Hasini Gunasinghe
Elisa Bertino
ABSTRACT
User's digital identity information has privacy and security requirements. Privacy requirements include confidentiality of the identity information itself, anonymity of those who verify and consume a user's identity information and unlinkability of online transactions which involve a user's identity. Security requirements include correctness, ownership assurance and prevention of counterfeits of a user's identity information. Such privacy and security requirements, although conflicting, are critical for identity management systems enabling the exchange of users' identity information between different parties during the execution of online transactions. Addressing all such requirements, without a centralized party managing the identity exchange transactions, raises several challenges. This paper presents a decentralized protocol for privacy preserving exchange of users' identity information addressing such challenges. The proposed protocol leverages advances in blockchain and zero knowledge proof technologies, as the main building blocks. We provide prototype implementations of the main building blocks of the protocol and assess its performance and security.
- E. Androulaki, S. Cocco, and C. Ferris. 2018. Private and confidential transactions with Hyperledger Fabric. https://developer.ibm.com/tutorials/cl-blockchain-private-confidential-transactions-hyperledger-fabric-zero-knowledge-proof/Accessed: 1-Nov-2018.Google Scholar
- M. Andrychowicz, S. Dziembowski, and D. Malinowski. 2014. Secure Multiparty Computations on Bitcoin. In IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- E. Ben-Sasson, I. Bentov, Y. Horesh, and M. Riabzev. 2018. Scalable, transparent, and post-quantum secure computational integrity. In Cryptology ePrint Archive: Listing for 2018.Google Scholar
- E. Ben-Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza. 2014. Zerocash: Decentralized Anonymous Payments from Bitcoin. In IEEE Symposium on Security and Privacy. Google ScholarDigital Library
- David Birch. 2016. Putting identity on the blockchain.http://www.chyp.com/putting-identity-on-the-blockchain-part-1-find-a-problem/.Google Scholar
- D. Boneh. 1998. Twenty Years of Attacks on the RSA Cryptosystem. https://crypto.stanford.edu/%7Edabo/pubs/papers/RSA-survey.pdfAccessed: 22-Sept-2018.Google Scholar
- Luis T.A.N. Brandao, N. Christin, G. Danezis, and Anonymous.2015. Toward Mending Two Nation-Scale Brokered Identification Systems. In Proceedings on Privacy Enhancing Technologies.Google Scholar
- B. Bunz, J. Bootle, D. Boneh, A. Poelstra, P. Wuille, and G. Maxwell. 2018. Zerocash: Decentralized Anonymous Payments from Bitcoin. In IEEE Symposium on Security and Privacy.Google Scholar
- J. Camenisch and A. Lysyanskaya. 2001. An Efficient System for Non-Transferable Anonymous Credentials with Optional Anonymity Revocation. In Proceedings of EUROCRYPT '01. 93-118. Google ScholarDigital Library
- R. Beaulieu et. al. 2013. The Simon and Speck Families of Lightweight Block Ciphers. https://eprint.iacr.org/2013/404.pdfAccessed: 22-Sept-2018.Google Scholar
- Open Identity Exchange. {n. d.}. OIX - Open Identity Exchange. https://www.openidentityexchange.org/Accessed: 22-Nov-2017.Google Scholar
- Hyperledger Fabric. 2018. A Blockchain Platform for the Enterprise. https://hyperledger-fabric.readthedocs.io/en/release-1.3/Accessed: 16-Oct-2018.Google Scholar
- R. Gennaro, S. Jarecki, H. Krawczyk, and T. Rabin. 2007. Secure Distributed Key Generation Protocol.. In J Cryptology. Google ScholarDigital Library
- R. Gennaro, C. Gentry B. Parno, , and M. Raykova. 2013. Quadratic Span Programs and Succinct NIZKs without PCPs. In EUROCRYPT.Google Scholar
- GOV.UK. 2018. Introducing GOV.UK Verify. https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verifyAccessed: 22-Sept-2018.Google Scholar
- H. Gunasinghe, A. Kundu, E. Bertino, H. Krawczyk, K. Singh, S. Chari, and D. Su. 2019. PrivIdEx: Privacy Preserving and Secure Exchange of Digital Identity Assets. https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2019-01.pdfAccessed: 15-Feb-2019.Google Scholar
- Ahmed Kosba. 2017. jsnark. https://github.com/akosba/jsnarkAccessed: 22-Nov-2017.Google Scholar
- A. Kosba, A. Miller, and E. Shi. 2014. Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts.. In IEEE Symposium on Security and Privacy.Google Scholar
- S. Nakamoto. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System.Google Scholar
- Nat. 2010. Is Expressing Levels Enough for LOA2+?https://nat.sakimura.org/2010/09/03/is-expressing-levels-enough-for-loa2/Accessed: 22-Sept-2018.Google Scholar
- United States Postal Office. 2014. FCCX Briefing. https://csrc.nist.gov/csrc/media/events/ispab-june-2014-meeting/documents/ispab_jun2014_fccx-briefing_glair.pdfAccessed: 22-Sept-2018.Google Scholar
- OpenID. 2017. Welcome to OpenID Connect. http://openid.net/connect/Accessed: 22-Nov-2017.Google Scholar
- scipr lab. 2017. C++ library for zkSNARKs. https://github.com/scipr-lab/libsnarkAccessed: 22-Nov-2017.Google Scholar
- Prabath Siriwardena. 2017. A Deeper Look Into Bitcoin Internals. https://medium.facilelogin.com/pay-with-bitcoin-to-play-with-a-fidget-spinner-86b7b43414c0Accessed: 22-Sept-2018.Google Scholar
- Prabath Siriwardena. 2017. Identity on Blockchain (Part I). https://medium.facilelogin.com/identity-on-blockchain-part-i-a59d7abe75c0Accessed: 22-Sept-2018.Google Scholar
- sovrin. 2017. Identity For All. https://sovrin.org/Accessed: 22-Nov-2017.Google Scholar
- European Union. 2016. General Data Protection Regulation. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679Accessed: 22-Sept-2018.Google Scholar
Recommendations
Privacy preserving of trust management credentials based on trusted computing
ISPEC'10: Proceedings of the 6th international conference on Information Security Practice and ExperiencePrivacy disclosure of forward direction credentials and backward direction credentials is an important security defect in existing trust management systems. In this paper, a novel distributed privacy preserving scheme for trust management credentials is ...
A Review on Privacy-Preserving Data Mining
CIT '14: Proceedings of the 2014 IEEE International Conference on Computer and Information TechnologyData mining has been widely studied and applied into many fields such as Internet of Things (IoT) and business development. However, data mining techniques also occur serious challenges due to increased sensitive information disclosure and privacy ...
Privacy-preserving topic model for tagging recommender systems
Tagging recommender systems provide users the freedom to explore tags and obtain recommendations. The releasing and sharing of these tagging datasets will accelerate both commercial and research work on recommender systems. However, releasing the ...
Comments