency of revocation in RSA-based anonymous systems
© 2016 IEEEThe problem of revocation in anonymous authentication systems is subtle and has motivated a lot of work. One of the preferable solutions consists in maintaining either a whitelist L-W of non-revoked users or a blacklist L-B of revoked users, and then requiring users to additionally prove, when authenticating themselves, that they are in L-W (membership proof) or that they are not in L-B (non-membership proof). Of course, these additional proofs must not break the anonymity properties of the system, so they must be zero-knowledge proofs, revealing nothing about the identity of the users. In this paper, we focus on the RSA-based setting, and we consider the case of non-membership proofs to blacklists L = L-B. The existing solutions for this setting rely on the use of universal dynamic accumulators; the underlying zero-knowledge proofs are bit complicated, and thus their efficiency; although being independent from the size of the blacklist L, seems to be improvable. Peng and Bao already tried to propose simpler and more efficient zero-knowledge proofs for this setting, but we prove in this paper that their protocol is not secure. We fix the problem by designing a new protocol, and formally proving its security properties. We then compare the efficiency of the new zero-knowledge non-membership protocol with that of the protocol, when they are integrated with anonymous authentication systems based on RSA (notably, the IBM product Idemix for anonymous credentials). We discuss for which values of the size k of the blacklist L, one protocol is preferable to the other one, and we propose different ways to combine and implement the two protocols.Postprint (author's final draft
Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management
With the growing amount of personal information exchanged over the Internet,
privacy is becoming more and more a concern for users. One of the key
principles in protecting privacy is data minimisation. This principle requires
that only the minimum amount of information necessary to accomplish a certain
goal is collected and processed. "Privacy-enhancing" communication protocols
have been proposed to guarantee data minimisation in a wide range of
applications. However, currently there is no satisfactory way to assess and
compare the privacy they offer in a precise way: existing analyses are either
too informal and high-level, or specific for one particular system. In this
work, we propose a general formal framework to analyse and compare
communication protocols with respect to privacy by data minimisation. Privacy
requirements are formalised independent of a particular protocol in terms of
the knowledge of (coalitions of) actors in a three-layer model of personal
information. These requirements are then verified automatically for particular
protocols by computing this knowledge from a description of their
communication. We validate our framework in an identity management (IdM) case
study. As IdM systems are used more and more to satisfy the increasing need for
reliable on-line identification and authentication, privacy is becoming an
increasingly critical issue. We use our framework to analyse and compare four
identity management systems. Finally, we discuss the completeness and
(re)usability of the proposed framework
I2PA : An Efficient ABC for IoT
Internet of Things (IoT) is very attractive because of its promises. However,
it brings many challenges, mainly issues about privacy preserving and
lightweight cryptography. Many schemes have been designed so far but none of
them simultaneously takes into account these aspects. In this paper, we propose
an efficient ABC scheme for IoT devices. We use ECC without pairing, blind
signing and zero knowledge proof. Our scheme supports block signing, selective
disclosure and randomization. It provides data minimization and transactions'
unlinkability. Our construction is efficient since smaller key size can be used
and computing time can be reduced. As a result, it is a suitable solution for
IoT devices characterized by three major constraints namely low energy power,
small storage capacity and low computing power
- …