100 likes | 197 Views
Daniele Quercia, Stephen Hailes, Licia Capra. CS department University College London {d.quercia}@cs.ucl.ac.uk. TATA: Towards Anonymous Trusted Authentication. iTrust 2006. May 2006. Daniele Quercia. TATA: Towards Anonymous Trusted Authentication. Outline.
E N D
Daniele Quercia, • Stephen Hailes, • Licia Capra. • CS department • University College London • {d.quercia}@cs.ucl.ac.uk TATA: Towards Anonymous Trusted Authentication iTrust 2006 May 2006
Daniele Quercia TATA: Towards Anonymous Trusted Authentication Outline Authentication supporting distributed trust management Authentication attacks How to avoid those attacks Help: Blind threshold signature Proposal: 2-protocol scheme How the scheme avoids the attacks 2 iTrust 2006
Daniele Quercia TATA: Towards Anonymous Trusted Authentication Authentication supporting distributed trust management Persistent IDs support cooperation A class of applications needs anonymous IDs Disposable and named IDs create attacks 3 iTrust 2006
Daniele Quercia TATA: Towards Anonymous Trusted Authentication Authentication attacks: General Privacy Breaching (interaction-realID associations) False Accusation Stolen pseudonyms (Mask) 4 iTrust 2006
Daniele Quercia TATA: Towards Anonymous Trusted Authentication Authentication attacks: Sybil-like Against groups Insider Outsider Against individuals Collusion for ballot-stuffing Collusion for bad mouthing 5 iTrust 2006
Daniele Quercia TATA: Towards Anonymous Trusted Authentication How to avoid those attacks 6 iTrust 2006
Daniele Quercia TATA: Towards Anonymous Trusted Authentication Help: blind threshold signature A group of devices (at least t) sign Signature is blinded We need a protocol for certifying pseudonyms! 7 iTrust 2006
Daniele Quercia TATA: Towards Anonymous Trusted Authentication Proposal: 2-protocol scheme Induction Protocol:A gets a new pseudonym (public key, signature) Group A reply Blinded Key Signature Authentication Protocol:A and B exchange and verify their pseudonyms 8 iTrust 2006
Daniele Quercia TATA: Towards Anonymous Trusted Authentication How the scheme avoids those attacks 9 iTrust 2006
Daniele Quercia TATA: Towards Anonymous Trusted Authentication Sum up Need: Unique and anonymous pseudonyms for distributed trust management Proposal: 2-protocol scheme Limitations: Collusion (more than t devices) Weak identification 10 iTrust 2006