research-article

Open access

Crypto-Book: an architecture for privacy preserving online identities

Authors:

John Maheswaran,

David Isaac Wolinsky,

Bryan FordAuthors Info & Claims

HotNets-XII: Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks

Article No.: 14, Pages 1 - 7

https://doi.org/10.1145/2535771.2535798

Published: 21 November 2013 Publication History

Abstract

Through cross-site authentication schemes such as OAuth and OpenID, users increasingly rely on popular social networking sites for their digital identities--but use of these identities brings privacy and tracking risks. We propose Crypto-Book, an extension to existing digital identity infrastructures that offers privacy-preserving, digital identities through the use of public key cryptography and ring signatures. Crypto-Book builds a privacy-preserving cryptographic layer atop existing social network identities, via third-party key servers that convert social network identities into public/private key-pairs on demand. Using linkable ring signatures, these key-pairs along with the public keys of other identities create unique pseudonyms untraceable back to the owner yet can resist anonymous abuse.

Our proof-of-concept implementation of Crypto-Book creates public/private key pairs for Facebook users, and includes a private key pickup protocol based on E-mail. We present Black Box, a case study application that uses Crypto-Book for accountable anonymous whistle-blowing. Black Box allows users to sign files deniably using ring signatures, using a list of arbitrary Facebook users -- who need not consent or even be aware of this use -- as an explicit anonymity set.

References

[1]

D. Boneh and M. Franklin. Identity-based encryption from the Weil pairing. In 21st CRYPTO. 2001.

Digital Library

[2]

D. Chaum. Blind signatures for untraceable payments. In CRYPTO, 1982.

[3]

D. Chaum and E. V. Heyst. Group signatures. In Eurocrypt, Apr. 1991.

Digital Library

[4]

H. Corrigan-Gibbs and B. Ford. Dissent: accountable anonymous group messaging. In 17th CCS, Oct. 2010.

Digital Library

[5]

L. A. Cutillo, R. Molva, and T. Strufe. Safebook: A privacy-preserving online social network leveraging on real-life trust. Communications Magazine, IEEE, 2009.

Digital Library

[6]

G. Danezis and A. Serjantov. Statistical disclosure or intersection attacks on anonymity systems. In Information Hiding Workshop, May 2004.

Digital Library

[7]

Y. Desmedt and J.-J. Quisquater. Public-key systems based on the difficulty of tampering (is there a difference between DES and RSA?). In CRYPTO, 1987.

Digital Library

[8]

A. Dey and S. Weis. PseudoID: Enhancing privacy in federated login. HotPETs, 2010.

[9]

R. Dingledine, N. Mathewson, and P. Syverson. Tor: the second-generation onion router. In 12th USENIX Security, Aug. 2004.

Digital Library

[10]

Federal Information Processing Standards Publication. Digital signature standard (DSS), July 2013. FIPS 186-4.

[11]

S. Guha, K. Tang, and P. Francis. Noyb: Privacy in online social networks. In WOSN, 2008.

Digital Library

[12]

E. Hammer-Lahav. The OAuth 1.0 protocol, Apr. 2010. RFC 5849.

[13]

D. H�hnlein, M. Jacobson, and D. Weber. Towards practical non-interactive public key cryptosystems using non-maximal imaginary quadratic orders. In Journal Designs, Codes and Cryptography, 2003.

Digital Library

[14]

S. Jahid, P. Mittal, and N. Borisov. EASiER: Encryption-based access control in social networks with efficient revocation. In ASIACCS, 2011.

Digital Library

[15]

D. Kedogan, D. Agrawal, and S. Penz. Limits of anonymity in open environments. In 5th International Workshop on Information Hiding, Oct. 2002.

Digital Library

[16]

Z. A. Khattak, J.-l. A. Manan, S. Sulaiman, et al. Analysis of open environment sign-in schemes-privacy enhanced & trustworthy approach. Journal of Advances in Information Technology, 2011.

[17]

G. Kontaxis, M. Polychronakis, and E. P. Markatos. SudoWeb: Minimizing information disclosure to third parties in single sign-on platforms. In ISC. 2011.

