PE(AR) 2: Privacy-enhanced anonymous authentication with reputation and revocation

Kin Ying Yu; Tsz Hon Yuen; Sherman S.M. Chow; Siu Ming Yiu; Lucas C.K. Hui

doi:10.1007/978-3-642-33167-1_39

PE(AR) ²: Privacy-enhanced anonymous authentication with reputation and revocation

Kin Ying Yu
, Tsz Hon Yuen
, Sherman S.M. Chow
, Siu Ming Yiu
, Lucas C.K. Hui

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

28 Citations (Scopus)

Abstract

Anonymous authentication schemes allow users to act freely without being tracked. The users may not want to trust a third party in ensuring their privacy, yet a service provider (SP) should have the authority to blacklist a misbehaving user. They are seemingly contradicting requirements. PEREA was the most efficient solution to this problem. However, there are a few drawbacks which make it vulnerable and not practical enough. In this paper, we propose PE(AR) ², which not only fixes PEREA's vulnerability, but also significantly improves its computation efficiency. Apart from revoking repeated misbehaving users, our system also rewards anonymous users via a built-in reputation system. Our scheme does not require the SP to timely review all previously authenticated sessions, and does not have the dependency on the blacklist size for user-side computation (c.f. EPID/BLAC(R)). Our benchmark on PE(AR) ² shows that an SP can handle over 160 requests/second - a 460-fold efficiency improvement over PEREA, when the credentials store 1000 single-use tickets.

Original language	English
Title of host publication	Computer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings
Publisher	Springer
Pages	679-696
Number of pages	18
ISBN (Print)	9783642331664
DOIs	https://doi.org/10.1007/978-3-642-33167-1_39
Publication status	Published - 2012
Externally published	Yes
Event	European Symposium On Research In Computer Security 2012 - Pisa, Italy Duration: 10 Sept 2012 → 12 Sept 2012 Conference number: 17th https://link.springer.com/book/10.1007/978-3-642-33167-1 (Proceedings)

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	7459
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	European Symposium On Research In Computer Security 2012
Abbreviated title	ESORICS 2012
Country/Territory	Italy
City	Pisa
Period	10/09/12 → 12/09/12
Internet address	https://link.springer.com/book/10.1007/978-3-642-33167-1 (Proceedings)

Access to Document

10.1007/978-3-642-33167-1_39

Cite this

Yu, K. Y., Yuen, T. H., Chow, S. S. M., Yiu, S. M., & Hui, L. C. K. (2012). PE(AR) ²: Privacy-enhanced anonymous authentication with reputation and revocation. In Computer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings (pp. 679-696). (Lecture Notes in Computer Science ; Vol. 7459). Springer. https://doi.org/10.1007/978-3-642-33167-1_39

@inproceedings{a6698ff960114f01b494285e29d1deec,

title = "PE(AR) 2: Privacy-enhanced anonymous authentication with reputation and revocation",

abstract = "Anonymous authentication schemes allow users to act freely without being tracked. The users may not want to trust a third party in ensuring their privacy, yet a service provider (SP) should have the authority to blacklist a misbehaving user. They are seemingly contradicting requirements. PEREA was the most efficient solution to this problem. However, there are a few drawbacks which make it vulnerable and not practical enough. In this paper, we propose PE(AR) 2, which not only fixes PEREA's vulnerability, but also significantly improves its computation efficiency. Apart from revoking repeated misbehaving users, our system also rewards anonymous users via a built-in reputation system. Our scheme does not require the SP to timely review all previously authenticated sessions, and does not have the dependency on the blacklist size for user-side computation (c.f. EPID/BLAC(R)). Our benchmark on PE(AR) 2 shows that an SP can handle over 160 requests/second - a 460-fold efficiency improvement over PEREA, when the credentials store 1000 single-use tickets.",

author = "Yu, \{Kin Ying\} and Yuen, \{Tsz Hon\} and Chow, \{Sherman S.M.\} and Yiu, \{Siu Ming\} and Hui, \{Lucas C.K.\}",

