On the efficiency of user identification: a system-based approach

In the Internet era, users’ fundamental privacy and anonymity rights have received significant research and regulatory attention. This is not only a result of the exponential growth of data that users generate when accomplishing their daily task by means of computing devices with advanced capabilities, but also because of inherent data properties that allow them to be linked with a real or soft identity. Service providers exploit these facts for user monitoring and identification, albeit impacting users’ anonymity, based mainly on personal identifiable information or on sensors that generate unique data to provide personalized services. In this paper, we report on the feasibility of user identification using general system features like memory, CPU and network data, as provided by the underlying operating system. We provide a general framework based on supervised machine learning algorithms both for distinguishing users and informing them about their anonymity exposure. We conduct a series of experiments to collect trial datasets for users’ engagement on a shared computing platform. We evaluate various well-known classifiers in terms of their effectiveness in distinguishing users, and we perform a sensitivity analysis of their configuration setup to discover optimal settings under diverse conditions. Furthermore, we examine the bounds of sampling data to eliminate the chances of user identification and thus promote anonymity. Overall results show that under certain configurations users’ anonymity can be preserved, while in other cases users’ identification can be inferred with high accuracy, without relying on personal identifiable information.     

Queer identity online: Informal learning and teaching experiences of LGBTQ individuals on social media

In this study, we explored how social media, particularly social networking sites, serve as informal learning environments for lesbian, gay, bisexual, transgender, questioning, and otherwise-identified (LGBTQ) individuals during formative stages of their evolving LGBTQ identity. We conducted semi-structured interviews (N = 33) probing LGBTQ individuals’ use of social media and identified three educational uses tied to online information seeking: traditional learning (e.g., information seeking about LGBTQ-related issues), social learning (e.g., observing role models or other LGBTQ individuals’ behavior and experiences), and experiential learning (e.g., experimenting with online dating sites and dating apps). These experiences were especially common during the coming out process. Participants also reported a fourth educational function, teaching (e.g., sharing information with others about their experiences as an LGBTQ individual). Teaching was more common among individuals who were out and those with less common identities (e.g., asexual and transgender). Several affordances of social media, including visibility, association, persistence, anonymity, and interactivity enabled these learning experiences.     

一种移动互联网络匿名认证协议

针对移动互联网络安全性的匿名需求,论文在基于身份的公钥系统的基础上,设计了一个双向匿名认证协议,该协议提出移动互联网络通信中的匿名身份认证和密钥协商方案,实现了通信双方的相互认证,并使移动网络向移动用户提供匿名服务,保护用户身份信息,分析表明协议具有很强的匿名性,而且高效可行,满足移动互联网络匿名性的安全需求。     

具有可追查性的抗合谋攻击门限签名方案

好的门限签名方案应该具有很高的安全性,能够检测出任意不诚实成员的欺诈行为,同时能实现签名的匿名性和可追查性,并能抵抗合谋攻击和各种伪造性攻击。通过密码学分析和算法结构设计,首先讨论了实现门限签名匿名性和可追查性的一种有效方法,然后基于Waters基础签名方案,引入Gennaro分布式密钥生成协议、可验证秘密共享技术及部分签名验证协议,提出了一个具有匿名性和可追查性,抗合谋攻击及其他各种伪造性攻击,部分签名可验证的（t,n）门限签名方案,并在离散对数问题和双线性对逆运算问题两个困难问题假设下,给出了方案安全性的详细证明。     

一种安全电子交易协议匿名性改进方案

安全电子交易协议缺乏隐私保护,尤其是持卡人身份对商家的匿名。为了增强安全电子交易协议匿名性保护,提出一种安全电子交易协议匿名性改进方案,由认证中心（Certificate Authority）在持卡人（Cardholder）的数字证书中,用持卡人身份信息的消息摘要代替身份信息;在持卡人（Cardholder）、经销商（Merchant）、支付网关（Payment Gateway）个参与方的基础上引入了物流公司（Express）;持卡人发送订购信息给商家,商家发送物流信息给物流公司,由物流公司邮递商品给持卡人,结合数字签名和数字信封技术,实现持卡人身份对商家的匿名。     

