Multi-device anonymous authentication

Recently, a few pragmatic and privacy protecting systems for authentication in multiple systems have been designed. The most prominent examples include Pseudonymous Signatures for German personal identity cards and Anonymous Attestation. The main properties are that a user can authenticate himself with a single private key (stored on a smart card), but nevertheless the user’s IDs in different systems are unlinkable. We develop a solution which enables a user to achieve the above-mentioned goals while using more than one personal device, each holding a single secret key, but different for each device. Our solution is privacy preserving: it will remain hidden for the service system which device is used. Nevertheless, if a device gets stolen, lost or compromised, the user can revoke it (leaving his other devices intact). In particular, in this way we create a strong authentication framework for cloud users, where the cloud does not learn indirectly personal data. Our solution is based on a novel cryptographic primitive, called Pseudonymous Public Key Group Signature

Anonymous authentication protocols for ad-hoc groups

匿名驗證是件矛盾但又非常有用的議題。一般的驗證機制下，可能會面臨到下列問題：服務伺服器接收到不合理或不正確的要求、或是攻擊者竊聽使用者與服務伺服器之間的通訊通道等。這些問題可能導致使用者的姓名或是隱私資訊被公開或被盜取。又，有些應用環境下，如：電子投票、電子錢包、線上競標等等，服務伺服器只需確認使用者是否合法，而不需要確認使用者的身分。於是匿名驗證機制就被提出並且被廣泛地應用。 在ad-hoc環境下，發起人想組成一個子群組時，發起人不必透過群組的管理人的幫助下即可組成子群組，而且該子群組中的成員也不需知道自己是所屬於哪個子群組中。在ad-hoc環境下，透過匿名驗證機制能允許使用者在不透露自己身分條件之下，可以讓驗證者/服務伺服器驗證該使用者是否為合法使用者。 目前的ad-hoc環境下的匿名驗證協定，都存在一些潛在問題，像是未支援Reveal功能，沒有討論不可連接性的安全性之外，並且都不支援單一系統下多個ad-hoc群組的機制。某些應用情境下，支援Reveal功能能夠讓應用更加便利，如線上競標，發起人透過Reveal功能來找到最後競標者；又例如電子投票的情況，若發生爭議時，發起人利用Reveal功能來進行開票。此外，支援多個ad-hoc群組的機制下，在實際應用上更加有彈性。 匿名驗證最簡單的作法是，發起人分享一組共同密碼給所有參與者，參與者使用這組密碼與驗證者進行驗證。這方法能讓發起人很簡單地組成一個ad-hoc子群組，但是很難進行管理。很多匿名驗證的機制都被提出，一般而言，匿名驗證機制可以分成五類：基於群簽章機制的匿名驗證、基於環簽章機制的匿名驗證、自我盲化的匿名憑證機制、基於累加器機制的匿名驗證、其他機制與複合機制的匿名驗證。本論文將對每一種類的機制列出近期相關的文章進行分析與比較。 在實際應用情境下，一個系統中有多個ad-hoc群組的環境是合理的。在上述相關研究中，作者們都將整個系統視為一個ad-hoc群組，套用於實際應用下，我們覺得這假設仍顯不足。於是我們考慮了三種型態的匿名驗證機制：(1) 整個系統為一個ad-hoc群組、(2) 系統支援多個ad-hoc群組，群組的成員數為有限個、(3)系統支援多個ad-hoc群組，群組的成員數為無限，據我們所知，目前的相關研究還沒有支援多個ad-hoc群組的匿名驗證機制。本論文中提出了三種型態各一的匿名驗證機制，並探討其正確性、安全性與其他機制的效率比較。An anonymous authentication protocol is an oxymoron with many useful services. A general authentication protocol may be suffered some threats: the service server would be receiving absurd and abnormal requests, the adversary can eavesdrop the commu-nication channel between the users and the service server, and so on. Those threats cause some insecure problems on the system, such as user’s password has been stolen and user’s personal information was leaked. In some applications, such as e-voting, the service server only needs to authorize the validation of a user, but he cannot reveal and konw any sensitive information about user. Hence, anonymous authentication proto-cols have been proposed and applied wildly. Ad-hoc group refers to members from a known group that can create a subgroup in an ad-hoc fashion. A user (called the initaitor) can form a subgroup without the group manager’s help. Also, members of the subgroup might not know that he has been including a certain ad-hoc subgroup. Thus, an ad-hoc anonymous authentication protocol allows a member from a known group to protect his real identity and sensitive information. All of the existing anonymous authentication protocols for an ad-hoc group have some issues. Some protocols have neither support Reveal function, nor argue the Un-linkability property. The most important of all, those protocols haven’t