Design and implementation of the idemix anonymous credential system

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Design and implementation of the idemix anonymous credential system

Full text

Pdf (1.09 MB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 9th ACM conference on Computer and communications security table of contents

Washington, DC, USA

SESSION: Cryptographic protocols table of contents

Pages: 21 - 30

Year of Publication: 2002

ISBN:1-58113-612-9

Authors

Jan Camenisch	IBM Research, Zurich Research Laboratory, Rüschlikon, Switzerland
Els Van Herreweghen	IBM Research, Zurich Research Laboratory, Rüschlikon, Switzerland

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 15, Downloads (12 Months): 91, Citation Count: 33

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/586110.586114 What is a DOI?

ABSTRACT

Anonymous credential systems [8, 9, 12, 24] allow anonymous yet authenticated and accountable transactions between users and service providers. As such, they represent a powerful technique for protecting users' privacy when conducting Internet transactions. In this paper, we describe the design and implementation of an anonymous credential system based on the protocols developed by [6]. The system is based on new high-level primitives and interfaces allowing for easy integration into access control systems. The prototype was realized in Java. We demonstrate its use and some deployment issues with the description of an operational demonstration scenario.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	R. Barrett, P. P. Maglio, and D. C. Kellem. WBI development kit. http://www.almaden.ibm.com/cs/wbi/.
	2	S. Bellovin and P. Metzger. Simple Public Key Infrastructure (SPKI) Charter. http://www.ietf.org/html.charters/spki-charter.html.
	3	Matt Blaze , Joan Feigenbaum , Angelos D. Keromytis, KeyNote: Trust Management for Public-Key Infrastructures (Position Paper), Proceedings of the 6th International Workshop on Security Protocols, p.59-63, April 15-17, 1998
	4	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	5	M. Bove. Key management, setup and implementation of an anonymous credential system. Master's thesis, 2001.
	6	Jan Camenisch , Anna Lysyanskaya, An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation, Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, p.93-118, May 06-10, 2001
	7	David L. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms, Communications of the ACM, v.24 n.2, p.84-90, Feb. 1981 [doi>10.1145/358549.358563]
	8	David Chaum, Security without identification: transaction systems to make big brother obsolete, Communications of the ACM, v.28 n.10, p.1030-1044, Oct. 1985 [doi>10.1145/4372.4373]
	9	David Chaum , Jan-Hendrik Evertse, A secure and privacy-protecting protocol for transmitting personal information between organizations, Proceedings on Advances in cryptology---CRYPTO '86, p.118-167, January 1987, Santa Barbara, California, United States
	10	D. Chaum , A. Fiat , M. Naor, Untraceable electronic cash, Proceedings on Advances in cryptology, p.319-327, February 1990, Santa Barbara, California, United States
	11	Consultation Committee. X.509: The Directory Authentication Framework. International Telephone and Telegraph, International Telecommunications Union, Geneva, 1989.
	12	I. B. Damgård, Payment systems and credential mechanisms with provable security against abuse by individuals, Proceedings on Advances in cryptology, p.328-335, February 1990, Santa Barbara, California, United States
	13	C. Dwork, J. Lotspiech, and M. Naor. Digital signets: Self-enforcing protection of digital information. 1996.
	14	T. Eirich. KeyMan. http://www.alphaworks.ibm.com/tech/keyman.
	15	C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI Certificate Theory. Internet Engineering Task Force RFC 2693.
	16	Amos Fiat , Adi Shamir, How to prove yourself: practical solutions to identification and signature problems, Proceedings on Advances in cryptology---CRYPTO '86, p.186-194, January 1987, Santa Barbara, California, United States
	17	Oded Goldreich , Birgit Pfitzmann , Ronald L. Rivest, Self-Delegation with Controlled Propagation - or - What If You Lose Your Laptop, Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology, p.153-168, August 23-27, 1998
	18	David Goldschlag , Michael Reed , Paul Syverson, Onion routing, Communications of the ACM, v.42 n.2, p.39-41, Feb. 1999 [doi>10.1145/293411.293443]
	19	Amir Herzberg , Yosi Mass , Joris Michaeli , Yiftach Ravid , Dalit Naor, Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.2, May 14-17, 2000
	20	Ninghui Li , Benjamin Grosof , Joan Feigenbaum, A Practically Implementable and Tractable Delegation Logic, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.27, May 14-17, 2000
	21	Ninghui Li , Joan Feigenbaum , Benjamin N. Grosof, A Logic-based Knowledge Representation for Authorization with Delegation, Proceedings of the 1999 IEEE Computer Security Foundations Workshop, p.162, June 28-30, 1999
	22	Ninghui Li , John C. Mitchell , William H. Winsborough, Design of a Role-Based Trust-Management Framework, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.114, May 12-15, 2002
	23	Ninghui Li , William H. Winsborough , John C. Mitchell, Distributed credential chain discovery in trust management: extended abstract, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA [doi>10.1145/501983.502005]
	24	Anna Lysyanskaya , Ronald L. Rivest , Amit Sahai , Stefan Wolf, Pseudonym Systems, Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography, p.184-199, August 09-10, 1999
	25	R. Mathys. New idemix client handbuch. Technical report, December 2001.
	26	A. Pfitzmann, B. Pfitzmann, and M. Waidner. Isdnmixes: Untraceable communication with very small bandwidth overhead, 1991.
	27	Michael K. Reiter , Aviel D. Rubin, Crowds: anonymity for Web transactions, ACM Transactions on Information and System Security (TISSEC), v.1 n.1, p.66-92, Nov. 1998 [doi>10.1145/290163.290168]
	28	Stuart G. Stubblebine , Paul F. Syverson , David M. Goldschlag, Unlinkable serial transactions: protocols and applications, ACM Transactions on Information and System Security (TISSEC), v.2 n.4, p.354-389, Nov. 1999 [doi>10.1145/330382.330384]

