1 / 16

Anonymous Identification in Ad Hoc Groups

Anonymous Identification in Ad Hoc Groups. Yevgeniy Dodis, Antonio Nicolosi , Victor Shoup {dodis, nicolosi ,shoup}@cs.nyu.edu New York University. Aggelos Kiayias aggelos@cse.uconn.edu University of Connecticut. April 6 th , 2004. New York, NY, USA.

zephr-cochran
Télécharger la présentation

Anonymous Identification in Ad Hoc Groups

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Anonymous Identification in Ad Hoc Groups Yevgeniy Dodis, Antonio Nicolosi, Victor Shoup {dodis,nicolosi,shoup}@cs.nyu.edu New York University Aggelos Kiayias aggelos@cse.uconn.edu University of Connecticut April 6th, 2004 New York, NY, USA

  2. Enabling Privacy-Aware Access Control • Want to control access to many objects • Each with its own set of authorized users • For privacy concerns, users won’t reveal their identity when accessing an object • Solution: • Have one ad hoc group for each object • To access an object, users anonymously identify as members of corresponding group Antonio Nicolosi — NYU

  3. Example: Access-controlled Blog • Alice is keeping a cool blog about her poems • Since she’s shy, she only wants her friends to access it • But her friends are shy, too: • Maybe one of them is making too much reading …  Solution: Ad Hoc Anonymous Identification scheme Antonio Nicolosi — NYU

  4. Identification Schemes Antonio Nicolosi — NYU

  5. Anonymous Identification Antonio Nicolosi — NYU

  6. Anonymous Identification (cont’d) • Alice cannot tell whom she is talking to • Even in the case of two sessions with the same user (unlinkability) Antonio Nicolosi — NYU

  7. “Structured” Groupsvs. E.g. organizations Group Manager Users need a different key per group Ad Hoc Groups • Ad Hoc Groups • E.g. poetry clubs • No central authority • Can use same key for multiple groups Antonio Nicolosi — NYU

  8. Ad Hoc Anonymous ID: Syntax • Setup: system-wide initialization phase • Register: per-user initialization • Each user picks a secret key/public key pair • Run only once, regardless of # groups user joins • Make-GPK: combines a set of PKs into one GPK • Make-GSK: combines a user’s SK with a set of PKs, yielding a single GSK • Anon-ID: protocol between a group member (holding GSK) and a verifier (holding GPK) Antonio Nicolosi — NYU

  9. Ad Hoc Anonymous ID: Syntax (cont’d) • Make-GPK (running time / to group size) • Make-GSK (running time / to group size) • Anon-ID (constant running time) Antonio Nicolosi — NYU

  10. Background: One-Way Functions • At the core of all modern Cryptography • Several instances are widely accepted … • … but nobody knows if they exist (in particular, cannot exist if P = NP) • Family of functions easy to compute, but very hard to invert at a random point easy x f(x) HARD Antonio Nicolosi — NYU

  11. Background: Accumulators • Intuition: Secure Dictionary ADT • Element Insertion/Membership Testing • Element Insertion • Adding to a set yields a different, larger set • Adding to an accumulator yields a different value of the same size + a witness Antonio Nicolosi — NYU

  12. Background: Accumulators (cont’d) • Membership Testing • Sets are transparent: anybody can inspect their content • Accumulators are opaque: • Infeasible to check for membership … • … unless the proper witness is known • Hard to compute “fake witness’’ Antonio Nicolosi — NYU

  13. Constructing Ad Hoc Anonymous ID • Register sets SK=random, PK=f( SK ) • Make-GPK combines PKs by inserting them all into the accumulator • Make-GSK runs as Make-GPK, but also keeps track of SK and of the witness for PK • In the Anon-ID protocol, the user proves that • he knows the SK corresponding to some PK • PK has been added in the accumulator Antonio Nicolosi — NYU

  14. Ad Hoc Anonymous ID: Variations • Identity Escrow • To prevent abuse of anonymity, possible to amend the scheme so that user identity can be recovered by a trusted party • Supporting large ad hoc groups • If group changes, need to build new value of GPK from scratch with Make-GPK • But if changes are just user additions, can compute new GPK (and GSK) efficiently Antonio Nicolosi — NYU

  15. We propose a novel cryptographic functionality (Ad Hoc Anonymous ID) enabling flexible, privacy-aware access control • We design an instance based on a new tool (One-Way Accumulators), efficiently constructible based on standard assumptions • We discuss possible variations to handle identity escrow and growingad hoc groups Summary Antonio Nicolosi — NYU

  16. Any questions? Thank you! Antonio Nicolosi — NYU

More Related