Skip to main content
SpringerLink
Log in

Private Authentication

  • Conference paper
  • First Online:
Book cover Privacy Enhancing Technologies (PET 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2482))

Included in the following conference series:

Abstract

Frequently, communication between two principals reveals their identities and presence to third parties. These privacy breaches can occur even if security protocols are in use; indeed, they may even be caused by security protocols. However, with some care, security protocols can provide authentication for principals that wish to communicate while protecting them from monitoring by third parties. This paper discusses the problem of private authentication and presents two protocols for private authentication of mobile principals. In particular, our protocols allow two mobile principals to communicate when they meet at a location if they wish to do so, without the danger of tracking by third parties. The protocols do not make the (dubious) assumption that the principals share a long-term secret or that they get help from an infrastructure of ubiquitous on-line authorities.

This work was started at Bell Labs Research, Lucent Technologies, and at Inter Trust’s Strategic Technologies and Architectural Research Laboratory, and is partly supported by the National Science Foundation under Grant CCR-0208800.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Martín Abadi and Andrew D. Gordon. A calculus for cryptographic protocols: The spi calculus. Information and Computation, 148(1):1–70, January 1999. An extended version appeared as Digital Equipment Corporation Systems Research Center report No. 149, January 1998.

    Google Scholar 

  2. Martín Abadi and Roger Needham. Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering, 22(1):6–15, January 1996.

    Google Scholar 

  3. Martín Abadi and Phillip Rogaway. Reconciling two views of cryptography (The computational soundness of formal encryption). In Proceedings of the First IFIP International Conference on Theoretical Computer Science, volume 1872 of Lecture Notes in Computer Science, pages 3–22. Springer-Verlag, August 2000.

    Google Scholar 

  4. Giuseppe Ateniese, Amir Herzberg, Hugo Krawczyk, and Gene Tsudik. On traveling incognito. Computer Networks, 31(8):871–884, 1999.

    Article  Google Scholar 

  5. Mihir Bellare, Alexandra Boldyreva, Anand Desai, and David Pointcheval. Anonymous encryption. Unpublished manuscript, 2000.

    Google Scholar 

  6. V. Bharghavan and C. V. Ramamoorthy. Security issues in mobile communications. In Proceedings of the Second International Symposium on Autonomous Decentralized Systems, pages 19–24, 1995.

    Google Scholar 

  7. Specification of the Bluetooth system (core, v1.0b). On the Web at http://www.bluetooth.com, December 1, 1999.

  8. Jan Camenisch and Anna Lysyanskaya. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In Birgit Pfitzmann, editor, Advances in Cryptology—EUROCRYPT 2001, volume 2045 of Lecture Notes in Computer Science, pages 93–118. Springer-Verlag, 2001.

    Chapter  Google Scholar 

  9. Luca Cardelli. Mobility and security. In F.L. Bauer and R. Steinbrueggen, editors, Foundations of Secure Computation, NATO Science Series, pages 1–37. IOS Press, 2000. Volume for the 20th International Summer School on Foundations of Secure Computation, held in Marktoberdorf, Germany (1999).

    Google Scholar 

  10. David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the Association for Computing Machinery, 24(2):84–88, February 1981.

    Google Scholar 

  11. Dorothy E. Denning and Giovanni Maria Sacco. Timestamps in key distribution protocols. Communications of the ACM, 24(7):533–535, August 1981.

    Google Scholar 

  12. C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI certificate theory. On the Web at http://www.ietf.cnri.reston.va.us/rfc/rfc2693.txt, September 1999.

  13. Hannes Federrath, Anja Jerichow, and Andreas Pfitzmann. MIXes in mobile communication systems: Location management with privacy. In Ross J. Anderson, editor, Information hiding: First international workshop, volume 1174 of Lecture Notes in Computer Science, pages 121–135. Springer-Verlag, 1996.

    Google Scholar 

  14. Alan O. Freier, Philip Karlton, and Paul C. Kocher. The SSL protocol: Version 3.0. On the Web at http://home.netscape.com/newsref/std/SSL.html, March 1996.

  15. Shafi Goldwasser and Silvio Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28:270–299, April 1984.

    Google Scholar 

  16. Markus Jakobsson. Privacy vs. Authenticity. PhD thesis, University of California, San Diego, 1997.

    Google Scholar 

  17. Markus Jakobsson, Kazue Sako, and Russell Impagliazzo. Designated verifier proofs and their applications. In Ueli Maurer, editor, Advances in Cryptology— EUROCRYPT 96, volume 1070 of Lecture Notes in Computer Science, pages 143–154. Springer-Verlag, 1996.

