Michael Hölzl
Michael Roland
René Mayrhofer
ABSTRACT
Providing methods to anonymously validate the user's identity is essential in many applications of electronic identity (eID) systems. A feasible approach to realize such a privacy-preserving eID is the usage of group signature protocols or pseudonym-based signatures. However, providing a revocation mechanism that preserves privacy is often the bottleneck for the scalability of such schemes. In order to bridge this gap between practicability and privacy, we propose a scalable and efficient revocation scheme suitable for smart cards in a mobile eID architecture. By using a pseudo-random function, we derive one-time revocation tokens for the revocation check and generate proofs of validity using a new method referred to as disposable dynamic accumulators. Our scheme thereby preserves unlinkability and anonymity of the eID holder even beyond revocation and does not require online connectivity to a trusted party for the verification and revocation check.
- Foteini Baldimtsi, Jan Camenisch, Maria Dubovitskaya, Anna Lysyanskaya, Leonid Reyzin, Kai Samelin, and Sophia Yakoubov. 2017. Accumulators with Applications to Anonymity-Preserving Revocation.. In IEEE European Symposium on Security and Privacy (EuroS&P). http://eprint.iacr.org/2017/043.pdfGoogle Scholar
Cross Ref
- Niko Baric and Birgit Pfitzmann. 1997. Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees. In Proc. EUROCRYPT '97. LNCS, Vol. 1233. Springer Berlin Heidelberg, 480--494. Google ScholarDigital Library
- Josh Benaloh and Michael de Mare. 1993. One-way accumulators: A decentralized alternative to digital signatures. In Proc. EUROCRYPT '93. Springer-Verlag New York, Inc., 274--285. Google ScholarDigital Library
- Burton H. Bloom. 1970. Space/Time Trade-offs in Hash Coding with Allowable Errors. Commununications of the ACM 13, 7 (July 1970), 422--426. Google ScholarDigital Library
- Dan Boneh and Hovav Shacham. 2004. Group Signatures with Verifier-local Revocation. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS '04). ACM, 168--177. Google ScholarDigital Library
- Ernie Brickell, Jan Camenisch, and Liqun Chen. 2004. Direct Anonymous Attestation. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS '04). ACM, 132--145. Google ScholarDigital Library
- Ernie Brickell and Jiangtao Li. 2007. Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities. In Proceedings of the 2007 ACM Workshop on Privacy in Electronic Society (WPES '07). ACM, 21--30. Google ScholarDigital Library
- Julien Bringer, Hervé Chabanne, Roch Lescuyer, and Alain Patey. 2014. Efficient and Strongly Secure Dynamic Domain-Specific Pseudonymous Signatures for ID Documents. In Financial Cryptography and Data Security. LNCS, Vol. 8437. Springer, 255--272.Google Scholar
- Julien Bringer, Hervé Chabanne, Roch Lescuyer, and Alain Patey. 2016. Hierarchical Identities from Group Signatures and Pseudonymous Signatures. Springer Berlin Heidelberg, 457--469. Google ScholarDigital Library
- Jan Camenisch, Manu Drijvers, and Jan Hajny. 2016. Scalable Revocation Scheme for Anonymous Credentials Based on N-times Unlinkable Proofs. In Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society (WPES '16). ACM, New York, NY, USA, 123--133. Google ScholarDigital Library
- Jan Camenisch, Markulf Kohlweiss, and Claudio Soriente. 2009. An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In Public Key Cryptography - PKC 2009. LNCS, Vol. 5443. Springer, 481--500. Google ScholarDigital Library
- Jan Camenisch and Anna Lysyanskaya. 2002. Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In Advances in Cryptology - CRYPTO 2002. LNCS, Vol. 2442. Springer, 61--76. Google ScholarDigital Library
- Jan Camenisch and Markus Stadler. 1997. Efficient group signature schemes for large groups. In Advances in Cryptology - CRYPTO '97. LNCS, Vol. 1294. Springer, 410--424. Google ScholarDigital Library
- David Chaum and Eugène Van Heyst. 1991. Group signatures. In Advances in Cryptology - EUROCRYPT'91. LNCS, Vol. 547. Springer, 257--265. Google ScholarDigital Library
- Hermann de Meer, Manuel Liedel, Henrich C. Pöhls, Joachim Posegga, and Kai Samelin. 2012. Indistinguishability of one-way accumulators. Technical Report. MIP-1210, Faculty of Computer Science and Mathematics, University of Passau.Google Scholar
- Michael T. Goodrich, Roberto Tamassia, and Jasminka Hasić. 2002. An Efficient Dynamic and Distributed Cryptographic Accumulator. In Information Security. LNCS, Vol. 2433. Springer Berlin Heidelberg, 372--388. Google ScholarDigital Library
