Privacy and the digital citizen

1
Privacy and the digital citizen

• Gene Tsudik
• ICS Dept, UC Irvine
• www.ics.uci.edu/gts

2
Who? Why? What?

• Background
• Research applied crypto and network/computer
  security
• Anonymity and privacy in e-commerce
• Anonymous communication (e.g., email, mobile)
• Group signatures (can be used for group
  membership, petitions, voting, etc.)
• Revocation of credentials and tight control over
  security privileges

3
(No Transcript)
4
My current pet topics

• Secure e-Voting
• Timestamping
• Anonymous authentication
• Hosting and manipulating encrypted content

5
TerminologyPrivacy, Anonymity, etc.

• Not that closely related
• Privacy (passive) I do nothing but want you to
  stay away from me and mine.
• Anonymity (active) I do something (e.g., buy)
  and wish to keep my identity secret.
• Unlinkability (active) I do something a number
  of times (anonymously) but dont want you to
  track me.

6
Example

• Voting not private but anonymous and unlinkable
• Must prove group membership
• Must make choices (submit vote) only once
• Vote must have integrity
• No one but I should know my vote or link my votes
• Must be able to verify that my vote counted ?
• Should not be able to demonstrate my vote to
  others (else I might sell it)

7
One possible foundation for secure votingGroup
Signatures

• Chaum and Van Heijst (1991)
• Like a normal PK digital signature (more
  structure)
• Members and group manager (maybe distributed)
• Anonymous, unlinkable signatures
• Open possible but hard
• Impersonation impossible
• Phantom membership possible but avoidable
• Revocation a headache
• Can be extended to support voting
• MORE RESEARCH NEEDED!!!

8
Secure and Reliable Time-stamping

• Need to prove possession of something (e.g.,
  idea, manuscript, will) at a certain point in
  time
• Sequencing (causality)
• Must be
• Public
• Anonymous
• Unlinkable
• Oblivious to content (no censorship)
• Requires digital signatures and other tools
• Currently (can be poorly) done via USPS and/or
  notary public
• MORE RESEARCH NEEDED!

9
Authentication/Identification

• Government bestows upon a citizen
• SSN
• DL
• Passport

10
Why Anonymous Authentication

• Drivers license is overloaded, overused,
  insecure
• SSN is overloaded, insecure
• Usage of SSNs for identification and
  authentication is a national disgrace
• Credit card numbers are trivial to fabricate,
  steal, etc.
• Bottomline we trail as a country

11
What is AA? Example

• Unique permanent ID embedded in a secure device
• One-time ephemeral ID displayed/produced upon
  each use
• PIN/PW- or possession-based authentication
• E.g., Social Security or Credit Card
• One-time CC isnt worth stealing

12
In conclusionWhat (I think) we need

• Stop relying on SSNs and DLs for extraneous
  purposes
• Devise a national ID scheme (lunatic fringe
  notwithstanding)
• Promote one-time-id AA devices for credit/debit
  cards and other (perhaps only non-visual) forms
  of id
• For E-commerce, privacy QoS with consent give up
  info ? get a discount!