How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Efficient Group Signature Schemes for Large Groups (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
How to win the clonewars: efficient periodic n-times anonymous authentication
Proceedings of the 13th ACM conference on Computer and communications security
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Blacklistable anonymous credentials: blocking misbehaving users without ttps
Proceedings of the 14th ACM conference on Computer and communications security
Online subscriptions with anonymous access
Proceedings of the 2008 ACM symposium on Information, computer and communications security
PEREA: towards practical TTP-free revocation in anonymous authentication
Proceedings of the 15th ACM conference on Computer and communications security
Anonymous credentials on a standard java card
Proceedings of the 16th ACM conference on Computer and communications security
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
A signature scheme with efficient protocols
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Jack: scalable accumulator-based nymble system
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
PriMan: a privacy-preserving identity framework
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Making a nymbler nymble using VERBS
PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
Digital privacy
Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
A cryptographic framework for the controlled release of certified data
SP'04 Proceedings of the 12th international conference on Security Protocols
Can we fix the security economics of federated authentication?
SP'11 Proceedings of the 19th international conference on Security Protocols
Iolaus: securing online content rating systems
Proceedings of the 22nd international conference on World Wide Web
Crypto-Book: an architecture for privacy preserving online identities
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Hi-index | 0.00 |
Trust and anonymity are both desirable properties on the Internet. However, online services and users often have to make the trade off between trust and anonymity due to the lack of usable frameworks for achieving them both. We propose Opaak, a practical anonymous authentication framework. Opaak enables its users to establish identities with different online services while ensuring that these identities cannot be linked with each other or their real identity. In addition, Opaak allows online service providers to control the rate at which users utilize their services while preserving their anonymity. Hence, allowing the service providers to prevent abuse in the form of spam or Sybil attacks, which are prevalent in such online services that offer anonymity. Opaak leverages the mobile phone as a scarce resource combined with anonymous credentials in order to provide these features. We target two kinds of applications for Opaak and identify their requirements in order to achieve both trust and anonymity. We develop efficient protocols for these applications based on anonymous credentials. In addition, we design an architecture that facilitates integration with existing mobile and web applications and allows application developers to transparently utilize our protocols. We implement a prototype on Android and evaluate its performance to demonstrate the practicality of our approach.