Transcript ppt
Controlled Identity
Claudia Díaz, Bart Preneel
K.U.Leuven – ESAT/COSIC
Terminology for anonymity
• Identifiability: “possibility to know the real identity of
an entity by means of the actual data exchanged in the
system”
• Anonymity: “state of being not identifiable within a
set of subjects, the anonymity set”
• Unlinkability: “two or more items are unlinkable if
within the system these items are no more and no les
related than they are with respect to the a priori
knowledge”
• Unobservability: “it cannot be determined whether
an operation has been performed or not”
Terminology for anonymity
• Traceability: “possibility to trace communication
between application components and as such adquire
private information”
• Time related properties of anonymity
– Durability: “quantification of the persistence of the anonymity
properties over time”
– Persistent anonymity (pseudonymity): “use of
pseudonyms as IDs” (linkable actions)
– One-time anonymity: “a new pseudonym is used for
every transaction” (unlinkable transactions)
Model for anonymity control
• Controls with unconditional anonymity
– Identity is never revealed, but some control
mechanisms are implemented
– E.g., access control, flow control, amount limitedness,
non-transferability, auditability
• User-controlled conditional anonymity
– The identification of the user is triggered by an action
of the user
– E.g., self-escrow, double-spending detection
• Trustee-controlled conditional anonymity
– There is a TTP that can identify the user
Extra terminology for anonymity
control
• Trustee-linkable: “two items are trustee-linkable if they can only
be linked by a trustee”
• Tracing (for deanonymization)
– Owner tracing: tracing the identity based on the results of the
action
– Coin tracing: tracing the results of the action based on the
identity
– Auditable tracing: the tracing can be verified and proven to a
third party by the user who is traced
• Accountability: responsibility in general of an entity of its acts. It
does not necessarily imply financial responsibility
• Liability: state in which a person can be condemned to finantial
regress for damages
Anonymity metrics
• If we have probabilistic information that relates
pseudonyms of some kind to identities, then the
information theoretic models to measure
anonymity can be applied:
N
H X pi log 2 pi
i 1