Sebastian Clauß

Identity management and its support of multilateral security

Abstract We show our approach in developing an identity management system with respect to multilateral security. After examining digital pseudonyms and credentials as basic concepts of such a system, we give an introduction to technologies for multilateral security and describe an architecture which enables multilaterally secure communication. By means of different scenarios we show requirements of an identity management system, and outline an approach in developing an identity manager and its infrastructure. Finally, we discuss problems and risks of identity management systems which must be considered when using such a system.

Structuring anonymity metrics

This paper structures different anonymity metrics. We show that there is no single all-purpose metric for anonymity. We present different models for anonymity metrics on the network layer and on the application layer, and propose a way to merge these models into a combined model aiming at providing metrics usable within a user-centric identity management system. Thereby we distinguish the users and the service providers point of view using the notions of local and global anonymity. As a generalization of Shannon-, Min-and Max-Entropy, we use Rényi-Entropy as a framework to create anonymity metrics appropriate for different situations.

A framework for quantification of linkability within a privacy-enhancing identity management system

Within a privacy-enhancing identity management system, among other sources of information, knowledge about current anonymity and about linkability of users actions should be available, so that each user is enabled to make educated decisions about performing actions and disclosing PII (personal identifiable information). In this paper I describe a framework for quantification of anonymity and linkability of a users actions for use within a privacy-enhancing identity management system. Therefore, I define a model of users PII and actions as well as an attacker model. Based thereon, I describe an approach to quantify anonymity and linkability of actions. Regarding practical applicability, a third party service for linkability quantification is discussed.

k -anonymous reputation

While performing pure e-business transactions such as purchasing software or music, customers can act anonymously supported by, e.g., anonymous communication protocols and anonymous payment protocols. However, it is hard to establish trust relations among anonymously acting business partners. Anonymous reputation systems have been proposed to mitigate this problem. Schiffner et al. recently proved that there is a conflict between anonymity and reputation and they established the non-existence of certain privacy-preserving reputation functions. In this paper we argue that this relationship is even more intricate. First, we present a reputation function that deanonymizes the user, yet provides strong anonymity (SA) according to their definitions. However, this reputation function has no utility, i.e., the submitted ratings have no influence on the resulting reputation values. Second, we show that a reputation function having utility requires the system to choose new independently at random selected pseudonyms (for all users it has utility for) on every new rating as a necessary condition to provide strong anonymity according to the aforementioned definition. Since some persistence of pseudonyms is favorable, we present a more secure, but also more usable definition for anonymous reputation systems that allows persistency yet guaranties k-anonymity. We further present a definition for rating secrecy based on a threshold. Finally, we propose a practical reputation function, for which we prove that it satisfies these definitions.

Privacy, liveliness and fairness for reputation

In various Internet applications, reputation systems are typical means to collect experiences users make with each other. We present a reputation system that balances the security and privacy requirements of all users involed. Our system provides privacy in the form of information theoretic relationship anonymity w.r.t. users and the reputation provider. Furthermore, it preserves liveliness, i.e., all past ratings can influence the current reputation profile of a user. In addition, mutual ratings are forced to be simultaneous and self rating is prevented, which enforces fairness. What is more, without performing mock interactions--even if all users are colluding--users cannot forge ratings. As far as we know, this is the first protocol proposed that fulfills all these properties simultaneously.

Efficiency Improvements of the Private Message Service

Based on the private message service described in [4] we show efficiency improvements of that private message service in the computational setting. Regarding an attacker which may control all but one of the queried servers we describe a private message service with a total communication complexity of blinded read between client and private message service of n bit upstream and k bit downstream, where n denotes the number of cells in the database and k the size of one cell. Apart from a registration mechanism, the communication complexity between client and service is independent of the number of queried servers. Our improvement of the private message service is not only extremely efficient in terms of communication, but also in terms of computation. Further we describe how to use the message service in case of messages which are addressed using visible implicit addresses. After that we prove that at least parts of messages which are addressed using invisible implicit addresses must be broadcasted.We generalize the message service to operations in ZN (N ? 2) and prove the security of blinded read.

Further privacy mechanisms

In general, designing reasonable metrics for privacy quantification is an approach of several disciplines. This section focuses on technical and formal metrics. They can be distinguished depending on purposes or use-cases, available data, and the way results can be interpreted.

Identitätsmanagement in Netzwelten

Viele Menschen verlagern immer mehr Aspekte ihres Lebens zumindest teilweise in die virtuellen und vernetzten Welten des Internet. In Netzwelten wird gekauft und verkauft, ein groses Spektrum an Themen diskutiert, Wissen mit anderen geteilt und erworben, miteinander gespielt und vieles mehr. Das gilt sowohl fur berufliche als auch private Belange. Dabei kommt es haufig zu Interaktionen von einander vorher Unbekannten.