Abstract
This article first formalizes the problem of unlinkable attribute-based authentication in the system where each user possesses multiple assertions and uses them interchangeably. Currently, there are no recommendations for optimal usage of assertions in such authentication systems. To mitigate this issue, we use conditional entropy to measure the uncertainty for a Relying Party who attempts to link observed assertions with user labels. Conditional entropy is the function of usage statistics for all assertions in the system. Personal decisions made by the users about the usage of assertions contribute to these statistics. This collective effect from all the users impacts the unlinkability of authentication and must be studied using game theory. We specify several instances of the game where context information that is provided to the users differs. Through game theory and based on conditional entropy, we demonstrate how each user optimizes usage for the personal set of assertions. In the experiment, we substantiate the advantage of the proposed rational decision-making approaches: Unlinkability that we obtain under Nash equilibrium is higher than in the system where users authenticate using their assertions at random. We finally propose an algorithm that calculates equilibrium and assists users with the selection of assertions. This manifests that described techniques can be executed in realistic settings. This does not require modification of existing authentication protocols and can be implemented in platform-independent identity agents. As a use case, we describe how our technique can be used in Digital Credential Wallets: We suggest that unlinkability of authentication can be improved for Verifiable Credentials.
- [1] . 2017. IRMA: Practical, decentralized and privacy-friendly identity management using smartphones. In Proceedings of the Hot Topics in Privacy Enhancing Technologies (HotPETs’17).Google Scholar
- [2] . 2016. Unobservable communication over fully untrusted infrastructure. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI’16). USENIX Association, 551–569. https://www.usenix.org/conference/osdi16/technical-sessions/presentation/angel.Google Scholar
- [3] . 2017. Building digital identities: The challenges, risks and opportunities of collecting behavioural attributes for new digital identity systems. 40 pages.Google Scholar
- [4] . 2020. ATEMA: An attribute enablement module for attribute retrieval and transfer through the eIDAS Network. In Proceedings of the 24th International Conference on System Theory, Control and Computing (ICSTCC’20). IEEE, 532–539. Google Scholar
Cross Ref
- [5] . 1995. Trust, reciprocity, and social history. Games Econ. Behav. 10, 1 (1995), 122–142.
DOI: Google ScholarCross Ref
- [6] . 2016. Bayes correlated equilibrium and the comparison of information structures in games. Theor. Econ. 11, 2 (2016), 487–522.
DOI: Google ScholarCross Ref
- [7] . 2004. Provable unlinkability against traffic analysis. In Proceedings of the International Conference on Financial Cryptography. Springer, 266–280.Google Scholar
Cross Ref
- [8] . 2005. Uniform resource identifier (URI): Generic syntax. Retrieved from https://tools.ietf.org/html/rfc3986.Google Scholar
- [9] . 2013. Federated identity management systems: A privacy-based characterization. IEEE Secur. Priv. 11, 5 (2013), 36–48.Google Scholar
Digital Library
- [10] . 2020. NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management, Version 1.0.
Special Publication . National Institute of Standards and Technology. Google ScholarCross Ref
- [11] . 2004. Short group signatures. In Proceedings of the 24th Annual International Cryptology Conference (CRYPTO’04), Matt Franklin (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 41–55.Google Scholar
Cross Ref
- [12] . 2002. Collins Dictionary of Mathematics. HarperCollins.Google Scholar
- [13] . 2012. Linking unlinkability. In Proceedings of the International Symposium on Trustworthy Global Computing, Catuscia Palamidessi and Mark D. Ryan (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 129–144.Google Scholar
- [14] . 2014. D3. 1: Scientific comparison of ABC protocols. Part I-Formal Treatment of Privacy-Enhancing Credential Systems. Project deliverable in ABC4Trust (2014).Google Scholar
- [15] . 2002. A signature scheme with efficient protocols. In Proceedings of the 3rd International Conference on Security in Communication Networks (SCN’02), Revised Papers,
Lecture Notes in Computer Science , Vol. 2576. Springer, 268–289.Google Scholar - [16] . 2007. An introduction to information theory and entropy. Complex Systems Summer School, Santa Fe.Google Scholar
- [17] . 2016. Let’s talk money: Evaluating the security challenges of mobile money in the developing world. In Proceedings of the 7th Annual Symposium on Computing for Development. Association for Computing Machinery, New York, NY, Article
4 , 10 pages. Google ScholarDigital Library
- [18] . 2019. Improved identity management with verifiable credentials and FIDO. IEEE Commun. Stand. Mag. 3, 4 (2019), 14–20.Google Scholar
Cross Ref
- [19] . 2019. German government adds iPhone NFC identity card reading to digital ID app. Retrieved from https://www.nfcw.com/2019/10/01/364573/german-government-adds-iphone-nfc-identity-card-reading-to-digital-id-app/.Google Scholar
- [20] . 2020. Germany to begin rollout of open national digital identity service “later this year”. Retrieved from https://www.nfcw.com/2020/07/29/367360/germany-to-begin-rollout-of-open-national-digital-identity-service-later-this-year/.Google Scholar
- [21] . 2006. Structuring anonymity metrics. In Proceedings of the 2006 Workshop on Digital Identity Management, Alexandria, VA, USA, November 3, 2006, Ari Juels, Marianne Winslett, and Atsuhiro Goto (Eds.). ACM, 55–62. Google Scholar
Digital Library
- [22] . 1996. An interior trust region approach for nonlinear minimization subject to bounds. SIAM J. Optim. 6, 2 (1996), 418–445.Google Scholar
Digital Library
- [23] . 2018. Looking ahead: The user experience of eIDAS-based eID. Value Proposition of eIDAS eID.Google Scholar
- [24] . 2013. Privacy Considerations for Internet Protocols.
Request for Comments IETF RFC 6973. The Internet Engineering Task Force, Wilmington, DE. Google ScholarCross Ref
- [25] . 2019. The trust over ip stack. IEEE Commun. Stand. Mag. 3, 4 (2019), 46–51.Google Scholar
Cross Ref
- [26] . 2002. Towards measuring anonymity. In Proceedings of the International Workshop on Privacy Enhancing Technologies Roger Dingledine and Paul Syverson (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 54–68.Google Scholar
- [27] . 2021. The Key to Digital Identity. Retrieved from https://www.dizme.io/.Google Scholar
- [28] . 2004. The evolution of strategies in a repeated trust game. J. Econ. Behav. Organiz. 55, 4 (2004), 553–573.
DOI: Trust and Trustworthiness. Google ScholarCross Ref
- [29] . 2020-07-23. Proposal for a European Digital Identity (EUid) and Revision of the eIDAS Regulation. Directorate-General for Communications Networks, Content and Technology (2020-07-23).Google Scholar
- [30] . 2014-07-23. Regulation (EU) No 910/2014 of the european parliament and of the council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Council of the European Union (2014-07-23).Google Scholar
- [31] . 1987. Zero Knowledge Proofs of Identity. In Proceedings of the 19th Annual ACM Symposium on Theory of Computing, 1987, New York, New York, USA, (Ed.). ACM, 210–217. Google Scholar
Digital Library
- [32] . 2020. Security and Privacy Controls for Information Systems and Organizations.
Special Publication NIST SP 800-53 rev.5. National Institute of Standards and Technology, Gaithersburg, MD. Google ScholarCross Ref
- [33] . 2007. Attacking unlinkability: The importance of context. In Proceedings of the International Workshop on Privacy Enhancing Technologies. Springer, 1–16.Google Scholar
Cross Ref
- [34] . 2009. On non-cooperative location privacy: A game-theoretic analysis. In Proceedings of the 16th ACM Conference on Computer and Communications Security. 324–337.Google Scholar
Digital Library
- [35] . 1991. Game Theory (11 ed.). The MIT Press.Google Scholar
- [36] . 2013. Privacy as a coordination game. In Proceedings of the 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton’13). IEEE, 1608–1615.Google Scholar
Cross Ref
- [37] . 2020. Verifiable Contracting. In Computer Security, (Eds.). Springer International Publishing, Cham, 133–144.Google Scholar
- [38] . 2020. Digital Identity Guidelines.
