skip to main content
research-article

PEREA: Practical TTP-free revocation of repeatedly misbehaving anonymous users

Published:26 December 2008Publication History
Skip Abstract Section

Abstract

Several anonymous authentication schemes allow servers to revoke a misbehaving user's ability to make future accesses. Traditionally, these schemes have relied on powerful Trusted Third Parties (TTPs) capable of deanonymizing (or linking) users' connections. Such TTPs are undesirable because users' anonymity is not guaranteed, and users must trust them to judge misbehaviors fairly. Recent schemes such as Blacklistable Anonymous Credentials (BLAC) and Enhanced Privacy ID (EPID) support “privacy-enhanced revocation”— servers can revoke misbehaving users without a TTP's involvement, and without learning the revoked users' identities.

In BLAC and EPID, however, the computation required for authentication at the server is linear in the size (L) of the revocation list, which is impractical as the size approaches thousands of entries. We propose PEREA, a new anonymous authentication scheme for which this bottleneck computation is independent of the size of the revocation list. Instead, the time complexity of authentication is linear in the size of a revocation window KL, the number of subsequent authentications before which a user's misbehavior must be recognized if the user is to be revoked. We extend PEREA to support more complex revocation policies that take the severity of misbehaviors into account. Users can authenticate anonymously if their naughtiness, i.e., the sum of the severities of their blacklisted misbehaviors, is below a certain naughtiness threshold. We call our extension PEREA-Naughtiness. We prove the security of our constructions, and validate their efficiency as compared to BLAC analytically and quantitatively.

