ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
On secure and pseudonymous client-relationships with multiple servers
Full text PdfPdf (162 KB)
Source ACM Transactions on Information and System Security (TISSEC) archive
Volume 2 ,  Issue 4  (November 1999) table of contents
Pages: 390 - 415  
Year of Publication: 1999
ISSN:1094-9224
Authors
Eran Gabber  Bell Labs, Murray Hill, NJ
Phillip B. Gibbons  Bell Labs, Murray Hill, NJ
David M. Kristol  Bell Labs, Murray Hill, NJ
Yossi Matias  Tel-Aviv Univ., Tel-Aviv, Israel
Alain Mayer  Bell Labs, Murray Hill, NJ
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 4,   Downloads (12 Months): 48,   Citation Count: 5
Additional Information:

abstract   references   cited by   index terms   review   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/330382.330386
What is a DOI?

ABSTRACT

This paper introduces a cryptographic engine, Janus, which assists clients in establishing and maintaining secure and pseudonymous relationships with multiple servers. The setting is such that clients reside on a particular subnet (e.g., corporate intranet, ISP) and the servers reside anywhere on the Internet. The Janus engine allows each client-server relationship to use either weak or strong authentication on each interaction. At the same time, each interaction preserves privacy by neither revealing a clients true identity (except for the subnet) nor the set of servers with which a particular client interacts. Furthermore, clients do not need any secure long-term memory, enabling scalability and mobility. The interaction model extends to allow servers to send data back to clients via e-mail at a later date. Hence, our results complement the functionality of current network anonymity tools and remailers. The paper also describes the design and implementation of the Lucent Personalized Web Assistant (LPWA), which is a practical system that provides secure and pseudonymous relations with multiple servers on the Internet. LPWA employs the Janus function to generate site-specific person‘, which consist of alias usernames, passwords, and e-mail addresses.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
1998. SSL FAQ. http://www.certicom.com/security/tls_ssl_faq.txt.
 
2
ANDERSON, R. 1993. The classification of hash functions. In Proceedings of the Conference on Cryptography and Coding IV, Oxford University Press, NJ, 83-94.
 
3
ANUPAM,V.AND MAYER, A. 1998. Security of web browser scripting languages: Vulnerabili-ties, attacks, and remedies. In Proceedings of the 7th USENIX Symposium on Security (Jan.), USENIX Assoc., Berkeley, CA.
 
4
BACARD, A. 1999. Anonymous remailer faq. http://www.andrebacard.com/remail.html.
 
5
Mihir Bellare , Joe Kilian , Phillip Rogaway, The Security of Cipher Block Chaining, Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology, p.341-358, August 21-25, 1994
 
6
BOYAN, J. A. 1997. The anonymizer: Protecting user privacy on the web. Computer-Mediated Communication 4, 9 (Sept.). available at http://www.december.com/cmc/mag/1997/sep/ boyan.html. The Anonymizer: http://www.anonymizer.com.
7
David L. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms, Communications of the ACM, v.24 n.2, p.84-90, Feb. 1981  [doi>10.1145/358549.358563]
8
David Chaum, Security without identification: transaction systems to make big brother obsolete, Communications of the ACM, v.28 n.10, p.1030-1044, Oct. 1985  [doi>10.1145/4372.4373]
 
9
CROCKER, D. 1982. RFC822: Standard for the format of ARPA Internet text messages. ftp://ftp.isi.edu/in-notes/rfc822.txt.
 
10
ENGELFRIET, A. 1997. Anonymity and privacy on the Internet. http://www.stack.nl/ zgalactus/remailers.
 
11
FIELDING, R., GETTYS, J., MOGUL, J., FRYSTYK, H., AND BERNERS-LEE, T. 1997. RFC2068: Hypertext transfer protocol: HTTP/1.1. ftp://ftp.isi.edu/in-notes/rfc2068.txt.
 
12
Eran Gabber , Phillip B. Gibbons , Yossi Matias , Alain J. Mayer, How to Make Personalized Web Browising Simple, Secure, and Anonymous, Proceedings of the First International Conference on Financial Cryptography, p.17-32, February 24-28, 1997
13
Eran Gabber , Phillip B. Gibbons , David M. Kristol , Yossi Matias , Alain Mayer, Consistent, yet anonymous, Web access with LPWA, Communications of the ACM, v.42 n.2, p.42-47, Feb. 1999  [doi>10.1145/293411.293447]
 
14
I. Goldberg , D. Wagner , E. Brewer, Privacy-enhancing technologies for the Internet, Proceedings of the 42nd IEEE International Computer Conference, p.103, February 23-26, 1997
 
15
GOLDREICH, O., GOLDWASSER, S., AND MICHALI, S. 1984. How to construct random functions. In Proceedings of the IEEE 25th Annual Symposium on Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos, CA, 464-479.
16
David Goldschlag , Michael Reed , Paul Syverson, Onion routing, Communications of the ACM, v.42 n.2, p.39-41, Feb. 1999  [doi>10.1145/293411.293443]
 
17
GONG, L., MUELLER, M., AND PRAFULLCHANDRA, H. 1997. Going beyond the sandbox: An overview of the new security architecture in the java development kit 1.2. In Proceedings of the USENIX Symposium on Internet Technologies and Systems, USENIX Assoc., Berkeley, CA.
 