- Michael Hölzl, Endalkachew Asnake, René Mayrhofer, and Michael Roland. 2015. A Password-authenticated Secure Channel for App to Java Card Applet Communication. International Journal of Pervasive Computing and Communications 11 (Oct. 2015), 374--397.Google ScholarCross Ref
- Michael Hölzl, René Mayrhofer, and Michael Roland. 2013. Requirements for an Open Ecosystem for Embedded Tamper Resistant Hardware on Mobile Devices. In Proc. MoMM 2013: International Conference on Advances in Mobile Computing & Multimedia. ACM, 249--252. Google ScholarDigital Library
- Vireshwar Kumar, He Li, Jung-Min (Jerry) Park, Kaigui Bian, and Yaling Yang. 2015. Group Signatures with Probabilistic Revocation: A Computationally-Scalable Approach for Providing Privacy-Preserving Authentication. In Proc. of the 22nd Conference on Computer and Communications Security. ACM. Google ScholarDigital Library
- Jorn Lapon, Markulf Kohlweiss, Bart De Decker, and Vincent Naessens. 2011. Analysis of Revocation Strategies for Anonymous Idemix Credentials. In Communications and Multimedia Security. LNCS, Vol. 7025. Springer, 3--17. Google ScholarDigital Library
- Benoît Libert and Damien Vergnaud. 2009. Group signatures with verifier-local revocation and backward unlinkability in the standard model. In Cryptology and Network Security. LNCS, Vol. 5888. Springer, 498--517. Google ScholarDigital Library
- Wouter Lueks, Gergely Alpár, Jaap-Henk Hoepman, and Pim Vullers. 2015. Fast revocation of attribute-based credentials for both users and verifiers. In ICT Systems Security and Privacy Protection. LNCS, Vol. 455. Springer, 463--478.Google Scholar
- G. Madlmayr, J. Langer, C. Kantner, and J. Scharinger. 2008. NFC Devices: Security and Privacy. In Third International Conference on Availability, Reliability and Security (ARES'08). 642--647. Google ScholarDigital Library
- Michael Mitzenmacher and Eli Upfal. 2005. Probability and Computing: Randomized Algorithms and Probabilistic Analysis. Cambridge University Press, New York, NY, USA. Google ScholarDigital Library
- Toru Nakanishi and Nobuo Funabiki. 2006. A Short Verifier-Local Revocation Group Signature Scheme with Backward Unlinkability. In Advances in Information and Computer Security. LNCS, Vol. 4266. Springer, 17--32. Google ScholarDigital Library
- Toru Nakanishi and Nobuo Funabiki. 2008. A Short Anonymously Revocable Group Signature Scheme from Decision Linear Assumption. In Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS '08). ACM, 337--340. Google ScholarDigital Library
- Tomas Sander, Amnon Ta-Shma, and Moti Yung. 2000. Blind, Auditable Membership Proofs. In Financial Cryptography. LNCS, Vol. 1962. Springer Berlin Heidelberg, 53--71. Google ScholarDigital Library
- Jinyuan Sun, Chi Zhang, Yanchao Zhang, and Yuguang Fang. 2010. An Identity-Based Security System for User Privacy in Vehicular Ad Hoc Networks. IEEE Transactions on Parallel and Distributed Systems 21, 9 (Sept. 2010), 1227--1239. Google ScholarDigital Library
- Patrick P. Tsang, Man Ho Au, Apu Kapadia, and Sean W. Smith. 2007. Blacklistable anonymous credentials: blocking misbehaving users without ttps. In Proc. of the 14th ACM Conference on Computer and Communications Security. ACM, 72--81. Google ScholarDigital Library
Index Terms
- Bridging the gap in privacy-preserving revocation: practical and scalable revocation of mobile eIDs
Recommendations
Disposable dynamic accumulators: toward practical privacy-preserving mobile eIDs with scalable revocation
AbstractProviding methods to anonymously validate user identity is essential in many applications of electronic identity (eID) systems. A feasible approach to realize such a privacy-preserving eID is the usage of group signature protocols or pseudonym-...
Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
CRYPTO '02: Proceedings of the 22nd Annual International Cryptology Conference on Advances in CryptologyWe introduce the notion of a dynamic accumulator. An accumulator scheme allows one to hash a large set of inputs into one short value, such that there is a short proof that a given input was incorporated into this value. A dynamic accumulator allows one ...
Privacy-preserving revocation checking
Digital certificates signed by trusted certification authorities (CAs) are used for multiple purposes, most commonly for secure binding of public keys to names and other attributes of their owners. Although a certificate usually includes an expiration ...
Comments