1 / 30

A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup

A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup. Christer Andersson Markulf Kohlweiss Karlstad Univ., Sweden KU Leuven, Belgium Leonardo Martucci Andriy Panchenko Karlstad Univ., Sweden RWTH Aachen, Germany. What is this presentation about?.

hayden
Download Presentation

A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup Christer Andersson Markulf Kohlweiss Karlstad Univ., Sweden KU Leuven, Belgium Leonardo Martucci Andriy PanchenkoKarlstad Univ., Sweden RWTH Aachen, Germany

  2. What is this presentation about? • framework for setting groups with privacy requirements • pseudonyms and zero-knowledge proofs • can be deployed for different applications • for aiding admission control schemes • suitable (also) for distributed environments • the problem addressed in this presentation: assuming an initial Sybil-free set, how to build privacy-friendly subsets? * this paper extends to the paper “Self-Certified Sybil-Free Pseudonyms” – ACM WiSec’08

  3. A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup

  4. identifiers Identity Domainused for a given application Defining Identity Domains • set of identifiers used for a given context or application

  5. Applications and Identity Domains • networked environments with need for cooperation • Reputation Systems • e-Voting • Anonymous Communication Systems • Chat rooms / Forums • … • applications that require identity domains

  6. C A D A B A C D B ∩ ∩ ∩ Example: Sets and e-Voting • a set of voters: • a subset that votes: • next election: • next election: A

  7. C A D A B A C D B ∩ ∩ ∩ Privacy-friendly e-Voting • a set of voters: • a subset that votes: • next election: • next election: A

  8. The Sybil Attack “a small number of network nodes counterfeiting multiple identities so to compromise a disproportionate share of the system” • originally applied for P2P networks but fits well in the context of any decentralized application an identity authority is needed to provide identifiers

  9. C A D A B A C D B ∩ ∩ ∩ Sybil Attack and the e-Vote • a set of voters: • a subset that votes: • next election: • next election: A

  10. B A ∩ The Problem (part 1) How to build identity domains with anonymous users? • while protecting against Sybil Attacks • while providing unlinkability between multiple appearances B A

  11. C A D A B A ∩ ∩ ∩ B D C The Problem (part 2) How to build identity domains with anonymous users? • while protecting against Sybil Attacks • while providing unlinkability between multiple spawns A

  12. identifiers Initial Identity Setused for one or more applications The Initial Assumption • the original set is Sybil-free application / context dependent TTP ( honest )

  13. B A B ∩ and still keep the Sybil-free properties Refining the Problem • assuming an initial Sybil-free identity set, how to build privacy-friendly subsets (identity domains) ? A

  14. Possible Scenarios and Solutions • if TTP is always available • the trivial solution • if TTP is NOT available (not at all times) • self-certified and Sybil-free framework

  15. ( ) ( ) ( ) ( ) The Trivial Solution with a TTP • if a TTP is always available TTP authenticate anonymouscredential

  16. B A B ∩ and still keep the Sybil-free properties The Problem Addressed by the Paper • assuming an initial Sybil-free group, how to achieve privacy? without the continuous involvement of a TTP A TTP

  17. Applications and Identity Domains • networked environments with need for cooperation • Reputation Systems • e-Voting • Anonymous Communication Systems • Chat rooms / Forums, etc. • applications that require identity domains • Sybil-free identities • Privacy requirements • Independence from a TTP

  18. A Self-Certified and Sybil-Free Framework for Secure Digital Identity Domain Buildup

  19. The Paper Contribution • Self-Certified Sybil-Free Framework • Self-Certified no need of a continuous involvement of a TTP • Sybil-Free enables detection of Sybil identities in a group

  20. Attacker Model • Attacker Goals • attackers seeking to deploy a Sybil attack in an identity domain • attackers seeking to identify relationships between pseudonyms • Attacker Strength • can eavesdrop all network communications • Attacker Limitation • the TTP is honest, i.e. has at most 1 initial identity (initial Sybil-free set)

  21. C A D A B A ∩ ∩ ∩ B D C Solution Overview • from the initial Sybil-free set, we propagate the Sybil-freeness to n-identity domains A

  22. Assumptions and Construction • Assumption: • every user U has a membership certificate certU obtained from TTP (bootstrap), i.e. the initial assumption • each identity domain has a unique identifier ctx • Construction • variation of Camenisch et al. periodically spendable e-token* ctx *Camenisch et al. How to Win the Clone Wars: efficient periodicn-times anonymous authentication. In: ACM CCS 2006

  23. pk’(U, ctx) pk’’(U, ctx) Solution Overview (detailed) • for each identity set ctx generate a fresh public-key pk(U, ctx) • membership certificate is used to get : • self-certified pseudonym • pseudonyms certificate • detection of multiple pk(U, ctx) • (Sybil node detection) • obtain the user permanent pkU pk(U, ctx) ctx

  24. Protocols and Operation Phases • Enrollment Phase • IKg outputs issuer I key pair (pkI, skI) • UKg outputs user’s key pair (pkU, skU) • Obtain Issue outputs membership certificate certUI keeps track of pkU and revocation inform • membership certificate is a e-token dispenser that will be used to generate the pseudonyms (and the transcripts)

  25. Creating of an Identity Domain • Any node can set new Identity Domains • identity domains may have a validity time (included in ctx) • the ctx name of an Identity Domain must be unique 2 domains with the same ctx are understood as the same domain • attackers can try to reuse a ctx to identify honest users • Requirements regarding ctx use • users never turn their clock back • users keep a list with all non-expired identity domains • users never join expired domains

  26. Protocols and Operation Phases • Identity Domain Buildup and Use Phase • Sign generates pseudo-random pseudonyms P(U, ctx)and pseudonyms certificates cert(U, ctx) • Verify verifies P(U, ctx)and cert(U, ctx)correctness • Identify given 2 cert(U, ctx)generated by the same user for a same ctx, but 2 different (pk(U, ctx) ,pk’(U, ctx) ),computes pkU + Revoke

  27. Security Analysis • Sybil-Proof Property • 1 user can have at most 1 pseudonym per set • users can check the uniqueness of all other participants • Unlinkability Property • strong unlinkability properties between pseudonyms generated for different identity domains • Membership Certificate Sharing/Theft • Corrupt Identity Domain Issuers (or ctx issuers)

  28. Summary • Self-Certified Sybil-Free Framework • privacy-preserving identifiers unlikable pseudonyms in different sets • detection of Sybil identities • no continuous involvement of a TTP • Applications: • networked environments with need for cooperation (especially when a TTP is not available all times)

  29. Acknowledgments www.prime-project.eu www.fidis.net

  30. leonardo.martucci@kau.se

More Related