Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
Zero-knowledge proofs of identity
Journal of Cryptology
The knowledge complexity of interactive proof systems
SIAM Journal on Computing
Witness indistinguishable and witness hiding protocols
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Communication-efficient anonymous group identification
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Crowds: anonymity for Web transactions
ACM Transactions on Information and System Security (TISSEC)
Unlinkable serial transactions: protocols and applications
ACM Transactions on Information and System Security (TISSEC)
Proceedings of the 7th ACM conference on Computer and communications security
ASN.1: communication between heterogeneous systems
ASN.1: communication between heterogeneous systems
Untraceable electronic mail, return addresses, and digital pseudonyms
Communications of the ACM
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy
SNDSS '96 Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96)
Efficient and generalized group signatures
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Anonymous connections and onion routing
IEEE Journal on Selected Areas in Communications
Provable bounds for portable and flexible privacy-preserving access
Proceedings of the tenth ACM symposium on Access control models and technologies
Succinct representation of flexible and privacy-preserving access rights
The VLDB Journal — The International Journal on Very Large Data Bases
Online subscriptions with anonymous access
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Privacy-enhancing methods for e-health applications: how to prevent statistical analyses and attacks
International Journal of Business Intelligence and Data Mining
Anonymity 2.0 - X.509 extensions supporting privacy-friendly authentication
CANS'07 Proceedings of the 6th international conference on Cryptology and network security
Untraceability and profiling are not mutually exclusive
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
| Hi-index | 0.00 |
In this paper we study privacy issues regarding the use of the SSL/TLS protocol and X.509 certificates. Our main attention is placed on subscription-based remote services (e.g., subscription to newspapers and databases) where the service manager charges a flat fee for a period of time independent of the actual number of times the service is requested.We start by pointing out that restricting the access to such services by using X.509 certificates and the SSL/TLS protocol, while preserving the interests of the service managers, neglects the right to privacy of the users.We then propose the concept of a crypto certificate and the Secure and Private Socket Layer protocol (SPSL protocol, in short) and show how they can be used to preserve user privacy and, at the same time, protecting the interests of the service managers. The SPSL protocol only requires the user to have a standard X.509 certificate (with an RSA key) and does not require the user to get any special ad hoc certificate.Finally, we show the viability of the proposed solution by describing a system based on SPSL for secure and private access to subscription-based web services. Our implementation includes an SPSL proxy for a TLS-enabled web client and a module for the Apache web server along with administrative tools for the server side. The system has been developed starting from the implementation of an API for the SPSL protocol that we describe in the paper.