TY - JOUR
T1 - Secure Multi-Party Computation-Based Privacy-Preserving Authentication for Smart Cities
AU - Sucasas, Victor
AU - Aly, Abdelrahaman
AU - Mantas, Georgios
AU - Rodriguez, Jonathan
AU - Aaraj, Najwa
N1 - Possibly compliant version at Greenwich - https://gala.gre.ac.uk/id/eprint/43177/
PY - 2023/10/1
Y1 - 2023/10/1
N2 - The increasing concern for identity confidentiality in the Smart City scenario has fostered research on privacy-preserving authentication based on pseudonymization. Pseudonym systems enable citizens to generate pseudo-identities and establish unlinkable anonymous accounts in cloud service providers. The citizen's identity is concealed, and his/her different anonymous accounts cannot be linked to each other. Unfortunately, current pseudonym systems require a trusted certification authority (CA) to issue the cryptographic components (e.g., credentials, secret keys, or pseudonyms) to citizens. This CA, generally a Smart City governmental entity, has the capability to grant or revoke privacy rights at will, hence posing a serious threat in case of corruption. Additionally, if the pseudonym system enables de-Anonymization of misusers, a corrupted CA can jeopardize the citizens' privacy. This paper presents a novel approach to construct a pseudonym system without a trusted issuer. The CA is emulated by a set of Smart City service providers by means of secure multi-party computation (MPC), which circumvents the requirement of assuming an honest CA. The paper provides a full description of the system, which integrates an MPC protocol and a pseudonym-based signature scheme. The system has been implemented and tested.
AB - The increasing concern for identity confidentiality in the Smart City scenario has fostered research on privacy-preserving authentication based on pseudonymization. Pseudonym systems enable citizens to generate pseudo-identities and establish unlinkable anonymous accounts in cloud service providers. The citizen's identity is concealed, and his/her different anonymous accounts cannot be linked to each other. Unfortunately, current pseudonym systems require a trusted certification authority (CA) to issue the cryptographic components (e.g., credentials, secret keys, or pseudonyms) to citizens. This CA, generally a Smart City governmental entity, has the capability to grant or revoke privacy rights at will, hence posing a serious threat in case of corruption. Additionally, if the pseudonym system enables de-Anonymization of misusers, a corrupted CA can jeopardize the citizens' privacy. This paper presents a novel approach to construct a pseudonym system without a trusted issuer. The CA is emulated by a set of Smart City service providers by means of secure multi-party computation (MPC), which circumvents the requirement of assuming an honest CA. The paper provides a full description of the system, which integrates an MPC protocol and a pseudonym-based signature scheme. The system has been implemented and tested.
KW - Authentication
KW - computing security
KW - multi-party computation
KW - privacy
U2 - 10.1109/TCC.2023.3294621
DO - 10.1109/TCC.2023.3294621
M3 - Article
AN - SCOPUS:85164705773
SN - 2168-7161
VL - 11
SP - 3555
EP - 3572
JO - IEEE Transactions on Cloud Computing
JF - IEEE Transactions on Cloud Computing
IS - 4
ER -