Authentication Without Identification using Anonymous Credential System

Internatio na Journal of Computer Scie nce and Informati on Security IJCSIS Vol. 3 No. 1 July 2009   Authentication without Identification Using Anonymous Credential System Dr. A. Damodaram, Prof of CSE Dept & Director, UGC- ASC, JNTUH, Hyderabad, damodarama@jntuh.ac.in H.Jayasri, Asst.Prof, ATRI, Hyderabad,India, jayahsree@rediffmail.com Abstract  Privacy and security are often intertwined. For example, identity theft is rampant b ecause we have become accustomed to authentica tion by identification. To ob tain some service, we provide enough information about our identity for an unscrupulous person to steal it (for exampl e, we give our credit car d number to A mazon.com) . One of the consequences is that many people avoi d e-commerce entirely due to privacy and security con cerns. The solution is t o perform aut henticati on without identification. In fact, all on-line a ctions should be as anonymous as possible, for th is is the only way to guarantee security for the overall system. A credential system is a system in wh ich users can obtain cred entials fro m organi zations and demonstrate possession of these crede ntials. Such a system is anonymous when transactions c arried out by the sam e user cannot be linked. An anonymous credential system is of significant practica l relevance because it is the best me ans of providing p rivacy for users. Keywords: Pseudonym s 1.Introduction As inform ation becom es increasingl y accessible, protecting the privacy of individuals becomes a more challenging task. To solve this problem, an application that allows the individual to control the dissemination of personal information is needed. In this paper we discuss ab out the best known idea for such a system called the Anonymous Credential System. An anonym ous credenti al(AC) is a vect or of attributes certified by a trusted certification authority. Anonymous credentials are us ed as a way to prevent disclosure of t oo much inf ormation abo ut a user during the authentication process. Access management systems create profiles for each user who has been granted acce ss. Additionally, some systems use digital certificates to further verify the user's identity. Depending on the system, these digital certificate's may contain a lo t of information ab out an individual user's id entity. Since the entire dig ital certificate is used during authentication, i f compromised it could lead to a breach of sensitiv e informati on about the user , some of w hich coul d be used later for stealing th e legitimate user's identity o r authentication credentials for malicious access. Th e technology was also called minimal disclosure certificates by Stefan Brands. Here's a scenario to explain how it works . someone goes i nto a bar and the bartender as ks for the person's driver's license to verify if he or she is of legal age to drink. Most likely, the bartender just looks at the person's date of birth and isn 't interested in the name, add ress or other pe rsonal inf ormation. Once the bartender is satisfied, th e person puts their license away and is allowed to stay in the bar. But in open netwo rk's -- like the Web and the Internet -- an entire digital certificate may be exposed to the whole world over the wire, where its contents can be sniffed and stolen by hac ker's interested i n stealing authentication credentials. Minimal disclosure solve Internatio na Journal of Computer Scie nce and Informati on Security IJCSIS Vol. 3 No. 1 July 2009   that problem by on ly providing enoug h information from the user's digital certif icate to grant access to a system for a specific requi rement . the user's whole identity or credentials aren 't served up to the system requesting authenticatio n. An anonymous credential syst em consists of users and or ganizations. Organizati ons know the users only by pse udonym s. Different pse udonym s of the same user cannot be linke d. Yet , an organizati on can issue a credential to a pseudonym , and the corresponding us er can prove possession of this credential to a nother organi zation( who knows her by a different pseudonym ),without revealing anything more than the fact that she owns such a credential. Credentials can be for unlimited u se (multiple-show credentials)or for one-time use(one-show credentials). 