Abstract
Anonymous credentials are widely used to certify properties of a credential owner or to support the owner to demand valuable services, while hiding the user’s identity at the same time. A credential system (a.k.a. pseudonym system) usually consists of multiple interactive procedures between users and organizations, including generating pseudonyms, issuing credentials and verifying credentials, which are required to meet various security properties. We propose a general symbolic model (based on the applied pi calculus) for anonymous credential systems and give formal definitions of a few important security properties, including pseudonym and credential unforgeability, credential safety, pseudonym untraceability. We specialize the general formalization and apply it to the verification of a concrete anonymous credential system proposed by Camenisch and Lysyanskaya. The analysis is done automatically with the tool ProVerif and several security properties have been verified.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abadi, M., Blanchet, B.: Computer-Assisted Verification of a Protocol for Certified Email. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 316–335. Springer, Heidelberg (2003)
Abadi, M., Blanchet, B., Fournet, C.: Just fast keying in the pi calculus. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 340–354. Springer, Heidelberg (2004)
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, vol. 36, pp. 104–115. ACM, New York (2001)
Backes, M., Hritcu, C., Maffei, M.: Automated verification of remote electronic voting protocols in the applied pi-calculus. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium, pp. 195–209. IEEE Computer Society, Los Alamitos (2008)
Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 202–215. IEEE Computer Society, Los Alamitos (2008)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Blanchet, B.: Proverif: Cryptographic protocol verifier in the formal model, http://www.proverif.ens.fr/
Blanchet, B.: Automatic verification of correspondences for security protocols. Journal of Computer Security (2008) (to appear), http://arxiv.org/abs/0802.3444
Blanchet, B., Chaudhuri, A.: Automated formal analysis of a protocol for secure file sharing on untrusted storage. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 417–431. IEEE Computer Society, Los Alamitos (2008)
Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)
Kremer, S., Ryan, M.: Analysis of an electronic voting protocol in the applied pi calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005)
Li, X., Zhang, Y., Deng, Y.: ProVerif scripts for verifying a non-transferable anonymous credential system, http://basics.sjtu.edu.cn/~xiangxi/credentialsys.rar
Lowe, G.: An attack on the needham-schroeder public-key authentication protocol. Information Processing Letters 56, 131–133 (1995)
Luo, Z., Cai, X., Pang, J., Deng, Y.: Analyzing an electronic cash protocol using applied pi calculus. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 87–103. Springer, Heidelberg (2007)
Milner, R.: Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, Cambridge (1999)
Pashalidis, A., Mitchell, C.J.: A security model for anonymous credential systems. In: Proceedings of the 19th International Workshop on Information Security, pp. 183–198. Kluwer, Dordrecht (2004)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof-systems. SIAM Journal on Computing 18(1), 186–207 (1989)
Coron, J.-S., Joye, M., Naccache, D., Paillier, P.: New attacks on PKCS#1 v1.5 encryption. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 369–379. Springer, Heidelberg (2000)
Seifried, K.: The end of ssl and ssh? http://seifried.org/security/cryptography/20011108-end-of-ssl-ssh.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, X., Zhang, Y., Deng, Y. (2009). Verifying Anonymous Credential Systems in Applied Pi Calculus. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds) Cryptology and Network Security. CANS 2009. Lecture Notes in Computer Science, vol 5888. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10433-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-10433-6_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10432-9
Online ISBN: 978-3-642-10433-6
eBook Packages: Computer ScienceComputer Science (R0)