一种可撤销匿名性的环签名方案

环签名提供了匿名发布信息的有效方法,现有环签名方案存在不可追踪签名者真实身份的问题。基于身份密码体制和双线性对技术,提出了一种环签名方案,方案除了满足无条件匿名性和不可伪造性,还满足可撤销匿名性,必要时由PKG（Private Key Generator）充当仲裁验证者,达到定位真实签名者的目的。     

基于SM2数字签名的区块链匿名密钥交换协议

区块链技术因其去中心化、匿名性、不可篡改、不可伪造等优点, 已经成为我国的一项前沿技术, 在各领域得到广泛的应用。虽然用户可利用区块链发布匿名交易, 有效隐藏交易双方的身份信息, 但双方交易完成后传输交易相关数据可能破坏匿名性。这是因为在数据传输过程中, 为了保证双方通信安全, 往往使用认证密钥交换协议认证双方身份, 计算会话密钥建立安全信道。由于传统的认证密钥交换协议涉及双方的长期公私钥对信息, 所以将泄露交易双方的身份信息。虽然区块链匿名密钥交换可基于交易双方的历史链上交易完成密钥交换, 有效保障交易双方的匿名性, 但现有区块链匿名密钥交换协议主要基于国外密码算法设计, 难以适用于国产区块链平台, 不符合我国密码核心技术自主可控的要求。为丰富国产商用密码算法在区块链匿名密钥交换方面的研究, 满足区块链交易后双方匿名安全通信的需求, 本文以 SM2 数字签名算法和区块链为基础, 构造非交互式和交互式两种区块链匿名密钥交换协议。并在 CK 安全模型中证明非交互式的协议满足会话密钥安全, 交互式的协议满足有前向安全性的会话密钥安全。最后通过理论分析和编程实现结果表明, 本文协议在没有比现有协议消耗更多的计算开销与通信代价的前提下, 可适用于国产化区块链平台。     

网络匿名度量研究综述

保护网络空间隐私的愿望推动了匿名通信系统的研究,使得用户可以在使用互联网服务时隐藏身份和通信关系等敏感信息,不同的匿名通信系统提供不同强度的匿名保护.如何量化和比较这些系统提供的匿名程度,从开始就是重要的研究主题,如今愈发得到更多关注,成为新的研究焦点,需要开展更多的研究和应用.匿名度量可以帮助用户了解匿名通信系统提供...     

Analysis of privacy in mobile telephony systems

We present a thorough experimental and formal analysis of users’ privacy in mobile telephony systems. In particular, we experimentally analyse the use of pseudonyms and point out weak deployed policies leading to some critical scenarios which make it possible to violate a user’s privacy. We also expose some protocol’s vulnerabilities resulting in breaches of the anonymity and/or user unlinkability. We show these breaches translate in actual attacks which are feasible to implement on real networks and discuss our prototype implementation. In order to countermeasure these attacks, we propose realistic solutions. Finally, we provide the theoretical framework for the automatic verification of the unlinkability and anonymity of the fixed 2G/3G procedures and automatically verify them using the ProVerif tool.     

基于联盟区块链的董事会电子投票系统

董事会投票是特定范围的小集体为某一问题进行匿名表决的场景,对参与者的身份要求严格。设计了一种基于联盟链的董事会电子投票协议,用智能合约取代了传统的可信第三方,降低了系统信任成本;采用基于数字证书的身份准入机制,保证了参与投票者的身份合法性;基于椭圆曲线盲签名技术设计了电子投票协议,实现了投票的匿名性。安全分析表明,所提协议能够满足电子投票协议的安全性要求,使用方便灵活,提高了系统易用性。     

