Gabriel Maganis, Elaine Shi, Hao Chen, Dawn Song
Trust and anonymity are both desirable properties on the Internet.
However, online services and users often have to make the trade off between trust and anonymity due to the lack of usable frameworks for achieving them both.
We propose Opaak, a practical anonymous authentication framework.
Opaak enables its users to establish identities with different online services while ensuring that these identities cannot be linked with each other or their real identity.
In addition, Opaak allows online service providers to control the rate at which users utilize their services while preserving their anonymity.
Hence, allowing the service providers to prevent abuse in the form of spam or Sybil attacks, which are prevalent in such online services that offer anonymity.
Opaak leverages the mobile phone as a scarce resource combined with anonymous credentials in order to provide these features.
We target two kinds of applications for Opaak and identify their requirements in order to achieve both trust and anonymity.
We develop efficient protocols for these applications based on anonymous credentials.
In addition, we design an architecture that facilitates integration with existing mobile and web applications and allows application developers to transparently utilize our protocols.
We implement a prototype on Android and evaluate its performance to demonstrate the practicality of our approach.
Public Review uploaded by Yih-ChunHu:
This public review is prepared by Yih-Chun Hu.
Anonymous credentials pave the way for many potentially important
applications, but systems that use such credentials have been largely
constrained to the security community. This paper's key contribution is
the application of Idemix in the smartphone environment, and
through this application, demonstrating that it is feasible to have
anonymous credentials in a smartphone environment. An additional
benefit of publishing this work at MobiSys is to expose this system
to publishing this work is to expose this community to potential
applications of anonymous credentials.
The most significant concern about this paper is that the cryptography
is from prior work, and that Idemix had previously been implemented
in the smartcard environment. The authors have clarified their
contributions in the camera-ready. Also, unlike many papers that
claim that strong cryptography is not feasible in a mobile environment,
Opaak demonstrates that modern cryptographic mechanisms can
bring exciting applications to mobile platforms.
As smartphones and mobile devices become the dominant computing
platform, more applications will require sophisticated security
mechanisms, such as the anonymous credentials described in this
Thank you Yih-Chun Hu for the insightful comments and help throughout the shepherding process.
The authors mainly agree with the public review however we would like to expand some points below.
Indeed, we do not invent a new cryptographic primitive and anonymous credentials have already been implemented on a heavily resource constrained standard Java card in . Our goal is to look forward and show that today's smartphones are highly capable of deploying anonymous credentials and enable interesting applications. For example, transaction times in  are on the order of 16 seconds for a 1984 bit RSA modulus while our prototype shows transaction times (which includes network times) on the order of 2-3 seconds for a 2048 bit RSA modulus. In addition, we enable our target applications by overcoming the limitations of range proofs which are necessary for k-times anonymous authentication (k-TAA) schemes. Our rate limiting pseudonyms have slightly weakened anonymity however they allow for a very efficient k-TAA protocol practical for today's smartphones.
 "Anonymous Credentials on a Standard Java Card", http://www.shoup.net/papers/bcgs.pdf