Accountable Privacy

Accountable Privacy in Online Communications
Abstract:
Advances in communication technologies change the way people communicate. For example, Internet brings together people who do not know each other before hand to engage in discussion of a certain topic. With cyber-physical systems, they also make daily life more convenient. People can make seamless payment using stored-value smartcard or auto-toll devices. One indispensable feature in these systems is privacy. However, perfect privacy may be abused, e.g., vandalism in discussion forum, money laundering, etc.

Anonymous credential offers a cryptographic authentication mechanism that aims to provideaccountability and privacy at the same time. They are useful in applications which just require a proof of certain attributes such as membership, instead of positive identification of the user. Normally, the users remain anonymous, yet they are still accountable for their actions after authentication, by the means of anonymity revocation. Years of research efforts have been made on balancing between privacy and accountability, which is also the main theme of this proposal.

Firstly, we aim to improve real-world anonymous credential realizations, such as Microsoft's U-Prove, which does not support revocation without compromising untraceability. We aim to develop a new, efficient, and modular mechanism for revocation. Techniques developed will also benefit other anonymous credential systems.

Secondly, we are particularly interested in application of anonymous credentials technologies in supporting privacy-preserving electronic payment. Realizing privacy-preserving payment systems is closely related to the problem of striking a balance in privacy and accountability which is the main focus of this work.

The final focus of this proposal is on anonymous blacklistable credentials for the Internet, which a trusted party for ensuring privacy is often absent. Apart from blacklisting bad behaviour, rewarding user contribution via reputation score is equally important. Existing mechanisms either requires costly authentication process or a timely evaluation of all authenticated sessions to see if blacklisting is required. We aim to propose a new framework to resolve all these problems simultaneously.

Improving any of these areas will make an impact on potentially millions of users worldwide. Underlying these key thrusts is privacy-enhancing cryptography, which the PI has been actively working on in recent years. The PI has also close collaboration with driving forces of anonymous credential systems such as Microsoft Research, Intel, and NTT R&D. The completion of this proposed project will result in new cryptographic building blocks and new paradigms of constructing cryptographic anonymous credential systems, which have a broad impact on cryptography, distributed systems, and privacy research communities.

List of Research Output (2012-)

Yongjun Zhao, Sherman S. M. Chow: Are you The One to Share? Secret Transfer with Access Structure. Privacy Enhancing Technologies Symposium 2017: To appear.
Sherman S. M. Chow, Haibin Zhang, Tao Zhang: Real Hidden Identity-Based Signatures. FC 2017: To appear.
Russell W. F. Lai, Tao Zhang, Sherman S. M. Chow, Dominique Schroder: Efficient Sanitizable Signatures without Random Oracles. ESORICS 2016: 363-380
Sherman S. M. Chow, Russell W.F. Lai, Xiuhua Wang, Yongjun Zhao: Privacy Preserving Credit Systems. NSS 2016: 184-199
Joseph K. Liu, Sze Ling Yeo, Wun-She Yap, Sherman S. M. Chow, Duncan S. Wong, Willy Susilo: Faulty Instantiations of Threshold Ring Signature from Threshold Proof-of-Knowledge Protocol. Comput. J. 59(7): 945-954 (2016)
Yujue Wang, Duncan S. Wong, Qianhong Wu, Sherman S. M. Chow, Bo Qin, Jianwei Liu, Yong Ding: Practical (fully) distributed signatures provably secure in the standard model. Theor. Comput. Sci. 595: 143-158 (2015)
Sherman S. M. Chow, Xinyi Huang, Man Ho Au, Jianying Zhou: Time-Bound Anonymous Authentication for Roaming Networks. IEEE Transactions on Information Forensics and Security 10(1): 178-189 (2015)
Hua Deng, Qianhong Wu, Bo Qin, Sherman S. M. Chow, Josep Domingo-Ferrer, Wenchang Shi: Tracing and revoking leaked credentials: accountability in leaking sensitive outsourced data. ASIACCS 2014: 425-434
Tao Zhang, Sherman S. M. Chow: Security of Direct Anonymous Authentication Using TPM 2.0 Signature - A Possible Implementation Flaw. Inscrypt 2014: 37-48
Yujue Wang, Duncan S. Wong, Qianhong Wu, Sherman S. M. Chow, Bo Qin, Jianwei Liu: Practical Distributed Signatures in the Standard Model. CT-RSA 2014: 307-326
Tsz Hon Yuen, Sherman S. M. Chow, Cong Zhang, Siu-Ming Yiu: Exponent-inversion Signatures and IBE under Static Assumptions. IACR Cryptology ePrint Archive 2014: 311 (2014)
Masayuki Abe, Sherman S. M. Chow, Kristiyan Haralambiev, Miyako Ohkubo: Double-trapdoor anonymous tags for traceable signatures. Int. J. Inf. Sec. 12(1): 19-31 (2013)
Man Ho Au, Willy Susilo, Yi Mu, Sherman S. M. Chow: Constant-Size Dynamic $k$ -Times Anonymous Authentication. IEEE Systems Journal 7(2): 249-261 (2013)
Tolga Acar, Sherman S. M. Chow, Lan Nguyen: Accumulators and U-Prove Revocation. Financial Cryptography 2013: 189-196
Sherman S. M. Chow, Changshe Ma, Jian Weng: Zero-Knowledge Argument for Simultaneous Discrete Logarithms. Algorithmica 64(2): 246-266 (2012)
Sherman S. M. Chow, Yi Jun He, Lucas Chi Kwong Hui, Siu-Ming Yiu: SPICE - Simple Privacy-Preserving Identity-Management for Cloud Environment. ACNS 2012: 526-543
Sherman S. M. Chow, Cheng-Kang Chu, Xinyi Huang, Jianying Zhou, Robert H. Deng: Dynamic Secure Cloud Storage with Provenance. Cryptography and Security 2012: 442-464
Kin Ying Yu, Tsz Hon Yuen, Sherman S. M. Chow, Siu-Ming Yiu, Lucas Chi Kwong Hui: PE(AR)2: Privacy-Enhanced Anonymous Authentication with Reputation and Revocation. ESORICS 2012: 679-696

(back)