year = "2012",

doi = "10.1007/978-3-642-33167-1\_39",

language = "English",

isbn = "9783642331664",

series = "Lecture Notes in Computer Science ",

publisher = "Springer",

pages = "679--696",

booktitle = "Computer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings",

address = "Switzerland",

note = "European Symposium On Research In Computer Security 2012, ESORICS 2012 ; Conference date: 10-09-2012 Through 12-09-2012",

url = "https://link.springer.com/book/10.1007/978-3-642-33167-1",

}

Yu, KY, Yuen, TH, Chow, SSM, Yiu, SM & Hui, LCK 2012, PE(AR) ²: Privacy-enhanced anonymous authentication with reputation and revocation. in Computer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science , vol. 7459, Springer, pp. 679-696, European Symposium On Research In Computer Security 2012, Pisa, Italy, 10/09/12. https://doi.org/10.1007/978-3-642-33167-1_39

PE(AR) ²: Privacy-enhanced anonymous authentication with reputation and revocation. / Yu, Kin Ying; Yuen, Tsz Hon; Chow, Sherman S.M. et al.
Computer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings. Springer, 2012. p. 679-696 (Lecture Notes in Computer Science ; Vol. 7459).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - PE(AR) 2

T2 - European Symposium On Research In Computer Security 2012

AU - Yu, Kin Ying

AU - Yuen, Tsz Hon

AU - Chow, Sherman S.M.

AU - Yiu, Siu Ming

AU - Hui, Lucas C.K.

N1 - Conference code: 17th

PY - 2012

Y1 - 2012

N2 - Anonymous authentication schemes allow users to act freely without being tracked. The users may not want to trust a third party in ensuring their privacy, yet a service provider (SP) should have the authority to blacklist a misbehaving user. They are seemingly contradicting requirements. PEREA was the most efficient solution to this problem. However, there are a few drawbacks which make it vulnerable and not practical enough. In this paper, we propose PE(AR) 2, which not only fixes PEREA's vulnerability, but also significantly improves its computation efficiency. Apart from revoking repeated misbehaving users, our system also rewards anonymous users via a built-in reputation system. Our scheme does not require the SP to timely review all previously authenticated sessions, and does not have the dependency on the blacklist size for user-side computation (c.f. EPID/BLAC(R)). Our benchmark on PE(AR) 2 shows that an SP can handle over 160 requests/second - a 460-fold efficiency improvement over PEREA, when the credentials store 1000 single-use tickets.

AB - Anonymous authentication schemes allow users to act freely without being tracked. The users may not want to trust a third party in ensuring their privacy, yet a service provider (SP) should have the authority to blacklist a misbehaving user. They are seemingly contradicting requirements. PEREA was the most efficient solution to this problem. However, there are a few drawbacks which make it vulnerable and not practical enough. In this paper, we propose PE(AR) 2, which not only fixes PEREA's vulnerability, but also significantly improves its computation efficiency. Apart from revoking repeated misbehaving users, our system also rewards anonymous users via a built-in reputation system. Our scheme does not require the SP to timely review all previously authenticated sessions, and does not have the dependency on the blacklist size for user-side computation (c.f. EPID/BLAC(R)). Our benchmark on PE(AR) 2 shows that an SP can handle over 160 requests/second - a 460-fold efficiency improvement over PEREA, when the credentials store 1000 single-use tickets.

UR - https://www.scopus.com/pages/publications/84865583485

U2 - 10.1007/978-3-642-33167-1_39

DO - 10.1007/978-3-642-33167-1_39

M3 - Conference Paper

AN - SCOPUS:84865583485

SN - 9783642331664

T3 - Lecture Notes in Computer Science

SP - 679

EP - 696

BT - Computer Security, ESORICS 2012 - 17th European Symposium on Research in Computer Security, Proceedings

PB - Springer

Y2 - 10 September 2012 through 12 September 2012

ER -