Kluczniak K., Wang J., Chen X., Kutyłowski M. (2016) Multi-device Anonymous Authentication. In: Chen J., Piuri V., Su C., Yung M. (eds) Network and System Security. NSS 2016. Lecture Notes in Computer Science, vol 9955. Springer, Cham
Recently, a few pragmatic and privacy protecting systems for authentication in multiple systems have been designed. The most prominent examples are Restricted Identification and Pseudonymous Signature schemes designed by the German Federal Office for Information Security for German personal identity cards. The main properties are that a user can authenticate himself with a single private key (stored on a smart-card), but nevertheless the user’s IDs in different systems are unlinkable.
We develop a solution which enables a user to achieve the above mentioned goals while using more than one personal device, each holding a single secret key, but different for each device – as for security reasons no secret key is allowed to leave a secure device. Our solution is privacy preserving: it will remain hidden for the service system which device is used. Nevertheless, if a device gets stolen, lost or compromised, the user can revoke it (leaving his other devices intact).
In particular, in this way we create a strong authentication framework for cloud users, where the cloud does not learn indirectly personal data. In the standard solutions there is no way to avoid leaking information that, for instance, the user is in his office and authenticates via his desktop computer.
Our solution is based on a novel cryptographic primitive, called Pseudonymous Public Key Group Signature.
Signature schemes Privacy Pseudonyms Group signature