Standard NIST SP 800-63-3. National Institute of Standards and Technology, Gaithersburg, MD. Google ScholarCross Ref
- [39] . 2018. Attribute Metadata: A Proposed Schema for Evaluating Federated Attributes.
Technical Report NISTIR 8112. National Institute of Standards and Technology, Gaithersburg, MD. Google ScholarCross Ref
- [40] . 2005. Anonymity and information hiding in multiagent systems. J. Comput. Secur. 13, 3 (2005), 483–514.Google Scholar
Cross Ref
- [41] . 1967. Games with incomplete information played by “Bayesian” players, I–III Part I. the basic model. Manage. Sci. 14, 3 (1967), 159–182.
DOI: Google ScholarDigital Library
- [42] . 2010. How much anonymity does network latency leak?ACM Trans. Inf. Syst. Secur. 13, 2, Article
13 (March 2010), 28 pages.DOI: Google ScholarDigital Library
- [43] . 2019. Attribute Considerations for Access Control Systems.
Recommendation NIST SP 800-205. National Institute of Standards and Technology, Gaithersburg, MD. Google ScholarCross Ref
- [44] . 2010. Tracking games in mobile networks. In Proceedings of the International Conference on Decision and Game Theory for Security. Springer, 38–57.Google Scholar
Digital Library
- [45] . 2021. An open ecosystem for trusted identities. Retrieved from https://idunion.org/?lang=en.Google Scholar
- [46] . 2012. Information Technology–Security Techniques–Security Assurance Framework–Part 1: Introduction and Concepts.
Technical Report ISO/IEC TR 15443-1:2012(E). International Organization for Standardization, Geneva, CH.Google Scholar - [47] . 2018. Information Technology–Security Techniques–Information Security Risk Management.
Standard ISO/IEC 27005:2018(E). International Organization for Standardization, Geneva, CH.Google Scholar - [48] . 2019. Systems and Software Engineering–Systems and Software Assurance–Part 1: Concepts and Vocabulary.
Standard ISO/IEC/IEEE 15026-1:2019(E). International Organization for Standardization, Geneva, CH.Google Scholar - [49] . 2020. Information Security, Cybersecurity and Privacy Protection–Evaluation Criteria for IT Security–Part 2: Security Functional Components.
Standard ISO/IEC DIS 15408-2:2020(E). International Organization for Standardization, Geneva, CH.Google Scholar - [50] . 2020. Information Technology–Requirements for Attribute-based Unlinkable Entity Authentication.
Standard ISO/IEC DIS 27551. International Organization for Standardization, Geneva, CH.Google Scholar - [51] . 2017. ITU-T Focus Group Digital Financial Services: Main Recommendations.
Standard . International Telecommunication Union, Geneva, CH.Google Scholar - [52] . 2015. JSON web key (JWK). Retrieved from https://tools.ietf.org/html/rfc7517.Google Scholar
- [53] . 2015. JSON Web Encryption (JWE).
Request for Comments IETF RFC 7516. The Internet Engineering Task Force, Wilmington, DE. Google ScholarCross Ref
- [54] . 2014. Mechanism design in large games: Incentives and privacy. In Proceedings of the 5th Conference on Innovations in Theoretical Computer Science. 403–410.Google Scholar
Digital Library
- [55] . 2020. JSON-LD 1.1: A JSON-based Serialization for Linked Data.
Recommendation . World Wide Web Consortium.Google Scholar - [56] . 2002. Date and time on the Internet: Timestamps. Retrieved from https://tools.ietf.org/html/rfc3339.Google Scholar
- [57] . 2013. Service providers’ requirements for eID solutions: Empirical evidence from the leisure sector. Open Identity Summit 2013 (2013).Google Scholar
- [58] . 2019. A taxonomic approach to understanding emerging blockchain identity management systems. CoRR abs/1908.00929 (2019). arXiv:1908.00929 http://arxiv.org/abs/1908.00929Google Scholar
- [59] . 2013. A game-theoretic approach for achieving k-anonymity in location based services. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’13). IEEE, 2985–2993. Google Scholar
Cross Ref
- [60] . 2020. RSA Signature Suite 2018.
