Skip to main content
SpringerLink
Log in

Privacy Protection in PKIs: A Separation-of-Authority Approach

  • Conference paper
Information Security Applications (WISA 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4298))

Included in the following conference series:

Abstract

Due to the growing number of privacy infringement problems, there are increasing demands for privacy enhancing techniques on the Internet. In the PKIs, authorized entities such as CA and RA may become, from the privacy concerns, a big brother even unintentionally since they can always trace the registered users with regard to the public key certificates. In this paper, we investigate a practical method for privacy protection in the existing PKIs by separating the authorities, one for verifying ownership and the other for validating contents, in a blinded manner. The proposed scheme allows both anonymous and pseudonymous certificates to be issued and used in the existing infrastructures in the way that provides conditional traceability and revocability based on the threshold cryptography and selective credential show by exploiting the extension fields of X.509 certificate version 3.

This work was supported by grant No. R01-2005-000-11261-0 from Korea Science and Engineering Foundation in Ministry of Science & Technology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adams, C., Just, M.: PKI: Ten Years Later. In: The 3rd Annual PKI R&D Workshop, NIST (2004)

    Google Scholar 

  2. Ateniese, G., Camenisch, J., Joye, M., Tsudik, G.: A practical and provably secure coalition-resistant group signature scheme. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 255–270. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  3. Benjumea, V., Lopez, J., Montegegro, J., Troya, J.: A first approach to provide anonymity in attribute certificates. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 402–415. Springer, Heidelberg (2004)

    Google Scholar 

  4. Brands, S.: Rethinking public key infrastructures and digital certificates - Building in Privacy, PHD thesis, Eindhoven Institute of Technology, Eindhoven, The Netherlands (1999)

    Google Scholar 

  5. Brands, S.: A technical overview of digital credentials. Manuscript (2002)

    Google Scholar 

  6. Camenisch, J., Herreweghen, E.: Design and implementation of the Idemix anonymous credential system. In: ACM Conference on Computer and Communications Security, pp. 21–30. ACM Press, New York (2002)

    Google Scholar 

  7. Camenisch, J., Lysyanskaya, A.: Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  8. Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 4(2) (1981)

    Google Scholar 

  9. Chaum, D.: Blind signature system. In: CRYPTO ’83, p. 153. Plenum Press, New York (1984)

    Google Scholar 

  10. Chaum, D.: Security without identification: Transactions systems to make big brother obsolete. Communications of the ACM 28(10), 1035–1044 (1985), Revised version, Security without identification: Card computers to make big brother obsolete, available at http://www.chaum.com/

    Article  Google Scholar 

  11. Chaum, D., Evertse, J.: A secure and privacy-protecting protocol for transmitting personal information between organizations. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 118–167. Springer, Heidelberg (1987)

    Google Scholar 

  12. Chen, L.: Access with pseudonyms. In: Dawson, E.P., Golić, J.D. (eds.) Cryptography: Policy and Algorithms. LNCS, vol. 1029, pp. 232–243. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  13. Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. In: ACM Conference on Computer and Communications Security, pp. 46–52. ACM Press, New York (1999)

    Chapter  Google Scholar 

  14. Damgård, I.: Payment systems and credential mechanism with provable security against abuse by individuals. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 328–335. Springer, Heidelberg (1990)

    Google Scholar 

  15. Friedman, E., Resnick, P.: The Social Cost of Cheap Pseudonyms. Journal of Economics and Management Strategy 10(1), 173–199 (2001)

    Google Scholar 

  16. Goldschlag, D., Reed, M., Syverson, P.: Onion routing for anonymous and private internet connections. Communications of the ACM 42(2), 84–88 (1999)

    Article  Google Scholar 

  17. Graaf, J., Carvalho, O.: Reflecting on X.509 and LDAP, or How separating identity and attributes could simplify a PKI. In: WSEG 2004, pp. 37–48 (2004)

    Google Scholar 

  18. Grimm, R., Aichroth, P.: Privacy Protection for Signed Media Files: A Separation-of-Duty Approach to the Lightweight DRM (LWDRM) System. In: ACM MM&Sec’04, pp. 93–99. ACM, New York (2004)

    Google Scholar 

  19. Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. IETF Request for Comments 3280 (April 2002)

    Google Scholar 

  20. Lysyanskaya, A., Rivest, R., Sahai, A., Wolf, S.: Pseudonym systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  21. Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. IETF Request for Comments 2560 (June 1999)

    Google Scholar 

  22. Pfitzmann, A., Pfitzmann, B., Waidner, M.: Isdnmixes: Untraceable communication with very small bandwidth overhead. Manuscript (1991)

    Google Scholar 

  23. Pfitzmann, A., Köhntopp, M.: Anonymity, Unobserbability, and Pseudonymity - A Proposal for Terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  24. Rafaeli, S., Rennhard, M., Mathy, L., Plattner, B., Hutchison, D.: An Architecture for Pseudonymous e-Commerce. In: AISB’01 Symposium on Information Agents for Electronic Commerce, pp. 33–41 (2001)

    Google Scholar 

  25. Reiter, M., Rubin, A.: Crowds: anonymity for Web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)

    Article  Google Scholar 

  26. Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signature and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)

    Article  MATH  MathSciNet  Google Scholar 

  27. Shoup, V.: Practical threshold signatures. In: Zhang, C., Lukose, D. (eds.) Distributed Artificial Intelligence - Architecture and Modelling. LNCS, vol. 1087, pp. 207–220. Springer, Heidelberg (1996)

    Google Scholar 

  28. Siebenlist, F.: Is there life after X.509? In: Security Workshop of the Globus World 2004 Conference (2004)

    Google Scholar 

  29. Verheul, E.: Self-blindable credential certificates from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 533–551. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  30. X.509, Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks. ITU-T Recommendation X.509, March 2000. Also avaiable at ISO/IEC 9594-8 (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Engineering, Sejong University, Seoul 143-747, Korea

    Taekyoung Kwon

  2. Dept. of Mathematical Sciences, Seoul National Univ., Seoul 151-747, Korea

    Jung Hee Cheon

  3. Dept. of Computer Science, Univ. of Minnesota - Twin Cities, MN, USA

    Yongdae Kim

  4. Korea Information Security Agency, Seoul, Korea

    Jae-Il Lee

Authors
  1. Taekyoung Kwon
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jung Hee Cheon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yongdae Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jae-Il Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Jae Kwang Lee Okyeon Yi Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer Berlin Heidelberg

About this paper

Cite this paper

Kwon, T., Cheon, J.H., Kim, Y., Lee, JI. (2007). Privacy Protection in PKIs: A Separation-of-Authority Approach. In: Lee, J.K., Yi, O., Yung, M. (eds) Information Security Applications. WISA 2006. Lecture Notes in Computer Science, vol 4298. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71093-6_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-71093-6_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-71092-9

  • Online ISBN: 978-3-540-71093-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation