Privacy Preserving Real Name Registration

Report
Real Name Registration
Will there be privacy?
K.P. Chow1, Echo P. Zhang1,
S.H. Hou2 & F. Xu3
July 2013
Hong Kong
1University
of Hong Kong
2University of Science and Technology, Beijing
3Institute of Information Engineering, CAS
1
Real-Name System
CISC
• When a user wants to register an
account on a blog, website or
bulletin board system, he is
required to offer identification
credentials including their real
name to the network service
center
• One may use an on-line
pseudonym, however, the person’s
real identity would be available if
2
rules or laws are broken
Where is real-name
system implemented?
CISC
3
South Korea
• The first country implemented real-name
system
• Since 28 Jun 2009, 35 Korea websites
have implemented a name registration
system according to the newly amended
Information and Communications
Network Act (Choi Jin-sil Law)
CISC
4
Why real-name system in
Korea?
CISC
• Implemented after the suicide of Choi
Jin-sil (崔真实) which was said related
to malicious comments about her on
Internet bulletin boards
• On 23 Aug 2012, the Constitutional
Court of Korea ruled unanimously that
the real-name requirements is
unconstitutional, citing such
provision’s violation of freedom of
5
speech in cyberspace
The Korea Constitutional
Court said
• The system has not been beneficial to
the public, …, number of illegal or
malicious postings online has not
decreased
• Instead, users moved to foreign
Websites
• Also prevent foreigners from
expressing their opinions online
CISC
6
Who’s next?
CISC
7
The China Development
• 2002 李希光 proposed “Anonymous
should be prohibited on the Internet”
CISC
http://www.chuanmeijia.com/zt/mingrentang/lixiguang/
8
Since 2002
• 2003: “real-name registration” at the
cyber cafe
• 2004: real-name registration website
appeared
• 2005: real-name registration for
website administrators
• 2005: real-name registration for QQ
group creators and administrators
CISC
9
From 2008
• 2008: MIIT (Ministry of Industry and
Information Technology) proposed
real-name registration
• 2012: sina.com, sohu.com, 163.com
and blog.qq.com implemented realname registration
• 2013: Chinese government
announced real-name registration be
implemented by June 2014
CISC
10
How the real-name
registration be implemented?
CISC
11
Some
requirements
• Allows indirect real-name
registration
–“后台实名、前台匿名”的实名制度
(real-name at the back, pseudonym at
the web)
• Practical issues:
– Large number of users
– Cost to implement should low
CISC
12
Who should be responsible
for the registration?
•
•
•
•
CISC
Public security (Police)?
Government department(s)?
Websites or service providers?
Independent authority?
13
Real-Name Registration
Our Proposal
• Multiple parties involved
–
–
–
–
User (U)
Registration center (RC)
Independent authority (IA)
Personal data storage center (PDSC)
• Components
– User real-name registration (RN)
– User web-name registration (WN)
Real-Name Registration
Encryption Scheme
• Use Shamir’s Secret Sharing Scheme
• 2 out of 3: 3 parties sharing the secret and any 2
parties together can decryption the secret
• The 3 parties: User (U), Independent Authority
(IA) and Registration Center (RC)
• To retrieve the real-name
– For crime case, the Police can request the Court to
order the IA and RC to retrieve the real-name
– For personal reason, the User can request the
Registration Center to retrieve the real-name
User Real-Name Registration
3. Destroy the PAI
2.1. E pkID(PAI)
Data Storage
Server
Registration
Center (RC)
2.2a (xi1, yi1)
1. Submit Personal
Authentication
Information (PAI)
User (U)
Key Server
(xi0, yi0)
2.2b (xi2, yi2)
2.2c (xi3, yi3)
Independent
Authority (IA)
Private Data Storage
Center (PDSC)
User real-name registration
1. REGISTRATION: User connect to the
Registration Center using a secure channel
and Private Authentication Information (PAI)
are submitted to the Registration Center
2. AUTHENTICATION: Registration Center
authenticate the identity of the User using
the submitted Private Authentication
Information (PAI), and then encrypted the
PAI
User real-name registration
(Authentication)
(2.1) Assign Web-user name (WN) to each user
(2.2) Build public-secret key pair (pkID, skID) and 2-degree
polynomial fID for each user such that fID(0)=skID
(2.3) Use pkID to encrypt user Personal Authentication Information
(PAI) and store (Web-user name WN, pkID, encrypted PAI) in
PDSC
(2.4) Generate 4 pairs (xik, yik) such that k=0…3, fID(xik)=yik on the
Key Server in PDSC, keep (xi0, yi0) in Key Server and distribute
the other 3 pairs to the User, Registration Center and the
Independent Authority
(2.5) Return the Web-user name (WN) to the user
(2.6) In RC, destroy the user Private Authentication Information (PAI)
but keep the (Web-user name WN, fID)
Note that we use the polynomial for secret sharing of the skID ,please refer to Shamir’s Secret Sharing
Scheme or the supplementary
User Web-name Registration
6. Retrieve the
encrypted answer w.r.t.
WN
5. Encrypt N answers
with pkID
Data Storage
Server
2.2. Send the WN and
the question
7. Compare the submitted
answer and the retrieved
answer, If there’s one and
only one correct answer
matching the record,
return success, otherwise
return fail.
4. Based on WN,
retrieve the pkID
Key Server
PDSC
Website
(Service Provider)
1. Service
Request
2.1. Verify the identity
(Ask the question
about PAI)
User (U)
3. Submit N answers (and
among them there’s only
one correct answer) and
the Web-name (WN)
User Web-name Registration
at the Service Provider
1.
2.
3.
4.
5.
The User requests to use the service at Service Provider with
Web-user name (WN)
The Server Provider asks questions based on Personal
Authentication Information (PAI), question sent to both the
User and the PDSC
The User sends N answers (only 1 is correct) to the Key
Server at PDSC
The Key Storage Server based on the Web-user name WN,
retrieves the pkID and encrypts the N answers, and then sends
the encrypted answers to the Data Storage Server.
The Data Storage Server compares the encrypted answers
with the stored data in the Data Storage Server, if exactly one
answer is matched, the Web-user name WN is authenticated
Some Properties
1. User A cannot pretend to be User B because he cannot give a right
answer about User B’s Personal Authentication Information (PAI)
2. Users can see their own PAIs but others cannot
3. For a crime case, the Police can make a request to the Court to order the
RC and IA to retrieve the Real-name of the user (RN):
–
For example, the Police wants to investigate the user “剑客” and makes a
request to the Court to order RC and IA to retrieve the real-name of “剑客”.
Based on the input from RC and IA, PDSC constructs the polynomial f剑客(.),
find the secret key sk剑客 by computing f剑客(0) and then retrieves the identity of
the Web-name user “剑客”.
Thank You
22

similar documents