Anonymous AuthenticationPreserving Your Privacy Online presented at BlackHatDC 2007

by Andrew Lindell,


Summary : Our right to privacy is under attack today. Actually, no one denies our right to privacy. However, in reality, this right is being eroded more and more as every minute passes. Some of this has to do with the war on terror, but much of it simply has to do with the fact that our online actions can and are being recorded in minute detail. In this presentation we describe some concrete dangers that arise out of this situation and show that the uncomfortable feeling we have when our privacy is compromised is the least of our problems. We also show that a full understanding of these concrete dangers is crucial for coming up with adequate privacy-preserving solutions.
Having argued that the erosion of our privacy is a real danger, we discuss solutions to preserving privacy online. Some of these solutions are merely technical, like anonymous web surfing, but solve only a small part of the problem. For example, anonymous web surfing does not help if a user has to authenticate herself in order to access an online service (consider the case of a newspaper or magazine that requires subscription, and sometimes even paid subscription). Furthermore, as we will show, simple solutions like pseudonyms do not actually solve the real problems. Fortunately, it is possible to use anonymous authentication. Despite the fact that this seems to be a contradiction in terms, it is actually possible to authenticate without revealing your identity. In this type of protocol, the only information learned by the authenticating server is that the user is authorized. In particular, the authenticating server learns nothing whatsoever about the identity of the specific user that now entered the system! Cryptographic solutions to this problem and exist and are often called "anonymous credentials". However, all known solutions are relatively complex and require non-standard asymmetric operations (i.e., operations that are not available on standard smartcards). Thus, the deployment of such solutions is complex. In this presentation, we present new solutions to this problem that are simple and can be implemented using standard smartcard technology (and even passwords, although this achieves a weaker security guarantee). We also suggest concrete applications where the use of this primitive is especially appropriate.