Abstract
There are at least two principal approaches to prevent users from sharing their anonymous credentials: adding valuable secrets into the system the user does not want to share or embedding biometric access control. This paper seeks to identify possible fields of application and to compare both approaches with respect to the credentials’ non-transferability.
The paper shows that both approaches do not ensure the non- transferability of anonymous credentials, but may be applicable in some fields. On the one hand, it might be hard to find valuable secrets to really prevent the sharing of credentials, in particular with close family members. On the other hand, biometric sensors embedded in a smartcard can be circumvented with some effort, especially if access control is unattended. Although the combination of both approaches may prevent more users from sharing their credentials, it suffers from restrictions of both approaches and from the effort needed to put it in place.
However, assuming that anonymous credentials will probably not be used in high-security environments, both approaches might be sufficient to prevent sharing in some applications. If the users already possess personal digital assistants, embedded valuable secrets are a quite cheap solution, even though they raise the system’s value. If access control is attended, biometric sensors are reasonably safe and limit the possibility of unintentionally sharing the credentials for free.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Communications of the ACM 28, 1030–1044 (1985)
Chaum, D., Evertse, J.-H.: A secure and privacy-protecting protocol for transmitting personal information between organizations. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 118–167. Springer, Heidelberg (1987)
Chaum, D.: Blind Signatures for Untraceable Payments. In: Advances in Cryptology – CRYPTO 1982, pp. 199–203. Springer, Heidelberg (1999)
Dwork, C., Lotspiech, J., Naor, M.: Digital Signets: Self-Enforcing Protection of Digital Information. In: Proceedings on Theory of Computing, 28th Ann. ACM Symp. (1997)
Goldreich, O., Pfitzmann, B., Rivest, R.L.: Self-Delegation with Controlled Propagation — or — What If You Lose Your Laptop. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 153–168. Springer, Heidelberg (1998)
Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym Systems. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)
Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
Bleumer, G.: Biometric yet Privacy Protecting Person Authentication. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 99–110. Springer, Heidelberg (1998)
Chaum, D.: Blind signatures for untraceable payments. In: Advances in Cryptology – Crypto 1982, pp. 199–203. Springer, Heidelberg (1983)
Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)
FFIEC Press Release: Authentication in an Internet Banking Environment. Techreport, Federal Financial Institutions Examination Council (2005)
Brainard, J., Juels, A., Rivest, R., Szydlo, M., Yung, M.: Fourth Factor Authentication: Somebody You Know. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security, pp. 168–178. ACM, New York (2006)
Chaum, D., Pedersen, T.P.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)
Impagliazzo, R., More, S.M.: Anonymous Credentials with Biometrically-Enforced Non-Transferability. In: Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society (WPES 2003), pp. 60–71 (2003)
Homepage of Biometric Associates, Inc., http://www.biometricassociates.com
Pan, S.B., Gil, Y.H., Moon, D., Chung, Y., Park, C.H.: A Memory-Efficient Fingerprint Verification Algorithm Using a Multi-Resolution Accumulator Array. ETRI Journal 25, 179–186 (2003)
Barwise, M., Bachfeld, D.: Attack of the card cloners. IT security news and services at heise Security UK (2007), http://www.heise-online.co.uk/security/features/print/100187
Finkenzeller, K.: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification, 446 pages. John Wiley and Sons, Chichester (2003)
Graafstra, A.: RFID Toys: 11 Cool Projects for Home, Office and Entertainment, 336 pages. Wiley, Chichester (2006)
Damgård, I., Dupont, K., Pedersen, M.O.: Unclonable Group Identification. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 555–572. Springer, Heidelberg (2006)
Camenisch, J., Hohenberger, S., Kohlweiss, M., Lysyanskaya, A., Meyerovich, M.: How to win the clonewars: efficient periodic n-times anonymous authentication. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security, pp. 201–210. ACM, New York (2006)
Beth, T., Desmedt, Y.: Identification tokens – or: Solving the chess grandmaster problem. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 169–176. Springer, Heidelberg (1991)
Brands, S., Chaum, D.: Distance-bounding protocols. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 344–359. Springer, Heidelberg (1994)
Drimer, S., Murdoch, S.J.: Keep your enemies close: distance bounding against smartcard relay attacks. In: SS 2007: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 1–16. USENIX Association (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Pape, S. (2009). A Survey on Non-transferable Anonymous Credentials. In: Matyáš, V., Fischer-Hübner, S., Cvrček, D., Švenda, P. (eds) The Future of Identity in the Information Society. Privacy and Identity 2008. IFIP Advances in Information and Communication Technology, vol 298. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03315-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-03315-5_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-03314-8
Online ISBN: 978-3-642-03315-5
eBook Packages: Computer ScienceComputer Science (R0)