Advertisement

Anonymous Single-Sign-On for n Designated Services with Traceability

  • Jinguang Han
  • Liqun Chen
  • Steve Schneider
  • Helen Treharne
  • Stephan Wesemeyer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11098)

Abstract

Anonymous Single-Sign-On authentication schemes have been proposed to allow users to access a service protected by a verifier without revealing their identity. This has become more important with the introduction of strong privacy regulations. In this paper we describe a new approach whereby anonymous authentication to different verifiers is achieved via authorisation tags and pseudonyms. The particular innovation of our scheme is that authentication can occur only between a user and its designated verifier for a service, and the verification cannot be performed by any other verifier. The benefit of this authentication approach is that it prevents information leakage of a user’s service access information, even if the verifiers for these services collude. Our scheme also supports a trusted third party who is authorised to de-anonymise the user and reveal her whole service access information if required. Furthermore, our scheme is lightweight because it does not rely on attribute or policy-based signature schemes to enable access to multiple services. The scheme’s security model is given together with a security proof, an implementation and a performance evaluation.

Keywords

Anonymous Single-Sign-On Security Privacy Anonymity 

Notes

Acknowledgement

This work has been supported by the EPSRC Project DICE: “Data to Improve the Customer Experience”, EP/N028295/1. The authors would also like to thank the anonymous reviewers and Dr François Dupressoir for their valuable feedback and comments.

References

  1. 1.
    Armknecht, F., Löhr, H., Manulis, M., Sadeghi, A.-R., et al.: Secure multi-coupons for federated environments: privacy-preserving and customer-friendly. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 29–44. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-79104-1_3CrossRefGoogle Scholar
  2. 2.
    Au, M.H., Susilo, W., Mu, Y.: Constant-size dynamic k-TAA. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 111–125. Springer, Heidelberg (2006).  https://doi.org/10.1007/11832072_8CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_38CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_4CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Boyen, X.: Short signatures without random oracles and the SDH assumption in bilinear groups. J. Cryptol. 21(2), 149–177 (2008)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_3CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44647-8_13CrossRefGoogle Scholar
  8. 8.
    Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong Diffie Hellman assumption revisited. In: Franz, M., Papadimitratos, P. (eds.) Trust 2016. LNCS, vol. 9824, pp. 1–20. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-45572-3_1CrossRefGoogle Scholar
  9. 9.
    Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clonewars: efficient periodic \(n\)-times anonymous authentication. In: ACM CCS 2006, pp. 201–210. ACM (2006)Google Scholar
  10. 10.
    Camenisch, J., Kiayias, A., Yung, M.: On the portability of generalized Schnorr proofs. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 425–442. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_25CrossRefGoogle Scholar
  11. 11.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36413-7_20CrossRefGoogle Scholar
  12. 12.
    Camenisch, J., Michels, M.: Proving in zero-knowledge that a number is the product of two safe primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48910-X_8CrossRefMATHGoogle Scholar
  13. 13.
    Camenisch, J., Mödersheim, S., Sommer, D.: A formal model of identity mixer. In: Kowalewski, S., Roveri, M. (eds.) FMICS 2010. LNCS, vol. 6371, pp. 198–214. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15898-8_13CrossRefGoogle Scholar
  14. 14.
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups (extended abstract). In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997).  https://doi.org/10.1007/BFb0052252CrossRefGoogle Scholar
  15. 15.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993).  https://doi.org/10.1007/3-540-48071-4_7CrossRefGoogle Scholar
  16. 16.
    De Caro, A., Iovino, V.: JPBC: Java pairing based cryptography. In: ISCC 2011, pp. 850–855. IEEE (2011)Google Scholar
  17. 17.
    DICE Project: Benchmark E-ticketing Systems (BETS) (2017). https://github.com/swesemeyer/BenchmarkingETicketingSystems
  18. 18.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Inf. Theory Soc. 22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Elmufti, K., Weerasinghe, D., Rajarajan, M., Rakocevic, V.: Anonymous authentication for mobile single sign-on to protect user privacy. Int. J. Mob. Commun. 6(6), 760–769 (2008)CrossRefGoogle Scholar
  20. 20.
    European Commission and European Council: Regulation (EU) 2016/679: General Data Protection Regulation (2016). https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
  21. 21.
    Fan, C.I., Wu, C.N., Chen, W.K., Sun, W.Z.: Attribute-based strong designated-verifier signature scheme. J. Syst. Softw. 85(4), 944–959 (2012)CrossRefGoogle Scholar
  22. 22.
    Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008)MathSciNetCrossRefGoogle Scholar
  23. 23.
    Ghadafi, E., Smart, N.P., Warinschi, B.: Groth–Sahai proofs revisited. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 177–192. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13013-7_11CrossRefGoogle Scholar
  24. 24.
    Gordon, D.M.: Discrete logarithms in GF(P) using the number field sieve. SIAM J. Discret. Math. 6(1), 124–138 (1993)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Han, J., Chen, L., Schneider, S., Treharne, H., Wesemeyer, S.: Anonymous Single-Sign-On for \(n\) services with traceability (2018). https://arxiv.org/abs/1804.07201
  26. 26.
    Han, J., Mu, Y., Susilo, W., Yan, J.: A generic construction of dynamic single sign-on with strong security. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICSSITE, vol. 50, pp. 181–198. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-16161-2_11CrossRefGoogle Scholar
  27. 27.
    IBM Research Zürich: Identity mixer (2018). https://www.zurich.ibm.com/identity_mixer/
  28. 28.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68339-9_13CrossRefGoogle Scholar
  29. 29.
    Lee, T.F.: Provably secure anonymous single-sign-on authentication mechanisms using extended chebyshev chaotic maps for distributed computer networks. IEEE Syst. J. 12(2), 1499–1505 (2015)CrossRefGoogle Scholar
  30. 30.
    Legion of the Bouncy Castle Inc: Bouncy Castle Crypto APIs. https://www.bouncycastle.org/
  31. 31.
    Liu, W., Mu, Y., Yang, G., Yu, Y.: Efficient e-coupon systems with strong user privacy. Telecommun. Syst. 64(4), 695–708 (2017)CrossRefGoogle Scholar
  32. 32.
    Lynn, B.: The pairing-based cryptography (PBC) library (2010). https://crypto.stanford.edu/pbc/
  33. 33.
    MIT Kerberos: Kerberos: The network authentication protocol (2017). https://web.mit.edu/kerberos/
  34. 34.
    Nguyen, L., Safavi-Naini, R.: Dynamic k-times anonymous authentication. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 318–333. Springer, Heidelberg (2005).  https://doi.org/10.1007/11496137_22CrossRefGoogle Scholar
  35. 35.
    Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. In: DIM 2006, pp. 11–16. ACM (2006)Google Scholar
  36. 36.
    Schnor, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991)MATHGoogle Scholar
  37. 37.
    Teranishi, I., Furukawa, J., Sako, K.: k-times anonymous authentication (extended abstract). In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 308–322. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-30539-2_22CrossRefGoogle Scholar
  38. 38.
    Wang, J., Wang, G., Susilo, W.: Anonymous single sign-on schemes transformed from group signatures. In: INCoS 2013, pp. 560–567. IEEE (2013)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Jinguang Han
    • 1
  • Liqun Chen
    • 1
  • Steve Schneider
    • 1
  • Helen Treharne
    • 1
  • Stephan Wesemeyer
    • 1
  1. 1.Department of Computer ScienceUniversity of SurreyGuildfordUK

Personalised recommendations