Digital Library

[18]

J. K. Liu, V. K. Wei, and D. S. Wong. Linkable spontaneous anonymous group signature for ad hoc groups. In Australian Conference on Information Security and Privacy, pages 614--623, July 2004.

[19]

M. M. Lucas and N. Borisov. flyByNight: mitigating the privacy risks of social networking. In SOUPS, 2009.

Digital Library

[20]

W. Luo, Q. Xie, and U. Hengartner. FaceCloak: An architecture for user privacy on social networking sites. In CSE.

Digital Library

[21]

G. Maganis, E. Shi, H. Chen, and D. Song. Opaak: using mobile phones to limit anonymous identities online. In MobiSys, 2012.

Digital Library

[22]

U. Maurer and Y. Yacobi. Non-interactive public-key cryptography. In EUROCRYPT, 1991.

Digital Library

[23]

A. Narayanan. SocialKeys: Transparent cryptography via key distribution over social networks. In IAB Workshop on Internet Privacy, 2010.

[24]

OpenID. http://openid.net/.

[25]

J.-F. Raymond. Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems. In Design Issues in Anonymity and Unobservability, July 2000.

[26]

R. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. In ASIACRYPT, pages 552--565, Dec. 2001.

Digital Library

[27]

R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 1978.

Digital Library

[28]

A. Shamir. Identity-based cryptosystems and signature schemes. In Advances in cryptology, 1985.

Digital Library

[29]

X. Song, D. I. Wolinsky, and B. Ford. Faceless: decentralized anonymous group messaging for online social networks. In SNS, April 2012.

Digital Library

[30]

H. Tanaka. A realization scheme for the identity-based cryptosystem. In CRYPTO, 1987.

Digital Library

[31]

S. Tsujii and T. Itoh. An ID-based cryptosystem based on the discrete logarithm problem. IEEE Journal on Selected Areas in Communications, 1989.

Digital Library

[32]

R. Watanabe and Y. Miyake. Account management method with blind signature scheme. Engineering and Technology, World of Science, 2011.

[33]

D. I. Wolinsky, H. Corrigan-Gibbs, B. Ford, and A. Johnson. Scalable anonymous group communication in the anytrust model. In EuroSec, Apr. 2012.

[34]

D. I. Wolinsky, H. Corrigan-Gibbs, A. Johnson, and B. Ford. Dissent in numbers: Making strong anonymity scale. In 10th OSDI, Oct. 2012.

Digital Library

Cited By

Bouraga SJureta IFaulkner S(2022)Privacy in Online Social Networks: A Systematic Mapping Study and a Classification FrameworkDisease Control Through Social Network Surveillance10.1007/978-3-031-07869-9_6(109-131)Online publication date: 21-May-2022
https://doi.org/10.1007/978-3-031-07869-9_6
Halpin H(2020)Nym Credentials: Privacy-Preserving Decentralized Identity with Blockchains2020 Crypto Valley Conference on Blockchain Technology (CVCBT)10.1109/CVCBT50464.2020.00010(56-67)Online publication date: Jun-2020
https://doi.org/10.1109/CVCBT50464.2020.00010
CHEN JSU SWANG X(2019)Towards Privacy-Preserving Location Sharing over Mobile Online Social NetworksIEICE Transactions on Information and Systems10.1587/transinf.2018EDP7187E102.D:1(133-146)Online publication date: 1-Jan-2019
https://doi.org/10.1587/transinf.2018EDP7187
Show More Cited By

Index Terms

Crypto-Book: an architecture for privacy preserving online identities
1. Information systems
  1. World Wide Web
    1. Web applications
    2. Web services
2. Security and privacy
  1. Network security

Recommendations

Building Privacy-Preserving Cryptographic Credentials from Federated Online Identities
CODASPY '16: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy

Federated identity providers, e.g., Facebook and PayPal, offer a convenient means for authenticating users to third-party applications. Unfortunately such cross-site authentications carry privacy and tracking risks. For example, federated identity ...
Identity-based proxy matchmaking encryption for cloud-based anonymous messaging systems
Abstract
Cloud-based anonymous messaging systems have been widely utilized in covert conversations to enable people to anonymously exchange encrypted data in public using cryptographic techniques. Recently, Ateniese et al. proposed the identity-based ...
Formalizing Anonymous Blacklisting Systems
SP '11: Proceedings of the 2011 IEEE Symposium on Security and Privacy