CITED BY 33

	Birgit Pfitzmann , Michael Waidner, Privacy in browser-based attribute exchange, Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, p.52-62, November 21-21, 2002, Washington, DC
	Marianne Winslett , Charles C. Zhang , Piero A. Bonatti, PeerAccess: a logic for distributed authorization, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Ting Yu , Marianne Winslett, Policy migration for sensitive credentials in trust negotiation, Proceedings of the 2003 ACM workshop on Privacy in the electronic society, October 30, 2003, Washington, DC
	Keith Irwin , Ting Yu, An identifiability-based access control model for privacy protection in open systems, Proceedings of the 2004 ACM workshop on Privacy in the electronic society, October 28-28, 2004, Washington DC, USA
	Ernesto Damiani , Sabrina De Capitani di Vimercati , Pierangela Samarati, Managing Multiple and Dependable Identities, IEEE Internet Computing, v.7 n.6, p.29-37, November 2003
	Jiangtao Li , Ninghui Li, Policy-hiding access control in open environment, Proceedings of the twenty-fourth annual ACM symposium on Principles of distributed computing, July 17-20, 2005, Las Vegas, NV, USA
	Ahmad-Reza Sadeghi , Christian Stüble, Property-based attestation for computing platforms: caring about properties, not mechanisms, Proceedings of the 2004 workshop on New security paradigms, September 20-23, 2004, Nova Scotia, Canada
	Jiangtao Li , Ninghui Li , William H. Winsborough, Automated trust negotiation using cryptographic credentials, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Sebastian Clauβ , Dogan Kesdogan , Tobias Kölsch, Privacy enhancing identity management: protection against re-identification and profiling, Proceedings of the 2005 workshop on Digital identity management, November 11-11, 2005, Fairfax, VA, USA
	Keith Irwin , Ting Yu, Preventing attribute information leakage in automated trust negotiation, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Vicente Benjumea , Javier Lopez , Jose M. Troya, Specification of a framework for the anonymous use of privileges, Telematics and Informatics, v.23 n.3, p.179-195, August 2006
	G. Bianchi , M. Bonola , V. Falletta , F. S. Proto , S. Teofili, The SPARTA Pseudonym and Authorization System, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.2, p.57-71, February, 2008
	Songqing Chen , Shiping Chen , Huiping Guo , Bo Shen , Sushil Jajodia, Achieving simultaneous distribution control and privacy protection for Internet media delivery, ACM Transactions on Multimedia Computing, Communications, and Applications (TOMCCAP), v.4 n.2, p.1-23, May 2008
	Karim El Defrawy , Magda El Zarki , Gene Tsudik, Incentive-based cooperative and secure inter-personal networking, Proceedings of the 1st international MobiSys workshop on Mobile opportunistic networking, June 11-11, 2007, San Juan, Puerto Rico
	A. Squicciarini , E. Bertino , Elena Ferrari , F. Paci , B. Thuraisingham, PP-trust-X: A system for privacy preserving trust negotiations, ACM Transactions on Information and System Security (TISSEC), v.10 n.3, p.12-es, July 2007
	Abhilasha Bhargav-Spantzel , Anna C. Squicciarini , Elisa Bertino, Establishing and protecting digital identity in federation systems, Journal of Computer Security, v.14 n.3, p.269-300, May 2006
	Steven Gevers , Verslype Verslype , Bart De Decker, Enhancing privacy in identity management systems, Proceedings of the 2007 ACM workshop on Privacy in electronic society, October 29-29, 2007, Alexandria, Virginia, USA
	Rhys Smith , Jianhua Shao, Privacy and e-commerce: a consumer-centric perspective, Electronic Commerce Research, v.7 n.2, p.89-116, June 2007
	Jiangtao Li , Ninghui Li, OACerts: Oblivious Attribute Certificates, IEEE Transactions on Dependable and Secure Computing, v.3 n.4, p.340-352, October 2006
	Cory Cornelius , Apu Kapadia , David Kotz , Dan Peebles , Minho Shin , Nikos Triandopoulos, Anonysense: privacy-aware people-centric sensing, Proceeding of the 6th international conference on Mobile systems, applications, and services, June 17-20, 2008, Breckenridge, CO, USA
	Adam J. Lee , Marianne Winslett , Jim Basney , Von Welch, The Traust Authorization Service, ACM Transactions on Information and System Security (TISSEC), v.11 n.1, p.1-33, February 2008
	Dijiang Huang , Vinayak Kandiah , Mayank Verma, Privacy preservation services: challenges and solutions, Proceedings of the 2008 ACM symposium on Applied computing, March 16-20, 2008, Fortaleza, Ceara, Brazil
	Lars E. Olson , Michael J. Rosulek , Marianne Winslett, Harvesting credentials in trust negotiation as an honest-but-curious adversary, Proceedings of the 2007 ACM workshop on Privacy in electronic society, October 29-29, 2007, Alexandria, Virginia, USA
	Florian Kerschbaum , Rafael J. Deitos, Security against the business partner, Proceedings of the 2008 ACM workshop on Secure web services, p.1-10, October 31-31, 2008, Alexandria, Virginia, USA
	G. Bianchi , M. Bonola , V. Falletta , F. S. Proto , S. Teofili, The SPARTA pseudonym and authorization system, Science of Computer Programming, v.74 n.1-2, p.23-33, December, 2008
	Michael T. Goodrich , Roberto Tamassia , Danfeng (Daphne) Yao, Notarized federated ID management and authentication, Journal of Computer Security, v.16 n.4, p.399-418, September 2008
	David Bauer , Douglas M. Blough , David Cash, Minimal information disclosure with efficiently verifiable credentials, Proceedings of the 4th ACM workshop on Digital identity management, October 31-31, 2008, Alexandria, Virginia, USA
	Federica Paci , David Bauer , Elisa Bertino , Douglas M. Blough , Anna Squicciarini, Minimal credential disclosure in trust negotiations, Proceedings of the 4th ACM workshop on Digital identity management, October 31-31, 2008, Alexandria, Virginia, USA
	Danfeng Yao , Keith B. Frikken , Mikhail J. Atallah , Roberto Tamassia, Private Information: To Reveal or not to Reveal, ACM Transactions on Information and System Security (TISSEC), v.12 n.1, p.1-27, October 2008
	Anna Lysyanskaya, Authentication without Identification, IEEE Security and Privacy, v.5 n.3, p.69-71, May 2007
	Danfeng Yao , Roberto Tamassia, Compact and Anonymous Role-Based Authorization Chain, ACM Transactions on Information and System Security (TISSEC), v.12 n.3, p.1-27, January 2009
	Ibrahim Armac , Daniel Rose, Privacy-friendly user modelling for smart environments, Proceedings of the 5th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking, and Services, July 21-25, 2008, Dublin, Ireland
	Xuhua Ding , Gene Tsudik , Shouhuai Xu, Leak-free mediated group signatures, Journal of Computer Security, v.17 n.4, p.489-514, December 2009