18
Ceki Gulcu , Gene Tsudik, Mixing Email with Babel, Proceedings of the 1996 Symposium on Network and Distributed System Security (SNDSS '96), p.2, February 22-23, 1996
 
19
LAI, X., MASSEY, J., AND MURPHY, S. 1991. Markov ciphers and differential cryptanalysis. In Proceedings of the Conference on Advances in Cryptology (CRYPTO '91), Springer-Verlag, New York, NY, 17-38.
 
20
David M. Martin Jr , Sivaramakrishnan Rajagopalan , Aviel D. Rubin, Blocking Java Applets at the Firewall, Proceedings of the 1997 Symposium on Network and Distributed System Security, p.16, February 10-11, 1997
 
21
MATIAS, Y., MAYER, A., AND SILBERSCHATZ, A. 1997. Lightweight security primitives for e-commerce. In Proceedings of the USENIX Symposium on Internet Technologies and Systems, USENIX Assoc., Berkeley, CA.
 
22
MENEZES,A.J.,VAN OORSCHOT,P.C.,AND VANSTONE, S. A. 1997. Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton, FL. NIST, 1999. Advanced encryption standard (AES) development effort. National Institute of Standards and Technology, Gaithersburg, MD. http://www.nist.gov/aes/.
 
23
A Pfitzmann , M Waidner, Networks without user observability—design options, Proc. of a workshop on the theory and application of cryptographic techniques on Advances in cryptology---EUROCRYPT '85, p.245-253, January 1986, Linz, Austria
 
24
Bart Prenel , Paul C. van Oorschot, MDx-MAC and Building Fast MACs from Hash Functions, Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology, p.1-14, August 27-31, 1995
25
Joseph Reagle , Lorrie Faith Cranor, The platform for privacy preferences, Communications of the ACM, v.42 n.2, p.48-55, Feb. 1999  [doi>10.1145/293411.293455]
26
Michael K. Reiter , Aviel D. Rubin, Crowds: anonymity for Web transactions, ACM Transactions on Information and System Security (TISSEC), v.1 n.1, p.66-92, Nov. 1998  [doi>10.1145/290163.290168]
 
27
Daniel R. Simon, Anonymous Communication and Anonymous Cash, Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, p.61-73, August 18-22, 1996

CITED BY  5
Stuart G. Stubblebine , Paul F. Syverson , David M. Goldschlag, Unlinkable serial transactions: protocols and applications, ACM Transactions on Information and System Security (TISSEC), v.2 n.4, p.354-389, Nov. 1999
Robert M. Arlein , Ben Jai , Markus Jakobsson , Fabian Monrose , Michael K. Reiter, Privacy-preserving global customization, Proceedings of the 2nd ACM conference on Electronic commerce, p.176-184, October 17-20, 2000, Minneapolis, Minnesota, United States
Jasmine Novak , Prabhakar Raghavan , Andrew Tomkins, Anti-aliasing on the web, Proceedings of the 13th international conference on World Wide Web, May 17-20, 2004, New York, NY, USA
Blake Ross , Collin Jackson , Nick Miyake , Dan Boneh , John C. Mitchell, Stronger password authentication using browser extensions, Proceedings of the 14th conference on USENIX Security Symposium, p.2-2, July 31-August 05, 2005, Baltimore, MD
Ming Lei , Yang Xiao , Susan V. Vrbsky , Chung-Chih Li, Virtual password using random linear functions for on-line services, ATM machines, and pervasive computing, Computer Communications, v.31 n.18, p.4367-4375, December, 2008

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication


General Terms:
Management, Security


Keywords:
Janus function, anonymity, mailbox, persistent relationship, privacy, pseudonym


REVIEW

"Stanley A. Kurzban : Reviewer"

Janus is a cryptographic engine that may reside either in the computer that serves as an interface between a local network and the Internet, or in each computer attached to the local network. In the latter case, each Janus engine i  more...

Collaborative Colleagues:
Eran Gabber: colleagues
Phillip B. Gibbons: colleagues
David M. Kristol: colleagues
Yossi Matias: colleagues
Alain Mayer: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player