2.Motivation The internet, by design, lacks pr ovisions for identifying who communicates with whom; it lacks a well-designed identity infrastructure. As a result, enterprises, go vernments and individuals have over time develope d a bricolage of isol ated, incom patible, partial solutions to meet their needs in communicat ions and tra nsactions. T he overall res ult of these unguided developments is th at enterprises and governm ents have a problem i n identifying their communicat ion partners at the individual l evel. Given the lack of a proper iden tity infrastructure, individuals often have t o disclose m ore personal data than strictly requi red. In addi tion to nam e and address contact details such as mu ltiple phone nu mbers (home, work, mobile) and e-m ail addresses are requested. The am ount and nature of the data disclosed exceeds t hat usually require d of real world transactions, w hich can ofte n be conduct ed anonymously – in many cases the service could be provided wit hout any pers onal data at all . Over the long run, the in adequacy of th e identity infrastructure affects i ndividuals' privacy. The availability of abundant personal d ata to enterprises and governments has a profound impact on the individual's righ t to be let alone as well as on society at large. 3. Desirable Properties 3.1 Basic Desirable Properties i) It shoul d be possible for a user to selectively disclose attributes. ii) An AC must be har d to forge. iii) A user's transactions must be unlinkable and iv) An AC m ust be revokable 3.2 Additional Desirable Properties i) Users sho uld be discou raged from sharing their pseudony ms and crede ntials wi th other use rs. ( PKI assured non- transferab ility or all-o r-nothing non - transferability) ii) It may be desirable to have a mecha nism for discovering the identity of a user whose tran sactions are illegal. iii)It can also be beneficial to all ow one-show credentials ie, credentials th at should only be us able once and shoul d incorp orate an offline do uble spending t est. 4.Requirements A basic credential system has users, organizations , and verifiers as ty pes of players. Users are entities that receive cred entials. The set of users in the system may grow over t ime. Organi zations are entities that gran t and verify the credentials o f the users. Each orga nization gra nts a unique (f or simplicity of ex position) type of cred ential. Finally, verifiers are entities that ve rify creden tials of the users. For the purposes of non -transferability, we can add a CA(Certification Authority) to the model who verifies that the users enteri ng the system possess an external public and secret key. This CA will be trusted to do his job prop erly. To allow revocable an onymity, an anonymity revo cation manager can be added. This entity will be tr usted not to use h is ability to find out a user's identit y or pseudony m unless dicta ted to do so. The user is anonymous until th e revocation manager exposes his/her identity. Usually this is followed by entering th e user ID into a revocation list. Revocation may be partial or to tal. In the former a subset of the entries in the vector is revoked, wh ile Internatio na Journal of Computer Scie nce and Informati on Security IJCSIS Vol. 3 No. 1 July 2009   in the latter the whole v ector is revoked.(ie. the user is revoked.) Ideally revo cation authority should no t be able to re voke caprici ously. Finally, a credential may include an attribute, such as an expiration date. 5. Related Work Th e scenario with multiple users who, while remaining an onymous t o the organi zations, m anage to transfer credentials from one o rganization to another, was first introd uced by Chaum [6]. Subsequently, Chaum and Ev ertse[5] proposed a solution that is based on the existence of a semi- trusted third party who is involv ed in all transactions. However, the involvement of a semi-trusted third party is undesi rable. The scheme later propo sed by Damgard [4] employs general complexity theoretic primitives (one-way func tions and zer o-knowledge proofs) and is therefore not applicab le for practical use. Moreover, i t does not prot ect orga nizations agai nst colluding use rs. The schem e proposed by Chen [3] is based on discre te logarithm -based blind sig natures. It is efficient but does no t address the problem of colluding users. Anot her drawback of her sc heme and the other pract ical schemes previo usly proposed is that to use a credential seve ral times, a user needs to obtain sever al signatures from the issuin g organizati on. Lysyanskaya, Rivest, Sahai, and Wolf [1] propose a ge neral credent ial system . While thei r general soluti on captures m any of the desira ble properties, it is not usable in practice because their constructions are based o n one-way functi ons and general zero-know ledge pr oofs. Their practical construction, base d on a non-standard discrete- logarithm -based assumption, has