Privacy through Noise: A Design Space for Private Identification

10 years 2 months ago
Privacy through Noise: A Design Space for Private Identification
To protect privacy in large systems, users must be able to authenticate against a central server without disclosing their identity to the network. Private identification protocols based on public key cryptography cannot be implemented on small devices like RFID tags and are computationally expensive for the backend server. Symmetric key protocols, on the other hand, provide only modest levels of privacy, but can cheaply be executed on servers and implemented on devices. The privacy of these symmetric-key privacy protocols derives from the fact that an attacker only ever knows a small fraction of the keys in a system while the legitimate reader knows all keys. This gap in knowledge can be widened by adding noise to user responses. The noise blurs the borders between groups of users that the attacker would otherwise be able to distinguish. We evaluate the effectiveness and cost of this randomization and find that the information leakage from the tree protocol can be decreased by 99.9% at...
Karsten Nohl, David Evans
Added 18 May 2010
Updated 18 May 2010
Type Conference
Year 2009
Authors Karsten Nohl, David Evans
Comments (0)