SPICE: simple privacy-preserving identity-management for cloud environment

  • Authors:
  • Sherman S. M. Chow;Yi-Jun He;Lucas C. K. Hui;Siu Ming Yiu

  • Affiliations:
  • University of Waterloo, Ontario, Canada;University of Hong Kong, Hong Kong;University of Hong Kong, Hong Kong;University of Hong Kong, Hong Kong

  • Venue:
  • ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
  • Year:
  • 2012

Quantified Score

Hi-index 0.00

Visualization

Abstract

Identity security and privacy have been regarded as one of the top seven cloud security threats. There are a few identity management solutions proposed recently trying to tackle these problems. However, none of these can satisfy all desirable properties. In particular, unlinkability ensures that none of the cloud service providers (CSPs), even if they collude, can link the transactions of the same user. On the other hand, delegatable authentication is unique to the cloud platform, in which several CSPs may join together to provide a packaged service, with one of them being the source provider which interacts with the clients and performs authentication while the others will be transparent to the clients. Note that CSPs may have different authentication mechanisms that rely on different attributes. Moreover, each CSP is limited to see only the attributes that it concerns. This paper presents SPICE --- the first digital identity management system that can satisfy these properties in addition to other desirable properties. The novelty of our scheme stems from combining and exploiting two group signatures so that we can randomize the signature to make the same signature look different for multiple uses of it and hide some parts of the messages which are not the concerns of the CSP. Our scheme is quite applicable to cloud systems due to its simplicity and efficiency.