Anonymous communications networks, such as Tor, help to solve the real and important problem of enabling users to communicate privately over the Internet. However, in doing so, anonymous communications networks introduce an entirely new problem for the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

HotNets-XII: Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks

November 2013

188 pages

ISBN:9781450325967

DOI:10.1145/2535771

General Chair:
Dave Levine
UMD
,
Program Chairs:
Sachin Katti
Stanford University
,
Dave Oran
Cisco

Copyright � 2013 Owner/Author.

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 November 2013

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Defense Advanced Research Projects Agency

Conference

HotNets-XII

Sponsor:

SIGCOMM

HotNets-XII: Twelfth ACM Workshop on Hot Topics in Networks

November 21 - 22, 2013

Maryland, College Park

Acceptance Rates

HotNets-XII Paper Acceptance Rate 26 of 110 submissions, 24%;

Overall Acceptance Rate 110 of 460 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
539
Total Downloads

Downloads (Last 12 months)48
Downloads (Last 6 weeks)9

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bouraga SJureta IFaulkner S(2022)Privacy in Online Social Networks: A Systematic Mapping Study and a Classification FrameworkDisease Control Through Social Network Surveillance10.1007/978-3-031-07869-9_6(109-131)Online publication date: 21-May-2022
https://doi.org/10.1007/978-3-031-07869-9_6
Halpin H(2020)Nym Credentials: Privacy-Preserving Decentralized Identity with Blockchains2020 Crypto Valley Conference on Blockchain Technology (CVCBT)10.1109/CVCBT50464.2020.00010(56-67)Online publication date: Jun-2020
https://doi.org/10.1109/CVCBT50464.2020.00010
CHEN JSU SWANG X(2019)Towards Privacy-Preserving Location Sharing over Mobile Online Social NetworksIEICE Transactions on Information and Systems10.1587/transinf.2018EDP7187E102.D:1(133-146)Online publication date: 1-Jan-2019
https://doi.org/10.1587/transinf.2018EDP7187
Rajput AGopinath K(2018)Analysis of Newer Aadhaar Privacy ModelsInformation Systems Security10.1007/978-3-030-05171-6_20(386-404)Online publication date: 5-Dec-2018
https://doi.org/10.1007/978-3-030-05171-6_20
Troncoso CIsaakidis MDanezis GHalpin H(2017)Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and DeploymentsProceedings on Privacy Enhancing Technologies10.1515/popets-2017-00562017:4(404-426)Online publication date: 1-Oct-2017
https://doi.org/10.1515/popets-2017-0056
Liu YAlsadoon APrasad PElchouemi A(2016)Comparison ananlyses for anonymous communication schemes in social network: A proposal of Onion based Ring Router model in Social Networking (RTor)2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET)10.1109/WiSPNET.2016.7566206(610-616)Online publication date: Mar-2016
https://doi.org/10.1109/WiSPNET.2016.7566206
Guo KShen PXiao MXu Q(2015)UBackup-IIProceedings of the 2015 2nd International Conference on Information Science and Control Engineering10.1109/ICISCE.2015.122(522-527)Online publication date: 24-Apr-2015
https://dl.acm.org/doi/10.1109/ICISCE.2015.122
Shen PGuo KXiao MXu QBalaji PXu C(2015)SpyProceedings of the 15th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing10.1109/CCGrid.2015.88(951-960)Online publication date: 4-May-2015
https://dl.acm.org/doi/10.1109/CCGrid.2015.88
Arroyo DDiaz JRodriguez F(2015)Non-conventional Digital Signatures and Their Implementations—A ReviewInternational Joint Conference10.1007/978-3-319-19713-5_36(425-435)Online publication date: 27-May-2015
https://doi.org/10.1007/978-3-319-19713-5_36
Stewart CGupta V(2014)The workshop on diversity in systems research 2013ACM SIGOPS Operating Systems Review10.1145/2626401.262642248:1(103-106)Online publication date: 15-May-2014
https://dl.acm.org/doi/10.1145/2626401.2626422

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents