Transcript ppt
Controlled Identity Claudia Díaz, Bart Preneel K.U.Leuven – ESAT/COSIC Terminology for anonymity • Identifiability: “possibility to know the real identity of an entity by means of the actual data exchanged in the system” • Anonymity: “state of being not identifiable within a set of subjects, the anonymity set” • Unlinkability: “two or more items are unlinkable if within the system these items are no more and no les related than they are with respect to the a priori knowledge” • Unobservability: “it cannot be determined whether an operation has been performed or not” Terminology for anonymity • Traceability: “possibility to trace communication between application components and as such adquire private information” • Time related properties of anonymity – Durability: “quantification of the persistence of the anonymity properties over time” – Persistent anonymity (pseudonymity): “use of pseudonyms as IDs” (linkable actions) – One-time anonymity: “a new pseudonym is used for every transaction” (unlinkable transactions) Model for anonymity control • Controls with unconditional anonymity – Identity is never revealed, but some control mechanisms are implemented – E.g., access control, flow control, amount limitedness, non-transferability, auditability • User-controlled conditional anonymity – The identification of the user is triggered by an action of the user – E.g., self-escrow, double-spending detection • Trustee-controlled conditional anonymity – There is a TTP that can identify the user Extra terminology for anonymity control • Trustee-linkable: “two items are trustee-linkable if they can only be linked by a trustee” • Tracing (for deanonymization) – Owner tracing: tracing the identity based on the results of the action – Coin tracing: tracing the results of the action based on the identity – Auditable tracing: the tracing can be verified and proven to a third party by the user who is traced • Accountability: responsibility in general of an entity of its acts. It does not necessarily imply financial responsibility • Liability: state in which a person can be condemned to finantial regress for damages Anonymity metrics • If we have probabilistic information that relates pseudonyms of some kind to identities, then the information theoretic models to measure anonymity can be applied: N H X pi log 2 pi i 1