Title: Identity Theft Prevention using Aggregated Proof of Knowledge
1Identity Theft Prevention usingAggregated Proof
of Knowledge
- Elisa Bertino, Abhilasha Bhargav-Spantzel,
- Anna Squicciarini,
- Rui Xue
2What is Identity Theft?
- Identity Theft is the use of personally
identifying information belonging to one
individual by another individual for financial or
personal gain.
3Multi-Factor Identity Verification
Require additional identity information as
proof to qualify to be the owner of the identity
attribute being used.
Example Real Life Scenario Requirement for
additional proofs of identity
I will use my credit card to pay
To use your credit card please show your drivers
license and an additional photo id for
verification of your identity
4Overview of our Approach
- We have a logical entity called the registrar
which establishes and maintains identity
commitments used to establish proof of knowledge
of strong identifiers used later for multifactor
identity verification. - Two main Phases
- Enrollment or Registration User commits his
strong identifiers to be used later as proofs of
identity. - Usage Before revealing the actual value of a
required attribute one has to verify the
commitments of other attributes as proofs of
identity.
5Example
6Preliminary Concepts
7Example of ZK Proof system
8Pedersen Commitment ZK Proveknow how to open
- Public commitment c gxhr (mod p)
- Private knowledge x,r
- Protocol
- P picks random y, s in 1..q, sends d gyhs
mod p - V sends random challenge e in 1..q
- P sends uyex, vser (mod q)
- 4. V accepts if guhv dce (mod p)
9Bilinear Maps
- Let G1, G2, and Gt be cyclic groups of the same
order.
Bilinear maps are called pairings because they
associate pairs of elements from G1 and G2 with
elements in Gt.
10Aggregated signatures (Boneh, et al.)
- Signatures on different messages by multiple
signers can be combined into one small signature. - Scheme requires bilinear map (in Gap DH groups)
- BGLS Details
11(No Transcript)
12Preliminary Concepts
13Proving aggregated signature on committed values
To prove the knowledge of multiple identifiers.
14Proving aggregated signature on committed values
and open
To open in clear multiple sensitive identifiers.
15Proving aggregated signature on some committed
values and opening some
To prove u values and open v
16Integrating the zero-knowledge proof into the
verification
To prove the knowledge of secret commitments.
Note that the only information sent by the
principal is s, while in the previous protocol
the tags and the commitments were also sent.
17Zero-knowledge proof the aggregated signature
To prove the possession of signature.
The final submitted value is independent of any
of the actual signatures. Principal remains
unlinkable and anonymous even if it had initially
revealed its strong identifiers and commitments
to the verifying SP.
18Efficiency Analysis
- Our signatures on commitments are short and the
storage complexity is smaller than the ones
computed with existing techniques Camenisch et.
Al.04 - Our approach is more flexible in that whenever n
messages are committed for a user, the user is
able to to prove 2n-1 many combinations of them
which does not appear possible in the existing
schemes
Comparison of the number of exponentiations for
proving t factors
19Conclusion
- Identity theft is a major problem
- Our approach supports the strong verification of
identity attributes, which is a component of
comprehensive solutions against identity theft
20(No Transcript)