the same pro blem as the one due to Chen [4]: a user needs to obtain several signatures from the i ssuing orga nization in order to use unlink ably a credential several times. Brands provides a certificate system in which a user ha s control over what is know n about the attributes of a pseudo nym. Although a credential system with one-show credentials can be inferred from his fram ework, obt aining a cre dential sy stem with multi-show creden tials is not immed iate and may in fact be i mpossible in practice. Anot her inconvenience of these and t he other discrete - logarithm -based scheme s mentioned a bove is that all the users and the certifica tion authorities in these schemes need to share the sam e discrete logarithm group. Jan Camenisch & A nna Lysyanskaya [ 2] propose a practi cal anonymous credenti al system that is based on the strong RSA assumption and the Diffie-Hellman assumption. They gave the first practical soluti on that allows 1) a user to unlinkably demonstrate possession of a crede ntial as many times as necessary without involving the issuing organizati on 2) to preve nt misuse of anonym ity they offered optio nal anonym ity revocation fo r particular transaction. 6. Concluding Remarks It appears that a compromise is requi red , either in the securi ty requirem ents or in the amount of trust bestowed on the participant, in order to achieve a practical and efficient anonymous crede ntial system. 7. References [1] A. Lysyanskay a, R. Rivest, A. Sahai , and S. Wolf: Pseudonym systems: In Selected Areas in Cryptogra phy, vol. 175 8 of LNCS. Spri nger Verlag, 1999. ]2] Jan Camenisch & Anna Lysy anskaya: An Efficient system for No n-transferable Anony mous Credentials with Optional Anonymity Revocation . In CRYPTO '97, vol. 1296 of L NCS,pp 41 0-424. Springer Verlag, 1997 [3]. L. Chen: Access wi th pseudonym s. In Cryptography: Po licy and Algorithms, vol.1029 of LNCS, pp. 232-243. Spr inger Verlag, 1995. [4]. I. Damgard: Payment systems and credential mechanism with provable se curity against abuse by individuals . In CR YPTO '88, vol . 403 of L NCS, pp. 328-335. [5]. D. Chaum and J.-H. Evertse: A se cure and privacy-prot ecting protoc ol for tra nsmitting pers onal informat ion between o rganizat ions. In CR YPTO '86 , vol. 263 of LNCS, pp. 118- 167. Springer -Verlag, 1987. [6]. D. Chaum: Security without identifi`cation: Transaction system s to make big brother obs olete. Communication s of the ACM, 28(10):1030- 1044, 1985. Internatio na Journal of Computer Scie nce and Informati on Security IJCSIS Vol. 3 No. 1 July 2009                   Dr A Damodaram obtained his B.Tech. Degree in Computer Science and Engg.in 1989, M.Tech. in CSE in 1995 and Ph.D in Computer Science in 20 00 all from Jawaharlal Nehru Technological University, Hy derabad. His areas of interest are Computer Networks, Software Engineering, Data Mining and I mage Processing. He presented more than 44 papers in various National and International Conferences and has 7 pu blications in Journals. He guided 3 Ph.D., 3 MS and more than 100 M.Tech./MCA students. He joined as Faculty of Computer Science and Engineering in 1989 at JNTU, Hyderabad. He worked in the JNTU in various capacities since 1989. Presently he is a professor in Computer Science and Engineering Department . In his 19 years of service Dr. A. Damodaram assumed office as Head of the Department, Vice-Principal and presently is the Director of UGC Academic Staff College of JNT University Hyderabad. He was board of studies chair man for JNTU Computer Science and Engineering Branch (JNTUCE H) for a period of 2 years. He is a life member in various professional bodies. He is a member i n various academic councils in various Universities. He is also a UGC Nominated member in various expert/advisory committees of Universities in India. He was a member of NBA (AICTE) sectoral committee and also a member in various committ ees in State and Central Governments. He is an activ e participant in various social/welfare activities. He was also acted as Secretary General and Chairman for the AP State Federation of University Teachers Associati ons, and Vice President for All India Federation of University Teachers Associations. He is the Vice President for the All India Peace and Solidarity Organization from Andhra Pradesh. H.Jayasri obtained B.E. (CSE) from Bangalore University and M.Tech.(CSE) from JNTU, Hyderabad in 2001 and 2006 respectively. Pursuing Ph.D . from department of CSE JNTU, Hyderabad. She has 7yrs of teaching experience in various co lleges of Hyderabad and Bangalore. Areas of resear ch interest are Network Security and Com puter Networks.