Measuring the user's anonymity when disclosing personal properties

Authors:
Kristof Verslype;Bart De Decker
Affiliations:
K.U. Leuven, Heverlee, Belgium;K.U. Leuven, Heverlee, Belgium
Venue:
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Year:
2010

Citing 8
Cited 0

Security without identification: transaction systems to make big brother obsolete

Communications of the ACM
A secure and privacy-protecting protocol for transmitting personal information between organizations

Proceedings on Advances in cryptology---CRYPTO '86
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy

Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Design and implementation of the idemix anonymous credential system

Proceedings of the 9th ACM conference on Computer and communications security
Pseudonym Systems

SAC '99 Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography
Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals

CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
An identifiability-based access control model for privacy protection in open systems

Proceedings of the 2004 ACM workshop on Privacy in the electronic society

Quantified Score

Hi-index	0.00

Visualization

Abstract

Anonymous credentials allow to selectively disclose personal properties included in the credential, while hiding the other information. For instance, a user could only disclose that he is an adult using a credential in which zip code and date of birth are included, which remain hidden for the verifier. This is a considerable improvement w.r.t. the user's anonymity. However, by disclosing too much personal properties, the user can drastically decrease his anonymity and can even become identifiable. Credentials can be shown multiple times under the same pseudonym, making usages of the same credential linkable which introduces new anonymity threats. These threats are discussed in this paper and a method is proposed whereby a user agent retrieves data in order to inform the user about his minimum level of anonymity w.r.t. a particular service provider.