Abstract:
In general service providing systems, user
authentication is required for different purposes such as
billing, restricting unauthorized access, etc. A good solution is
to use pseudonyms as temporary identities. On the other hand,
it may also be required to have a backdoor in pseudonym
systems for identity revealing that can be used by law
enforcement agencies for legal reasons. Such pseudonym
providing systems rely on one or more trusted third parties.
The threat models of the existing schemes do not assume
existence of collusion among these trusted parties; however,
collusion among them can severely breach privacy such that
pseudonyms can be linked to real identities in an unauthorized
way. In this paper, we propose a novel pseudonym providing
and management system. Our system is privacy-preserving
and guarantees a level of anonymity for a particular number of
system users. Besides, trust is distributed among all system
entities instead of centralizing it into a single trusted third
party. More importantly, our system is highly resistant to
collusions among the trusted entities. Our system also has the
ability to reveal user identity in case of a request by law
enforcement. To maximize the privacy of the users, our design
requires the collaboration among all trusted entities for
identity revealing. We perform analytical and simulation based
performance evaluation in order to analyze the anonymity
level and resistance against collusion attacks. Our results show
that CoRPPS provides high level of anonymity with strong
resistance against collusion attacks
