Skip to main content
SpringerLink
Log in

A warning on how to implement anonymous credential protocols into the information card framework

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Unlinkability is a privacy feature supported by those multi-party security protocols allowing anonymous users’ credential exchanges among different organizations. Proper signature schemes, based on discrete logarithms, must be used in order to guarantee the above requirements as well as selective disclosure of information. In this paper, we highlight that whenever a concrete architecture based on the above protocols is implemented, some aspects concerning how to manage the association between bases of discrete logarithms and attributes used in attribute certificates should be carefully considered, in order to guarantee that unlinkability really holds. We show that the problem is concrete by testing that the state-of-the-art implementation suffers from the above problem. A general solution is also proposed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Bhargav-Spantzel, A., Camenisch, J., Gross, T., Sommer, D.: User centricity: a taxonomy and open issues. In: DIM ’06: Proceedings of the second ACM workshop on Digital identity management, pp. 1–10. ACM, New York, NY, USA (2006)

  2. Narayanan A., Shmatikov V.: Myths and fallacies of personally identifiable information. Commun. ACM. 53(6), 24–26 (2010)

    Article  Google Scholar 

  3. Pfitzmann, A., Kohntopp, M.: Anonymity, unobservability, and pseudonymity - a proposal for terminology. In: Lecture Notes in Computer Science: Designing Privacy Enhancing Technologies, vol. 2009, pp. 1–9. Springer, Berlin/Heidelberg (2001)

  4. Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: International Conference on Security in Communication Networks—Lecture Notes in Computer Science, vol. 2576, pp. 268–289 (200)

  5. Brands S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge, MA (2000)

    Google Scholar 

  6. U-Prove: Microsoft corporation technology. http://connect.microsoft.com/content/content.aspx?contentid=12505&siteid=642 (2010) Accessed 1 Sep 2010

  7. Brands, S.: U-prove technology overview v1.0. Technical report (2010)

  8. Balopoulos T., Gritzalis S., Katsikas S.: Specifying and implementing privacy-preserving cryptographic protocols. Int. J. Inf. Secur. 7, 395–420 (2008). doi:10.1007/s10207-008-0057-y

    Article  Google Scholar 

  9. Ahn, L.V.: Public-key steganography. In: Advances in Cryptology Proceedings of Eurocrypt 04, pp. 323–341. Springer (2004)

  10. Scott, C.: Network covert channels: Review of current state and analysis of viability of the use of x.509 certificates for covert communications. Technical report (2008)

  11. Murdoch, S.J.: Covert channel vulnerabilities in anonymity systems. Technical report (2007)

  12. Chaum D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM. 24(2), 84–90 (1981)

    Article  Google Scholar 

  13. Chaum D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM. 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  14. Chaum, D.: Blind signatures for untraceable payments. In: International Cryptology Conference on Advances in Cryptology, pp. 199–203. (1983)

  15. Chaum D., Fiat A., Naor M.: Untraceable electronic cash. In: International Cryptology Conference on Advances in Cryptology, pp. 319–327. Springer, London, UK (1990)

    Google Scholar 

  16. Ciriani V., De Capitani di Vimercati S., Foresti S., Samarati S.: Theory of privacy and anonymity. In: Atallah, M., Blanton, M. (eds) Algorithms and Theory of Computation Handbook, 2nd edn, CRC Press, Boca Raton, FL (2009)

    Google Scholar 

  17. Pashalidis A., Mitchell C.: Limits to anonymity when using credentials. In: Christianson, B., Crispo, B., Malcolm, J., Roe, M (eds) Security Protocols Lecture Notes in Computer Science, vol 3957., pp. 4–12. Springer, Berlin/Heidelberg (2006). doi:10.1007/11861386_2

    Google Scholar 

  18. Ates, M.: Digital identities : User centric and privacy-respectful cross-organizational identity management. PhD thesis, Université de Lyon—SATIN Team DIOM Laboratory Telecom Saint-Etienne University of Saint-Etienne (2009)

  19. Paquin, C.: U-prove technology integration into the identity metasystem v1.0. Technical report (2010)

  20. Brands, S., Paquin, C.: U-prove cryptographic specification v1.0. Technical report (2010)

  21. Steinbrecher, S., Kpsell, S.: Modelling unlinkability. Lecture Notes in Computer Science, vol. 2760, pp. 32–47 (2003)

  22. Housley, R., Ford, W., W.Polk, Solo, D.: Internet X509 Public Key Infrastructure Certificate and CRL Profile. In: IETF RFC 2459. (1999)

  23. US-DoD: Trusted Computer System Evaluation. US Department of Defense. The Orange Book. Publication DoD 5200.28-STD (1984)

  24. Paquin, C., Thompson, G.: U-prove ctp white paper. Technical report (2010)

  25. Housley, R.: Internet X. 509 Public Key Infrastructure Certificate and Certification Revocation List (CRL) Profile. RFC 3280 (2002)

Download references

Author information

Authors and Affiliations

  1. Entr’ouvert, 169 rue du Château, 75014, Paris, France

    Mikaël Ates

  2. DIMET, University of Reggio Calabria, via Graziella, Feo di Vito, 89122, Reggio Calabria, Italy

    Francesco Buccafurri & Gianluca Lax

  3. DIOM, Université de Lyon, 23 rue Michelon, 42023, Saint-Etienne, France

    Jacques Fayolle

Authors
  1. Mikaël Ates
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Francesco Buccafurri
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jacques Fayolle
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gianluca Lax
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Francesco Buccafurri.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ates, M., Buccafurri, F., Fayolle, J. et al. A warning on how to implement anonymous credential protocols into the information card framework. Int. J. Inf. Secur. 11, 33–40 (2012). https://doi.org/10.1007/s10207-011-0150-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-011-0150-5

Keywords

Search

Navigation