AAnA: Anonymous authentication and authorization based on short traceable signatures

Sooyeon Shin, Taekyoung Kwon

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

Due to the privacy concerns prevailing in today’s computing environments, users are more likely to require anonymity or at least pseudonyms; on the other hand, they must be traceable or revokable in case of abuse. Meanwhile, an authorization mechanism that controls access rights of users to services or resources is frequently needed in various real-world applications but does not favor anonymity. To cope with these problems, we explore an anonymous authentication and authorization method that very efficiently supports fine-grained authorization services without losing strong but traceable anonymity. The efficiency of our method comes from atomizing authorization within a group and issuing multiple authorization values for a group membership. The cryptographic basis of our method is the famous short traceable signature scheme. Our method allows a user to selectively disclose authorization according to need and also provides revocation and update of authorization without revoking membership or anonymity. To prevent users from forging authorization, our method enables the users to prove their authorizations while hiding the corresponding authorization values from other users. We formally analyze security and compare the related methods in terms of efficiency and functionality. We show that our method is secure against misidentification, anonymity-break and framing attacks and is efficient within a reasonable bound while still providing various functionalities such as fine-grained authorization and authorization revocation, commonly required in many practical applications.

Original languageEnglish
Pages (from-to)477-495
Number of pages19
JournalInternational Journal of Information Security
Volume13
Issue number5
DOIs
Publication statusPublished - 2014 Oct 1

All Science Journal Classification (ASJC) codes

  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'AAnA: Anonymous authentication and authorization based on short traceable signatures'. Together they form a unique fingerprint.

  • Cite this