Self-Adaptive Anonymous Authentication From Attribute-based Signatures

With the rapid development of information technology, network activities are more and more popular. Network technology and service can bring convenience to users, however, it also opens a door to illegal users. In the application of network technology, to secure against illegal users, we must identify the two parties of com-munication. Authentication is a procedure by which an entity convinces the service provider about a claimed property. It is the process to verify the authenticity of enti-ty. Authentication with privacy protection is the security problem which developed rapidly in recent years, and more and more scholars engaged in research on privacy protection. Privacy protection is an addition to network usability, security which people generally pay attentions, and has very broad applications. Privacy preserv-ing authentication technology does no to divulge the identity information which is required in electronic medical, cloud computing, mobile network, Internet and other fields. Because the network is complicated and changeful, authentication strategy will change along with the network environment. In traditional authentication, user identity information is public, so no matter how authentication strategy changes, the authentication server can directly determine whether the user satisfies the pol-icy. But it would be difficult to achieve this while protecting the actual identity information.This thesis aims at the need of dynamic anonymous authentication, and makes the use of attribute-based signature to design a general adaptive anonymous au-thentication system. In this system, even if the authentication strategy changes, the user use the primitive credentials to pass through the authentication, but reveal nothing about the true identity. At the same time, the authentication credential should be revoked at time expiration. We propose a scheme to support effective user revocation, to assure system’s realtime reliability.The contribution of this thesis includes:1. A comprehensive analysis of the need of new generation network identity au-thentication, and proposes a self-adaptive authentication system with privacy protect, SA3for short. And we also give the security definition and a general design. The major method of our design is using attribute-based signature. Our simulation shows that:using attribute-based signature can satisfy the security requirements of SA3, and the time cost is reasonable.2. In attribute-based signature, how to revoke a user in an effective way is always a challenging issue. In this thesis, we design a valid user revocation algorithm called R-ABS, and give the security definition and security model. Compared to other schemes, our mechanism does need to update all attributes, thus has a high efficiency in revocation.3. Base on the R-ABS we propose in this thesis, we construct a user revocation scheme for self-adaptive anonymous authentication system. We discuss the va-lidity and security of the scheme, and show that the scheme has a high revocation efficiency.