An atomicity-generating protocol for anonymous currencies

Atomicity is necessary for reliable electronic commerce transactions. Anonymity is also an issue of great importance not only to designers of commerce systems, but also to those concerned with the societal effects of information technologies, providing atomicity and anonymity is not trivial. Reliable systems, which provide highly atomic transactions, offer limited anonymity. Many anonymous systems (Rivest and Shamir, 1996) do not offer anonymous reliable transactions (Yee, 1994). Three basic approaches have been used: secure hardware for trusted record-keeping (Brands, 1993), storage of identity information with trustees for conditional anonymity (Low et al., 1993) or by providing dispute resolution only with the removal of anonymity (Chaum, 1988). In this work, the problem of anonymous atomic transactions for a generic token currency is solved using distributed trust and with the assumption that any single party may be corrupt. Defined is a transaction to include the provision of information goods or a contract to deliver specified goods, allowing for the highest degree of atomicity. The cryptographic strength of the atomicity guarantee can be made to the user's specification on a per transaction basis. The atomicity-generating protocol includes provision for dispute resolution and anonymous refunds. Also illustrated, is that any electronic token currency can be made reliable with the addition of this atomicity-generating protocol     

Practical authentication scheme for SIP

The Session Initiation Protocol (SIP) is commonly used to establish Voice over IP (VoIP) calls. However, the original authentication scheme for SIP-based service typically uses HTTP Digest authentication protocol, which is s not providing security at an acceptable level. In this paper, we propose a secure and practical password-only authenticated key agreement scheme for SIP using elliptic curve cryptography(ECC). Our scheme is remarkable efficient and quite simple to use. And yet we can provide the rigorous proof of the security for it. Therefore, the end result is more suited to be a candidate for SIP authentication scheme. In addition, we also suggest an extended scheme capable of providing anonymity, privacy, and location privacy to protect the user’s personal information and his real identity.     

Secure sharing of Personal Health Records in cloud computing: Ciphertext-Policy Attribute-Based Signcryption

The sharing of Personal Health Records (PHR) in cloud computing is a promising platform of health information exchange. However, the storage of personal medical and health information is usually outsourced to some third parties which may result in the exposure of patients’ privacy to unauthorized individuals or organizations. In order to address this security loophole, we suggest a promising solution. We propose a new approach for fine-grained access control and secure sharing of signcrypted (sign-then-encrypt) data. We call our new primitive Ciphertext-Policy Attribute-Based Signcryption (CP-ABSC) which satisfies the requirements of cloud computing scenarios for PHR. CP-ABSC combines the merits of digital signature and encryption to provide confidentiality, authenticity, unforgeability, anonymity and collusion resistance. The correctness, security and efficiency of this scheme are also proven.     

A novel electronic cash system with trustee-based anonymity revocation from pairing

Untraceable electronic cash is an attractive payment tool for electronic-commerce because its anonymity property can ensure the privacy of payers. However, this anonymity property is easily abused by criminals. In this paper, several recent untraceable e-cash systems are examined. Most of these provide identity revealing only when the e-cash is double spent. Only two of these systems can disclose the identity whenever there is a need, and only these two systems can prevent crime. We propose a novel e-cash system based on identity-based bilinear pairing to create an anonymity revocation function. We construct an identity-based blind signature scheme, in which a bank can blindly sign on a message containing a trustee-approved token that includes the user’s identity. On demand, the trustee can disclose the identity for e-cash using only one symmetric operation. Our scheme is the first attempt to incorporate mutual authentication and key agreement into e-cash protocols. This allows the proposed system to attain improvement in communication efficiency when compared to previous works.     

基于混沌映射的多因子认证密钥协商协议

在开放的网络环境中,身份认证是确保信息安全的一种重要手段。针对Li等（LI X,WU F,KHAN M K,et al.A secure chaotic map-based remote authentication scheme for telecare medicine information systems.Future Generation Computer Systems,2017,84：149-159.）提出的身份认证协议,指出其容易遭受用户冒充攻击、拒绝服务攻击等缺陷,并提出一个新的多因子认证协议来修复以上安全漏洞。该协议使用了扩展混沌映射,采用动态身份保护用户匿名性,并利用三次握手技术实现异步认证。安全性分析结果表明,所提协议可以抵抗冒充攻击、拒绝服务攻击,能够保护用户匿名性和身份唯一性。     

