Accession Number:

ADA624131

Title:

Deniable Anonymous Group Authentication

Descriptive Note:

Technical rept.

Corporate Author:

YALE UNIV NEW HAVEN CT DEPT OF COMPUTER SCIENCE

Report Date:

2014-02-13

Pagination or Media Count:

41.0

Abstract:

In some situations, users need to authenticate as distinct members of some well-defined group, without revealing their individual identities to validate and corroborate a leak, for example, or to count participants in a closed anonymous forum. Current group authentication techniques offering this capability, however, may de-anonymize users if an attacker later compromises their private keys. Addressing this under-explored risk, we present deniable anonymous group authentication DAGA, the first anonymous authentication protocol offering proportionality, forward anonymity, and deniability in combination. To offer these properties, DAGA leverages a federation of collectively but not individually trusted servers. These servers collectively generate tags during authentication, which ensure client distinctness and proportionality, while cryptographically scrubbing information that could later de-anonymize clients. After an authentication round, clients and honest servers securely erase their ephemeral secrets, protecting clients from later de-anonymization even if an attacker eventually compromises all long-term client and server keys. A proof-of-concept prototype validates DAGAs practicality, authenticating a client into a 32-member group in one second, or into a 2048-member group in two minutes.

Subject Categories:

  • Computer Systems Management and Standards
  • Cybernetics

Distribution Statement:

APPROVED FOR PUBLIC RELEASE