Abstract
Several credential systems have been proposed in which users can authenticate to services anonymously. Since anonymity can give users the license to misbehave, some variants allow the selective deanonymization (or linking) of misbehaving users upon a complaint to a trusted third party (TTP). The ability of the TTP to revoke a user's privacy at any time, however, is too strong a punishment for misbehavior. To limit the scope of deanonymization, systems such as "e-cash" have been proposed in which users are deanonymized under only certain types of well-defined misbehavior such as "double spending." While useful in some applications, it is not possible to generalize such techniques to more subjective definitions of misbehavior. We present the first anonymous credential system in which services can "blacklist" misbehaving users without contacting a TTP. Since blacklisted users remain anonymous, misbehaviors can be judged subjectively without users fearing arbitrary deanonymization by a TTP.
Original language | English |
---|---|
Title of host publication | CCS'07 - Proceedings of the 14th ACM Conference on Computer and Communications Security |
Pages | 72-81 |
Number of pages | 10 |
DOIs | |
Publication status | Published - 1 Dec 2007 |
Externally published | Yes |
Event | 14th ACM Conference on Computer and Communications Security, CCS'07 - Alexandria, VA, United States Duration: 29 Oct 2007 → 2 Nov 2007 |
Conference
Conference | 14th ACM Conference on Computer and Communications Security, CCS'07 |
---|---|
Country/Territory | United States |
City | Alexandria, VA |
Period | 29/10/07 → 2/11/07 |
Keywords
- Anonymous authentication
- Anonymous blacklisting
- Privacy
- Revocation
- User misbehavior
ASJC Scopus subject areas
- Software
- Computer Networks and Communications