Privacy-Friendly Checking of Remote Token Blacklists

  • Roel Peeters
  • Andreas Pashalidis
Conference paper

DOI: 10.1007/978-3-642-37282-7_3

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 396)
Cite this paper as:
Peeters R., Pashalidis A. (2013) Privacy-Friendly Checking of Remote Token Blacklists. In: Fischer-Hübner S., de Leeuw E., Mitchell C. (eds) Policies and Research in Identity Management. IDMAN 2013. IFIP Advances in Information and Communication Technology, vol 396. Springer, Berlin, Heidelberg

Abstract

Consulting a remote blacklist as part of verifying a token should not come at the cost of privacy. In particular, the blacklist provider should be unable to identify which tokens are being verified. The contents of the blacklist should also be protected; that is, it should not be possible to learn the contents of the blacklist, for example by querying the blacklist provider a large number of times. This paper defines a range of desirable properties for privacy preserving blacklist checking protocols, and surveys existing technical solutions to this problem. We propose adaptations where appropriate, and provide concrete performance estimates for the use case of checking whether or not a passport has been reported lost or stolen.

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Roel Peeters
    • 1
  • Andreas Pashalidis
    • 1
  1. 1.ESAT/SCD - COSIC & iMindsKU LEUVENHeverleeBelgium

Personalised recommendations