1 / 22

Real Name Registration Will there be privacy?

Real Name Registration Will there be privacy?. K.P. Chow 1 , Echo P. Zhang 1 , S.H. Hou 2 & F. Xu 3 July 2013 Hong Kong. 1 University of Hong Kong 2 University of Science and Technology, Beijing 3 Institute of Information Engineering, CAS. Real-Name System.

armina
Download Presentation

Real Name Registration Will there be privacy?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Real Name Registration Will there be privacy? K.P. Chow1, Echo P. Zhang1, S.H. Hou2 & F. Xu3 July 2013 Hong Kong 1University of Hong Kong 2University of Science and Technology, Beijing 3Institute of Information Engineering, CAS

  2. Real-Name System • When a user wants to register an account on a blog, website or bulletin board system, he is required to offer identification credentials including their real name to the network service center • One may use an on-line pseudonym, however, the person’s real identity would be available if rules or laws are broken

  3. Where is real-name system implemented? CISC

  4. South Korea • The first country implemented real-name system • Since 28 Jun 2009, 35 Korea websites have implemented a name registration system according to the newly amended Information and Communications Network Act (Choi Jin-sil Law)

  5. Why real-name system in Korea? • Implemented after the suicide of Choi Jin-sil (崔真实) which was said related to malicious comments about her on Internet bulletin boards • On 23 Aug 2012, the Constitutional Court of Korea ruled unanimously that the real-name requirements is unconstitutional, citing such provision’s violation of freedom of speech in cyberspace

  6. The Korea Constitutional Court said • The system has not been beneficial to the public, …, number of illegal or malicious postings online has not decreased • Instead, users moved to foreign Websites • Also prevent foreigners from expressing their opinions online

  7. Who’s next? CISC

  8. The China Development • 2002 李希光proposed “Anonymous should be prohibited on the Internet” http://www.chuanmeijia.com/zt/mingrentang/lixiguang/

  9. Since 2002 • 2003: “real-name registration” at the cyber cafe • 2004: real-name registration website appeared • 2005: real-name registration for website administrators • 2005: real-name registration for QQ group creators and administrators

  10. From 2008 • 2008: MIIT (Ministry of Industry and Information Technology) proposed real-name registration • 2012: sina.com, sohu.com, 163.com and blog.qq.com implemented real-name registration • 2013: Chinese government announced real-name registration be implemented by June 2014

  11. How the real-name registration be implemented? CISC

  12. Some requirements • Allows indirect real-name registration • “后台实名、前台匿名”的实名制度 (real-name at the back, pseudonym at the web) • Practical issues: • Large number of users • Cost to implement should low

  13. Who should be responsible for the registration? • Public security (Police)? • Government department(s)? • Websites or service providers? • Independent authority?

  14. Real-Name RegistrationOur Proposal • Multiple parties involved • User (U) • Registration center (RC) • Independent authority (IA) • Personal data storage center (PDSC) • Components • User real-name registration (RN) • User web-name registration (WN)

  15. Real-Name RegistrationEncryption Scheme • Use Shamir’s Secret Sharing Scheme • 2 out of 3: 3 parties sharing the secret and any 2 parties together can decryption the secret • The 3 parties: User (U), Independent Authority (IA) and Registration Center (RC) • To retrieve the real-name • For crime case, the Police can request the Court to order the IA and RC to retrieve the real-name • For personal reason, the User can request the Registration Center to retrieve the real-name

  16. User Real-Name Registration Data StorageServer 2.1.EpkID(PAI) 3.Destroy thePAI Registration Center (RC) 2.2a(xi1, yi1) Key Server(xi0, yi0) 1.Submit Personal Authentication Information (PAI) 2.2b(xi2, yi2) User (U) 2.2c(xi3, yi3) Private Data Storage Center (PDSC) Independent Authority (IA)

  17. User real-name registration • REGISTRATION: User connect to the Registration Center using a secure channel and Private Authentication Information (PAI) are submitted to the Registration Center • AUTHENTICATION: Registration Center authenticate the identity of the User using the submitted Private Authentication Information (PAI), and then encrypted the PAI

  18. User real-name registration(Authentication) (2.1) Assign Web-user name (WN) to each user (2.2) Build public-secret key pair (pkID, skID) and 2-degree polynomial fID for each user such that fID(0)=skID (2.3) Use pkID to encrypt user Personal Authentication Information (PAI) and store (Web-user name WN, pkID, encrypted PAI) in PDSC (2.4) Generate 4 pairs (xik, yik) such that k=0…3, fID(xik)=yikon the Key Server in PDSC, keep (xi0, yi0) in Key Server and distribute the other 3 pairs to the User, Registration Center and the Independent Authority (2.5) Return the Web-user name (WN) to the user (2.6) In RC, destroy the user Private Authentication Information (PAI) but keep the (Web-user name WN, fID) Note that we use the polynomial for secret sharing of the skID,please refer toShamir’s Secret Sharing Scheme or the supplementary

  19. User Web-name Registration 6.Retrieve the encrypted answer w.r.t. WN 4.Based on WN, retrieve thepkID 5.EncryptNanswers with pkID Data StorageServer Key Server PDSC 2.2.Send the WN and thequestion Website (ServiceProvider) 7.Compare the submitted answer and the retrieved answer, Ifthere’sone and onlyone correct answermatchingtherecord,return success, otherwise return fail. 1.ServiceRequest 2.1.Verifytheidentity(AskthequestionaboutPAI) User (U) 3. Submit Nanswers(andamongthemthere’sonlyonecorrectanswer) and the Web-name (WN)

  20. User Web-name Registration at the Service Provider • The User requests to use the service at Service Provider with Web-user name (WN) • The Server Provider asks questions based on Personal Authentication Information (PAI), question sent to both the User and the PDSC • The User sends N answers (only 1 is correct) to the Key Server at PDSC • The Key Storage Server based on the Web-user name WN, retrieves the pkIDand encrypts the N answers, and then sends the encrypted answers to the Data Storage Server. • The Data Storage Server compares the encrypted answers with the stored data in the Data Storage Server, if exactly one answer is matched, the Web-user name WN is authenticated

  21. Some Properties • User A cannot pretend to be User B because he cannot give a right answer about User B’s Personal Authentication Information (PAI) • Users can see their own PAIs but others cannot • For a crime case, the Police can make a request to the Court to order the RC and IA to retrieve the Real-name of the user (RN): • For example, the Police wants to investigate the user “剑客” and makes a request to the Court to order RC and IA to retrieve the real-name of “剑客”. Based on the input from RC and IA, PDSC constructs the polynomial f剑客(.), find the secret key sk剑客 by computing f剑客(0) and then retrieves the identity of the Web-name user “剑客”.

  22. Thank You

More Related