Abstract
Over the last years, the Web has evolved into the premium forum for freely and anonymously disseminating and collecting information and opinions. However, the ability to anonymously exchange information, and hence the inability of users to identify the information providers and to determine their credibility, raises serious concerns about the reliability of exchanged information.
In this paper we propose a methodology for designing security protocols that enforce fine-grained trust policies while still ensuring the anonymity of the users. The fundamental idea of this methodology is to incorporate non-interactive zero-knowledge proofs: the trust level of users are certified using digital signatures, and users assert their trust level by proving in zero-knowledge the possession of such certificates. Since the proofs are zero-knowledge, they provably do not reveal any information about the users except for their trust levels; in particular, the proofs hide their identities.
We additionally propose a technique for verifying the security properties of these protocols in a fully automated manner. We specify protocols in the applied pi-calculus, formalize trust policies as authorization policies, and define anonymity properties in terms of observational equivalence relations. The verification of these properties is then conducted using an extension of recently proposed static analysis techniques for reasoning about symbolic abstractions of zero-knowledge proofs.
Work partially supported by the initiative for excellence of the German federal government, by DFG Emmy Noether program, and by MIUR project “SOFT”.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Lu, L., Han, J., Hu, L., Huai, J., Liu, Y., Ni, L.M.: Pseudo trust: Zero-knowledge based authentication in anonymous peer-to-peer protocols. In: Proc. 2007 IEEE International Parallel and Distributed Processing Symposium, p. 94. IEEE Computer Society Press (2007)
Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the ACM 38(3), 690–728 (1991), http://www.wisdom.weizmann.ac.il/~oded/X/gmw1j.pdf
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proc. 11th ACM Conference on Computer and Communications Security, pp. 132–145. ACM Press (2004)
Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Proc. 4th ACM Workshop on Privacy in the Electronic Society, WPES, pp. 61–70. ACM Press (2005)
Clarkson, M.R., Chong, S., Myers, A.C.: Civitas: A secure voting system. In: Proc. 29th IEEE Symposium on Security and Privacy, pp. 354–368. IEEE Computer Society Press (2008)
Abadi, M., Blanchet, B.: Secrecy Types for Asymmetric Communication. In: Honsell, F., Miculan, M. (eds.) FOSSACS 2001. LNCS, vol. 2030, pp. 25–41. Springer, Heidelberg (2001)
Backes, M., Hriţcu, C., Maffei, M.: Type-checking zero-knowledge. In: 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 357–370. ACM Press (2008), Implementation available at http://www.infsec.cs.uni-sb.de/projects/zk-typechecker/
Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In: Proc. 29th IEEE Symposium on Security and Privacy, pp. 202–215. IEEE Computer Society Press (2008)
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proc. 28th Symposium on Principles of Programming Languages, POPL, pp. 104–115. ACM Press (2001)
Abadi, M., Blanchet, B., Fournet, C.: Automated verification of selected equivalences for security protocols. In: Proc. 20th Annual IEEE Symposium on Logic in Computer Science, LICS, pp. 331–340. IEEE Computer Society Press (2005)
Jøsang, A.: An algebra for assessing trust in certification chains. In: Proceedings of the Network and Distributed Systems Security Symposium, NDSS 1999. The Internet Society (1999)
Xiong, L., Ling, L.: A reputation-based trust model for peer-to-peer ecommerce communities (extended abstract). In: Proceedings of the 4th ACM Conference on Electronic Commerce, EC 2003, pp. 228–229. ACM Press (2003)
Carbone, M., Nielsen, M., Sassone, V.: A formal model for trust in dynamic networks. In: International Conference on Software Engineering and Formal Methods, SEFM 2003, pp. 54–64 (2003)
Bangerter, E., Camenisch, J., Krenn, S., Sadeghi, A., Schneider, T.: Automatic generation of sound zero-knowledge protocols. IACR Cryptology ePrint Archive: Report 2008/471 (2008), http://eprint.iacr.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Backes, M., Maffei, M. (2013). Design and Verification of Anonymous Trust Protocols. In: Christianson, B., Malcolm, J.A., Matyáš, V., Roe, M. (eds) Security Protocols XVII. Security Protocols 2009. Lecture Notes in Computer Science, vol 7028. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36213-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-36213-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36212-5
Online ISBN: 978-3-642-36213-2
eBook Packages: Computer ScienceComputer Science (R0)