Weak Probabilistic Anonymity

Anonymity means that the identity of the user performing a certain action is maintained secret. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically. In this paper we propose a notion of weak probabilistic anonymity, where weak refers to the fact that some amount of probabilistic information may be revealed by the protocol. This information can be used by an observer to infer the likeliness that the action has been performed by a certain user. The aim of this work is to study the degree of anonymity that the protocol can still ensure, despite the leakage of information.We illustrate our ideas by using the example of the dining cryptographers with biased coins. We consider both the cases of nondeterministic and probabilistic users. Correspondingly, we propose two notions of weak anonymity and we investigate their respective dependencies on the biased factor of the coins.     

基于社会认证的网络身份模型

网络实名制的提出,是为了解决网络匿名性所带来的问题,却又面临实名信息泄露的诟病。造成信息泄露的根源在于实名认证依赖于实名信息。基于社会认证的网络身份模型,依赖社会关系进行身份认证,其利用OSN节点的社会关系构建网络身份,在发挥网络监管作用的同时,避免实名信息的泄漏。模型首先在OSN中依据一定策略选择根节点;然后,采用担保方式进行社会认证;最后,在不依赖实名信息的基础上,构建节点的唯一网络身份SANI。SNAI身份含节点的社会认证信息,具有身份认证和行为溯源的功能。     

Accountable attribute-based authentication with fine-grained access control and its application to crowdsourcing

We introduce a new notion called accountable attribute-based authentication with fine-grained access control (AccABA), which achieves (i) fine-grained access control that prevents ineligible users from authenticating; (ii) anonymity such that no one can recognize the identity of a user; (iii) public accountability, i.e., as long as a user authenticates two different messages, the corresponding authentications will be easily identified and linked, and anyone can reveal the user’s identity without any help from a trusted third party. Then, we formalize the security requirements in terms of unforgeability, anonymity, linkability and traceability, and give a generic construction to fulfill these requirements. Based on AccABA, we further present the first attribute-based, fair, anonymous and publicly traceable crowdsourcing scheme on blockchain, which is designed to filter qualified workers to participate in tasks, and ensures the fairness of the competition between workers, and finally balances the tension between anonymity and accountability.     

匿名通信系统中基于多Hash编码标记技术的匿名滥用控制策略

匿名通信系统采用重路由、流量填充的方式隐藏网络用户的IP地址等识别信息,为合法用户的通信提供匿名保护。然而,由于缺乏有效的控制,导致系统容易被滥用以进行DDoS攻击。论文提出在重路由匿名通信系统中引入基于多Hash编码的滥用控制策略,根据被标记的数据报文重构攻击路径,定位攻击者。对于合法用户,由于其流量小,被标记的报文数目低于重构所需的报文数,匿名性得到保持。因而,匿名系统能在提供匿名保护的同时,有效地防止匿名滥用。而且,由于采用多Hash编码,在系统规模增大时,仍能保持较低的误判率,保持定位攻击者的精确度。     

An anonymous e-rental protocol based on ID-based cryptography and NFC

Most e-rental services require customers to register sensitive information, which gives malicious service providers a good opportunity to launch social engineering attacks, or to use data mining techniques collecting and analyzing customers’ information or rental preferences. Therefore, we propose an anonymous e-rental protocol based on ID-based cryptography and near field communication technology, with particular focus on vehicle rentals. Our contributions include: (1) Anonymity. Users’ real identity is hidden from the rental service providers. (2) Unlinkability. Rental service providers cannot find the relation between two rental records. (3) Traceability. As full anonymity is not always desirable, traceability allows disclosure of a malicious user’s identity, whereas other users’ privacy remains unviolated. Rental service providers can request TTP to reveal users’ identity with a legal warrant. (4) Flexibility. Users choose their preferred service providers and vehicles. (5) Anonymous payment. Rental service providers cannot associate users’ identity with the financial transactions.