Security without identification

1
A presentation on
Security without identification -
Transaction systems to make big brother obsolete
Author David Chaum, Communications of the ACM,
vol. 28, 1985.
By, Ajinkya Kulkarni
(20 Jan 2009)
Department of Computer Science
University of Alabama in Huntsville
2
About the author
David Chaum is the inventor of many cryptographic
protocols, including blind signature schemes,
commitment schemes, and digital cash.
3
In this presentation
1) Problems addressed by Authors
2)Typical Solution and its Problem
3) New Approach proposed by Author
4) The Feasibility of New Approach
4.1) Communication Transaction
Unconditional Untraceable Communication
Problems
Solution
Digital Signature
4.2) Payment Transaction
Blind Signatures for Untraceable Payment
Problems
Solution
4.3) Credential Transaction
Problems
Solution
4
1 Problems (1/3)
Individuals can not control the way in which
information about themselves is used
Sometimes information may be obsolete ,
inaccurate or otherwise inappropriate.
5
1 Problems (2/3)
Computers could be used to infer individuals
life styles and habits
Big Brother is Watching You
6
1 Problems (3/3)
Uncertainty about security of personal
information
May cause people to alter their observable
activities
Organization are vulnerable to abuses by
individuals.
7
2 Typical Solution and its Problem
To devise more pervasive, efficient, and
interlinked computerized record-keeping system,
Perhaps in combination with national identity
cards or even finger prints .
But, this would exacerbate the problem of
individuals loss of monitorability and the
control
Would likely be unacceptable to many
8
3 New Approach (Proposed by Author)
3
Differences
9
3 New Approach Details
Current systems emphasize the one-sided security
of Organizations attempting to protect
themselves from individuals
The new approach allows all parties to protect
their own interests
10
4 The Feasibility of New Approach
The feasibility of new approach can be
demonstrated for a comprehensive set of three
kinds of consumer transaction
11
4.1 Communication Transaction
As more communication travels in electromagnetic
and digital form
It becomes easier to learn more about individual
from their communication
SSN
Address
Call History
Possibility of exposure of tracing information.
12
4.1.1 Problems in Communication Transaction
Current systems provide inadequate protection
Hand written signature are easily forged
Solution under Current Approach
? By installing tamper resistant identity card
? By keeping records of message delivered, to
provide certificate delivery
But these approach rely on tracing information
And thus are in fundamental conflict with
individuals' ability to control access to
information about themselves
13
4.1.2 Solution for Communication Transaction
(Using New Approach)
Messages are untraceable
Except for the recipient's ability to
authenticate them as having been sent by the
owner of a particular pseudonym
4.1.2.1 Unconditional Untraceable
4.1.2.2 Digital Signature
14
4.1.2.1 Unconditional Untraceable
Who paid? If Bob has paid, we must know, because
we invited him for coffee
Welcome
One of the three of you has already paid for
coffee
But if one of us paid, Bob should not know about
it
15
4.1.2.1 Unconditional Untraceable
Agree
Lets flip a coin behind menu card
We will say aloud which side the coin falls on
If one of us paid , then we should say the
opposite side
Menu Card
16
4.1.2.1 Unconditional Untraceable
Case 1 B has paid
Tail
Head
I know, one of them has paid, but can not
determine who?
Head
Menu Card
17
4.1.2.1 Unconditional Untraceable
Case 2 Bob has paid
Head
Head
Head
Menu Card
Since we both said same side of coin, Bob has paid
18
4.1.2.2 Digital Signature
English
Chinese
I
?
Private Key
Won
??
1 Billion Dollar
1???
I Won 1 Billion Dollar
Public Key
Digital Codebook
? ?? 1???
19
4.2 Payment Transaction
Payment systems are being automated
Automation is giving the providers of these
systems easy access to revealing and extensive
information about individuals
E.g. Shopping, Travelling, Bank , Education
Today many paper transaction records of when,
how much, and to whom payment was made are
translated into electronic form
Computerization is extending data capture
potential of payment systems
20
4.2.1 Problems in Payment Transaction
Uncollectable Payments by consumer
Check drawn against insufficient funds
Credit card misuse
Theft of paper currency
21
4.2.2 Solution for Payment Transaction (Using New
Approach)
Blind Signatures for Untraceable Payment
Bank deducts X from Bob Account
Bank
Bank Signature worth X
Bank can not see the slip through the envelope
22
4.2.2 Solution for Payment Transaction (Using New
Approach)
Blind Signatures for Untraceable Payment
Bank also verifies signature mark
Since it uses same signature for all account
holder, it can not learn which account the funds
were withdrawn from
Thus, Payment are untraceable
Shop
Verifies proper signature mark
Bank
23
4.3 Credential Transactions
Individuals must show credentials in
relationships with many organizations.
Show me your National Identification
Date of Birth
Mothers Name
Password
Problem arise when unnecessary data are revealed
in the process
Some credentials, such as passports , drivers
licenses, and membership cards, are commonly
shown by individuals in the form of certificates.
24
4.3.1 Problems in Credential Transaction
Credential systems are subject to widespread
abuse by individuals

• Such as the modification and the copying of many
  kinds of paper ,plastic, and digital certificates

Widespread use of highly secure identity
documents providing links to centrally
maintained credentials
Are antithetical to the ability of individuals to
determine how information about themselves is used
25
4.3.2 Solution for Credential Transaction (Using
New Approach)
Individual takes a specially coded credential
issued under one pseudonym
And to transform it into a similarly coded form
of the same credential that can be shown under
the individuals other pseudonyms
These coded credentials are maintained and shown
only by individuals
They provide control similar to that provided by
certificates.
Individuals can also tailor the coded form shown
So that it provides only the necessary
information and ensure that obsolete information
become unlink able to current pseudonyms.
26
4.3.2.1 The Basic Credential System
Give me National Identity and Address proof
Credentials for 2dDtvgS
Take one pseudonym . E.g. B2847dE for All his
credentials, such as, Address, Photo, National
Identity, etc
B2847dE
Bob makes another one time use random pseudonym.
E.g 2dDtvgS
We need National Identity and Address proof
2dDtvgS
27
Thank You