support multi-ple ad-hoc groups. For instance, in real applications, such as online aucation, the initi-ator can use the Reveal function to find the final bidder. Besides, supporting multiple ad-hoc groups makes the anonymous authentication protocol more flexible. A simple solution to make an anonymous authentication protocol is that the initi-ator issues a common password to all of the participants. This solution is an easy way to form an ad-hoc subgroup, but it is hard to manage those participants. In view of this, many researches for anonymous authentication have been proposed. These proposals can be divided into five categories: (1) group signature-based protocols, (2) ring sig-nature-based protocols, (3) self-blindable credential protocols, (4) accumulator-based protocols, and (5) other techniques and combined techniques. In this dissertation, we study the recent researches of the anonymous authentication, and analyze their pros and cons. According to the actual applications in real world, a system must have more than one ad-hoc groups. We consider three types of the anonymous authentication protocols: (1) the system is a general ad-hoc group, (2) the system supports multiple ad-hoc groups with limited members, and (3) the system supports multiple ad-hoc groups with unlimited members. To the best of our knowledge, most of researches support a gen-eral ad-hoc group. The dissertation proposes three anonymous authentication protocols, one for each type, and analyzes their security requirements, and compares the effi-ciency with the related works.摘要 i Abstract iii Content v List of Figures vii List of Tables viii 1. Introduction 1 1.1. Background and Motivation 1 1.2. Contributions 8 1.3. Thesis Organization 10 2. Preliminaries 11 2.1. Frameworks 11 2.2. Paillier cryptosystem 13 2.2.1. Details of Paillier cryptosystem 13 2.2.2. Paillier signature scheme 14 2.2.3. Hard assumptions of Paillier cryptosystem 15 2.3. Chameleon hash function 16 2.4. Bilinear mapping 18 2.4.1. Bilinear Groups 18 2.4.2. Hard assumptions of bilinear groups 18 2.5. Merkle tree 19 2.6. Security requirements 21 3. Related Works 26 3.1. Accumulators from Bilinear Pairings and Applications 26 3.1.1. Accumulators 26 3.1.2. Nguyen05 protocol 27 3.2. Anonymous Identity-Based Identification Scheme in Ad-Hoc Groups without Pairings 30 3.2.1. BR13 protocol 30 3.3. Self-blindable Credential: Towards Anonymous Entity authentication upon resource-constrained devices 32 3.3.1. ASM signature scheme 32 3.3.2. YDLW13 protocol 33 3.3.3. Cryptanalysis of YDLW13 protocol 34 3.4. Lightweight Anonymous Authentication for Ad Hoc Group: A Ring Signature Approach 35 3.4.1. YWLC15 protocol 35 3.5. Multi-device Anonymous Authentication 37 3.5.1. KWCK16 protocol 37 3.6. Anonymous Identification for Ad Hoc Group 39 3.6.1. LA16 protocol 39 3.7. Towards Lightweight Anonymous Entity Authentication for IoT Applications 41 3.7.1. YCWLC16 protocol 41 3.8. Summary 44 4. An anonymous authentication protocol based on Paillier cryptosystem 45 4.1. ProposedI protocol 45 4.2. Security analysis 48 4.2.1. Unforgeability 48 4.2.2. Unlinkability 51 5. An anonymous authentication protocol based on keywords searchable encryption 58 5.1. ProposedII protocol 58 5.2. Security Analysis 63 5.2.1. Unforgeability 63 5.2.2. Unlinkability 64 6. An anonymous authentication protocol based on Merkle tree 66 6.1. ProposedIII protocol 66 6.2. Security analysis 73 6.2.1. Unforgeability 73 6.2.2. Unlinkability 80 7. Performance and Comparisons 88 8. Conclusions and Future Works 93 Reference 9