Research On Attribute-based Distributed Identity Management

As the fundamental approach to secure network applications, trusted identitymanagement (TIdM) is one of the most important topics in the research field of networksecurity. There are two challenges that obstruct the design of TIdM. First, due to highoverhead in certificate management, traditional identity management mechanisms basedon public key infrastructures (PKI) cannot apply to current network with rapidlygrowing users. Secondly, new applications such as e-business, e-government, and socialnetworks require high-level privacy protection. Moreover, more fine-grained accesscontrol is needed in dynamic network environment.To solve the above scalability and privacy problems in distributed network systems,this thesis proposes an attribute-based distributed identity management scheme andendeavours to study the following relevant contents:(1) management scheme of theglobal unique and certified identifier;(2) attribute-based fine-grained identityauthentication, identifier anonymity, and attributes protection;(3) attribute-basedidentity revocation scheme with instant and flexible revoking of identity’s privilege;(4)attribute-based identity authentication scheme to multi-authorities environment, inorder to satisfy the requirement of real applications. The contributions of this thesis areas follows:(1) Propose a secure identifier management scheme which achieves globallyunique identifying and identifier verifiabilityWe solve the inherent key escrow problem of identity-based encryption (IBE), andpresent a Secure and Accountable Identity-Based Encryption (SA-IBE) scheme.SA-IBE has three characteristics. First, an efficient single identifier verification schemeis used to achieve accountable identifier verification and globally unique identifying.Secondly, the key escrow problem of IBE is efficiently addressed, enabling identifierverification correctness. Thirdly, the secure channel for key distribution is removed,thus consolidating the security of user’s private key. SA-IBE realizes the uniquenessand verifiability of identifier, laying the foundation for attribute-based distributedidentity management.(2) Propose an efficient and flexible identity authentication scheme with thecapability of user privacy protection, and prove its securityAttribute-based signature (ABS) schemes can meet the demand of user privacyprotection in new-style applications. However, most existing works of ABScompromise between the functionality and efficiency, losing either the fully function orefficient algorithm. Therefore, this paper proposes an Expressive andPrivacy-preserving Attribute-based Signature Scheme (EPASS), in which a signatureonly reveals whether the signer owns attributes that satisfy the policy, but not information related to the signer’s identifier or attributes. This so called attribute-signerprivacy is formally proved. EPASS expresses a policy in the form of attribute tree,resulting in expressive policy, that is, any monotone policy, and flexible identityauthentication. The unforgeability of signature is proved under the computationalDiffie-Hellman assumption. EPASS-A, the extended scheme of EPASS, is provablysecure in the standard computational model. The formal proof and algorithm complexityanalysis show that EPASS outperforms existing ABS schemes both in functionality andefficiency.(3) Propose a flexible and instant identity revocation scheme that can address allkinds of identity revocationThere are three kinds of identity revocation, including user revocation, user’sattribute revocation, and system’s attribute revocation. Identity revocation requires nomisuse of revoked privileges and unaffected privileges of unrevoked users and attributes.In the attribute-based distributed identity management, user’s attribute keys correspondto privileges. Thus an Attribute-Based Signature scheme supporting flexible KeyRevocation (ABS-KR) is designed to achieve three kinds of identity revocation.ABS-KR brings in a mediator to perform key revocation instructions for attributeauthority. The latter thus does not need to be on-line all the time, enhancing thescalability of the system. Through globally unique identifier generated by SA-IBE,ABS-KR limits user’s capability of computing a signature. Since the mediator keeps apart of user’s attribute key, only signers passing the revocation check by the mediatorcan generate a valid signature, effectively preventing misuse of revoked privileges.(4) Present three identity authentication schemes accommodating tomulti-authorities environmentIn many application circumstances, users usually obtain attributes and private keycomponents from different authorities, which may cause problems of collusion attacks,combination use of private key components, and dynamic management of attributeauthorities. These issues obstruct direct transplantation of identity authenticationscheme from one single authority environment to multi-authorities environment. Todeal with this problem, this paper uses globally unique identifier generated by SA-IBEto prevent users’ collusion attacks, and brings in a central authority (CA) to coordinateattribute keys issued by each attribute authority (AA), thusallowing dynamic changes ofattribute authorities. We present three identity authentication schemes, ABS-MTR,ABS-MDNF, and ABS-MCL.ABS-MTR inherits advantages of EPASS, including efficiency, security, flexibilityand strong user privacy. However, the cost of attribute authority management is greatwhen a new AA is added into the system, as all AAs have to update users’ private keys.ABS-MDNF uses disjunctive normal form (DNF) to express a policy, thus dramaticallyreducing the cost of attribute authority management by avoiding the shortcoming of ABS-MTR, that is, factors used to computing user attribute keys by AAs change oncethe AA dynamically changes. Moreover, DNF can perform “NOT” operation overattributes, leading to more expressive policy. Based on ABS-MDNF, we raiseABS-MCL, which introduces the signing technique with user attribute keys aggregationto eliminate the drawback of signature size linearly growing with the number ofattributes as in previous two schemes. ABS-MCL is much more efficient than others.