    Google Scholar 

  18. Markus Jakobsson and Susanne Wetzel. Security weaknesses in Bluetooth. In Topics in Cryptology-CT-RSA 2001, Proceedings of the Cryptographer’s Track at RSA Conference 2001, volume 2020 of Lecture Notes in Computer Science, pages 176–191. Springer-Verlag, 2001.

    Chapter  Google Scholar 

  19. Hugo Krawczyk. SKEME: A versatile secure key exchange mechanism for internet. In Proceedings of the Internet Society Symposium on Network and Distributed Systems Security, February 1996. Available at http://bilbo.isu.edu/sndss/sndss96.html.

  20. Butler Lampson, Martín Abadi, Michael Burrows, and Edward Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265–310, November 1992.

    Google Scholar 

  21. Arjen K. Lenstra and Eric R. Verheul. The XTR public key system. In Mihir Bellare, editor, Advances in Cryptology—CRYPT0 2000, volume 1880 of Lecture Notes in Computer Science, pages 1–19. Springer-Verlag, 2000.

    Chapter  Google Scholar 

  22. Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.

    Google Scholar 

  23. Refik Molva, Didier Samfat, and Gene Tsudik. Authentication of mobile users. IEEE Network, 8(2):26–35, March/April 1994.

    Google Scholar 

  24. Roger M. Needham and Michael D. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 21(12):993–999, December 1978.

    Google Scholar 

  25. L. C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6(1–2):85–128, 1998.

    Google Scholar 

  26. Andreas Pfitzmann and Michael Waidner. Networks without user observability. Computers and Security, 6(2):158–166, April 1987.

    Google Scholar 

  27. Charles Rackoff and Daniel R. Simon. Cryptographic defense against traffic analysis. In Proceedings of the Twenty-Fifth Annual ACM Symposium on the Theory of Computing, pages 672–681, 1993.

    Google Scholar 

  28. Michael G. Reed, Paul F. Syverson, and David M. Goldschlag. Protocols using anonymous connections: Mobile applications. In B. Christianson, B. Crispo, M. Lomas, and M. Roe, editors, Security Protocols: 5th International Workshop, volume 1361 of Lecture Notes in Computer Science, pages 13–23. Springer-Verlag, 1997.

    Chapter  Google Scholar 

  29. Ronald L. Rivest, Adi Shamir, and Yael Tauman. How to leak a secret. In Colin Boyd, editor, Advances in Cryptology—ASIACRYPT 2001, volume 2248 of Lecture Notes in Computer Science, pages 552–565. Springer-Verlag, 2001.

    Chapter  Google Scholar 

  30. Didier Samfat, Refik Molva, and N. Asokan. Untraceability in mobile networks. In Proceedings of the First Annual International Conference on Mobile Computing and Networking (MobiCom 1995), pages 26–36, 1995.

    Google Scholar 

  31. Adi Shamir. Identity-based cryptosystems and signature schemes. In G. R. Blakley and David Chaum, editors, Advances in Cryptology—CRYPTO 84, volume 196 of Lecture Notes in Computer Science, pages 47–53. Springer-Verlag, 1984.

    Chapter  Google Scholar 

  32. Alex C. Snoeren and Hari Balakrishnan. An end-to-end approach to host mobility. In Proceedings of the Sixth Annual International Conference on Mobile Computing and Networking (MobiCom 2000), pages 155–166, 2000.

    Google Scholar 

  33. Yongguang Zhang and Wenke Lee. Intrusion detection in wireless ad-hoc networks. In Proceedings of the Sixth Annual ACM/IEEE International Conference on Mobile Computing and Networking (MobiCom 2000), pages 275–283, 2000.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of California at Santa Cruz, USA

    Martín Abadi

Authors
  1. Martín Abadi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The Free Haven Project, 144 Lake St., Arlington, MA, 02474, USA

    Roger Dingledine

  2. Naval Research Laboratory, Washington, DC, 20375, USA

    Paul Syverson

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Abadi, M. (2003). Private Authentication. In: Dingledine, R., Syverson, P. (eds) Privacy Enhancing Technologies. PET 2002. Lecture Notes in Computer Science, vol 2482. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36467-6_3

Download citation

  • DOI: https://doi.org/10.1007/3-540-36467-6_3

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00565-0

  • Online ISBN: 978-3-540-36467-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation