Download presentation
Presentation is loading. Please wait.
1
TATA: Towards Anonymous Trusted Authentication May 2006 Daniele Quercia, Stephen Hailes, Licia Capra. CS department University College London {d.quercia}@cs.ucl.ac.uk iTrust 2006
2
Daniele Quercia iTrust 2006 TATA: Towards Anonymous Trusted Authentication 2 Outline How to avoid those attacks Authentication attacks Authentication supporting distributed trust management Help: Blind threshold signature Proposal: 2-protocol scheme How the scheme avoids the attacks
3
Daniele Quercia3 Authentication supporting distributed trust management Persistent IDs support cooperation A class of applications needs anonymous IDs Disposable and named IDs create attacks iTrust 2006 TATA: Towards Anonymous Trusted Authentication
4
Daniele Quercia4 Authentication attacks: General Privacy Breaching (interaction-realID associations) False Accusation Stolen pseudonyms (Mask) TATA: Towards Anonymous Trusted Authentication iTrust 2006
5
Daniele Quercia5 Authentication attacks: Sybil-like Against individuals Collusion for ballot-stuffing Collusion for bad mouthing Against groups Insider Outsider TATA: Towards Anonymous Trusted Authentication iTrust 2006
6
Daniele Quercia6 How to avoid those attacks AttackHow to avoid it Privacy BreachingAnonymous pseudonyms False accusationPublic keys as pseudonyms Stolen pseudonymsRevocation Sybil-likeUnique pseudonym TATA: Towards Anonymous Trusted Authentication iTrust 2006
7
Daniele Quercia7 Help: blind threshold signature A group of devices (at least t) sign Signature is blinded We need a protocol for certifying pseudonyms! TATA: Towards Anonymous Trusted Authentication iTrust 2006
8
Daniele Quercia8 Proposal: 2-protocol scheme Induction Protocol: A gets a new pseudonym (public key, signature) Authentication Protocol: A and B exchange and verify their pseudonyms TATA: Towards Anonymous Trusted Authentication iTrust 2006 reply Blinded Key Signature Group A
9
Daniele Quercia9 How the scheme avoids those attacks AttackHow … Privacy BreachingAnonymous pseudonym False accusationSigned Messages Stolen pseudonymsReveal & Run induction again Sybil-likeCertified Pseudonym TATA: Towards Anonymous Trusted Authentication iTrust 2006
10
Daniele Quercia10 Sum up Need: Unique and anonymous pseudonyms for distributed trust management Proposal: 2-protocol scheme Limitations: Collusion (more than t devices) Weak identification TATA: Towards Anonymous Trusted Authentication iTrust 2006
Similar presentations
![Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]](/13/3975263/big_thumb.jpg "Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]>")
