A Survey on Non-transferable Anonymous Credentials
There are at least two principal approaches to prevent users from sharing their anonymous credentials: adding valuable secrets into the system the user does not want to share or embedding biometric access control. This paper seeks to identify possible fields of application and to compare both approaches with respect to the credentials’ non-transferability.
The paper shows that both approaches do not ensure the non- transferability of anonymous credentials, but may be applicable in some fields. On the one hand, it might be hard to find valuable secrets to really prevent the sharing of credentials, in particular with close family members. On the other hand, biometric sensors embedded in a smartcard can be circumvented with some effort, especially if access control is unattended. Although the combination of both approaches may prevent more users from sharing their credentials, it suffers from restrictions of both approaches and from the effort needed to put it in place.
However, assuming that anonymous credentials will probably not be used in high-security environments, both approaches might be sufficient to prevent sharing in some applications. If the users already possess personal digital assistants, embedded valuable secrets are a quite cheap solution, even though they raise the system’s value. If access control is attended, biometric sensors are reasonably safe and limit the possibility of unintentionally sharing the credentials for free.
KeywordsAccess Control Smart Card Blind Signature Credential System Attack Model
- 3.Chaum, D.: Blind Signatures for Untraceable Payments. In: Advances in Cryptology – CRYPTO 1982, pp. 199–203. Springer, Heidelberg (1999)Google Scholar
- 4.Dwork, C., Lotspiech, J., Naor, M.: Digital Signets: Self-Enforcing Protection of Digital Information. In: Proceedings on Theory of Computing, 28th Ann. ACM Symp. (1997)Google Scholar
- 9.Chaum, D.: Blind signatures for untraceable payments. In: Advances in Cryptology – Crypto 1982, pp. 199–203. Springer, Heidelberg (1983)Google Scholar
- 11.FFIEC Press Release: Authentication in an Internet Banking Environment. Techreport, Federal Financial Institutions Examination Council (2005)Google Scholar
- 12.Brainard, J., Juels, A., Rivest, R., Szydlo, M., Yung, M.: Fourth Factor Authentication: Somebody You Know. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security, pp. 168–178. ACM, New York (2006)Google Scholar
- 14.Impagliazzo, R., More, S.M.: Anonymous Credentials with Biometrically-Enforced Non-Transferability. In: Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society (WPES 2003), pp. 60–71 (2003)Google Scholar
- 15.Homepage of Biometric Associates, Inc., http://www.biometricassociates.com
- 17.Barwise, M., Bachfeld, D.: Attack of the card cloners. IT security news and services at heise Security UK (2007), http://www.heise-online.co.uk/security/features/print/100187
- 19.Graafstra, A.: RFID Toys: 11 Cool Projects for Home, Office and Entertainment, 336 pages. Wiley, Chichester (2006)Google Scholar
- 21.Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clonewars: efficient periodic n-times anonymous authentication. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security, pp. 201–210. ACM, New York (2006)Google Scholar
- 22.Beth, T., Desmedt, Y.: Identification tokens – or: Solving the chess grandmaster problem. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 169–176. Springer, Heidelberg (1991)Google Scholar
- 24.Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: SS 2007: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 1–16. USENIX Association (2007)Google Scholar