Kristof Verslype
ABSTRACT
Anonymous credentials allow to selectively disclose personal properties included in the credential, while hiding the other information. For instance, a user could only disclose that he is an adult using a credential in which zip code and date of birth are included, which remain hidden for the verifier. This is a considerable improvement w.r.t. the user's anonymity. However, by disclosing too much personal properties, the user can drastically decrease his anonymity and can even become identifiable.
Credentials can be shown multiple times under the same pseudonym, making usages of the same credential linkable which introduces new anonymity threats. These threats are discussed in this paper and a method is proposed whereby a user agent retrieves data in order to inform the user about his minimum level of anonymity w.r.t. a particular service provider.
- }}S. A. Brands. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge, MA, USA, 2000. Google Scholar
Digital Library
- }}J. Camenisch and E. V. Herreweghen. Design and implementation of the demix anonymous credential system. In ACM Conference on Computer and Communications Security, pages 21--30, 2002. Google ScholarDigital Library
- }}J. Camenisch and A. Lysyanskaya. An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In EUROCRYPT '01: Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, pages 93--118, London, UK, 2001. Springer-Verlag. Google ScholarDigital Library
- }}D. Chaum. Security without identification: transaction systems to make big brother obsolete. Commun. ACM, 28(10):1030--1044, 1985. Google ScholarDigital Library
- }}D. Chaum and J.-H. Evertse. A secure and privacy-protecting protocol for transmitting personal information between organizations. In CRYPTO, pages 118--167, 1986. Google ScholarDigital Library
- }}I. Damgård. Payment systems and credential mechanisms with provable security against abuse by individuals. In CRYPTO, pages 328--335, 1988. Google ScholarDigital Library
- }}G. Danezis and C. Diaz. A survey of anonymous communication channels. Technical report, Microsoft Research, 2008.Google Scholar
- }}K. Irwin and T. Yu. An identifiability-based access control model for privacy protection in open systems (full paper). Technical report, North Carolina State University.Google Scholar
- }}K. Irwin and T. Yu. An identifiability-based access control model for privacy protection in open systems. In WPES '04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pages 43--43, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
- }}A. Lysyanskaya, R. L. Rivest, and A. Sahai. Pseudonym systems. In Proceedings of SAC 1999, volume 1758 of LNCS, pages 184--199. Springer Verlag, 1999. Google ScholarDigital Library
Index Terms
- Measuring the user's anonymity when disclosing personal properties
Recommendations
Controlling and disclosing your personal information
As organizations come to rely on the collection and use of personal information in order to complete the transactions and providing good services to their users, more and more user personal information is being shared with web service providers leading ...
(α, k)-anonymity: an enhanced k-anonymity model for privacy preserving data publishing
KDD '06: Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data miningPrivacy preservation is an important issue in the release of data for mining purposes. The k-anonymity model has been introduced for protecting individual identification. Recent studies show that a more sophisticated model is necessary to protect the ...
Anonymity preserving framework for location-based information services
MEDES '10: Proceedings of the International Conference on Management of Emergent Digital EcoSystemsRecently, location based services (LBS) have become more important in today technology advancements. Privacy issue in LBS is one of the most important concerns. In this paper, we have proposed an anonymity preserving framework which can provide a user ...
Comments