Specification . World Wide Web Consortium.Google Scholar - [61] . 2020. Trace equivalence and epistemic logic to express security properties. In Proceedings of the International Conference on Formal Techniques for Distributed Objects, Components, and Systems. Springer, 115–132.Google Scholar
Digital Library
- [62] . 2009. Privacy through noise: A design space for private identification. In Proceedings of the Annual Computer Security Applications Conference. 518–527.Google Scholar
Digital Library
- [63] . 2019. Verifiable Credentials Use Cases.
Guide . World Wide Web Consortium.Google Scholar - [64] . 2008. Privacy of recent RFID authentication protocols. In Proceedings of the International Conference on Information Security Practice and Experience. Springer, 263–277.Google Scholar
Digital Library
- [65] . 2010. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management.Google Scholar
- [66] . 2019. Privacy-preserving attribute aggregation in eID federations. Fut. Gener. Comput. Syst. 92 (2019), 1–16.
DOI: Google ScholarDigital Library
- [67] . 2013. Proofs of impossibility. In Logical Foundations of Mathematics and Computational Complexity. Springer, 255–364.Google Scholar
Cross Ref
- [68] . [n. d.]. Digital credential wallets.Google Scholar
- [69] . 2021. Decentralized Identifiers (DIDs) v1.0: Core Architecture, Data Model, and Representations.
Recommendation . World Wide Web Consortium.Google Scholar - [70] . 2017. Current research and open problems in attribute-based access control. ACM Comput. Surv. 49, 4 (2017), 1–45.Google Scholar
Digital Library
- [71] . 2016. Wald’s mighty maximin: A tutorial. Int. Trans. Operat. Res. 23, 4 (2016), 625–653.
DOI: Google ScholarCross Ref
- [72] . 2019. Verifiable Credentials Data Model v1.0: Expressing Verifiable Information on the Web.
Recommendation . World Wide Web Consortium.Google Scholar - [73] . 2003. Modelling Unlinkability. In Privacy Enhancing Technologies, Third International Workshop, PET 2003, Dresden, Germany, March 26-28, 2003, Revised Papers (Lecture Notes in Computer Science, Vol. 2760), (Ed.). Springer, 32–47. Google Scholar
Cross Ref
- [74] . 2020. Privacy by design architecture composed of identity agents decentralizing control over digital identity. In Proceedings of the Open Identity Summit, , , , and (Eds.). Gesellschaft für Informatik e.V., Bonn, 163–170.
DOI: Google ScholarCross Ref
- [75] . 2018. Technical privacy metrics: A systematic survey. ACM Comput. Surv. 51, 3 (2018), 1–38.Google Scholar
Digital Library
Index Terms
Improving Unlinkability of Attribute-based Authentication through Game Theory
Recommendations
A new revocable secret handshake scheme with backward unlinkability
EuroPKI'10: Proceedings of the 7th European conference on Public key infrastructures, services and applicationsSecret handshake schemes allow the members of a certain organization can anonymously authenticate each other. In this paper, a new revocable secret handshake scheme with backward unlinkability is presented. Our new scheme achieves the impersonator ...
A fine-grained attribute-based authentication for sensitive data stored in cloud computing
Attribute-Based Signature ABS is one of the important security primitives to realise anonymous authentication. In ABS, users cannot forge a signature with attributes they do not have even if they collude. In addition, a legitimate signer remains ...
Trapdoor Sanitizable and Redactable Signatures with Unlinkability, Invisibility and Strong Context-Hiding
Information Security and Cryptology – ICISC 2022AbstractIn trapdoor sanitizable signatures (TSS) (ACNS’08), a signer can partially delegate its signing ability to someone. When signing a message, the signer chooses its sanitizable parts. Each signature is associated with a trapdoor, enabling any entity ...






Comments