With the rise of information and communication technologies, the need to authenticate individuals to authorize their access to online services or to hold them accountable for their actions has induced the development of a wide variety of authentication systems. Although for determining sole authorization it is mostly sufficient to verify an individual's unlinkable non-identifying properties, virtually all of these systems involve the disclosure of personally identifiable information. This raises numerous security and privacy issues because an uncontrolled dissemination of these data makes individuals vulnerable to identity theft, financial fraud, profiling, monitoring, discredit, or embarrassment. These issues are greatly amplified by technologies that ease data collection, aggregation, analysis, and distribution, by legislation that stipulates the retention of communication data, and by increasingly frequent data breaches where vast amounts of (personal) data records are compromised.Although there exist cryptographic techniques---namely anonymous credentials---that allow individuals to authenticate in a secure and privacy-preserving manner without having to disclose any personal or identifying information, there are no authentication systems that utilize these techniques. While the reasons for this are manifold, there are two major technical inhibitors. On the one hand, the available implementations are very complex and only usable with cryptographic expert knowledge, and, on the other hand, the cryptographic mechanisms alone do not suffice for building an authentication system.In this work, we overcome these inhibitors and present a functional authentication system on the basis of anonymous credentials that is usable without expert knowledge. With our system, service providers can formulate authentication requirements in terms of the minimal properties that users' certified attributes must have, and users can prove that their attributes fulfill these properties without disclosing their values. In situations where accountability is required, users can disclose personally identifying information such that it is only accessible if they misbehave or cause damage---which allows honest users to remain unidentifiable.The main building block of our system is a language framework with formal semantics for expressing the service providers' minimal authentication requirements as well as users' cryptographically backed claims in terms of attribute-based credentials. The framework abstracts away from cryptographic details and focuses solely on easily intelligible concepts. We also provide algorithms for transforming claims expressed in our language into the complex input specifications of the cryptographic implementations---which significantly eases their use for application developers---and for verifying claims with respect to a given policy. On the basis of these results, we develop a full-fledged prototype implementation to prove the concept and its efficiency: we show that our algorithms entail negligible computational overhead with respect to the time needed to generate and verify the cryptographic evidence that supports users' claims.Our system allows for reducing the information that is disclosed in authentication transactions to the necessary minimum and thereby mitigates the aforementioned issues of excessive data release. Its use is advantageous for both users and service providers in that the former benefit from privacy preservation and the latter from reducing the risks associated with holding large sets of sensitive personal information.
展开▼