References

  1. Ateniese, G., Camenisch, J., Joye, M., and Tsudik, G. 2000. A practical and provably secure coalitionresistant group signature scheme. In Proceedings of the Annual Cryptology Conference (CRYPTO). Lecture Notes in Computer Science, vol. 1880, Springer, 255--270. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Ateniese, G., Song, D. X., and Tsudik, G. 2002. Quasi-efficient revocation in group signatures. In Proceedings of the International Conference on Financial Cryptography. Lecture Notes in Computer Science, vol. 2357, Springer, 183--197. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Ateniese, G. and Tsudik, G. 1999. Some open issues and new directions in group signatures. In Proceedings of the International Conference on Financial Cryptography. M. K. Franklin, Ed., Lecture Notes in Computer Science, vol. 1648, Springer, 196--211. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Bari, N. and Pfitzmann, B. 1997. Collision-free accumulators and fail-stop signature schemes without trees. In Proceedings of the Annual Cryptology Conference (EUROCRYPT). 480--494. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Boneh, D. 1998. The decision Diffie-Hellman problem. In Proceedings of the 3rd International Symposium on Algorithmic Number Theory(ANTS). J. Buhler, Ed., Lecture Notes in Computer Science, vol. 1423, Springer, 48--63. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Boneh, D., Boyen, X., and Shacham, H. 2004. Short group signatures. In Proceedings of the Annual Cryptology Conference (CRYPTO). M. K Franklin, Ed., Lecture Notes in Computer Science, vol. 3152, Springer, 41--55.Google ScholarGoogle Scholar
  7. Boneh, D. and Shacham, H. 2004. Group signatures with verifier-local revocation. In Proceedings of the Conference on Computer and Communications Security. ACM, 168--177. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Boudot, F. 2000. Efficient proofs that a committed number lies in an interval. In Proceedings of the Annual Cryptology Conference (EUROCRYPT). 431--444. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Brickell, E. and Li, J. 2007. Enhanced privacy ID: A direct anonymous attestation scheme with enhanced revocation capabilities. In Proceedings of the Workshop on Privacy in the Electronic Society, P. Ning and T. Yu, Eds., ACM, 21--30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Camenisch, J. 1998. Group signature schemes and payment systems based on the discrete logarithm problem. Ph.D. thesis, ETH Zurich. (Reprint as vol. 2 of ETH Series in Information Security and Cryptography. Hartung-Gorre Verlag, Konstanz, 1998.)Google ScholarGoogle Scholar
  11. Camenisch, J., Chaabouni, R., and Shelat, A. 2008. Efficient protocols for set membership and range proofs. In Proceedings of the Annual Cryptology Conference (ASIACRYPT). J. Pieprzyk, Ed., Lecture Notes in Computer Science, vol. 5350, Springer, 234--252. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., and Meyerovich, M. 2006. How to win the clonewars: Efficient periodic n-times anonymous authentication. In Proceedings of the ACM Conference on Computer and Communications Security. 201--210. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Camenisch, J. and Lysyanskaya, A. 2002a. Dynamic accumulators and application to efficient revocation of anonymous credentials. In Proceedings of the Annual Cryptology Conference (CRYPTO). Lecture Notes in Computer Science, vol. 2442, Springer, 61--76. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Camenisch, J. and Lysyanskaya, A. 2002b. A signature scheme with efficient protocols. In Proceedings of the Conference on Security in Communication Networks. Lecture Notes in Computer Science, vol. 2576, Springer, 268--289. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Camenisch, J. and Stadler, M. 1997. Efficient group signature schemes for large groups (extended abstract). In Proceedings of the Annual Cryptology Conference (CRYPTO'7). Lecture Notes in Computer Science, vol. 1294, Springer, 410--424. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Canetti, R. 2001. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS). 136--145. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Chaum, D. 1982. Blind signatures for untraceable payments. In Proceedings of the Annual Cryptology Conference (CRYPTO). 199--203.Google ScholarGoogle Scholar
  18. Chaum, D. and van Heyst, E. 1991. Group signatures. In Proceedings of the Annual Cryptology Conference (EUROCRYPT). 257--265. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Cramer, R., DamgÅrd, I., and Schoenmakers, B. 1994. Proofs of partial knowledge and simplified design of witness hiding protocols. In Proceedings of the Annual Cryptology Conference (CRYPTO). Y Desmedt, Ed., Lecture Notes in Computer Science, vol. 839, Springer, 174--187. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Dingledine, R., Mathewson, N., and Syverson, P. 2004. Tor: The second-generation Onion router. In Proceedings of the Usenix Security Symposium. 303--320. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Dusart, P. 1999. The kth prime is greater than k(ln k+ln ln k-1) for k ≥ 2. Math Computat. 68, 411--415. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Fujisaki, E. and Okamoto, T. 1997. Statistical zero knowledge protocols to prove modular polynomial relations. In Proceedings of the Annual Cryptology Conference (CRYPTO'7). Lecture Notes in Computer Science, vol. 1294, Springer. 16--30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Goldreich, O. and Krawczyk, H. 1996. On the composition of zero-knowledge proof systems. SIAM J. Comput. 25, 1, 169--192. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Goldwasser, S., Micali, S., and Rackoff, C. 1989. The knowledge complexity of interactive proof systems. SIAM J. Comput. 18, 1, 186--208. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Henry, R., Henry, K., and Goldberg, I. 2010. Making a Nymbler Nymble using VERBS. In Proceedings of the International Symposium on Privacy Enhancing Technologies. M. J. Atallah and N. J. Hopper, Eds., Lecture Notes in Computer Science, vol. 6205, Springer, 111--129. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Johnson, P. C., Kapadia, A., Tsang, P. P., and Smith, S. W. 2007. Nymble: Anonymous IP-address blocking. In Proceedings of the International Symposium on Privacy Enhancing Technologies. Lecture Notes in Computer Science, vol. 4776, Springer, 113--133. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Kiayias, A., Tsiounis, Y, and Yung, M. 2004. Traceable signatures. In Proceedings of the Annual Cryptology Conference (EUROCRYPT). Lecture Notes in Computer Science, vol. 3027, Springer, 571--589.Google ScholarGoogle ScholarCross RefCross Ref
  28. Li, J., Li, N., and Xue, R. 2007. Universal accumulators with efficient nonmembership proofs. In Proceedings of the 5th International Conference on Applied Cryptography and Network Security. Lecture Notes in Computer Science, vol. 4521, Springer, 253--269. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Lin, Z. and Hopper, N. 2010. Jack: Scalable accumulator-based Nymble system. In Proceedings of the 9th Annual ACM Workshop on Privacy in the Electronic Society (WPES). ACM, New York, NY, 53--62. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Lysyanskaya, A. 2002. Signature schemes and applications to cryptographic protocol design. Ph.D. thesis, Massachusetts Institute of Technology. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Nguyen, L. 2005. Accumulators from bilinear pairings and applications. In Topics in Cryptology: The Cryptographers' Track at the RSA Conference. Lecture Notes in Computer Science, vol. 3376, Springer, 275--292. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Pedersen, T. P. 1991. Non-interactive and information-theoretic secure verifiable secret sharing. In Proceedings of the Annual Cryptology Conference (CRYPTO). J. Feigenbaum, Ed., Lecture Notes in Computer Science, vol. 576, Springer, 129--140. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Teranishi, I., Furukawa, J., and Sako, K. 2004. k-times anonymous authentication (extended abstract). In Proceedings of the Annual Cryptology Conference (ASIACRYPT). Lecture Notes in Computer Science, vol. 3329, Springer, 308--322.Google ScholarGoogle ScholarCross RefCross Ref
  34. Tsang, P. P., Au, M. H., Kapadia, A., and Smith, S. W. 2007. Blacklistable anonymous credentials: Blocking misbehaving users without TIPs. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS). ACM, 72--81. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Tsang, P. P., Au, M. H., Kapadia, A., and Smith, S. W. 2008. PEREA: Towards practical TTP-free revocation in anonymous authentication. In Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS). ACM, 333--344. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Tsang, P. P., Au, M. H., Kapadia, A., and Smith, S. W. 2010. BLAC: Revoking repeatedly misbehaving anonymous users without relying on TTPs. ACM Trans. Info. Syst. Sec. 13, 39:1--39:33. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. PEREA: Practical TTP-free revocation of repeatedly misbehaving anonymous users

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Information and System Security
        ACM Transactions on Information and System Security  Volume 14, Issue 4
        December 2011
        138 pages
        ISSN:1094-9224
        EISSN:1557-7406
        DOI:10.1145/2043628
        Issue’s Table of Contents

        Copyright © 2008 ACM

        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Accepted: 1 July 2011
        • Revised: 1 March 2011
        • Received: 1 October 2010
        • Published: 26 December 2008
        Published in tissec Volume 14, Issue 4

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Research
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader