Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Privacy-enhanced Revocation (and View of Applying to Web)

August 30, 2023

Privacy-enhanced Revocation (and View of Applying to Web)

It is presented at the W3C Anti-Fraud Community Group.


August 30, 2023

More Decks by akakou

Other Decks in Programming


  1. Privacy-enhanced Revocation (and View of Applying to Web) Kosei Akama(akakou)

    Faculty of Environment and Information Studies, Keio University, Japan
  2. Agenda Malicious actions are a huge problem (e.g., cheating in

    games). Revocation of users is an effective measure. However, basic revocation methods need identity proof, so it causes the risk of tracking (i.e., privacy concerns). Privacy-friendly cryptographic scheme enabling revoking users without identifiers. Whether we should apply the above privacy-enhanced revocation capability to the Web or not. Background Challenge EPID: Enhanced Privacy ID Discussion 2
  3. Background Malicious actions (e.g., cheating in games [1]) are a

    significant problem, including in the context of Web applications. To solve these problems, revoking malicious users is an excellent function to reduce fraud [2]. User Service Revoking users who have abused the service in the past × × ✓ [3] Screenshot of revocation (pokemon go) 3
  4. Prior methods and Challenges The most straightforward way of revocation

    is to use the user identifier strongly coupled to users' identity. However, they have privacy concerns. E.g., user tracking by services (i.e., National ID, Phone number, Credit Card) user α's histories Malicous Service B user α's histories Malicous Service A Tracking Recieving service + Identity prooving  User α 4
  5. Purpose Realize user revocation without privacy violation. × User Service

    User Service Users can numerously repeat malicious activities Services can track users. Services can block users who have conducted malicious activities in the past. Users are anonymous. (Services cannot track them.) × × ✓ OR AND Before After 5
  6. EPID: Enhanced Privacy ID Using EPID, services can revoke users

    while not being able to track users. The essential concept of EPID is the signature-based revocation that allows services to revoke users using their signature (without using the user's information). EPID is mainly used for attestation in Intel SGX [5]. Intel SGX is a widely available Trusted Execution Environment (TEE). Intel core i(>= 5) series supports hardware protection for EPID key. EPID is a privacy-friendly cryptographic protocol with user revocation [4] 6
  7. System and Threat Model Trust × Signer (User) ①Setup ③Sign

    GM*1 Verifier (Service) ②Join ④Verify *1 GM: Group Manager Security Requirements Req A. Revocability The service can block the user who is revoked by the service. Req B. Unforgeability Users cannot make valid signatures without a legitimate secret key. Req C. Unlinkability Verifier and GM cannot track users from the signatures. (In other words, they cannot know whether an identical signer produced the signatures.) Assumption β. Users do not have many identifiers. Trust × Trust Threat 2. Rogue verifier&GM attempt to track users with signatures. Threat 1. Rogue signer attempts to forge a signature or avoid revocation. Assumption α. GM does not provide multiple secret keys to a user. 7 ⑤Revoke
  8. EPID features: Unforgeability & Unlinkability Unforgeability: Ensures that only eligible

    users produce a signature with a key from GM. Unlinkability: Ensures that the service cannot track the user using the user's signature. All signatures are verified with the same public key EPID ensures Unforgeability and Unlinkability in a cryptographic manner. (unlike the basic signature scheme, where each user has different public keys). Public key secret key 1 secret key 2 secret key N … Signature Sign Message Verify accept OR reject All signatures are verified with the same public key. → No one can track users using signatures Choose a key N-1 relatio- nship 8
  9. Proof that r1 was not made from the secret key

    × Verifier Signer Proof of knowledge of valid secret key × signature Public key secret key … r1 r2 rR Revocation List … Proof that r2 was not made from the secret key Proof that rR was not made from the secret key = signature EPID feature: Revocability EPID uses signature-based revocation. Signature-based revocation: Revoking malicious users using only signatures (not using the users' identity) Proving that the secret key has not been used for all signatures in the revocation list. 9
  10. Discussion Should we apply privacy-enhanced revocation function (EPID) to Web

    applications? In the context of the web, some services struggle to prevent abusive users because of the un-revocability of current systems (e.g., cheating in games). Additional concerns: (1) Legitimate users suffer low-quality service due to malicious users. (2) Legitimate users are forced to provide identifying information to let services identify and ban malicious users. We can improve this by using privacy-enhanced revocation methods. 10
  11. Conclusion Revoking users is a powerful security measure against fraud,

    but has privacy concerns (i.e., tracking) Need for both revocability and untracability at the same time. A cryptographic protocol that allows user revocation while protecting their privacy Uses signature-based revocation Should we apply EPID to the Web? Applying EPID provides benefits for both entities (i.e., users and services) Background EPID: Enhanced Privacy ID Discussion 11
  12. References [1] Report: Cheating Is Becoming A Big Problem In

    Online Gaming, Forbes, https://www.forbes.com/sites/nelsongranados/2018/04/30/report-cheating-is-becoming- a-big-problem-in-online-gaming/ (accessed Wednesday, August 16, 2023) [2] Pokemon Go players banned for cheating, BBC News, https://www.bbc.com/news/newsbeat-56158634 (accessed Wednesday, August 16, 2023) [3] Pokemon Go Warnings Bans Three-Strike Policy Explained 2022, Future Game Releases, https://www.futuregamereleases.com/2022/03/pokemon-go-warnings-bans- three-strike-policy-explained-2022/ (accessed Wednesday, August 16, 2023) [4] Intel® Enhanced Privacy ID (EPID) Security Technology, Intel, https://www.intel.com/content/www/us/en/developer/articles/technical/intel-enhanced- privacy-id-epid-security-technology.html (accessed Wednesday, August 16, 2023) [5] Intel® Software Guard Extensions (Intel® SGX), Intel, https://www.intel.com/content/www/us/en/architecture-and-technology/software- guard-extensions.html (accessed Wednesday, August 16, 2023) 12